Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/RX8x7NBqKqNqrHjY3RrZOIwmw84.roa
File:                     RX8x7NBqKqNqrHjY3RrZOIwmw84.roa (raw, json)
Hash identifier:          qG1pxlwKH3SmnTU8k1NPrDe+8libzJhE26dpkDKjPb0=
Subject key identifier:   45:7F:31:EC:D0:6A:2A:A3:6A:AC:78:D8:DD:1A:D9:38:8C:26:C3:CE
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01942827EF33BD0431D7AA5EB548485256B0
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/RX8x7NBqKqNqrHjY3RrZOIwmw84.roa
Signing time:             Thu 02 Jan 2025 17:54:53 +0000
ROA not before:           Thu 02 Jan 2025 17:54:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        176.126.106.0/24 maxlen: 24
                          193.37.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:ef:33:bd:04:31:d7:aa:5e:b5:48:48:52:56:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  2 17:54:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=457f31ecd06a2aa36aac78d8dd1ad9388c26c3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:df:7a:58:21:b5:c7:a1:ad:4e:81:da:83:f2:
                    0f:19:f1:82:18:d4:a9:46:cc:52:5c:ea:ca:88:38:
                    f5:99:61:05:54:54:04:f9:56:f1:d2:2b:b8:d6:20:
                    8f:2a:8f:53:2c:85:cc:7e:57:5b:09:93:16:3b:c7:
                    68:df:37:11:20:07:96:42:92:30:07:33:43:a8:95:
                    6f:6b:62:f2:7d:4c:3e:06:a9:9c:f0:82:b4:e2:25:
                    3b:dd:46:7c:af:24:e8:61:07:78:6e:96:6b:de:5d:
                    e8:ae:bc:02:28:80:10:8f:3f:4d:2a:c8:d3:e4:b2:
                    99:a3:e3:b7:64:01:14:ff:47:58:39:f9:09:4d:06:
                    87:66:d8:59:85:9d:21:8f:43:7a:3c:71:20:aa:d5:
                    a4:97:cb:c6:a7:81:4c:9e:e4:55:a7:e6:7f:26:19:
                    1e:f6:41:86:79:08:ad:8d:83:8b:38:c8:ac:8e:a8:
                    aa:1e:cd:2b:3a:da:2c:59:bd:93:2b:8c:fc:4d:54:
                    ac:72:3c:74:86:15:8f:8c:60:73:0f:86:66:28:b5:
                    2d:d9:b7:05:fc:6a:f2:5a:78:45:63:a4:80:8c:7f:
                    7a:02:4b:38:22:ee:1b:b9:f8:cc:2d:d0:11:c7:07:
                    9e:08:a3:83:ff:35:cb:43:a0:f3:b7:7f:cc:49:8c:
                    9a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7F:31:EC:D0:6A:2A:A3:6A:AC:78:D8:DD:1A:D9:38:8C:26:C3:CE
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/RX8x7NBqKqNqrHjY3RrZOIwmw84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.106.0/24
                  193.37.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:38:de:97:78:34:28:51:8b:18:63:18:d2:74:a5:62:89:bc:
         30:22:78:23:b3:9b:94:f4:d2:43:4a:ab:e2:f2:a3:8e:a8:a5:
         98:9a:ac:cc:11:eb:6e:59:02:2e:cf:0f:f3:16:b6:29:ec:c9:
         fa:05:1e:75:1d:b7:36:1c:93:21:38:5c:c2:82:85:b1:a0:75:
         56:c4:12:3b:9d:61:3e:ba:5b:72:42:e9:0e:b7:9e:77:43:bd:
         4d:f4:4c:4c:08:3b:e3:73:32:44:0d:b3:3b:5d:e6:21:5d:8c:
         47:c8:36:8e:a0:09:a2:96:5a:02:54:17:57:d3:36:17:ef:2d:
         c2:ef:c1:fd:fb:bc:d5:9b:a5:9f:0d:42:fb:fa:a8:b6:1f:3c:
         67:ba:35:db:d0:00:45:07:08:7b:eb:b6:56:81:ca:bd:6e:94:
         89:16:48:29:7a:e1:9f:97:5c:ea:1f:9d:7d:24:e9:92:07:c7:
         2f:91:38:78:13:0f:9c:54:a1:5c:e0:c7:90:20:a4:6d:e9:e1:
         41:c4:b0:75:03:54:de:24:12:88:43:ee:6f:51:18:65:ab:ea:
         8f:71:d7:01:58:0e:6b:87:67:25:28:94:75:e6:fb:0e:9f:0f:
         4a:33:3e:b9:23:15:dd:13:18:33:43:7f:a0:79:1d:23:62:01:
         70:c1:36:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ+8zvQQx16petUhIUlawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMTAyMTc1NDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTdmMzFlY2QwNmEyYWEzNmFhYzc4ZDhkZDFhZDkzODhjMjZjM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj996WCG1x6GtToHag/IPGfGCGNSp
RsxSXOrKiDj1mWEFVFQE+Vbx0iu41iCPKo9TLIXMfldbCZMWO8do3zcRIAeWQpIw
BzNDqJVva2LyfUw+Bqmc8IK04iU73UZ8ryToYQd4bpZr3l3orrwCKIAQjz9NKsjT
5LKZo+O3ZAEU/0dYOfkJTQaHZthZhZ0hj0N6PHEgqtWkl8vGp4FMnuRVp+Z/Jhke
9kGGeQitjYOLOMisjqiqHs0rOtosWb2TK4z8TVSscjx0hhWPjGBzD4ZmKLUt2bcF
/GryWnhFY6SAjH96Aks4Iu4bufjMLdARxweeCKOD/zXLQ6Dzt3/MSYyaEQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEV/MezQaiqjaqx42N0a2TiMJsPOMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvUlg4eDdOQnFLcU5xckhqWTNSclpPSXdtdzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsH5qAwQA
wSXFMA0GCSqGSIb3DQEBCwUAA4IBAQB/ON6XeDQoUYsYYxjSdKViibwwIngjs5uU
9NJDSqvi8qOOqKWYmqzMEetuWQIuzw/zFrYp7Mn6BR51Hbc2HJMhOFzCgoWxoHVW
xBI7nWE+ultyQukOt553Q71N9ExMCDvjczJEDbM7XeYhXYxHyDaOoAmilloCVBdX
0zYX7y3C78H9+7zVm6WfDUL7+qi2HzxnujXb0ABFBwh767ZWgcq9bpSJFkgpeuGf
l1zqH519JOmSB8cvkTh4Ew+cVKFc4MeQIKRt6eFBxLB1A1TeJBKIQ+5vURhlq+qP
cdcBWA5rh2clKJR15vsOnw9KMz65IxXdExgzQ3+geR0jYgFwwTaZ
-----END CERTIFICATE-----