Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/b0d1d2-842c-4d05-a623-b50c2f2e4704/1/x_RfurRNedmEj2hSqHVNcrKbV_E.roa
File:                     x_RfurRNedmEj2hSqHVNcrKbV_E.roa (raw, json)
Hash identifier:          8G+RNYkhEQwOffPjlh7thkZsriDB79Nwv1PSXlUOkh8=
Subject key identifier:   C7:F4:5F:BA:B4:4D:79:D9:84:8F:68:52:A8:75:4D:72:B2:9B:57:F1
Certificate issuer:       /CN=3c9219dac3584986e78b41dc9ffb622623b4ac61
Certificate serial:       01941FFA1D16FC3B30CF24CB3C08C6D23B5D
Authority key identifier: 3C:92:19:DA:C3:58:49:86:E7:8B:41:DC:9F:FB:62:26:23:B4:AC:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PJIZ2sNYSYbni0Hcn_tiJiO0rGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/b0d1d2-842c-4d05-a623-b50c2f2e4704/1/x_RfurRNedmEj2hSqHVNcrKbV_E.roa
Signing time:             Wed 01 Jan 2025 03:47:52 +0000
ROA not before:           Wed 01 Jan 2025 03:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199888
IP address blocks:        192.83.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/b0d1d2-842c-4d05-a623-b50c2f2e4704/1/PJIZ2sNYSYbni0Hcn_tiJiO0rGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/b0d1d2-842c-4d05-a623-b50c2f2e4704/1/PJIZ2sNYSYbni0Hcn_tiJiO0rGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PJIZ2sNYSYbni0Hcn_tiJiO0rGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:1d:16:fc:3b:30:cf:24:cb:3c:08:c6:d2:3b:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c9219dac3584986e78b41dc9ffb622623b4ac61
        Validity
            Not Before: Jan  1 03:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7f45fbab44d79d9848f6852a8754d72b29b57f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7f:b8:fb:86:01:05:b2:d4:6a:e0:28:7a:48:
                    83:5b:ad:53:36:df:5d:c6:6d:90:80:5c:31:9a:bb:
                    ae:8d:d1:8e:90:92:14:5d:13:4e:86:1b:5f:c9:c9:
                    16:a1:2f:a7:ed:99:5e:16:09:6f:cc:c0:8f:74:d5:
                    3a:a1:b4:8d:b0:24:94:d0:b0:44:cc:c4:26:92:cf:
                    83:5a:f0:2d:94:1e:98:59:84:a7:68:7a:a8:b3:84:
                    59:50:ae:3e:15:4b:cb:e1:ad:b4:16:44:77:b4:13:
                    7e:ce:bd:2a:44:d2:79:0f:30:d2:ce:f0:6f:e2:81:
                    1d:59:a4:5a:f7:23:80:07:27:14:3d:30:b7:7c:67:
                    ae:cb:7a:60:61:f1:32:f5:5a:46:c3:02:6d:e1:2d:
                    78:50:22:e9:be:73:05:98:bc:e6:2a:9b:52:94:7b:
                    16:ee:70:cb:57:6e:7f:ab:60:79:2f:ff:19:cd:1b:
                    fc:ae:8d:a8:d4:ab:b2:3f:11:b7:ec:75:9c:45:e1:
                    0f:07:e5:1a:bd:ba:c5:cf:61:a1:da:e2:e1:38:55:
                    b6:9e:08:e3:30:cc:52:df:6c:12:3b:85:be:9d:56:
                    e4:6b:c4:de:9b:3f:85:8b:72:f2:05:6f:8a:6c:4f:
                    a0:f4:06:2a:93:9e:b2:df:6d:00:1a:34:d8:1c:6c:
                    da:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F4:5F:BA:B4:4D:79:D9:84:8F:68:52:A8:75:4D:72:B2:9B:57:F1
            X509v3 Authority Key Identifier:
                keyid:3C:92:19:DA:C3:58:49:86:E7:8B:41:DC:9F:FB:62:26:23:B4:AC:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PJIZ2sNYSYbni0Hcn_tiJiO0rGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b0d1d2-842c-4d05-a623-b50c2f2e4704/1/x_RfurRNedmEj2hSqHVNcrKbV_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b0d1d2-842c-4d05-a623-b50c2f2e4704/1/PJIZ2sNYSYbni0Hcn_tiJiO0rGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.83.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:40:39:4a:b0:2c:7c:59:ba:ab:58:81:1a:f6:b6:81:af:8d:
         ef:71:8c:07:d7:cb:86:b3:8b:1c:98:29:cf:f1:c6:ad:7a:4a:
         04:07:5c:59:21:0a:92:b8:57:c1:2b:14:29:fc:0e:a4:97:ed:
         c7:4e:b4:c8:4e:a4:95:b3:b2:4c:3c:45:4a:e9:7e:7a:9d:d7:
         98:d9:c3:2e:14:df:d2:9c:61:9e:b1:a7:b3:02:e7:65:9d:50:
         d9:fa:fe:c8:3e:1a:e0:36:af:6d:69:49:c3:08:c6:4a:89:17:
         29:47:37:19:bf:47:d2:2f:72:0c:42:eb:d4:af:a5:ce:12:69:
         be:13:90:e8:0b:78:64:88:aa:3a:4e:b0:c5:c6:54:f0:8f:e8:
         20:b1:8b:44:63:91:ed:44:d5:93:23:71:9a:d3:42:d8:20:d9:
         22:16:43:bb:89:bb:f7:1d:8a:30:dc:7e:32:eb:cd:3a:55:f7:
         5b:79:68:3a:3a:ad:fb:be:8f:57:27:28:27:89:c9:c2:17:d2:
         52:4b:2a:38:53:4d:42:bc:f8:f5:f6:42:8b:82:60:93:e8:52:
         60:50:0e:89:ba:95:cd:8f:94:21:62:e9:ca:55:7a:1f:f2:fd:
         f1:31:3c:bf:d5:5b:93:0f:0b:b2:b9:b6:fb:73:9d:ff:ae:06:
         46:c6:c9:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+h0W/DswzyTLPAjG0jtdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjOTIxOWRhYzM1ODQ5ODZlNzhiNDFkYzlmZmI2MjI2MjNi
NGFjNjEwHhcNMjUwMTAxMDM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y0NWZiYWI0NGQ3OWQ5ODQ4ZjY4NTJhODc1NGQ3MmIyOWI1N2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3+4+4YBBbLUauAoekiDW61TNt9d
xm2QgFwxmruujdGOkJIUXRNOhhtfyckWoS+n7ZleFglvzMCPdNU6obSNsCSU0LBE
zMQmks+DWvAtlB6YWYSnaHqos4RZUK4+FUvL4a20FkR3tBN+zr0qRNJ5DzDSzvBv
4oEdWaRa9yOABycUPTC3fGeuy3pgYfEy9VpGwwJt4S14UCLpvnMFmLzmKptSlHsW
7nDLV25/q2B5L/8ZzRv8ro2o1KuyPxG37HWcReEPB+UavbrFz2Gh2uLhOFW2ngjj
MMxS32wSO4W+nVbka8Temz+Fi3LyBW+KbE+g9AYqk56y320AGjTYHGza9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf0X7q0TXnZhI9oUqh1TXKym1fxMB8GA1UdIwQY
MBaAFDySGdrDWEmG54tB3J/7YiYjtKxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEpJWjJzTllTWWJuaTBIY25fdGlKaU8wckdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iMGQxZDItODQyYy00ZDA1LWE2MjMt
YjUwYzJmMmU0NzA0LzEveF9SZnVyUk5lZG1FajJoU3FIVk5jcktiVl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iMGQxZDItODQyYy00ZDA1LWE2MjMtYjUwYzJmMmU0NzA0
LzEvUEpJWjJzTllTWWJuaTBIY25fdGlKaU8wckdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwFOlMA0G
CSqGSIb3DQEBCwUAA4IBAQByQDlKsCx8WbqrWIEa9raBr43vcYwH18uGs4scmCnP
8catekoEB1xZIQqSuFfBKxQp/A6kl+3HTrTITqSVs7JMPEVK6X56ndeY2cMuFN/S
nGGesaezAudlnVDZ+v7IPhrgNq9taUnDCMZKiRcpRzcZv0fSL3IMQuvUr6XOEmm+
E5DoC3hkiKo6TrDFxlTwj+ggsYtEY5HtRNWTI3Ga00LYINkiFkO7ibv3HYow3H4y
6806VfdbeWg6Oq37vo9XJygnicnCF9JSSyo4U01CvPj19kKLgmCT6FJgUA6JupXN
j5QhYunKVXof8v3xMTy/1VuTDwuyubb7c53/rgZGxsku
-----END CERTIFICATE-----