Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/V7B5ePYrHsO0XNRkMFSzpgb0L6o.roa
File:                     V7B5ePYrHsO0XNRkMFSzpgb0L6o.roa (raw, json)
Hash identifier:          mqOCLJjTNfcn+4Yc3m3WAArsC6xNXAO5dY/bAJctVR0=
Subject key identifier:   57:B0:79:78:F6:2B:1E:C3:B4:5C:D4:64:30:54:B3:A6:06:F4:2F:AA
Certificate issuer:       /CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
Certificate serial:       0194228DF3C2CF135638039B74FADAD71F2B
Authority key identifier: D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/V7B5ePYrHsO0XNRkMFSzpgb0L6o.roa
Signing time:             Wed 01 Jan 2025 15:48:35 +0000
ROA not before:           Wed 01 Jan 2025 15:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13074
IP address blocks:        192.118.70.0/24 maxlen: 24
                          192.118.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f3:c2:cf:13:56:38:03:9b:74:fa:da:d7:1f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
        Validity
            Not Before: Jan  1 15:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57b07978f62b1ec3b45cd4643054b3a606f42faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:9c:75:1d:05:62:61:95:74:77:d0:d1:06:d3:
                    50:e0:50:1f:5a:0f:06:f8:77:9d:fb:53:e1:78:6c:
                    bc:17:e6:52:f0:3e:0d:76:cb:b7:fe:f5:05:c7:97:
                    2a:e5:4d:9b:9f:a0:45:b3:ab:c9:02:21:ab:22:fb:
                    c8:28:3c:14:df:0d:6a:59:2a:34:79:ad:69:e2:29:
                    9a:18:5f:d4:28:88:86:51:0c:9c:9c:bd:ea:c8:e3:
                    6d:df:41:72:52:14:c8:23:e2:57:4f:d2:ee:ab:29:
                    37:c3:87:6b:90:98:46:76:94:6c:2c:cc:67:a8:fd:
                    94:12:71:ac:fb:d8:c6:fe:8c:34:c4:52:b4:38:44:
                    31:c4:d2:f0:1c:87:f1:ac:fd:c7:ad:12:b6:91:dd:
                    9f:22:f0:de:fc:7d:25:f2:51:b0:c4:90:93:13:ee:
                    d6:16:45:6f:f7:b5:96:41:d6:44:b0:b6:aa:c3:2a:
                    e3:66:ae:e6:07:81:94:b5:73:38:dc:a6:01:d5:a0:
                    99:18:c9:03:fa:23:9d:67:43:15:03:bd:fd:67:f2:
                    16:fe:d6:cc:91:d8:4c:95:8f:a7:f0:e3:c7:27:34:
                    5f:e8:ac:81:20:23:31:d0:52:36:1e:4c:3d:02:ae:
                    f9:a8:ae:d4:79:d6:c1:52:c7:c3:51:62:0a:80:ef:
                    6e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:B0:79:78:F6:2B:1E:C3:B4:5C:D4:64:30:54:B3:A6:06:F4:2F:AA
            X509v3 Authority Key Identifier:
                keyid:D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/V7B5ePYrHsO0XNRkMFSzpgb0L6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.118.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:11:bc:70:12:33:d2:13:4b:f3:3b:6d:d1:66:32:49:e2:85:
         aa:da:f0:aa:37:72:98:43:40:60:ee:a4:fb:07:e3:1a:03:fd:
         36:67:f3:18:72:03:a3:47:61:82:1b:68:ca:8b:8c:21:fa:e2:
         37:cb:90:cb:1a:22:72:c0:7d:ab:5d:64:22:9e:d0:2e:94:1a:
         5e:00:26:0a:22:d2:5a:ae:da:28:a0:1b:22:df:da:cb:d1:da:
         a8:70:8c:e1:36:0b:f7:e6:14:35:d6:78:1c:89:43:76:03:9b:
         39:06:e0:40:2b:86:dd:16:2a:d7:40:73:a2:c8:76:b0:e5:d6:
         a9:b8:c2:f7:38:f9:a7:94:d8:76:3c:ee:eb:65:6a:02:d9:6c:
         d3:f8:53:03:05:80:fe:e8:d1:be:fd:52:5c:90:05:45:38:0a:
         3c:a2:0c:74:04:39:d5:52:62:e6:84:3b:3e:6d:54:18:2a:8a:
         58:15:75:b9:42:67:ca:f7:7b:31:96:33:3f:07:10:94:fb:e9:
         e7:f1:a8:18:22:d2:59:b3:a2:84:44:62:5e:bc:4c:09:41:f3:
         73:9e:0b:e3:72:ab:df:f3:eb:13:dd:82:79:4f:f3:e5:40:93:
         ce:6c:61:86:d3:2d:e6:8e:12:b4:3f:c2:7b:f1:ce:16:1c:cf:
         5f:dc:da:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfPCzxNWOAObdPra1x8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzFkNWZkNGUyMGFkZTVmMTFiNjZhZmIxMGE1NGM4ZmZl
NGIwNDAwHhcNMjUwMTAxMTU0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2IwNzk3OGY2MmIxZWMzYjQ1Y2Q0NjQzMDU0YjNhNjA2ZjQyZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Jx1HQViYZV0d9DRBtNQ4FAfWg8G
+Hed+1PheGy8F+ZS8D4Ndsu3/vUFx5cq5U2bn6BFs6vJAiGrIvvIKDwU3w1qWSo0
ea1p4imaGF/UKIiGUQycnL3qyONt30FyUhTII+JXT9Luqyk3w4drkJhGdpRsLMxn
qP2UEnGs+9jG/ow0xFK0OEQxxNLwHIfxrP3HrRK2kd2fIvDe/H0l8lGwxJCTE+7W
FkVv97WWQdZEsLaqwyrjZq7mB4GUtXM43KYB1aCZGMkD+iOdZ0MVA739Z/IW/tbM
kdhMlY+n8OPHJzRf6KyBICMx0FI2Hkw9Aq75qK7UedbBUsfDUWIKgO9uyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFeweXj2Kx7DtFzUZDBUs6YG9C+qMB8GA1UdIwQY
MBaAFNLB1f1OIK3l8Rtmr7EKVMj/5LBAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTkt
YTA5YTg3NWY1OTAzLzEvVjdCNWVQWXJIc08wWE5Sa01GU3pwZ2IwTDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTktYTA5YTg3NWY1OTAz
LzEvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwHZGMA0G
CSqGSIb3DQEBCwUAA4IBAQAXEbxwEjPSE0vzO23RZjJJ4oWq2vCqN3KYQ0Bg7qT7
B+MaA/02Z/MYcgOjR2GCG2jKi4wh+uI3y5DLGiJywH2rXWQintAulBpeACYKItJa
rtoooBsi39rL0dqocIzhNgv35hQ11ngciUN2A5s5BuBAK4bdFirXQHOiyHaw5dap
uML3OPmnlNh2PO7rZWoC2WzT+FMDBYD+6NG+/VJckAVFOAo8ogx0BDnVUmLmhDs+
bVQYKopYFXW5QmfK93sxljM/BxCU++nn8agYItJZs6KERGJevEwJQfNzngvjcqvf
8+sT3YJ5T/PlQJPObGGG0y3mjhK0P8J78c4WHM9f3Nof
-----END CERTIFICATE-----