Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/df3706-f347-4025-a7b3-1c8cd56c6174/1/sUXI8TEl0_EY0ny0x2wUIGHfWtE.roa
File:                     sUXI8TEl0_EY0ny0x2wUIGHfWtE.roa (raw, json)
Hash identifier:          y40VhKX08V6Hbbb8okckM0BO+zcqTzGVyeXyeWjcSiQ=
Subject key identifier:   B1:45:C8:F1:31:25:D3:F1:18:D2:7C:B4:C7:6C:14:20:61:DF:5A:D1
Certificate issuer:       /CN=72048641d8f7337fcea23ae5332bf6e11a11e22a
Certificate serial:       0196C908A99FC6A4352FC01FD37C10761088
Authority key identifier: 72:04:86:41:D8:F7:33:7F:CE:A2:3A:E5:33:2B:F6:E1:1A:11:E2:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgSGQdj3M3_OojrlMyv24RoR4io.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/df3706-f347-4025-a7b3-1c8cd56c6174/1/sUXI8TEl0_EY0ny0x2wUIGHfWtE.roa
Signing time:             Tue 13 May 2025 09:45:10 +0000
ROA not before:           Tue 13 May 2025 09:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        193.104.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/df3706-f347-4025-a7b3-1c8cd56c6174/1/cgSGQdj3M3_OojrlMyv24RoR4io.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/df3706-f347-4025-a7b3-1c8cd56c6174/1/cgSGQdj3M3_OojrlMyv24RoR4io.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cgSGQdj3M3_OojrlMyv24RoR4io.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:08:a9:9f:c6:a4:35:2f:c0:1f:d3:7c:10:76:10:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72048641d8f7337fcea23ae5332bf6e11a11e22a
        Validity
            Not Before: May 13 09:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b145c8f13125d3f118d27cb4c76c142061df5ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ba:c7:3d:a0:32:75:fe:28:f3:d4:2b:56:a3:
                    44:8f:d9:86:d6:07:b3:9e:fa:10:91:46:8f:73:fe:
                    8e:b9:07:8b:e6:98:dd:16:e3:0e:a1:28:71:87:3f:
                    e2:d6:ec:2e:93:07:ab:ce:7a:7d:89:2b:12:27:aa:
                    63:ca:b1:32:e1:1c:48:28:93:57:af:e3:e1:39:05:
                    f9:d9:0b:01:04:7b:38:db:b2:5e:02:89:71:c4:34:
                    c6:d3:cf:8a:bb:53:3b:af:81:94:32:bd:28:8b:12:
                    df:c9:9e:59:85:79:29:21:d5:9b:25:17:62:76:a1:
                    a6:9a:4a:1c:5f:e2:c5:a3:d6:17:4f:14:ee:74:ff:
                    11:28:f2:02:67:ab:79:d5:73:4a:93:73:37:dc:51:
                    0a:e0:88:c5:9c:7a:9d:ef:1e:d5:dc:e8:4b:32:49:
                    70:4d:f3:e8:b9:88:fa:3b:fc:3e:0c:7a:6e:ec:cb:
                    22:c5:c3:b4:19:cf:d4:be:ac:bb:45:99:e7:f3:46:
                    f7:bc:db:bf:cc:24:78:b7:50:7d:4f:e6:2f:09:21:
                    99:78:4e:cc:dc:4f:39:86:0a:6e:53:e8:7a:e5:b9:
                    df:09:93:fb:85:10:5f:0b:98:1f:bc:97:12:a4:0c:
                    13:91:47:f2:b7:1e:8a:04:8a:64:58:2c:0e:d5:0a:
                    00:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:45:C8:F1:31:25:D3:F1:18:D2:7C:B4:C7:6C:14:20:61:DF:5A:D1
            X509v3 Authority Key Identifier:
                keyid:72:04:86:41:D8:F7:33:7F:CE:A2:3A:E5:33:2B:F6:E1:1A:11:E2:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgSGQdj3M3_OojrlMyv24RoR4io.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/df3706-f347-4025-a7b3-1c8cd56c6174/1/sUXI8TEl0_EY0ny0x2wUIGHfWtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/df3706-f347-4025-a7b3-1c8cd56c6174/1/cgSGQdj3M3_OojrlMyv24RoR4io.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:78:35:21:32:44:82:a9:4e:e4:5a:1f:89:b0:fe:a5:0c:47:
         22:10:c3:86:3e:b8:2c:a9:c2:26:9a:92:11:56:f8:c3:2e:cf:
         70:a1:d9:6a:58:06:55:19:ee:85:e9:5e:d0:78:10:0c:5e:fb:
         7a:02:4f:5a:84:57:05:7b:fc:a3:c2:a8:74:4d:6c:0a:88:78:
         c7:18:bb:c6:1d:7d:55:ab:93:80:06:98:a2:b5:a2:02:e3:e1:
         7c:d6:31:dd:e6:6e:1d:11:11:6e:67:d4:58:f2:86:77:50:02:
         5c:86:7f:59:0a:3f:bf:58:d7:15:1f:49:7a:01:13:d6:c9:af:
         b7:69:d6:4e:67:f2:9e:4c:37:7b:d1:19:71:e8:30:e0:97:7d:
         2f:99:b3:a5:1c:2c:89:1b:c6:85:46:5e:97:49:1d:35:20:16:
         fe:f1:ee:30:cd:78:b8:16:db:a3:fd:e0:02:0f:ef:b4:64:b5:
         1c:f2:cd:02:00:0d:2b:c5:ff:18:d0:7a:fd:0a:a0:0f:03:67:
         2c:b6:03:f2:84:89:76:15:0c:50:03:c9:60:85:84:e2:36:1c:
         52:74:68:fe:e4:1d:aa:17:10:85:44:6e:17:e9:ab:ad:41:d6:
         66:0e:a0:17:9e:32:9c:e8:4d:dd:48:54:aa:4e:b1:cf:61:c0:
         ed:64:fa:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbJCKmfxqQ1L8Af03wQdhCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ4NjQxZDhmNzMzN2ZjZWEyM2FlNTMzMmJmNmUxMWEx
MWUyMmEwHhcNMjUwNTEzMDk0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ1YzhmMTMxMjVkM2YxMThkMjdjYjRjNzZjMTQyMDYxZGY1YWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLrHPaAydf4o89QrVqNEj9mG1gez
nvoQkUaPc/6OuQeL5pjdFuMOoShxhz/i1uwukwerznp9iSsSJ6pjyrEy4RxIKJNX
r+PhOQX52QsBBHs427JeAolxxDTG08+Ku1M7r4GUMr0oixLfyZ5ZhXkpIdWbJRdi
dqGmmkocX+LFo9YXTxTudP8RKPICZ6t51XNKk3M33FEK4IjFnHqd7x7V3OhLMklw
TfPouYj6O/w+DHpu7MsixcO0Gc/Uvqy7RZnn80b3vNu/zCR4t1B9T+YvCSGZeE7M
3E85hgpuU+h65bnfCZP7hRBfC5gfvJcSpAwTkUfytx6KBIpkWCwO1QoA5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFFyPExJdPxGNJ8tMdsFCBh31rRMB8GA1UdIwQY
MBaAFHIEhkHY9zN/zqI65TMr9uEaEeIqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dTR1FkajNNM19Pb2pybE15djI0Um9SNGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9kZjM3MDYtZjM0Ny00MDI1LWE3YjMt
MWM4Y2Q1NmM2MTc0LzEvc1VYSThURWwwX0VZMG55MHgyd1VJR0hmV3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9kZjM3MDYtZjM0Ny00MDI1LWE3YjMtMWM4Y2Q1NmM2MTc0
LzEvY2dTR1FkajNNM19Pb2pybE15djI0Um9SNGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWiBMA0G
CSqGSIb3DQEBCwUAA4IBAQBdeDUhMkSCqU7kWh+JsP6lDEciEMOGPrgsqcImmpIR
VvjDLs9wodlqWAZVGe6F6V7QeBAMXvt6Ak9ahFcFe/yjwqh0TWwKiHjHGLvGHX1V
q5OABpiitaIC4+F81jHd5m4dERFuZ9RY8oZ3UAJchn9ZCj+/WNcVH0l6ARPWya+3
adZOZ/KeTDd70Rlx6DDgl30vmbOlHCyJG8aFRl6XSR01IBb+8e4wzXi4Ftuj/eAC
D++0ZLUc8s0CAA0rxf8Y0Hr9CqAPA2cstgPyhIl2FQxQA8lghYTiNhxSdGj+5B2q
FxCFRG4X6autQdZmDqAXnjKc6E3dSFSqTrHPYcDtZPo7
-----END CERTIFICATE-----