Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/vMV24DhvZ51gpTgovgA0DHavZ5Y.roa
File:                     vMV24DhvZ51gpTgovgA0DHavZ5Y.roa (raw, json)
Hash identifier:          pvB3MpylBNAYQdSCjBtx8G9c34zYXq6BUWOPnr06JNs=
Subject key identifier:   BC:C5:76:E0:38:6F:67:9D:60:A5:38:28:BE:00:34:0C:76:AF:67:96
Certificate issuer:       /CN=2f08df165d497d7a9b99e0e71f15ba07d184615a
Certificate serial:       019425FCC381AD048C70164B2E3CCB09E789
Authority key identifier: 2F:08:DF:16:5D:49:7D:7A:9B:99:E0:E7:1F:15:BA:07:D1:84:61:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/vMV24DhvZ51gpTgovgA0DHavZ5Y.roa
Signing time:             Thu 02 Jan 2025 07:48:29 +0000
ROA not before:           Thu 02 Jan 2025 07:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35913
IP address blocks:        193.36.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:c3:81:ad:04:8c:70:16:4b:2e:3c:cb:09:e7:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f08df165d497d7a9b99e0e71f15ba07d184615a
        Validity
            Not Before: Jan  2 07:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcc576e0386f679d60a53828be00340c76af6796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:24:61:4f:7b:82:04:46:5c:df:da:5f:60:b7:
                    73:d2:fb:5c:96:57:1d:a3:57:7f:b6:3b:b5:d1:ff:
                    9d:64:23:43:49:a5:7d:96:87:e2:45:ab:a7:31:bd:
                    c5:93:b7:2a:45:f5:7e:15:8c:88:8b:b8:62:ee:a4:
                    b1:11:54:d2:3f:c5:5e:c8:a5:b6:52:7b:b4:43:6f:
                    6a:92:08:f4:db:b6:29:47:2a:c9:b4:e1:df:cc:2d:
                    e7:a4:63:02:e1:9e:0f:e8:20:90:2b:d2:4e:d2:d9:
                    8d:97:1d:dc:a5:2f:93:d3:83:a2:d3:85:7b:21:37:
                    4a:3d:48:8c:37:77:2d:27:28:19:6d:af:ef:0e:8c:
                    49:aa:06:74:0c:70:54:8e:50:0c:ae:53:ae:d4:c3:
                    f2:81:25:e7:2a:d5:00:fd:81:08:f4:c8:44:dd:d1:
                    08:0a:94:27:b8:2a:ca:9a:4b:26:00:3f:ac:2c:50:
                    6b:c9:43:ac:47:f7:3a:78:b9:25:fa:19:99:df:09:
                    03:01:5f:69:d7:90:fe:99:a4:86:50:93:2a:42:58:
                    8c:11:42:7e:29:28:2c:c2:85:8e:41:c5:da:e6:ca:
                    91:f8:f0:d3:00:a5:f4:75:c8:71:e0:0b:e7:97:1f:
                    94:dd:ac:1a:44:cc:5f:07:d9:cd:9f:3a:bb:d2:1d:
                    a5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C5:76:E0:38:6F:67:9D:60:A5:38:28:BE:00:34:0C:76:AF:67:96
            X509v3 Authority Key Identifier:
                keyid:2F:08:DF:16:5D:49:7D:7A:9B:99:E0:E7:1F:15:BA:07:D1:84:61:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/vMV24DhvZ51gpTgovgA0DHavZ5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:6d:ef:ba:34:f3:c5:b5:b4:1e:26:77:d5:c4:c7:0e:48:cc:
         42:f8:4c:03:cd:fd:81:d6:6d:52:b6:1f:e5:ec:68:2e:9b:58:
         4b:ee:f7:3d:65:9a:c9:22:3b:6e:a4:36:d4:89:61:d2:44:21:
         28:06:3d:9c:61:63:a7:1c:2e:90:b2:1b:f9:4a:42:ce:e3:92:
         a9:2a:57:8c:07:f8:45:1c:9c:b4:02:1b:7f:8f:cf:97:ce:3c:
         a8:85:ea:31:56:16:8a:d9:be:a5:e3:22:fc:45:77:c1:ec:c0:
         71:bd:14:e4:22:91:00:ce:8f:0a:38:5b:1e:1a:95:8e:03:dc:
         70:8c:0d:6c:40:e7:48:2f:56:b3:0d:46:ac:3f:32:c8:f4:04:
         f0:ee:55:bb:28:0f:ad:78:af:80:39:34:29:88:e0:26:6c:16:
         51:31:76:f2:4f:52:30:16:5f:8c:a6:10:19:39:56:03:2c:e7:
         43:1d:a0:1c:f6:d9:9f:37:0d:1e:c3:4e:ce:3a:09:e2:c1:cb:
         3e:4b:ce:3b:dc:b2:dc:a0:4c:ef:a0:be:5a:8f:01:24:9a:28:
         97:d0:9c:4a:f2:db:6a:70:04:66:3f:bb:96:be:17:1a:a9:e9:
         15:4e:46:e4:6a:be:db:88:02:fc:81:c3:82:08:2b:0a:99:a1:
         05:4f:6f:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/MOBrQSMcBZLLjzLCeeJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMDhkZjE2NWQ0OTdkN2E5Yjk5ZTBlNzFmMTViYTA3ZDE4
NDYxNWEwHhcNMjUwMTAyMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2M1NzZlMDM4NmY2NzlkNjBhNTM4MjhiZTAwMzQwYzc2YWY2Nzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCRhT3uCBEZc39pfYLdz0vtcllcd
o1d/tju10f+dZCNDSaV9lofiRaunMb3Fk7cqRfV+FYyIi7hi7qSxEVTSP8VeyKW2
Unu0Q29qkgj027YpRyrJtOHfzC3npGMC4Z4P6CCQK9JO0tmNlx3cpS+T04Oi04V7
ITdKPUiMN3ctJygZba/vDoxJqgZ0DHBUjlAMrlOu1MPygSXnKtUA/YEI9MhE3dEI
CpQnuCrKmksmAD+sLFBryUOsR/c6eLkl+hmZ3wkDAV9p15D+maSGUJMqQliMEUJ+
KSgswoWOQcXa5sqR+PDTAKX0dchx4Avnlx+U3awaRMxfB9nNnzq70h2liQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzFduA4b2edYKU4KL4ANAx2r2eWMB8GA1UdIwQY
MBaAFC8I3xZdSX16m5ng5x8VugfRhGFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHdqZkZsMUpmWHFibWVEbkh4VzZCOUdFWVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi84ZDAzNjAtZmJjMi00NmViLTlhYzIt
Y2FjM2U0MmFlMDNmLzEvdk1WMjREaHZaNTFncFRnb3ZnQTBESGF2WjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi84ZDAzNjAtZmJjMi00NmViLTlhYzItY2FjM2U0MmFlMDNm
LzEvTHdqZkZsMUpmWHFibWVEbkh4VzZCOUdFWVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSTjMA0G
CSqGSIb3DQEBCwUAA4IBAQA1be+6NPPFtbQeJnfVxMcOSMxC+EwDzf2B1m1Sth/l
7Ggum1hL7vc9ZZrJIjtupDbUiWHSRCEoBj2cYWOnHC6Qshv5SkLO45KpKleMB/hF
HJy0Aht/j8+XzjyoheoxVhaK2b6l4yL8RXfB7MBxvRTkIpEAzo8KOFseGpWOA9xw
jA1sQOdIL1azDUasPzLI9ATw7lW7KA+teK+AOTQpiOAmbBZRMXbyT1IwFl+MphAZ
OVYDLOdDHaAc9tmfNw0ew07OOgniwcs+S8473LLcoEzvoL5ajwEkmiiX0JxK8ttq
cARmP7uWvhcaqekVTkbkar7biAL8gcOCCCsKmaEFT2+o
-----END CERTIFICATE-----