Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/ac0385-2090-4704-8e01-3e62e9e78906/1/cBAS0GUhF4mz2fqaOHRlVgN3CFs.roa
File:                     cBAS0GUhF4mz2fqaOHRlVgN3CFs.roa (raw, json)
Hash identifier:          Lp1yFkf1vOWXjEEeUSdOv9NCeGF4SfR636ANc/ZvdMQ=
Subject key identifier:   70:10:12:D0:65:21:17:89:B3:D9:FA:9A:38:74:65:56:03:77:08:5B
Certificate issuer:       /CN=f572325d2d21974669c488f9ebaa6bbb92cd5fed
Certificate serial:       019423698A389EDF1B4794AD283397862B75
Authority key identifier: F5:72:32:5D:2D:21:97:46:69:C4:88:F9:EB:AA:6B:BB:92:CD:5F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XIyXS0hl0ZpxIj566pru5LNX-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/ac0385-2090-4704-8e01-3e62e9e78906/1/cBAS0GUhF4mz2fqaOHRlVgN3CFs.roa
Signing time:             Wed 01 Jan 2025 19:48:26 +0000
ROA not before:           Wed 01 Jan 2025 19:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2107
IP address blocks:        193.138.1.0/24 maxlen: 24
                          193.138.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/ac0385-2090-4704-8e01-3e62e9e78906/1/9XIyXS0hl0ZpxIj566pru5LNX-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/ac0385-2090-4704-8e01-3e62e9e78906/1/9XIyXS0hl0ZpxIj566pru5LNX-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XIyXS0hl0ZpxIj566pru5LNX-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:8a:38:9e:df:1b:47:94:ad:28:33:97:86:2b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f572325d2d21974669c488f9ebaa6bbb92cd5fed
        Validity
            Not Before: Jan  1 19:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=701012d065211789b3d9fa9a387465560377085b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:87:72:92:f3:cf:36:28:1a:3f:f5:45:33:23:
                    15:c4:ce:07:0f:4e:4d:09:a0:54:24:c8:11:97:69:
                    2b:2b:16:6e:67:ed:f1:cf:a7:b7:b6:b4:dd:66:ba:
                    9f:61:be:b3:c9:6c:43:a1:78:98:db:cc:1d:9d:46:
                    5e:42:1b:ae:fc:12:fd:9d:45:26:9d:52:1f:29:4c:
                    a7:2d:2e:47:39:06:ac:e3:6a:4d:84:f4:84:15:6c:
                    ec:88:cb:f8:37:26:d1:2b:9c:d4:1b:ca:c0:2b:ef:
                    85:20:2c:e0:64:0f:c5:55:14:0c:cf:96:b4:37:0d:
                    9d:73:61:19:ec:a4:16:74:b4:34:67:c4:25:28:cb:
                    26:88:9d:7a:f3:18:6c:9a:c3:70:65:03:99:ad:c9:
                    5e:2b:af:82:28:24:d2:21:46:dc:5a:94:ab:22:2d:
                    de:80:46:51:ee:49:1c:f4:19:d6:f7:49:a1:09:15:
                    7a:ac:54:b6:e4:10:62:93:93:da:39:66:80:48:b5:
                    96:a0:53:c2:6e:fa:28:26:71:f5:3b:08:8f:e6:ac:
                    b1:c2:ba:69:59:8c:7f:28:87:2f:6d:cd:09:46:95:
                    96:4c:4c:5e:f5:ec:dc:6e:66:6f:46:3d:44:36:1d:
                    aa:09:f7:01:58:a7:5f:bf:7c:2a:b5:1d:62:cf:9b:
                    a1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:10:12:D0:65:21:17:89:B3:D9:FA:9A:38:74:65:56:03:77:08:5B
            X509v3 Authority Key Identifier:
                keyid:F5:72:32:5D:2D:21:97:46:69:C4:88:F9:EB:AA:6B:BB:92:CD:5F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XIyXS0hl0ZpxIj566pru5LNX-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ac0385-2090-4704-8e01-3e62e9e78906/1/cBAS0GUhF4mz2fqaOHRlVgN3CFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/ac0385-2090-4704-8e01-3e62e9e78906/1/9XIyXS0hl0ZpxIj566pru5LNX-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.1.0-193.138.2.255

    Signature Algorithm: sha256WithRSAEncryption
         a1:e8:d5:48:7d:cd:36:f6:e6:e3:c3:04:45:30:e8:76:c0:6d:
         a8:61:7f:35:70:3b:46:51:72:49:db:ee:c9:c6:97:41:d7:0e:
         77:94:21:0f:fd:2e:42:1d:67:6b:c2:ba:6e:b0:07:16:ae:f4:
         54:74:c9:8b:8a:a8:ba:0c:41:d4:23:25:67:13:53:47:74:91:
         69:e3:ec:14:a2:51:a3:52:5c:69:09:9b:b7:40:d7:1a:1c:3d:
         b7:77:ef:2c:6f:8e:db:87:f7:28:e1:a4:80:ec:38:7b:d6:02:
         17:2f:75:f6:71:5a:4d:1e:45:ca:f7:3a:ab:c0:91:bd:95:26:
         76:89:91:57:59:91:c9:29:cd:7c:a1:7d:d6:9a:d7:c0:92:0f:
         71:58:22:55:11:84:67:aa:f5:54:7d:a5:4e:7c:f1:20:9a:43:
         72:20:4d:80:90:30:97:ce:14:42:44:28:6d:cb:75:40:0e:30:
         5e:0f:8e:f3:f4:fa:76:da:00:3a:8e:0f:5f:37:38:d5:b8:63:
         2a:90:33:fa:9e:35:81:58:3f:03:1a:d6:ff:f5:2c:17:81:50:
         1a:62:13:98:b8:5f:8a:56:8c:55:ed:65:55:6b:56:3e:5b:39:
         09:82:f9:f2:e1:21:79:06:74:fd:75:48:7e:67:5e:aa:d9:4a:
         50:3f:83:40
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQjaYo4nt8bR5StKDOXhit1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NzIzMjVkMmQyMTk3NDY2OWM0ODhmOWViYWE2YmJiOTJj
ZDVmZWQwHhcNMjUwMTAxMTk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDEwMTJkMDY1MjExNzg5YjNkOWZhOWEzODc0NjU1NjAzNzcwODViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3odykvPPNigaP/VFMyMVxM4HD05N
CaBUJMgRl2krKxZuZ+3xz6e3trTdZrqfYb6zyWxDoXiY28wdnUZeQhuu/BL9nUUm
nVIfKUynLS5HOQas42pNhPSEFWzsiMv4NybRK5zUG8rAK++FICzgZA/FVRQMz5a0
Nw2dc2EZ7KQWdLQ0Z8QlKMsmiJ168xhsmsNwZQOZrcleK6+CKCTSIUbcWpSrIi3e
gEZR7kkc9BnW90mhCRV6rFS25BBik5PaOWaASLWWoFPCbvooJnH1OwiP5qyxwrpp
WYx/KIcvbc0JRpWWTExe9ezcbmZvRj1ENh2qCfcBWKdfv3wqtR1iz5uhOwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHAQEtBlIReJs9n6mjh0ZVYDdwhbMB8GA1UdIwQY
MBaAFPVyMl0tIZdGacSI+euqa7uSzV/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhJeVhTMGhsMFpweElqNTY2cHJ1NUxOWC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9hYzAzODUtMjA5MC00NzA0LThlMDEt
M2U2MmU5ZTc4OTA2LzEvY0JBUzBHVWhGNG16MmZxYU9IUmxWZ04zQ0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9hYzAzODUtMjA5MC00NzA0LThlMDEtM2U2MmU5ZTc4OTA2
LzEvOVhJeVhTMGhsMFpweElqNTY2cHJ1NUxOWC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBigED
BADBigIwDQYJKoZIhvcNAQELBQADggEBAKHo1Uh9zTb25uPDBEUw6HbAbahhfzVw
O0ZRcknb7snGl0HXDneUIQ/9LkIdZ2vCum6wBxau9FR0yYuKqLoMQdQjJWcTU0d0
kWnj7BSiUaNSXGkJm7dA1xocPbd37yxvjtuH9yjhpIDsOHvWAhcvdfZxWk0eRcr3
OqvAkb2VJnaJkVdZkckpzXyhfdaa18CSD3FYIlURhGeq9VR9pU588SCaQ3IgTYCQ
MJfOFEJEKG3LdUAOMF4PjvP0+nbaADqOD183ONW4YyqQM/qeNYFYPwMa1v/1LBeB
UBpiE5i4X4pWjFXtZVVrVj5bOQmC+fLhIXkGdP11SH5nXqrZSlA/g0A=
-----END CERTIFICATE-----