Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/cZ1VjXvm2kSaXyfxbG6DWvRG8uk.roa
File:                     cZ1VjXvm2kSaXyfxbG6DWvRG8uk.roa (raw, json)
Hash identifier:          5UVRN3VFRKsZKsanW2WSNXa8tl9mzCzer8YNhv2aLws=
Subject key identifier:   71:9D:55:8D:7B:E6:DA:44:9A:5F:27:F1:6C:6E:83:5A:F4:46:F2:E9
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       01942445692EEC94827645C3737AF3A310D0
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/cZ1VjXvm2kSaXyfxbG6DWvRG8uk.roa
Signing time:             Wed 01 Jan 2025 23:48:36 +0000
ROA not before:           Wed 01 Jan 2025 23:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7979
IP address blocks:        192.95.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:69:2e:ec:94:82:76:45:c3:73:7a:f3:a3:10:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  1 23:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=719d558d7be6da449a5f27f16c6e835af446f2e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b2:4c:b2:37:e8:2b:e5:32:36:18:e0:61:04:
                    8c:a0:cd:22:7b:20:ba:5f:dd:aa:de:c5:11:a1:2c:
                    8a:98:df:3e:2a:29:e0:85:0f:c7:30:08:d2:90:f2:
                    df:be:05:93:40:2a:05:01:b7:fd:46:67:62:bd:8b:
                    c4:d1:65:e3:6e:c2:c1:f7:b1:67:fb:ca:1f:d0:f8:
                    33:2d:c9:5c:eb:e3:e5:4d:fa:6d:6a:24:c2:de:a6:
                    02:20:3e:0c:6d:24:09:6d:80:7e:47:d0:48:ef:8d:
                    4c:51:07:94:5b:c9:c5:48:34:47:10:94:fb:36:ab:
                    d5:e0:6f:1d:68:e5:cf:7b:ac:6d:aa:fc:c4:da:92:
                    12:ff:36:1f:1d:06:ff:4d:51:c8:7d:60:63:ea:76:
                    da:12:b5:c0:32:53:a1:6c:e3:09:75:d4:f8:6c:5b:
                    06:e1:1e:d8:db:06:40:a3:82:91:1e:cf:91:d7:ff:
                    a6:70:45:cb:4f:16:4e:93:80:b0:fd:c1:f9:85:1e:
                    6b:77:9c:fc:3f:16:10:96:f8:33:ba:a4:b4:fa:92:
                    f9:f5:7f:07:f6:22:61:f1:72:22:2c:20:19:4f:2b:
                    6e:aa:18:68:60:7c:b8:cc:7a:b6:50:60:4a:5d:54:
                    0c:01:e4:f5:2a:8a:0d:c8:e5:ba:50:2d:e6:91:08:
                    28:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9D:55:8D:7B:E6:DA:44:9A:5F:27:F1:6C:6E:83:5A:F4:46:F2:E9
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/cZ1VjXvm2kSaXyfxbG6DWvRG8uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.95.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4c:e7:c0:70:b8:31:1d:f4:1c:19:54:32:da:0f:6a:4d:66:
         ca:70:18:5f:a4:40:76:55:5e:72:3a:d4:0c:80:6d:48:f5:12:
         c5:6b:16:16:42:e4:16:fe:1b:59:f3:d5:7e:c6:3e:da:c2:b9:
         fd:1b:2b:1a:78:4d:f6:bc:de:e5:0d:3c:73:08:ed:bc:4d:e2:
         e4:fa:f9:e2:ee:96:1f:48:12:84:0d:69:73:a5:82:d8:14:f5:
         d1:6e:9d:81:a7:02:50:d5:e6:08:c8:9b:72:19:07:68:f6:d9:
         ae:99:35:c7:56:8e:74:1b:11:78:b6:70:41:6e:eb:e4:b4:06:
         63:f9:07:82:4a:49:c1:5b:a8:0f:43:51:2f:86:91:42:50:81:
         8e:3f:f3:27:21:d5:45:1f:a2:bc:bb:ef:2f:31:bf:a0:44:f7:
         30:54:7f:f6:49:e8:a9:9f:d6:97:f5:0a:1b:b2:36:a2:66:b8:
         d1:08:85:81:40:9a:60:cc:fa:13:34:5b:27:0e:8d:44:1a:8f:
         f2:28:4a:f1:69:ce:14:79:aa:cc:9a:d9:9a:a1:82:df:bc:34:
         90:15:d0:a2:f3:da:c3:61:90:db:00:b5:34:1f:30:bf:e0:7f:
         18:3f:d1:e4:f7:79:f0:06:ff:d9:a4:9f:7e:c5:28:be:6b:dd:
         96:1d:47:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRWku7JSCdkXDc3rzoxDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTlkNTU4ZDdiZTZkYTQ0OWE1ZjI3ZjE2YzZlODM1YWY0NDZmMmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrJMsjfoK+UyNhjgYQSMoM0ieyC6
X92q3sURoSyKmN8+KinghQ/HMAjSkPLfvgWTQCoFAbf9RmdivYvE0WXjbsLB97Fn
+8of0PgzLclc6+PlTfptaiTC3qYCID4MbSQJbYB+R9BI741MUQeUW8nFSDRHEJT7
NqvV4G8daOXPe6xtqvzE2pIS/zYfHQb/TVHIfWBj6nbaErXAMlOhbOMJddT4bFsG
4R7Y2wZAo4KRHs+R1/+mcEXLTxZOk4Cw/cH5hR5rd5z8PxYQlvgzuqS0+pL59X8H
9iJh8XIiLCAZTytuqhhoYHy4zHq2UGBKXVQMAeT1KooNyOW6UC3mkQgo8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGdVY175tpEml8n8Wxug1r0RvLpMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvY1oxVmpYdm0ya1NhWHlmeGJHNkRXdlJHOHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwF9TMA0G
CSqGSIb3DQEBCwUAA4IBAQCSTOfAcLgxHfQcGVQy2g9qTWbKcBhfpEB2VV5yOtQM
gG1I9RLFaxYWQuQW/htZ89V+xj7awrn9GysaeE32vN7lDTxzCO28TeLk+vni7pYf
SBKEDWlzpYLYFPXRbp2BpwJQ1eYIyJtyGQdo9tmumTXHVo50GxF4tnBBbuvktAZj
+QeCSknBW6gPQ1EvhpFCUIGOP/MnIdVFH6K8u+8vMb+gRPcwVH/2Seipn9aX9Qob
sjaiZrjRCIWBQJpgzPoTNFsnDo1EGo/yKErxac4UearMmtmaoYLfvDSQFdCi89rD
YZDbALU0HzC/4H8YP9Hk93nwBv/ZpJ9+xSi+a92WHUf1
-----END CERTIFICATE-----