Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/e38yhLWXEVmqzpexT39CAVvzz0Q.roa
File:                     e38yhLWXEVmqzpexT39CAVvzz0Q.roa (raw, json)
Hash identifier:          BPXva5k8oXj/MP9PbA9GSzPiSKc5f6Z2a5jmXbL4TDQ=
Subject key identifier:   7B:7F:32:84:B5:97:11:59:AA:CE:97:B1:4F:7F:42:01:5B:F3:CF:44
Certificate issuer:       /CN=7755cd8be71e29e72d9690c7cd4087b5f26116f0
Certificate serial:       019420681711097EAAAAE07F040357299134
Authority key identifier: 77:55:CD:8B:E7:1E:29:E7:2D:96:90:C7:CD:40:87:B5:F2:61:16:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/e38yhLWXEVmqzpexT39CAVvzz0Q.roa
Signing time:             Wed 01 Jan 2025 05:48:00 +0000
ROA not before:           Wed 01 Jan 2025 05:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2611
IP address blocks:        193.53.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:17:11:09:7e:aa:aa:e0:7f:04:03:57:29:91:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7755cd8be71e29e72d9690c7cd4087b5f26116f0
        Validity
            Not Before: Jan  1 05:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b7f3284b5971159aace97b14f7f42015bf3cf44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:65:a8:04:51:c6:69:49:1f:39:17:fd:4b:41:
                    90:74:38:ca:88:7e:88:32:15:d5:86:72:5d:17:dc:
                    3b:74:60:cf:9c:7a:4d:f0:39:cf:f2:f3:ab:e1:32:
                    86:d4:e4:32:fa:10:3b:d3:d7:3a:ac:4e:1b:06:51:
                    3f:48:7b:5e:13:68:28:55:43:35:cf:07:34:f2:08:
                    cb:53:dc:11:cb:13:af:7c:15:f3:80:d7:88:75:81:
                    e5:a4:93:f8:bc:a3:4f:2e:5b:7a:4f:3d:9b:bc:eb:
                    ff:9b:54:78:86:8a:b3:5e:94:10:fd:12:60:94:bc:
                    9b:01:76:e3:fa:d2:0e:09:0d:d0:25:0d:51:5d:d8:
                    a0:22:c4:bf:c3:91:ce:cd:a0:bb:b5:c0:ab:f9:ad:
                    25:95:11:03:26:ba:d9:08:8f:99:0b:50:95:91:a8:
                    31:14:d3:ba:45:8d:36:52:83:f4:78:0f:ad:d8:27:
                    de:fc:97:39:bb:5e:83:99:28:20:9c:bd:95:10:46:
                    c9:83:b3:27:0a:5f:55:4e:28:33:13:32:e0:41:8d:
                    df:b9:10:35:72:ff:74:18:d0:28:52:c4:9d:37:97:
                    0c:eb:ea:d5:c7:50:43:2d:70:7d:f9:d5:d6:08:d1:
                    49:57:53:f1:de:a7:ed:7f:3c:7f:9d:fb:c9:d5:aa:
                    7b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:7F:32:84:B5:97:11:59:AA:CE:97:B1:4F:7F:42:01:5B:F3:CF:44
            X509v3 Authority Key Identifier:
                keyid:77:55:CD:8B:E7:1E:29:E7:2D:96:90:C7:CD:40:87:B5:F2:61:16:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/e38yhLWXEVmqzpexT39CAVvzz0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:94:28:70:f6:f2:98:a5:e8:16:b3:5c:02:1b:40:06:62:23:
         69:96:97:09:4c:78:35:f0:bd:7e:fb:1e:ea:31:94:ad:16:89:
         35:4c:8a:57:b2:24:99:e9:ef:b7:7b:6c:ec:f7:98:94:f9:54:
         b3:80:83:9e:ac:7a:ba:5e:45:32:44:8c:22:fb:6d:8a:6e:2b:
         51:05:3f:e9:3f:55:1d:2d:4c:f6:23:76:d4:75:34:c2:ef:e8:
         6e:9a:06:ab:59:bf:d9:6d:13:9e:0e:21:ec:39:8c:7a:78:73:
         b5:3a:48:3a:a7:97:c4:dd:77:83:a5:4a:22:07:0c:ca:35:b4:
         03:43:10:4f:09:bb:bb:f1:e3:42:d1:b0:1e:2b:d0:8b:73:94:
         07:f6:7f:5e:aa:0c:eb:2d:bd:5e:25:b6:ae:ea:43:4e:02:72:
         2b:a0:77:a9:0c:b5:ef:70:32:0b:0e:ae:d8:bb:56:8f:64:4a:
         9d:a9:b4:da:61:fd:74:4f:28:8f:58:63:44:d7:18:b6:bc:f7:
         5c:c9:cb:68:2f:bd:11:bc:a3:77:48:33:ba:0d:11:2e:f1:98:
         ca:2e:55:64:30:b8:0e:2a:ee:94:a5:f7:5b:f0:03:06:72:f2:
         ec:ec:7f:73:e1:ac:4e:ce:44:86:7d:72:0c:7c:a7:2f:06:24:
         e6:af:f3:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaBcRCX6qquB/BANXKZE0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NTVjZDhiZTcxZTI5ZTcyZDk2OTBjN2NkNDA4N2I1ZjI2
MTE2ZjAwHhcNMjUwMTAxMDU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjdmMzI4NGI1OTcxMTU5YWFjZTk3YjE0ZjdmNDIwMTViZjNjZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGWoBFHGaUkfORf9S0GQdDjKiH6I
MhXVhnJdF9w7dGDPnHpN8DnP8vOr4TKG1OQy+hA709c6rE4bBlE/SHteE2goVUM1
zwc08gjLU9wRyxOvfBXzgNeIdYHlpJP4vKNPLlt6Tz2bvOv/m1R4hoqzXpQQ/RJg
lLybAXbj+tIOCQ3QJQ1RXdigIsS/w5HOzaC7tcCr+a0llREDJrrZCI+ZC1CVkagx
FNO6RY02UoP0eA+t2Cfe/Jc5u16DmSggnL2VEEbJg7MnCl9VTigzEzLgQY3fuRA1
cv90GNAoUsSdN5cM6+rVx1BDLXB9+dXWCNFJV1Px3qftfzx/nfvJ1ap7vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHt/MoS1lxFZqs6XsU9/QgFb889EMB8GA1UdIwQY
MBaAFHdVzYvnHinnLZaQx81Ah7XyYRbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDFYTmktY2VLZWN0bHBESHpVQ0h0ZkpoRnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My83YzBjNTctMTVhOC00MzA3LTg1MGQt
ZTAyMWY4Y2U2YzUxLzEvZTM4eWhMV1hFVm1xenBleFQzOUNBVnZ6ejBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My83YzBjNTctMTVhOC00MzA3LTg1MGQtZTAyMWY4Y2U2YzUx
LzEvZDFYTmktY2VLZWN0bHBESHpVQ0h0ZkpoRnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTV9MA0G
CSqGSIb3DQEBCwUAA4IBAQA1lChw9vKYpegWs1wCG0AGYiNplpcJTHg18L1++x7q
MZStFok1TIpXsiSZ6e+3e2zs95iU+VSzgIOerHq6XkUyRIwi+22KbitRBT/pP1Ud
LUz2I3bUdTTC7+humgarWb/ZbROeDiHsOYx6eHO1Okg6p5fE3XeDpUoiBwzKNbQD
QxBPCbu78eNC0bAeK9CLc5QH9n9eqgzrLb1eJbau6kNOAnIroHepDLXvcDILDq7Y
u1aPZEqdqbTaYf10TyiPWGNE1xi2vPdcyctoL70RvKN3SDO6DREu8ZjKLlVkMLgO
Ku6Upfdb8AMGcvLs7H9z4axOzkSGfXIMfKcvBiTmr/PB
-----END CERTIFICATE-----