Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/iNe91R6y78p-QSDXxoxxAjDA_Og.roa
File:                     iNe91R6y78p-QSDXxoxxAjDA_Og.roa (raw, json)
Hash identifier:          HR8YO++Y/qB7B+dcbqN5/SgR3c8dd7aULLQGyyrd4j8=
Subject key identifier:   88:D7:BD:D5:1E:B2:EF:CA:7E:41:20:D7:C6:8C:71:02:30:C0:FC:E8
Certificate issuer:       /CN=c7c24de99101fafdf74bca293fd6d95060d50a63
Certificate serial:       01942444C216519BCE44943A73F40C95139E
Authority key identifier: C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/iNe91R6y78p-QSDXxoxxAjDA_Og.roa
Signing time:             Wed 01 Jan 2025 23:47:53 +0000
ROA not before:           Wed 01 Jan 2025 23:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29283
IP address blocks:        176.140.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:c2:16:51:9b:ce:44:94:3a:73:f4:0c:95:13:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7c24de99101fafdf74bca293fd6d95060d50a63
        Validity
            Not Before: Jan  1 23:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88d7bdd51eb2efca7e4120d7c68c710230c0fce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a7:2d:93:68:b2:4c:0f:ed:63:3a:e4:d7:f9:
                    ce:95:2b:30:2e:9d:2c:67:35:4d:d0:c2:0e:ee:a0:
                    3c:1a:3c:f8:f3:5e:1a:e3:58:47:1e:07:ba:d8:b7:
                    91:48:d2:1d:06:52:6c:60:85:31:32:6b:66:12:01:
                    91:24:3d:49:e7:2b:50:c1:64:c9:73:d6:06:ac:4b:
                    70:58:29:fd:cd:5b:5a:29:83:c1:d7:2a:6b:4d:c3:
                    ee:4e:6a:59:b0:f1:8f:a2:3a:41:3c:88:c7:5a:25:
                    e6:1f:8f:bc:7e:2b:ea:61:cd:ae:01:6b:6a:56:94:
                    2b:0a:75:e6:6b:51:82:9c:20:cb:ab:a6:57:e4:45:
                    96:17:27:2a:b3:a9:eb:3a:fa:40:23:25:8c:32:45:
                    56:63:e3:5a:0d:9d:a1:98:66:57:1a:1f:91:2b:8e:
                    2c:61:2f:ee:fa:0d:fc:f4:0d:5e:92:41:0b:7a:34:
                    be:ed:c8:85:a9:b1:e8:c8:c2:93:02:00:ed:65:03:
                    94:49:91:b8:1d:ff:77:f5:a5:72:b6:70:28:54:cf:
                    68:09:26:02:40:4a:6b:ce:66:b6:d9:c7:e6:1c:99:
                    3c:78:38:30:5c:99:c9:1b:c0:c8:12:52:af:87:54:
                    e0:85:ea:f8:d5:57:40:a2:cb:3e:97:ce:c1:64:b0:
                    08:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D7:BD:D5:1E:B2:EF:CA:7E:41:20:D7:C6:8C:71:02:30:C0:FC:E8
            X509v3 Authority Key Identifier:
                keyid:C7:C2:4D:E9:91:01:FA:FD:F7:4B:CA:29:3F:D6:D9:50:60:D5:0A:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x8JN6ZEB-v33S8opP9bZUGDVCmM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/iNe91R6y78p-QSDXxoxxAjDA_Og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/eb013f-5774-4e06-a5d4-ed5d6ce8d7e8/1/x8JN6ZEB-v33S8opP9bZUGDVCmM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.140.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:e0:38:36:01:e0:a7:bc:ed:49:6f:29:84:a4:30:ac:f5:08:
         b5:e5:91:63:31:63:39:32:e1:3d:bf:d6:91:7a:4e:25:14:bb:
         2a:22:04:0f:34:ae:e6:be:bc:ba:dc:67:50:ce:b0:e7:f0:74:
         df:29:47:dd:18:c9:31:c4:db:3c:45:09:5f:69:51:b4:83:4a:
         d6:f2:4c:d1:06:9b:02:a3:8f:2f:83:8d:55:8a:ec:79:86:04:
         1d:d3:1b:d1:a9:66:80:9c:30:0d:6e:b5:30:1c:17:ff:88:bc:
         9c:2a:a1:f4:b7:3e:05:7c:b1:d7:0d:79:2f:5f:af:09:06:4e:
         4b:39:66:c6:7c:a4:4e:94:94:ec:7e:6d:74:b3:fd:1c:44:c6:
         78:e1:e3:54:c8:10:37:a5:84:b3:c4:23:87:08:04:f4:c3:6b:
         26:04:32:a0:8e:fa:ab:9f:ae:bd:c3:ad:a0:51:63:66:fa:7f:
         ad:a3:53:59:da:9b:8b:39:9f:62:f9:bb:04:82:23:0e:0d:88:
         dc:62:db:1b:fb:42:fa:9e:c2:fb:c3:a5:52:67:90:70:d1:7d:
         7a:c4:da:53:0b:5d:4b:3a:0c:37:c1:f2:51:cb:4b:61:57:a4:
         db:29:7e:02:2e:d7:2d:f7:4c:81:5e:51:80:08:30:f7:e2:bf:
         59:4a:0b:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRMIWUZvORJQ6c/QMlROeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3YzI0ZGU5OTEwMWZhZmRmNzRiY2EyOTNmZDZkOTUwNjBk
NTBhNjMwHhcNMjUwMTAxMjM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQ3YmRkNTFlYjJlZmNhN2U0MTIwZDdjNjhjNzEwMjMwYzBmY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3actk2iyTA/tYzrk1/nOlSswLp0s
ZzVN0MIO7qA8Gjz4814a41hHHge62LeRSNIdBlJsYIUxMmtmEgGRJD1J5ytQwWTJ
c9YGrEtwWCn9zVtaKYPB1yprTcPuTmpZsPGPojpBPIjHWiXmH4+8fivqYc2uAWtq
VpQrCnXma1GCnCDLq6ZX5EWWFycqs6nrOvpAIyWMMkVWY+NaDZ2hmGZXGh+RK44s
YS/u+g389A1ekkELejS+7ciFqbHoyMKTAgDtZQOUSZG4Hf939aVytnAoVM9oCSYC
QEprzma22cfmHJk8eDgwXJnJG8DIElKvh1Tgher41VdAoss+l87BZLAIEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjXvdUesu/KfkEg18aMcQIwwPzoMB8GA1UdIwQY
MBaAFMfCTemRAfr990vKKT/W2VBg1QpjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQt
ZWQ1ZDZjZThkN2U4LzEvaU5lOTFSNnk3OHAtUVNEWHhveHhBakRBX09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9lYjAxM2YtNTc3NC00ZTA2LWE1ZDQtZWQ1ZDZjZThkN2U4
LzEveDhKTjZaRUItdjMzUzhvcFA5YlpVR0RWQ21NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsIxsMA0G
CSqGSIb3DQEBCwUAA4IBAQAk4Dg2AeCnvO1JbymEpDCs9Qi15ZFjMWM5MuE9v9aR
ek4lFLsqIgQPNK7mvry63GdQzrDn8HTfKUfdGMkxxNs8RQlfaVG0g0rW8kzRBpsC
o48vg41Viux5hgQd0xvRqWaAnDANbrUwHBf/iLycKqH0tz4FfLHXDXkvX68JBk5L
OWbGfKROlJTsfm10s/0cRMZ44eNUyBA3pYSzxCOHCAT0w2smBDKgjvqrn669w62g
UWNm+n+to1NZ2puLOZ9i+bsEgiMODYjcYtsb+0L6nsL7w6VSZ5Bw0X16xNpTC11L
Ogw3wfJRy0thV6TbKX4CLtct90yBXlGACDD34r9ZSgvQ
-----END CERTIFICATE-----