Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/nRaH2rUmuv-AHY6EWLCQZkoxie8.roa
File:                     nRaH2rUmuv-AHY6EWLCQZkoxie8.roa (raw, json)
Hash identifier:          1A31dYhtBdU/C/TcM+RDwu8HFF6psikiN1Pz0/js/fM=
Subject key identifier:   9D:16:87:DA:B5:26:BA:FF:80:1D:8E:84:58:B0:90:66:4A:31:89:EF
Certificate issuer:       /CN=77292dc63718eebc704ab002ecb81d3d52d4d1c3
Certificate serial:       019421B207F7A6143CDDB6C2560F2E430730
Authority key identifier: 77:29:2D:C6:37:18:EE:BC:70:4A:B0:02:EC:B8:1D:3D:52:D4:D1:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/nRaH2rUmuv-AHY6EWLCQZkoxie8.roa
Signing time:             Wed 01 Jan 2025 11:48:22 +0000
ROA not before:           Wed 01 Jan 2025 11:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15542
IP address blocks:        193.176.104.0/21 maxlen: 24
                          2001:67c:460::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:07:f7:a6:14:3c:dd:b6:c2:56:0f:2e:43:07:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77292dc63718eebc704ab002ecb81d3d52d4d1c3
        Validity
            Not Before: Jan  1 11:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d1687dab526baff801d8e8458b090664a3189ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:82:00:71:ef:32:e3:3a:21:c2:ac:41:c1:30:
                    20:00:e5:44:2a:ac:71:6c:85:57:b4:e4:b1:8f:2f:
                    aa:68:3a:00:05:68:a2:1c:44:79:a6:ee:9f:d2:54:
                    f4:75:48:16:97:ec:e4:2d:d0:36:18:26:39:cb:f6:
                    a4:de:1a:68:0e:c3:fc:51:a8:83:c9:81:da:5d:88:
                    b1:3b:4f:5b:94:3b:80:97:f2:a1:80:0c:79:a1:63:
                    3e:ab:b8:35:79:2e:9f:f1:e6:a5:c9:f4:2b:29:95:
                    0b:da:23:ed:1d:2f:1c:c4:85:10:28:cf:5a:ad:53:
                    47:53:a2:1d:cb:fd:7a:fd:8f:d5:d4:ca:8a:90:67:
                    62:79:f6:5c:5c:76:72:39:ba:97:e4:16:f1:43:cb:
                    ed:26:46:6c:c3:3d:a6:0d:9d:51:bf:d1:75:37:1c:
                    e1:98:ac:af:c6:19:8f:67:c2:74:4b:53:87:26:f1:
                    be:1c:ee:a0:b3:eb:fc:f3:9c:0c:79:c1:e4:23:27:
                    d1:70:6b:71:66:75:27:c0:10:0b:78:c5:9d:65:d5:
                    4f:7a:c8:94:1e:27:43:af:9f:b4:25:12:a0:0c:d7:
                    39:c8:b2:23:3f:18:aa:14:22:9c:75:e2:dc:16:0c:
                    b8:38:01:bb:a2:14:bd:b9:4d:67:ce:df:09:75:8b:
                    55:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:16:87:DA:B5:26:BA:FF:80:1D:8E:84:58:B0:90:66:4A:31:89:EF
            X509v3 Authority Key Identifier:
                keyid:77:29:2D:C6:37:18:EE:BC:70:4A:B0:02:EC:B8:1D:3D:52:D4:D1:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/nRaH2rUmuv-AHY6EWLCQZkoxie8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.104.0/21
                IPv6:
                  2001:67c:460::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:23:22:41:c3:61:bd:e0:32:58:bc:06:3c:c4:07:68:8b:6a:
         d7:ff:31:53:f4:d4:83:87:84:72:88:0b:dd:da:ef:0c:3f:f4:
         98:5e:37:e4:b7:19:f5:84:2f:57:0a:22:b0:e6:b8:01:08:46:
         c4:0e:03:90:45:8e:0d:2e:a8:7c:14:8a:2a:eb:f9:b2:a8:0e:
         01:0b:dc:3a:a8:ee:2d:7c:cf:44:23:b6:ea:e6:6a:23:76:8e:
         15:28:b4:26:ab:1c:39:de:dc:6f:58:ad:be:d1:ec:1f:52:23:
         44:98:4e:7e:64:30:e3:7b:7b:53:86:6b:f4:0a:e2:c4:f8:c3:
         34:63:6a:06:85:14:36:74:3f:83:d6:34:24:01:43:bd:f9:70:
         97:76:03:e6:97:ca:60:19:d9:ee:5c:d3:9d:c1:3b:b9:62:b2:
         17:df:33:02:4c:53:d5:16:c4:e6:e3:5d:20:34:08:cc:ee:da:
         cd:ab:59:9e:78:00:7c:66:8e:7b:26:dd:97:4a:df:27:c0:ba:
         cf:55:34:5f:1a:a8:22:c4:eb:de:de:17:be:3b:da:1c:cd:89:
         ed:3d:bc:b6:25:80:87:05:99:70:04:84:7f:44:d7:ee:79:51:
         4f:ba:50:43:bc:d2:90:82:d2:dc:b3:38:2d:34:92:0a:d3:9c:
         d3:7d:7f:33
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsgf3phQ83bbCVg8uQwcwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MjkyZGM2MzcxOGVlYmM3MDRhYjAwMmVjYjgxZDNkNTJk
NGQxYzMwHhcNMjUwMTAxMTE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDE2ODdkYWI1MjZiYWZmODAxZDhlODQ1OGIwOTA2NjRhMzE4OWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYIAce8y4zohwqxBwTAgAOVEKqxx
bIVXtOSxjy+qaDoABWiiHER5pu6f0lT0dUgWl+zkLdA2GCY5y/ak3hpoDsP8UaiD
yYHaXYixO09blDuAl/KhgAx5oWM+q7g1eS6f8ealyfQrKZUL2iPtHS8cxIUQKM9a
rVNHU6Idy/16/Y/V1MqKkGdiefZcXHZyObqX5BbxQ8vtJkZswz2mDZ1Rv9F1Nxzh
mKyvxhmPZ8J0S1OHJvG+HO6gs+v885wMecHkIyfRcGtxZnUnwBALeMWdZdVPesiU
HidDr5+0JRKgDNc5yLIjPxiqFCKcdeLcFgy4OAG7ohS9uU1nzt8JdYtVvwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ0Wh9q1Jrr/gB2OhFiwkGZKMYnvMB8GA1UdIwQY
MBaAFHcpLcY3GO68cEqwAuy4HT1S1NHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHlrdHhqY1k3cnh3U3JBQzdMZ2RQVkxVMGNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82NTc2NGEtZGQ4ZS00MDFiLWI3MzEt
ZDljNWQyNjQxOWIyLzEvblJhSDJyVW11di1BSFk2RVdMQ1Faa294aWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82NTc2NGEtZGQ4ZS00MDFiLWI3MzEtZDljNWQyNjQxOWIy
LzEvZHlrdHhqY1k3cnh3U3JBQzdMZ2RQVkxVMGNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwbBoMA8E
AgACMAkDBwAgAQZ8BGAwDQYJKoZIhvcNAQELBQADggEBAGsjIkHDYb3gMli8BjzE
B2iLatf/MVP01IOHhHKIC93a7ww/9JheN+S3GfWEL1cKIrDmuAEIRsQOA5BFjg0u
qHwUiirr+bKoDgEL3Dqo7i18z0QjturmaiN2jhUotCarHDne3G9Yrb7R7B9SI0SY
Tn5kMON7e1OGa/QK4sT4wzRjagaFFDZ0P4PWNCQBQ735cJd2A+aXymAZ2e5c053B
O7lishffMwJMU9UWxObjXSA0CMzu2s2rWZ54AHxmjnsm3ZdK3yfAus9VNF8aqCLE
697eF7472hzNie09vLYlgIcFmXAEhH9E1+55UU+6UEO80pCC0tyzOC00kgrTnNN9
fzM=
-----END CERTIFICATE-----