Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/uzHsVm3pK-eWySg6DxW1LNadfN4.roa
File:                     uzHsVm3pK-eWySg6DxW1LNadfN4.roa (raw, json)
Hash identifier:          f7Ekdfxt1w1Ik7dpXGT0WWQ4k0292INTL/KsMP+l94c=
Subject key identifier:   BB:31:EC:56:6D:E9:2B:E7:96:C9:28:3A:0F:15:B5:2C:D6:9D:7C:DE
Certificate issuer:       /CN=fdd7002bf3a2eacfc881d5e1a0211098c669956c
Certificate serial:       01941F8C135BB2360A4ECCF131F989605AA4
Authority key identifier: FD:D7:00:2B:F3:A2:EA:CF:C8:81:D5:E1:A0:21:10:98:C6:69:95:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dcAK_Oi6s_IgdXhoCEQmMZplWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/uzHsVm3pK-eWySg6DxW1LNadfN4.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29273
IP address blocks:        193.41.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dcAK_Oi6s_IgdXhoCEQmMZplWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:13:5b:b2:36:0a:4e:cc:f1:31:f9:89:60:5a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd7002bf3a2eacfc881d5e1a0211098c669956c
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb31ec566de92be796c9283a0f15b52cd69d7cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fe:8a:d3:32:1d:c3:ef:a0:db:90:ca:00:a8:
                    4e:41:2d:80:b0:b5:7f:69:b5:62:96:94:02:c8:ce:
                    90:2d:87:1f:36:57:8e:d4:88:04:81:01:59:0a:a8:
                    d1:23:62:57:96:0c:78:bd:ad:e7:ff:f8:f7:84:84:
                    c3:15:65:19:ef:d2:f7:d0:95:fc:8d:2e:20:3d:3e:
                    86:c2:aa:62:77:8f:bb:8c:21:f3:31:53:0e:7e:3b:
                    64:04:9f:d8:7b:77:03:65:b6:c9:c7:b8:fe:8b:61:
                    c5:4c:15:c6:c8:c2:0b:07:24:3b:88:aa:d8:90:a2:
                    f6:55:14:d1:fb:c9:c1:c8:79:ac:27:ac:71:2b:4b:
                    2a:5f:53:07:f8:f5:f0:39:1e:fc:cf:97:b4:a1:d6:
                    10:26:d5:5f:4d:d1:b5:6b:5e:a8:7c:50:bb:fb:c8:
                    78:04:1c:7f:fe:39:dc:42:3f:9a:d5:75:b8:df:8b:
                    80:33:1b:52:cd:77:f6:b0:cb:48:31:9a:83:d3:08:
                    6f:a0:5b:c0:ea:42:3d:9d:bd:e5:fc:ed:78:5d:13:
                    10:96:27:0b:8e:af:94:76:ff:c1:8b:ec:19:25:20:
                    5f:52:78:aa:d8:34:2d:ef:a4:60:d1:e8:13:ac:69:
                    d7:bf:77:0b:f6:29:1d:15:26:5f:37:dc:99:60:44:
                    15:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:31:EC:56:6D:E9:2B:E7:96:C9:28:3A:0F:15:B5:2C:D6:9D:7C:DE
            X509v3 Authority Key Identifier:
                keyid:FD:D7:00:2B:F3:A2:EA:CF:C8:81:D5:E1:A0:21:10:98:C6:69:95:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dcAK_Oi6s_IgdXhoCEQmMZplWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/uzHsVm3pK-eWySg6DxW1LNadfN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/101bcf-d1df-47c4-a2eb-2161ff47881c/1/_dcAK_Oi6s_IgdXhoCEQmMZplWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:fb:3c:e3:de:57:d7:ee:2e:43:77:5c:47:b6:8b:0e:f9:8b:
         c1:a8:f6:d4:47:c5:8a:ca:d6:36:25:d0:b8:58:6c:e3:d9:d2:
         d5:b7:66:d2:c8:ff:73:b7:a8:e2:7e:38:4d:b7:aa:59:bd:00:
         82:ee:a3:4e:08:bf:45:4b:cb:45:be:a3:95:f2:09:90:37:97:
         2b:48:be:2b:99:f3:6e:89:6e:53:40:b0:a1:ef:24:82:61:35:
         f0:19:b4:f0:4a:73:cd:9b:61:b9:c3:56:e8:4c:ea:02:92:df:
         28:f5:6c:9f:22:e6:fa:85:a0:0e:f9:b0:63:c1:c8:9e:fc:56:
         af:fd:c2:6a:8d:77:bf:e8:fe:87:7f:c9:43:46:87:84:78:42:
         2c:45:f9:95:bc:02:03:80:40:db:2e:60:a3:95:23:c2:c0:91:
         8e:1d:19:d9:c7:10:48:02:18:f9:c0:71:cf:4d:33:63:d0:c6:
         12:68:27:0e:c9:4b:c9:06:90:6b:f0:ac:3a:5e:f8:b9:e0:7e:
         e0:38:fb:f6:4b:e0:c6:86:63:ee:86:46:37:c4:d6:10:70:d5:
         10:49:f7:f9:19:57:e8:98:2e:02:7c:8a:65:22:ff:d0:89:76:
         4e:4d:a7:b5:0a:f0:14:a8:78:5c:11:d7:0e:d3:fd:9a:66:44:
         a7:6a:02:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBNbsjYKTszxMfmJYFqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDcwMDJiZjNhMmVhY2ZjODgxZDVlMWEwMjExMDk4YzY2
OTk1NmMwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjMxZWM1NjZkZTkyYmU3OTZjOTI4M2EwZjE1YjUyY2Q2OWQ3Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2P6K0zIdw++g25DKAKhOQS2AsLV/
abVilpQCyM6QLYcfNleO1IgEgQFZCqjRI2JXlgx4va3n//j3hITDFWUZ79L30JX8
jS4gPT6Gwqpid4+7jCHzMVMOfjtkBJ/Ye3cDZbbJx7j+i2HFTBXGyMILByQ7iKrY
kKL2VRTR+8nByHmsJ6xxK0sqX1MH+PXwOR78z5e0odYQJtVfTdG1a16ofFC7+8h4
BBx//jncQj+a1XW434uAMxtSzXf2sMtIMZqD0whvoFvA6kI9nb3l/O14XRMQlicL
jq+Udv/Bi+wZJSBfUniq2DQt76Rg0egTrGnXv3cL9ikdFSZfN9yZYEQVNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLsx7FZt6SvnlskoOg8VtSzWnXzeMB8GA1UdIwQY
MBaAFP3XACvzourPyIHV4aAhEJjGaZVsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RjQUtfT2k2c19JZ2RYaG9DRVFtTVpwbFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xMDFiY2YtZDFkZi00N2M0LWEyZWIt
MjE2MWZmNDc4ODFjLzEvdXpIc1ZtM3BLLWVXeVNnNkR4VzFMTmFkZk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xMDFiY2YtZDFkZi00N2M0LWEyZWItMjE2MWZmNDc4ODFj
LzEvX2RjQUtfT2k2c19JZ2RYaG9DRVFtTVpwbFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSkkMA0G
CSqGSIb3DQEBCwUAA4IBAQA3+zzj3lfX7i5Dd1xHtosO+YvBqPbUR8WKytY2JdC4
WGzj2dLVt2bSyP9zt6jifjhNt6pZvQCC7qNOCL9FS8tFvqOV8gmQN5crSL4rmfNu
iW5TQLCh7ySCYTXwGbTwSnPNm2G5w1boTOoCkt8o9WyfIub6haAO+bBjwcie/Fav
/cJqjXe/6P6Hf8lDRoeEeEIsRfmVvAIDgEDbLmCjlSPCwJGOHRnZxxBIAhj5wHHP
TTNj0MYSaCcOyUvJBpBr8Kw6Xvi54H7gOPv2S+DGhmPuhkY3xNYQcNUQSff5GVfo
mC4CfIplIv/QiXZOTae1CvAUqHhcEdcO0/2aZkSnagLH
-----END CERTIFICATE-----