Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/e3ea5b-d53e-4cd7-bb7b-e1b9f6d357c0/1/d7tBUWSiQHeiqH-bBOlyLkT02Ns.roa
File:                     d7tBUWSiQHeiqH-bBOlyLkT02Ns.roa (raw, json)
Hash identifier:          rmL3xWHBj145jAhqBB3i69rSx83PgbXey8Czqw5Lf3A=
Subject key identifier:   77:BB:41:51:64:A2:40:77:A2:A8:7F:9B:04:E9:72:2E:44:F4:D8:DB
Certificate issuer:       /CN=bd900bb9ac6069c513b582d61fd81eccd561a567
Certificate serial:       01942068665104E55925B191EBE33C1C07E1
Authority key identifier: BD:90:0B:B9:AC:60:69:C5:13:B5:82:D6:1F:D8:1E:CC:D5:61:A5:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vZALuaxgacUTtYLWH9gezNVhpWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/e3ea5b-d53e-4cd7-bb7b-e1b9f6d357c0/1/d7tBUWSiQHeiqH-bBOlyLkT02Ns.roa
Signing time:             Wed 01 Jan 2025 05:48:20 +0000
ROA not before:           Wed 01 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48152
IP address blocks:        195.230.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/e3ea5b-d53e-4cd7-bb7b-e1b9f6d357c0/1/vZALuaxgacUTtYLWH9gezNVhpWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/e3ea5b-d53e-4cd7-bb7b-e1b9f6d357c0/1/vZALuaxgacUTtYLWH9gezNVhpWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vZALuaxgacUTtYLWH9gezNVhpWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 18:31:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:66:51:04:e5:59:25:b1:91:eb:e3:3c:1c:07:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd900bb9ac6069c513b582d61fd81eccd561a567
        Validity
            Not Before: Jan  1 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77bb415164a24077a2a87f9b04e9722e44f4d8db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:70:59:6c:13:be:93:97:f3:2a:5f:dd:e0:61:
                    ac:43:08:0e:78:92:fb:b7:36:36:29:46:eb:4f:95:
                    3c:5b:74:1b:3e:fb:38:35:8e:be:d2:4a:72:2d:6c:
                    69:a7:61:61:d4:e5:9e:77:21:58:ad:c6:1b:91:fd:
                    12:54:7b:07:b2:45:f0:78:c9:47:ba:2d:50:9a:7f:
                    56:33:2e:b6:2d:e2:f0:ba:8d:e4:52:f1:3a:30:23:
                    a6:ad:d2:07:cc:68:76:30:08:06:bb:f7:e2:ea:90:
                    d9:3b:d7:34:78:15:43:24:3f:68:28:ab:48:19:8c:
                    7c:fc:63:22:76:70:2b:75:1e:d3:25:44:05:ab:3c:
                    8d:fd:d9:67:13:74:80:b7:2a:b5:cf:ef:72:4b:3b:
                    a4:55:9f:c6:ba:a3:51:9e:7f:ae:a7:34:9b:22:eb:
                    be:f9:d0:09:aa:06:55:a2:ea:44:0d:4c:4a:de:2d:
                    81:aa:c4:b5:f7:e5:2a:9a:84:07:77:ae:29:de:b8:
                    bd:72:19:96:8a:38:a4:59:81:e7:05:7c:3f:ad:be:
                    8e:90:61:ed:f1:20:f2:7e:40:b0:8b:24:0a:c3:3a:
                    21:fd:52:bb:16:b5:88:f7:ab:dc:94:33:82:44:0a:
                    ee:02:35:96:b0:59:d4:12:39:9b:40:2c:30:a4:d9:
                    db:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:BB:41:51:64:A2:40:77:A2:A8:7F:9B:04:E9:72:2E:44:F4:D8:DB
            X509v3 Authority Key Identifier:
                keyid:BD:90:0B:B9:AC:60:69:C5:13:B5:82:D6:1F:D8:1E:CC:D5:61:A5:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vZALuaxgacUTtYLWH9gezNVhpWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e3ea5b-d53e-4cd7-bb7b-e1b9f6d357c0/1/d7tBUWSiQHeiqH-bBOlyLkT02Ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/e3ea5b-d53e-4cd7-bb7b-e1b9f6d357c0/1/vZALuaxgacUTtYLWH9gezNVhpWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:60:3b:24:c3:de:f0:45:b5:8f:a3:84:f3:de:2d:9f:10:b9:
         df:b3:99:9a:7f:61:7d:c4:f3:fb:e9:56:93:43:a4:e8:85:13:
         a9:3d:4c:c3:85:39:97:3c:b4:96:ed:7f:a7:f0:84:b2:b0:80:
         d1:93:f8:88:35:22:3b:c9:65:4c:20:63:31:18:d5:f4:a8:94:
         52:bb:91:a0:51:00:a5:e1:d4:a7:6c:dc:6f:b9:a7:c5:c6:9d:
         f0:9f:85:fb:fe:49:1e:94:d4:17:bb:63:47:a7:85:66:ce:6f:
         2d:ac:d4:96:51:8f:b7:b6:20:96:31:da:82:b1:d7:44:80:a3:
         9d:ae:a5:c1:fa:23:fd:b2:77:ed:ce:85:c0:86:dd:38:6d:e5:
         4c:06:ed:ea:ed:c2:3b:a2:63:9b:4a:e4:3c:65:a4:7c:00:5f:
         be:79:84:8a:91:42:84:5c:a1:73:91:b7:7b:92:22:23:04:f1:
         e1:cb:64:f1:08:cc:d1:8f:61:06:ff:98:12:e0:d6:e3:56:a3:
         3a:47:40:16:30:da:91:ec:20:24:2d:88:7d:9f:d3:da:d3:7c:
         9c:bc:9e:e0:8d:6c:d3:ac:25:06:bd:2e:0d:78:01:c8:e3:8a:
         15:12:02:d3:80:36:a4:35:a7:d2:e8:da:8a:d3:42:f6:c9:57:
         5e:e6:92:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGZRBOVZJbGR6+M8HAfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkOTAwYmI5YWM2MDY5YzUxM2I1ODJkNjFmZDgxZWNjZDU2
MWE1NjcwHhcNMjUwMTAxMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2JiNDE1MTY0YTI0MDc3YTJhODdmOWIwNGU5NzIyZTQ0ZjRkOGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXBZbBO+k5fzKl/d4GGsQwgOeJL7
tzY2KUbrT5U8W3QbPvs4NY6+0kpyLWxpp2Fh1OWedyFYrcYbkf0SVHsHskXweMlH
ui1Qmn9WMy62LeLwuo3kUvE6MCOmrdIHzGh2MAgGu/fi6pDZO9c0eBVDJD9oKKtI
GYx8/GMidnArdR7TJUQFqzyN/dlnE3SAtyq1z+9ySzukVZ/GuqNRnn+upzSbIuu+
+dAJqgZVoupEDUxK3i2BqsS19+UqmoQHd64p3ri9chmWijikWYHnBXw/rb6OkGHt
8SDyfkCwiyQKwzoh/VK7FrWI96vclDOCRAruAjWWsFnUEjmbQCwwpNnbfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHe7QVFkokB3oqh/mwTpci5E9NjbMB8GA1UdIwQY
MBaAFL2QC7msYGnFE7WC1h/YHszVYaVnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlpBTHVheGdhY1VUdFlMV0g5Z2V6TlZocFdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9lM2VhNWItZDUzZS00Y2Q3LWJiN2It
ZTFiOWY2ZDM1N2MwLzEvZDd0QlVXU2lRSGVpcUgtYkJPbHlMa1QwMk5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9lM2VhNWItZDUzZS00Y2Q3LWJiN2ItZTFiOWY2ZDM1N2Mw
LzEvdlpBTHVheGdhY1VUdFlMV0g5Z2V6TlZocFdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+Z+MA0G
CSqGSIb3DQEBCwUAA4IBAQAiYDskw97wRbWPo4Tz3i2fELnfs5maf2F9xPP76VaT
Q6TohROpPUzDhTmXPLSW7X+n8ISysIDRk/iINSI7yWVMIGMxGNX0qJRSu5GgUQCl
4dSnbNxvuafFxp3wn4X7/kkelNQXu2NHp4Vmzm8trNSWUY+3tiCWMdqCsddEgKOd
rqXB+iP9snftzoXAht04beVMBu3q7cI7omObSuQ8ZaR8AF++eYSKkUKEXKFzkbd7
kiIjBPHhy2TxCMzRj2EG/5gS4NbjVqM6R0AWMNqR7CAkLYh9n9Pa03ycvJ7gjWzT
rCUGvS4NeAHI44oVEgLTgDakNafS6NqK00L2yVde5pKt
-----END CERTIFICATE-----