Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NL-GcCohAq5_9LarwAGYYzkFIBI.roa
File:                     NL-GcCohAq5_9LarwAGYYzkFIBI.roa (raw, json)
Hash identifier:          m12ezs5I2PE49guQjjnECEyvXnNktXCmM6RFHLmy6mg=
Subject key identifier:   34:BF:86:70:2A:21:02:AE:7F:F4:B6:AB:C0:01:98:63:39:05:20:12
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D7068D3AD521D753B6B199A4A3152E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NL-GcCohAq5_9LarwAGYYzkFIBI.roa
Signing time:             Wed 01 Jan 2025 21:48:01 +0000
ROA not before:           Wed 01 Jan 2025 21:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14576
IP address blocks:        193.0.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:06:8d:3a:d5:21:d7:53:b6:b1:99:a4:a3:15:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34bf86702a2102ae7ff4b6abc001986339052012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8e:c3:29:70:10:cd:2f:65:d8:54:fc:32:94:
                    3f:41:a2:29:15:17:3b:84:d3:a9:d5:e7:da:8a:ca:
                    7a:c0:ac:9c:1a:29:c9:59:b3:ad:ca:f2:6b:e8:63:
                    58:ff:01:45:d6:c7:c0:ca:6e:98:01:d5:40:5f:7c:
                    72:b7:f2:91:77:99:9a:c4:c3:83:b7:5c:d4:27:fd:
                    ed:83:52:98:51:6a:7f:a0:85:6e:21:70:0e:cd:19:
                    f3:3e:f9:b8:3e:c1:76:a6:f3:f6:a4:1e:f3:25:6b:
                    c7:db:53:83:b7:67:bc:d2:66:45:90:38:db:59:b1:
                    66:5b:e8:b0:98:5d:5d:4a:9d:a8:b8:88:80:e5:96:
                    5b:1e:2f:36:66:aa:1d:da:98:b6:23:0f:fd:d6:f0:
                    82:ec:76:4f:17:f5:31:c9:dd:93:51:c5:a0:a3:64:
                    60:e3:67:1c:ab:6f:36:4a:29:73:31:81:e5:d6:99:
                    f3:bd:f8:b7:0a:55:5a:60:0e:8e:8f:23:f7:88:e2:
                    75:59:b3:51:ba:13:57:95:91:a3:c0:cb:3c:40:9d:
                    9e:46:01:fb:bb:16:cf:a2:96:d4:d3:b3:5a:13:12:
                    10:23:00:29:14:89:8e:f8:85:13:fe:23:38:ba:db:
                    d3:84:af:64:d8:e4:31:b2:59:c5:39:13:d2:da:ba:
                    88:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:BF:86:70:2A:21:02:AE:7F:F4:B6:AB:C0:01:98:63:39:05:20:12
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NL-GcCohAq5_9LarwAGYYzkFIBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:31:4f:fa:91:d3:f7:1f:61:ee:22:b1:fa:d5:48:e1:df:ef:
         66:cf:9c:4b:99:b3:ae:5b:39:b7:d2:c2:22:f1:e2:fe:b1:84:
         c4:0f:d8:13:d3:fc:36:98:5e:38:13:35:b5:ae:bf:ee:6c:da:
         3d:88:bf:85:a4:89:ef:cc:8b:16:fd:65:83:0d:83:a8:85:87:
         9b:27:f8:b6:32:6f:74:1a:94:2b:d3:99:a9:70:37:a7:06:0c:
         9c:d5:59:e8:95:b9:28:fa:d4:b5:d9:6f:50:c5:15:a9:7f:e4:
         8b:f1:40:d3:48:46:d8:6d:e0:d7:ff:de:0e:c4:45:36:de:b8:
         4d:a6:e4:38:20:6d:bf:b2:63:10:29:8e:19:dc:80:4d:2b:6e:
         98:a8:c9:c4:70:c3:f0:e5:76:b7:06:1b:62:9c:dd:f7:f6:14:
         63:45:db:aa:4c:14:92:40:89:fa:6f:e0:82:d2:4b:a9:91:1d:
         c8:ae:c7:f3:27:70:0e:c4:c8:80:a4:1c:2b:93:e6:f7:59:91:
         34:02:f6:4a:f6:b0:a6:be:45:0f:3d:0e:01:fe:18:49:54:f8:
         71:5e:28:71:ca:2b:41:9e:85:6a:1f:a6:da:70:06:27:47:c9:
         d4:d1:22:33:a8:25:35:5f:93:cb:58:07:1a:14:62:83:d5:4b:
         de:fa:87:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1waNOtUh11O2sZmkoxUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGJmODY3MDJhMjEwMmFlN2ZmNGI2YWJjMDAxOTg2MzM5MDUyMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoI7DKXAQzS9l2FT8MpQ/QaIpFRc7
hNOp1efaisp6wKycGinJWbOtyvJr6GNY/wFF1sfAym6YAdVAX3xyt/KRd5maxMOD
t1zUJ/3tg1KYUWp/oIVuIXAOzRnzPvm4PsF2pvP2pB7zJWvH21ODt2e80mZFkDjb
WbFmW+iwmF1dSp2ouIiA5ZZbHi82Zqod2pi2Iw/91vCC7HZPF/Uxyd2TUcWgo2Rg
42ccq282SilzMYHl1pnzvfi3ClVaYA6OjyP3iOJ1WbNRuhNXlZGjwMs8QJ2eRgH7
uxbPopbU07NaExIQIwApFImO+IUT/iM4utvThK9k2OQxslnFORPS2rqIhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDS/hnAqIQKuf/S2q8ABmGM5BSASMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTkwtR2NDb2hBcTVfOUxhcndBR1lZemtGSUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDJMA0G
CSqGSIb3DQEBCwUAA4IBAQB5MU/6kdP3H2HuIrH61Ujh3+9mz5xLmbOuWzm30sIi
8eL+sYTED9gT0/w2mF44EzW1rr/ubNo9iL+FpInvzIsW/WWDDYOohYebJ/i2Mm90
GpQr05mpcDenBgyc1Vnolbko+tS12W9QxRWpf+SL8UDTSEbYbeDX/94OxEU23rhN
puQ4IG2/smMQKY4Z3IBNK26YqMnEcMPw5Xa3BhtinN339hRjRduqTBSSQIn6b+CC
0kupkR3IrsfzJ3AOxMiApBwrk+b3WZE0AvZK9rCmvkUPPQ4B/hhJVPhxXihxyitB
noVqH6bacAYnR8nU0SIzqCU1X5PLWAcaFGKD1Uve+oee
-----END CERTIFICATE-----