Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/NfqSWbJdJXxqFxN8cBz_Qs2JCHY.roa
File:                     NfqSWbJdJXxqFxN8cBz_Qs2JCHY.roa (raw, json)
Hash identifier:          lveW/dgSbzQIqR2OETitUQrTBS86brQw8N0Uo5SrheM=
Subject key identifier:   35:FA:92:59:B2:5D:25:7C:6A:17:13:7C:70:1C:FF:42:CD:89:08:76
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       0194258F1CDFCB0A0FC51519C98779B5FC4A
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/NfqSWbJdJXxqFxN8cBz_Qs2JCHY.roa
Signing time:             Thu 02 Jan 2025 05:48:43 +0000
ROA not before:           Thu 02 Jan 2025 05:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60881
IP address blocks:        193.140.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:1c:df:cb:0a:0f:c5:15:19:c9:87:79:b5:fc:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  2 05:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35fa9259b25d257c6a17137c701cff42cd890876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:51:ea:64:42:56:19:36:0f:00:74:3d:dc:a4:
                    d6:f9:77:fc:48:28:23:0d:0a:2f:e1:2e:8d:79:1c:
                    f0:01:53:0b:de:db:2b:ae:07:6d:9a:87:63:dd:09:
                    70:aa:82:16:43:e2:65:4d:b7:77:03:14:01:6a:e9:
                    1e:2b:04:3f:eb:23:a7:d5:05:1f:0a:4f:62:01:04:
                    af:49:e8:cd:39:e6:60:fc:31:a9:3c:c7:de:3b:d2:
                    8c:69:4b:f4:c5:de:47:d7:85:73:58:52:ce:4f:92:
                    82:39:0f:1f:f6:f0:6d:ba:45:55:79:2a:07:e5:27:
                    77:53:35:ba:0d:92:27:e7:d6:3f:06:5e:8b:a4:d4:
                    b6:50:d5:44:3c:65:8f:34:37:2b:cc:b1:6b:72:39:
                    6f:f0:cc:3e:95:45:52:54:29:a1:19:65:bf:fc:e6:
                    57:fe:29:a8:8b:a0:a6:62:87:66:ce:7c:76:2e:6f:
                    e7:fa:d3:66:30:79:25:e5:90:c4:09:70:90:0d:cc:
                    bd:bc:9e:b7:55:c8:4d:f1:10:ae:d7:8a:06:93:9f:
                    08:47:7d:b3:41:e9:2b:30:d1:71:e2:3d:3e:68:d5:
                    b0:be:fe:30:bd:71:84:c7:5d:bf:81:2b:97:4a:04:
                    45:dc:1a:5c:e0:03:89:9c:e6:da:52:d3:55:66:c6:
                    91:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FA:92:59:B2:5D:25:7C:6A:17:13:7C:70:1C:FF:42:CD:89:08:76
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/NfqSWbJdJXxqFxN8cBz_Qs2JCHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.140.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:95:97:5a:fb:81:7b:92:5d:61:fb:d0:80:03:7e:49:25:32:
         84:7a:f1:e0:1c:68:d8:1c:d7:92:f3:22:dd:c6:08:b2:b8:1e:
         c4:09:43:fb:6e:9b:5c:b8:67:2c:9d:c8:f7:f5:bb:e8:c8:f0:
         a7:6c:40:47:b4:b4:2f:26:47:8e:6b:07:97:0b:9a:85:ad:be:
         58:8b:66:dd:ba:80:92:9c:15:fd:d8:d3:cc:94:e5:98:74:93:
         56:25:78:5e:46:65:13:14:ed:c0:14:3b:f3:d5:51:2b:85:47:
         69:da:36:7d:9c:ad:a6:8a:ce:d9:9f:70:1d:01:bd:5d:ed:c2:
         43:a3:00:21:55:e1:49:c0:75:19:22:9c:92:74:4e:af:d6:67:
         17:d8:07:1d:04:cf:4c:db:15:93:44:90:1e:14:02:f8:cf:e4:
         6b:5e:1c:1d:d6:e8:9d:fe:c0:ae:ae:f4:cc:50:7f:6e:0f:8e:
         7e:8c:67:a4:4d:3f:31:91:e7:fb:4e:0a:c5:d1:ac:b5:4a:3a:
         28:8d:cf:28:1b:db:5c:50:12:70:ac:9e:5d:9e:26:06:d2:5a:
         1a:51:fb:81:9f:58:8c:4f:7a:f0:09:39:cd:9b:8f:ab:f5:c2:
         df:ac:ee:50:66:82:ee:1b:56:62:aa:79:6a:cb:4e:2f:66:b7:
         87:44:8c:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljxzfywoPxRUZyYd5tfxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjUwMTAyMDU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZhOTI1OWIyNWQyNTdjNmExNzEzN2M3MDFjZmY0MmNkODkwODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VHqZEJWGTYPAHQ93KTW+Xf8SCgj
DQov4S6NeRzwAVML3tsrrgdtmodj3QlwqoIWQ+JlTbd3AxQBaukeKwQ/6yOn1QUf
Ck9iAQSvSejNOeZg/DGpPMfeO9KMaUv0xd5H14VzWFLOT5KCOQ8f9vBtukVVeSoH
5Sd3UzW6DZIn59Y/Bl6LpNS2UNVEPGWPNDcrzLFrcjlv8Mw+lUVSVCmhGWW//OZX
/imoi6CmYodmznx2Lm/n+tNmMHkl5ZDECXCQDcy9vJ63VchN8RCu14oGk58IR32z
QekrMNFx4j0+aNWwvv4wvXGEx12/gSuXSgRF3Bpc4AOJnObaUtNVZsaRHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDX6klmyXSV8ahcTfHAc/0LNiQh2MB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvTmZxU1diSmRKWHhxRnhOOGNCel9RczJKQ0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYx/MA0G
CSqGSIb3DQEBCwUAA4IBAQBQlZda+4F7kl1h+9CAA35JJTKEevHgHGjYHNeS8yLd
xgiyuB7ECUP7bptcuGcsncj39bvoyPCnbEBHtLQvJkeOaweXC5qFrb5Yi2bduoCS
nBX92NPMlOWYdJNWJXheRmUTFO3AFDvz1VErhUdp2jZ9nK2mis7Zn3AdAb1d7cJD
owAhVeFJwHUZIpySdE6v1mcX2AcdBM9M2xWTRJAeFAL4z+RrXhwd1uid/sCurvTM
UH9uD45+jGekTT8xkef7TgrF0ay1Sjoojc8oG9tcUBJwrJ5dniYG0loaUfuBn1iM
T3rwCTnNm4+r9cLfrO5QZoLuG1Ziqnlqy04vZreHRIzF
-----END CERTIFICATE-----