Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/etqHJp94mEXyM-mZRNVFRO7Kziw.roa
File:                     etqHJp94mEXyM-mZRNVFRO7Kziw.roa (raw, json)
Hash identifier:          Y6iOU/XBP66s91SGzXjQj2BEKS4QjWa/buoOF4uhFqg=
Subject key identifier:   7A:DA:87:26:9F:78:98:45:F2:33:E9:99:44:D5:45:44:EE:CA:CE:2C
Certificate issuer:       /CN=4303f1334d75ac432c0caa78d389a70c09c12ca6
Certificate serial:       0195B854A501699EEB891E293E25EB76EFC0
Authority key identifier: 43:03:F1:33:4D:75:AC:43:2C:0C:AA:78:D3:89:A7:0C:09:C1:2C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwPxM011rEMsDKp404mnDAnBLKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/etqHJp94mEXyM-mZRNVFRO7Kziw.roa
Signing time:             Fri 21 Mar 2025 10:51:49 +0000
ROA not before:           Fri 21 Mar 2025 10:51:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21022
IP address blocks:        193.138.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/QwPxM011rEMsDKp404mnDAnBLKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/QwPxM011rEMsDKp404mnDAnBLKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QwPxM011rEMsDKp404mnDAnBLKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b8:54:a5:01:69:9e:eb:89:1e:29:3e:25:eb:76:ef:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4303f1334d75ac432c0caa78d389a70c09c12ca6
        Validity
            Not Before: Mar 21 10:51:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ada87269f789845f233e99944d54544eecace2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:77:01:ba:0a:a0:3d:d5:09:df:0c:94:b8:34:
                    b1:c0:3b:37:93:6b:60:b6:48:7c:67:fa:f1:0f:ff:
                    e1:c2:6c:1c:e9:6b:0a:59:50:01:c4:9b:c6:0e:97:
                    85:21:08:7f:bf:f6:dd:8d:6f:01:ff:d2:22:79:14:
                    57:9b:19:0b:a4:d3:63:55:53:5c:1a:d1:70:1e:01:
                    83:1d:38:a5:89:5a:c1:4e:50:fe:1e:42:77:b0:40:
                    d7:b6:0b:91:c0:ac:d6:6a:3a:74:f0:9b:88:57:15:
                    50:fa:4e:30:cf:7e:69:80:0d:ba:99:ae:5d:e0:e5:
                    33:bf:d5:b0:eb:c6:f7:56:09:d4:7b:eb:78:24:c3:
                    47:34:00:70:ef:00:9b:be:42:e2:d3:76:97:6f:6c:
                    de:6b:62:a8:dd:72:0b:42:2b:0a:67:cb:a2:92:31:
                    57:ab:67:b4:7a:82:c1:df:e3:af:67:8f:86:5d:61:
                    1f:9b:62:22:83:e6:b4:ed:d1:fe:65:45:8c:6e:58:
                    3e:35:06:8f:69:73:f4:75:1e:bd:45:6c:a0:29:41:
                    1d:27:03:66:f5:57:6b:09:a1:15:a4:6d:0b:ff:c9:
                    5b:ee:44:90:ac:2b:66:17:c8:57:2c:0c:35:95:a4:
                    44:34:b0:7d:01:74:d7:e7:e5:24:f2:de:8a:75:f2:
                    2d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:DA:87:26:9F:78:98:45:F2:33:E9:99:44:D5:45:44:EE:CA:CE:2C
            X509v3 Authority Key Identifier:
                keyid:43:03:F1:33:4D:75:AC:43:2C:0C:AA:78:D3:89:A7:0C:09:C1:2C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwPxM011rEMsDKp404mnDAnBLKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/etqHJp94mEXyM-mZRNVFRO7Kziw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/438008-338d-4c31-97c5-4cb97076cff2/1/QwPxM011rEMsDKp404mnDAnBLKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:be:4b:0f:68:e2:11:8b:5c:83:a9:f4:5c:8c:fa:d4:35:d0:
         6b:72:c6:55:fd:0d:c5:13:dd:ff:77:91:49:d5:2b:99:35:f0:
         81:fc:5f:e3:79:af:4b:c6:c8:6e:93:cd:5b:dc:ca:27:88:39:
         ca:26:8e:d7:72:f9:a4:41:88:ac:64:36:3f:7c:6f:e6:5d:68:
         3e:6e:25:ad:3b:99:17:dd:ee:0e:38:7a:52:36:b5:5f:41:e9:
         40:73:f1:7f:7f:71:1e:47:7c:28:14:ea:7a:0c:0e:7f:56:f8:
         11:1e:c1:25:aa:7f:c5:61:03:ad:ed:10:67:3f:57:a4:98:3d:
         d7:3e:d5:63:f3:e3:01:da:82:fe:ba:c2:6f:3c:d1:8a:5f:ec:
         02:c2:41:19:ec:ab:8f:ac:b9:da:33:ec:0b:43:c6:99:6a:47:
         c5:a2:50:0f:b4:a6:af:43:8d:78:2e:bb:be:1c:72:fa:05:80:
         80:69:fc:ed:a8:65:65:6b:e0:5d:4b:c6:2a:b3:8b:ff:30:cd:
         53:06:dc:9d:d0:6d:5d:73:29:a5:51:19:48:9c:20:16:1a:28:
         59:3b:96:91:67:f3:b6:e2:e3:86:18:b3:08:f7:cb:e4:b5:8a:
         d2:7c:83:55:d7:30:2a:2d:a6:d7:d2:11:e1:5b:96:3b:66:9f:
         37:9b:94:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW4VKUBaZ7riR4pPiXrdu/AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDNmMTMzNGQ3NWFjNDMyYzBjYWE3OGQzODlhNzBjMDlj
MTJjYTYwHhcNMjUwMzIxMTA1MTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWRhODcyNjlmNzg5ODQ1ZjIzM2U5OTk0NGQ1NDU0NGVlY2FjZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHcBugqgPdUJ3wyUuDSxwDs3k2tg
tkh8Z/rxD//hwmwc6WsKWVABxJvGDpeFIQh/v/bdjW8B/9IieRRXmxkLpNNjVVNc
GtFwHgGDHTiliVrBTlD+HkJ3sEDXtguRwKzWajp08JuIVxVQ+k4wz35pgA26ma5d
4OUzv9Ww68b3VgnUe+t4JMNHNABw7wCbvkLi03aXb2zea2Ko3XILQisKZ8uikjFX
q2e0eoLB3+OvZ4+GXWEfm2Iig+a07dH+ZUWMblg+NQaPaXP0dR69RWygKUEdJwNm
9VdrCaEVpG0L/8lb7kSQrCtmF8hXLAw1laRENLB9AXTX5+Uk8t6KdfItwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrahyafeJhF8jPpmUTVRUTuys4sMB8GA1UdIwQY
MBaAFEMD8TNNdaxDLAyqeNOJpwwJwSymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdQeE0wMTFyRU1zREtwNDA0bW5EQW5CTEtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80MzgwMDgtMzM4ZC00YzMxLTk3YzUt
NGNiOTcwNzZjZmYyLzEvZXRxSEpwOTRtRVh5TS1tWlJOVkZSTzdLeml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80MzgwMDgtMzM4ZC00YzMxLTk3YzUtNGNiOTcwNzZjZmYy
LzEvUXdQeE0wMTFyRU1zREtwNDA0bW5EQW5CTEtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYpjMA0G
CSqGSIb3DQEBCwUAA4IBAQACvksPaOIRi1yDqfRcjPrUNdBrcsZV/Q3FE93/d5FJ
1SuZNfCB/F/jea9Lxshuk81b3MoniDnKJo7XcvmkQYisZDY/fG/mXWg+biWtO5kX
3e4OOHpSNrVfQelAc/F/f3EeR3woFOp6DA5/VvgRHsElqn/FYQOt7RBnP1ekmD3X
PtVj8+MB2oL+usJvPNGKX+wCwkEZ7KuPrLnaM+wLQ8aZakfFolAPtKavQ414Lru+
HHL6BYCAafztqGVla+BdS8Yqs4v/MM1TBtyd0G1dcymlURlInCAWGihZO5aRZ/O2
4uOGGLMI98vktYrSfINV1zAqLabX0hHhW5Y7Zp83m5Q8
-----END CERTIFICATE-----