Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rEV1qrPTWQvgxKf28N2EV8iYryI.roa
File:                     rEV1qrPTWQvgxKf28N2EV8iYryI.roa (raw, json)
Hash identifier:          LqL7gNsaYxO0Q0Qy5/VvgopKS5ehruww2iyJLEsMIIQ=
Subject key identifier:   AC:45:75:AA:B3:D3:59:0B:E0:C4:A7:F6:F0:DD:84:57:C8:98:AF:22
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220076FDDD3CE422F91660C5B6BA792
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rEV1qrPTWQvgxKf28N2EV8iYryI.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3507
IP address blocks:        193.23.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:07:6f:dd:d3:ce:42:2f:91:66:0c:5b:6b:a7:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac4575aab3d3590be0c4a7f6f0dd8457c898af22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:38:4f:12:ac:a8:e8:41:34:e4:49:88:83:9c:
                    6a:5a:4b:bb:18:a6:e0:cf:64:e4:a5:9a:63:3e:b9:
                    77:88:19:d5:ed:aa:1d:e1:3c:53:17:4c:61:f8:ee:
                    84:86:a9:fc:17:7f:e7:58:80:ee:43:a2:4b:09:22:
                    2d:d7:8c:82:16:66:ca:de:f6:46:70:f4:2f:0b:39:
                    20:90:29:13:e1:fe:5b:c1:c0:58:09:dd:a8:79:8b:
                    ed:91:82:a8:51:14:5d:14:58:07:d3:90:71:ea:a7:
                    b7:de:24:65:94:e1:45:71:3a:b1:03:a4:07:46:fb:
                    23:1f:fe:f6:d3:0e:f5:cc:c3:65:8d:6e:ab:04:2f:
                    27:8d:4c:04:62:fd:fb:39:11:b7:2e:6f:2a:cc:83:
                    b2:69:8a:47:8b:0c:c2:57:98:14:5c:6a:ec:4c:c6:
                    58:e9:d8:61:72:75:20:13:13:96:7b:18:66:b8:70:
                    5d:d2:79:cf:09:60:bd:c5:de:e6:6b:3d:fc:be:d9:
                    57:f9:b6:fd:21:83:57:99:77:04:f0:9c:50:40:20:
                    c0:5c:8a:67:73:b3:2f:ee:8c:dc:19:fa:e7:9f:8e:
                    d2:66:0d:16:d0:2f:24:08:a7:cd:02:94:06:77:01:
                    50:21:76:b6:5b:75:04:9a:33:c6:a7:f9:4e:18:06:
                    f2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:45:75:AA:B3:D3:59:0B:E0:C4:A7:F6:F0:DD:84:57:C8:98:AF:22
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rEV1qrPTWQvgxKf28N2EV8iYryI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:81:25:3c:b9:1d:47:d0:7b:41:6d:4e:a2:1e:b1:a8:c6:b3:
         a5:d6:70:a9:da:3a:67:0c:1c:1d:38:52:78:f6:e0:4e:00:fa:
         24:38:37:5d:26:3b:5b:57:b6:82:02:c4:f8:57:5c:50:f4:de:
         d9:2e:1a:a1:52:1a:61:70:d2:cf:46:97:12:4f:63:5e:01:59:
         71:b7:2e:28:52:f4:61:3a:e4:47:00:c3:b8:ab:e8:6c:80:f7:
         1f:66:0d:ce:55:cb:8c:6d:29:9a:e2:54:f5:b6:b2:98:26:0b:
         ee:dc:ac:71:12:20:9d:3a:64:1d:92:a6:1e:98:48:15:6c:ba:
         ef:90:56:b9:92:d6:ea:f7:51:dd:39:0b:8f:bd:fa:00:a4:36:
         b8:1e:09:d9:e5:b8:95:2e:c0:2f:ad:98:80:1d:b3:03:f7:81:
         57:6c:bc:4f:3e:3f:43:3b:7f:8e:73:65:9d:63:2a:89:34:94:
         74:fb:15:16:be:6b:d1:2e:e9:4c:ed:2c:32:bb:e5:24:c4:78:
         79:11:02:c3:b6:3d:98:54:1a:4d:15:ce:44:0a:35:e4:05:e2:
         34:a2:bf:4e:d2:45:b2:94:bf:3c:d6:8a:9e:1b:58:58:4f:fb:
         ca:18:92:14:7f:4e:63:ef:35:d6:34:5e:4e:a4:27:23:45:30:
         60:a7:ff:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAdv3dPOQi+RZgxba6eSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ1NzVhYWIzZDM1OTBiZTBjNGE3ZjZmMGRkODQ1N2M4OThhZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDhPEqyo6EE05EmIg5xqWku7GKbg
z2TkpZpjPrl3iBnV7aod4TxTF0xh+O6Ehqn8F3/nWIDuQ6JLCSIt14yCFmbK3vZG
cPQvCzkgkCkT4f5bwcBYCd2oeYvtkYKoURRdFFgH05Bx6qe33iRllOFFcTqxA6QH
RvsjH/720w71zMNljW6rBC8njUwEYv37ORG3Lm8qzIOyaYpHiwzCV5gUXGrsTMZY
6dhhcnUgExOWexhmuHBd0nnPCWC9xd7maz38vtlX+bb9IYNXmXcE8JxQQCDAXIpn
c7Mv7ozcGfrnn47SZg0W0C8kCKfNApQGdwFQIXa2W3UEmjPGp/lOGAby6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxFdaqz01kL4MSn9vDdhFfImK8iMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvckVWMXFyUFRXUXZneEtmMjhOMkVWOGlZcnlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwReCMA0G
CSqGSIb3DQEBCwUAA4IBAQAIgSU8uR1H0HtBbU6iHrGoxrOl1nCp2jpnDBwdOFJ4
9uBOAPokODddJjtbV7aCAsT4V1xQ9N7ZLhqhUhphcNLPRpcST2NeAVlxty4oUvRh
OuRHAMO4q+hsgPcfZg3OVcuMbSma4lT1trKYJgvu3KxxEiCdOmQdkqYemEgVbLrv
kFa5ktbq91HdOQuPvfoApDa4HgnZ5biVLsAvrZiAHbMD94FXbLxPPj9DO3+Oc2Wd
YyqJNJR0+xUWvmvRLulM7Swyu+UkxHh5EQLDtj2YVBpNFc5ECjXkBeI0or9O0kWy
lL881oqeG1hYT/vKGJIUf05j7zXWNF5OpCcjRTBgp/+t
-----END CERTIFICATE-----