Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/nPqUpg1aR7hnc6HTlLtA9BuMCTE.roa
File:                     nPqUpg1aR7hnc6HTlLtA9BuMCTE.roa (raw, json)
Hash identifier:          KwhXJO05kwAc7WcWDrPEDKsnvptXZGJFAiZEMHkerdU=
Subject key identifier:   9C:FA:94:A6:0D:5A:47:B8:67:73:A1:D3:94:BB:40:F4:1B:8C:09:31
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       0195AE008F2EC4F850DEDD614C99FB8DD6B0
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/nPqUpg1aR7hnc6HTlLtA9BuMCTE.roa
Signing time:             Wed 19 Mar 2025 10:43:47 +0000
ROA not before:           Wed 19 Mar 2025 10:43:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211798
IP address blocks:        185.232.41.0/24 maxlen: 24
                          193.46.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ae:00:8f:2e:c4:f8:50:de:dd:61:4c:99:fb:8d:d6:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Mar 19 10:43:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cfa94a60d5a47b86773a1d394bb40f41b8c0931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4c:51:8d:13:8e:5f:40:07:c5:62:9f:7f:2e:
                    d3:73:5a:e8:48:1a:7c:0f:66:0a:e6:ac:4d:aa:58:
                    2e:c5:b9:2a:7e:c5:4a:54:a7:8c:54:4f:25:80:48:
                    9b:93:9b:aa:26:4b:11:4f:ef:06:11:66:33:24:8a:
                    eb:5a:1a:a4:99:d6:a2:8f:95:17:a0:4c:f5:89:b2:
                    97:b2:4b:de:7f:f0:33:62:e1:d9:0e:e4:fe:56:e4:
                    e1:ba:ae:fe:82:19:b2:22:63:bf:c6:cc:34:c7:7d:
                    85:0a:5b:12:d9:e2:9a:1d:73:6e:89:94:b9:6a:59:
                    22:bd:70:dc:d3:e2:c2:ec:d9:05:0a:22:df:5a:2c:
                    54:0c:1e:41:05:5a:39:86:38:1a:e5:d0:77:52:7a:
                    eb:9f:53:28:e9:bb:45:f5:da:7e:54:e8:d7:a4:a0:
                    c9:a0:a5:98:f8:b2:05:b7:82:32:55:2c:a9:19:08:
                    6f:8f:29:b0:84:6b:03:27:92:bf:97:3b:96:5e:10:
                    01:fa:24:b7:a7:1f:79:9c:5b:1c:44:61:2d:89:ea:
                    00:1b:17:a4:4b:4d:6f:05:0d:c4:1e:e7:a3:a9:db:
                    39:e8:76:4c:8c:90:5a:fa:c2:c2:c6:a9:c0:3b:34:
                    f0:b6:59:68:bd:10:54:6d:d2:39:34:bc:ad:9c:a6:
                    2e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:FA:94:A6:0D:5A:47:B8:67:73:A1:D3:94:BB:40:F4:1B:8C:09:31
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/nPqUpg1aR7hnc6HTlLtA9BuMCTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.41.0/24
                  193.46.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:64:e2:48:56:4b:6c:39:32:3f:d5:63:1e:3b:c1:9b:a7:81:
         dc:b8:a5:3b:f4:69:4e:c5:c4:21:06:f3:0a:eb:1a:c7:c0:a5:
         41:d8:9e:06:f4:13:f5:c0:ba:29:64:13:c2:7e:d0:c2:49:dd:
         c2:76:86:11:b2:7e:eb:fb:11:c9:e8:ff:79:28:5e:60:0a:b8:
         e2:64:46:97:be:26:a7:18:a8:a2:9d:42:e0:a0:4a:d2:10:b6:
         cf:42:b0:7b:ff:cd:b3:f5:e3:57:de:27:6d:1f:69:9e:91:d4:
         89:ba:2e:ef:d8:26:b2:d2:60:24:f9:37:0a:e2:d9:ce:9b:7f:
         57:29:69:84:84:7a:06:2f:ba:c8:1e:cd:94:1a:3d:67:67:11:
         43:2c:ab:fb:39:ef:90:3e:11:1e:d2:00:47:09:11:1a:62:1d:
         10:09:4a:1c:5c:f5:fe:69:79:1b:dc:8e:d7:0a:8d:59:ed:0b:
         bb:2d:cf:27:d3:6c:ff:77:be:97:d8:88:65:d9:fb:11:d7:5b:
         07:d5:ec:66:3e:1e:13:fd:47:f4:11:7c:01:4d:89:13:9d:61:
         93:c9:cc:6d:5b:1a:e3:c6:91:c9:ab:51:d7:b5:b1:f3:78:2c:
         bc:2c:43:76:41:34:64:3c:69:b8:d0:6f:f5:c0:e7:54:d4:9f:
         3a:8e:75:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWuAI8uxPhQ3t1hTJn7jdawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwMzE5MTA0MzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ZhOTRhNjBkNWE0N2I4Njc3M2ExZDM5NGJiNDBmNDFiOGMwOTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyExRjROOX0AHxWKffy7Tc1roSBp8
D2YK5qxNqlguxbkqfsVKVKeMVE8lgEibk5uqJksRT+8GEWYzJIrrWhqkmdaij5UX
oEz1ibKXskvef/AzYuHZDuT+VuThuq7+ghmyImO/xsw0x32FClsS2eKaHXNuiZS5
alkivXDc0+LC7NkFCiLfWixUDB5BBVo5hjga5dB3Unrrn1Mo6btF9dp+VOjXpKDJ
oKWY+LIFt4IyVSypGQhvjymwhGsDJ5K/lzuWXhAB+iS3px95nFscRGEtieoAGxek
S01vBQ3EHuejqds56HZMjJBa+sLCxqnAOzTwtllovRBUbdI5NLytnKYu2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJz6lKYNWke4Z3Oh05S7QPQbjAkxMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvblBxVXBnMWFSN2huYzZIVGxMdEE5QnVNQ1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuegpAwQA
wS7YMA0GCSqGSIb3DQEBCwUAA4IBAQAHZOJIVktsOTI/1WMeO8Gbp4HcuKU79GlO
xcQhBvMK6xrHwKVB2J4G9BP1wLopZBPCftDCSd3CdoYRsn7r+xHJ6P95KF5gCrji
ZEaXvianGKiinULgoErSELbPQrB7/82z9eNX3idtH2mekdSJui7v2Cay0mAk+TcK
4tnOm39XKWmEhHoGL7rIHs2UGj1nZxFDLKv7Oe+QPhEe0gBHCREaYh0QCUocXPX+
aXkb3I7XCo1Z7Qu7Lc8n02z/d76X2Ihl2fsR11sH1exmPh4T/Uf0EXwBTYkTnWGT
ycxtWxrjxpHJq1HXtbHzeCy8LEN2QTRkPGm40G/1wOdU1J86jnVs
-----END CERTIFICATE-----