Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/nfdXz1IG7b_z6nn3ZM-dFbFrj0o.roa
File:                     nfdXz1IG7b_z6nn3ZM-dFbFrj0o.roa (raw, json)
Hash identifier:          16xUnfqni5W44fEXrAqCEswn3RFCkRKYxijUqdQX43o=
Subject key identifier:   9D:F7:57:CF:52:06:ED:BF:F3:EA:79:F7:64:CF:9D:15:B1:6B:8F:4A
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019500229B03A7D002866408CA6D136D0DED
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/nfdXz1IG7b_z6nn3ZM-dFbFrj0o.roa
Signing time:             Thu 13 Feb 2025 16:27:02 +0000
ROA not before:           Thu 13 Feb 2025 16:27:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204286
IP address blocks:        109.205.60.0/24 maxlen: 24
                          188.93.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:00:22:9b:03:a7:d0:02:86:64:08:ca:6d:13:6d:0d:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Feb 13 16:27:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9df757cf5206edbff3ea79f764cf9d15b16b8f4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6a:fc:23:f2:7b:e2:e1:85:94:24:51:c9:69:
                    d5:5d:aa:3c:64:f9:44:ff:c4:0c:d2:90:39:07:93:
                    e8:1b:ab:09:7d:58:e1:37:33:80:9b:b9:20:8b:da:
                    2f:35:9e:89:18:2b:e5:85:e8:e0:d5:d5:ad:9d:a6:
                    c3:6e:67:0e:7e:5c:06:6a:17:c0:4a:76:43:93:34:
                    31:df:d7:dd:8c:a3:8d:38:86:4d:f4:a6:ba:b1:b4:
                    a3:82:1e:8d:04:75:5e:09:ca:3e:ca:45:af:4c:cf:
                    e4:d7:73:47:bb:35:05:c4:e7:8e:24:dc:b0:a9:28:
                    23:b9:f3:c5:7a:9e:66:fd:46:8e:20:85:09:34:b4:
                    8e:de:a3:e4:a7:7c:e3:ba:18:01:d9:c5:b0:bb:5c:
                    6b:d9:dd:ca:35:ca:7e:2b:69:1a:8c:bb:e1:92:5a:
                    b7:df:ca:b8:de:4e:6e:66:96:82:a5:a7:72:65:ef:
                    44:63:9f:cf:17:1f:6a:52:25:28:6b:51:e8:3b:02:
                    2e:1b:fc:f9:ae:36:e6:30:9b:0c:35:d2:5c:65:9a:
                    1c:10:0e:46:a9:08:80:c9:73:5f:4f:be:03:9a:8b:
                    9b:c1:81:ed:78:5c:66:95:6e:b3:dc:b0:97:64:ff:
                    34:90:0c:9c:0e:f9:60:39:09:cc:c0:35:b2:ab:2e:
                    f7:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:F7:57:CF:52:06:ED:BF:F3:EA:79:F7:64:CF:9D:15:B1:6B:8F:4A
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/nfdXz1IG7b_z6nn3ZM-dFbFrj0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.60.0/24
                  188.93.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:38:90:91:b8:09:93:e3:8e:ba:d9:67:44:46:83:e6:f3:d8:
         ee:61:1b:98:f8:68:a7:4e:a2:3a:3a:fb:16:64:67:29:ba:f4:
         54:78:59:10:bc:23:24:84:62:45:69:04:4d:b9:2c:59:33:79:
         8e:6b:e4:72:5d:db:ad:eb:02:da:99:a6:74:d1:96:af:e4:58:
         d6:dd:55:a6:13:c7:de:d1:65:d1:3b:35:59:90:f0:40:9f:29:
         be:6c:40:bb:46:0e:6a:bb:3f:6d:11:3f:51:05:71:4a:0e:b0:
         99:ac:f8:c9:5f:02:14:d7:e7:e8:4d:d3:26:cd:cc:60:13:7b:
         5d:bd:99:dc:9f:e4:96:5f:f8:01:5d:bc:23:9f:35:06:f9:27:
         1d:80:3e:1b:00:b1:ff:86:f1:28:bc:fb:21:93:c4:0c:9e:f5:
         85:81:ce:b7:e7:c1:36:bb:47:2b:a6:fa:a3:eb:e1:a1:60:83:
         39:96:78:e3:32:12:bb:45:03:34:ba:5a:7b:c3:6b:5c:2c:13:
         17:ad:38:30:3e:eb:d7:ae:bc:90:00:fa:fb:b9:6f:9a:21:f2:
         e9:2a:23:0b:d4:b8:12:f5:cd:b1:32:f4:25:f2:bf:91:ca:36:
         1b:ee:c0:ed:6a:8e:0d:fc:3b:a5:ec:a9:0e:29:ac:70:ce:ff:
         25:cf:bc:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUAIpsDp9AChmQIym0TbQ3tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwMjEzMTYyNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGY3NTdjZjUyMDZlZGJmZjNlYTc5Zjc2NGNmOWQxNWIxNmI4ZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2r8I/J74uGFlCRRyWnVXao8ZPlE
/8QM0pA5B5PoG6sJfVjhNzOAm7kgi9ovNZ6JGCvlhejg1dWtnabDbmcOflwGahfA
SnZDkzQx39fdjKONOIZN9Ka6sbSjgh6NBHVeCco+ykWvTM/k13NHuzUFxOeOJNyw
qSgjufPFep5m/UaOIIUJNLSO3qPkp3zjuhgB2cWwu1xr2d3KNcp+K2kajLvhklq3
38q43k5uZpaCpadyZe9EY5/PFx9qUiUoa1HoOwIuG/z5rjbmMJsMNdJcZZocEA5G
qQiAyXNfT74DmoubwYHteFxmlW6z3LCXZP80kAycDvlgOQnMwDWyqy73JQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ33V89SBu2/8+p592TPnRWxa49KMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvbmZkWHoxSUc3Yl96Nm5uM1pNLWRGYkZyajBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbc08AwQA
vF11MA0GCSqGSIb3DQEBCwUAA4IBAQBnOJCRuAmT44662WdERoPm89juYRuY+Gin
TqI6OvsWZGcpuvRUeFkQvCMkhGJFaQRNuSxZM3mOa+RyXdut6wLamaZ00Zav5FjW
3VWmE8fe0WXROzVZkPBAnym+bEC7Rg5quz9tET9RBXFKDrCZrPjJXwIU1+foTdMm
zcxgE3tdvZncn+SWX/gBXbwjnzUG+ScdgD4bALH/hvEovPshk8QMnvWFgc6358E2
u0crpvqj6+GhYIM5lnjjMhK7RQM0ulp7w2tcLBMXrTgwPuvXrryQAPr7uW+aIfLp
KiML1LgS9c2xMvQl8r+RyjYb7sDtao4N/Dul7KkOKaxwzv8lz7wu
-----END CERTIFICATE-----