Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Ln8QlB3P0RX7C0x_g97ovwG-MN4.roa
File:                     Ln8QlB3P0RX7C0x_g97ovwG-MN4.roa (raw, json)
Hash identifier:          8wye3Q/ZQvQqLzNWOjfsPRuB58YYCzfOe1zTV5GvyPs=
Subject key identifier:   2E:7F:10:94:1D:CF:D1:15:FB:0B:4C:7F:83:DE:E8:BF:01:BE:30:DE
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019424B270F980ECE4DBC00450FAF104BACC
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Ln8QlB3P0RX7C0x_g97ovwG-MN4.roa
Signing time:             Thu 02 Jan 2025 01:47:41 +0000
ROA not before:           Thu 02 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49600
IP address blocks:        193.46.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:70:f9:80:ec:e4:db:c0:04:50:fa:f1:04:ba:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  2 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e7f10941dcfd115fb0b4c7f83dee8bf01be30de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fb:9d:f8:1d:fb:d7:8b:c4:d9:7e:a8:dd:82:
                    4c:08:8d:6d:49:bc:b9:ad:a5:a5:eb:24:4a:af:70:
                    ab:78:89:97:83:48:95:17:d5:a9:d9:2c:0d:57:b8:
                    f9:d2:a1:e2:c3:82:97:fa:54:0b:5b:a4:92:ac:48:
                    09:70:14:9e:91:52:9a:a7:55:d6:e1:b4:58:d0:7d:
                    66:9b:6b:48:97:b6:80:83:51:fc:45:31:7a:3b:bc:
                    f7:3c:2b:4d:e4:7f:a5:9d:5f:a8:be:59:71:c4:d4:
                    3c:89:01:59:5e:cf:35:7f:5f:1d:0a:7c:78:aa:87:
                    8d:af:a5:67:26:63:70:15:38:fb:2c:9f:8b:16:d5:
                    12:34:97:9e:55:90:93:8b:0a:b4:ad:44:fb:09:5a:
                    de:8d:66:dd:46:e6:b2:dd:07:30:ff:f1:9e:92:f8:
                    7a:cc:a4:23:2d:36:44:e4:94:50:68:8a:00:99:7f:
                    5c:9e:2c:e8:39:71:4c:fd:22:77:62:24:22:64:b2:
                    f0:29:42:31:fb:48:24:fd:65:f4:d6:87:18:7b:39:
                    32:3b:cb:34:39:c0:06:aa:f3:d5:d5:b1:e3:ee:d4:
                    d2:ad:82:fc:62:9e:16:63:c2:8a:f1:0b:e4:4e:ca:
                    d3:ec:7b:d7:d7:2d:ec:2b:b3:96:51:2b:75:f5:d0:
                    7e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:7F:10:94:1D:CF:D1:15:FB:0B:4C:7F:83:DE:E8:BF:01:BE:30:DE
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/Ln8QlB3P0RX7C0x_g97ovwG-MN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:6c:ee:1f:b4:e6:26:67:92:34:e9:09:e7:58:9e:a8:a4:d3:
         99:1d:ec:0b:eb:40:79:a5:7f:ff:cc:38:f6:cc:20:9f:db:9f:
         52:dc:a1:eb:c4:94:a2:4c:38:2c:0b:69:a9:7a:84:84:0d:ae:
         dd:86:c5:0d:3b:2a:bf:4c:0e:ef:8c:84:62:8a:4c:8e:d9:e2:
         de:8b:f1:12:d6:d1:7c:e0:ff:64:e7:6c:29:b5:23:dc:97:90:
         0a:f4:57:b0:d2:98:ad:c9:22:c0:7e:9b:5a:14:b5:2e:2c:6e:
         b9:0d:ec:23:cf:0b:4a:b8:31:26:a3:98:d1:68:26:40:f9:87:
         7e:61:82:95:31:42:78:60:17:89:b4:5d:85:91:b7:ef:06:22:
         03:3b:c7:79:6b:91:8a:10:75:6d:28:08:07:28:55:47:d6:b9:
         5b:39:43:73:fc:cf:96:6c:31:a3:cb:70:21:90:79:f0:b5:98:
         24:7f:b5:a3:02:27:29:01:79:ab:f4:ed:77:30:23:cd:fe:58:
         ac:8a:21:3e:03:10:ed:10:26:5e:01:f9:bb:26:dd:75:30:f9:
         14:b1:4a:39:bc:cb:8b:43:97:ab:fd:2a:d4:c4:56:e6:fa:a5:
         99:ab:80:fe:87:5c:00:3a:15:95:ea:a3:5b:87:7a:61:ae:9c:
         03:9a:6f:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksnD5gOzk28AEUPrxBLrMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwMTAyMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTdmMTA5NDFkY2ZkMTE1ZmIwYjRjN2Y4M2RlZThiZjAxYmUzMGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvud+B3714vE2X6o3YJMCI1tSby5
raWl6yRKr3CreImXg0iVF9Wp2SwNV7j50qHiw4KX+lQLW6SSrEgJcBSekVKap1XW
4bRY0H1mm2tIl7aAg1H8RTF6O7z3PCtN5H+lnV+ovllxxNQ8iQFZXs81f18dCnx4
qoeNr6VnJmNwFTj7LJ+LFtUSNJeeVZCTiwq0rUT7CVrejWbdRuay3Qcw//Gekvh6
zKQjLTZE5JRQaIoAmX9cnizoOXFM/SJ3YiQiZLLwKUIx+0gk/WX01ocYezkyO8s0
OcAGqvPV1bHj7tTSrYL8Yp4WY8KK8QvkTsrT7HvX1y3sK7OWUSt19dB+5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5/EJQdz9EV+wtMf4Pe6L8BvjDeMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvTG44UWxCM1AwUlg3QzB4X2c5N292d0ctTU40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS7bMA0G
CSqGSIb3DQEBCwUAA4IBAQAwbO4ftOYmZ5I06QnnWJ6opNOZHewL60B5pX//zDj2
zCCf259S3KHrxJSiTDgsC2mpeoSEDa7dhsUNOyq/TA7vjIRiikyO2eLei/ES1tF8
4P9k52wptSPcl5AK9Few0pitySLAfptaFLUuLG65DewjzwtKuDEmo5jRaCZA+Yd+
YYKVMUJ4YBeJtF2FkbfvBiIDO8d5a5GKEHVtKAgHKFVH1rlbOUNz/M+WbDGjy3Ah
kHnwtZgkf7WjAicpAXmr9O13MCPN/lisiiE+AxDtECZeAfm7Jt11MPkUsUo5vMuL
Q5er/SrUxFbm+qWZq4D+h1wAOhWV6qNbh3phrpwDmm+V
-----END CERTIFICATE-----