Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/J9Y5qrjsI2Qtuq7klk41lQwg1og.roa
File:                     J9Y5qrjsI2Qtuq7klk41lQwg1og.roa (raw, json)
Hash identifier:          NNuL/WZWhtDsn2nhsgr73rvUsNOJxUI43avvh9gIeRM=
Subject key identifier:   27:D6:39:AA:B8:EC:23:64:2D:BA:AE:E4:96:4E:35:95:0C:20:D6:88
Certificate issuer:       /CN=ed476a7486b785451293571126c5f9da3ec485d8
Certificate serial:       0194228E2A9390F77054AA476255D12FA14D
Authority key identifier: ED:47:6A:74:86:B7:85:45:12:93:57:11:26:C5:F9:DA:3E:C4:85:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7UdqdIa3hUUSk1cRJsX52j7Ehdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/J9Y5qrjsI2Qtuq7klk41lQwg1og.roa
Signing time:             Wed 01 Jan 2025 15:48:49 +0000
ROA not before:           Wed 01 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2119
IP address blocks:        193.160.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/7UdqdIa3hUUSk1cRJsX52j7Ehdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/7UdqdIa3hUUSk1cRJsX52j7Ehdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7UdqdIa3hUUSk1cRJsX52j7Ehdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2a:93:90:f7:70:54:aa:47:62:55:d1:2f:a1:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed476a7486b785451293571126c5f9da3ec485d8
        Validity
            Not Before: Jan  1 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27d639aab8ec23642dbaaee4964e35950c20d688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:20:34:5a:e0:ef:09:2c:65:d6:58:4b:b0:81:
                    11:f6:b9:cc:7d:6d:6a:81:35:15:88:0d:07:e8:02:
                    6d:19:c5:ec:ad:89:c8:ab:d3:bb:86:e3:e9:31:bb:
                    13:35:01:50:42:be:21:ad:53:05:5c:f8:e4:ce:d6:
                    ef:de:b2:55:c9:95:fe:6d:5f:9f:a5:8c:87:ed:e4:
                    11:15:f9:30:b5:63:e2:3e:92:b0:15:0e:fd:a5:98:
                    b0:16:1a:6b:b6:11:fe:fb:f3:e8:c1:9a:ec:27:24:
                    a0:9b:e8:b7:35:b0:28:f9:89:b8:a4:d0:76:f1:24:
                    58:a5:de:2d:ad:df:4e:84:b4:b6:45:ed:6a:0a:39:
                    96:40:91:44:97:39:d1:9b:13:c8:cf:f2:2b:61:de:
                    47:60:4a:88:4b:b2:ba:09:74:d7:b2:6c:da:3e:53:
                    4d:64:e2:9e:01:bb:0b:2e:d3:f0:5e:98:1f:b0:c0:
                    30:b2:39:a5:8a:83:f9:62:c2:c4:33:7d:82:9d:26:
                    ed:5f:d5:ee:75:f7:6f:9c:a0:df:52:55:56:e0:7d:
                    81:27:0a:0c:1d:42:12:02:0f:3c:23:28:9b:f5:e4:
                    9f:38:16:bd:fc:ec:f0:82:5b:fe:34:03:0d:47:15:
                    96:c5:6e:f7:60:7c:45:82:4e:0e:2a:fc:ee:cd:23:
                    bb:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:D6:39:AA:B8:EC:23:64:2D:BA:AE:E4:96:4E:35:95:0C:20:D6:88
            X509v3 Authority Key Identifier:
                keyid:ED:47:6A:74:86:B7:85:45:12:93:57:11:26:C5:F9:DA:3E:C4:85:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7UdqdIa3hUUSk1cRJsX52j7Ehdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/J9Y5qrjsI2Qtuq7klk41lQwg1og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/a0147b-058d-4f2d-b603-61f9e54ed239/1/7UdqdIa3hUUSk1cRJsX52j7Ehdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:b1:aa:c0:97:a6:6f:0d:59:38:b5:f0:5f:d2:00:ee:48:0d:
         9f:f8:14:32:c4:8e:e2:fa:21:a5:fb:a3:94:7c:e0:45:b9:20:
         33:b7:a2:34:ff:b1:10:47:82:2c:27:dd:eb:83:f5:0d:af:dd:
         04:77:55:81:ec:d4:88:50:9f:da:ca:ec:ae:08:18:b0:52:73:
         62:4f:ee:3e:b0:37:73:4e:c1:5f:7b:dc:d3:cb:51:90:8a:37:
         cb:8a:ca:a9:a6:85:7a:c0:b4:a5:25:94:3b:f8:98:61:8f:c4:
         26:88:57:13:cb:15:76:84:4d:7e:8a:82:50:8e:01:1a:1b:af:
         ea:b4:82:d2:f3:a4:a7:8b:b8:f6:e6:07:6f:4f:77:b6:67:bc:
         6b:0c:fe:ef:58:73:10:41:46:f4:f8:97:55:62:0b:b0:e5:e8:
         02:9a:cb:00:60:9d:bc:7f:08:aa:c3:7f:c8:77:8d:32:5f:08:
         8e:7d:3f:5c:c1:65:d2:f0:ab:c0:04:d1:2d:2c:bf:a9:40:54:
         6c:cb:83:fd:c2:fa:c3:70:80:66:1f:c8:8f:ec:f9:88:92:a1:
         4f:c4:58:b5:b2:c3:3d:91:9d:28:f3:62:df:6a:cb:23:d8:61:
         63:08:31:27:c0:bf:24:1b:dd:5e:a4:01:16:9c:76:b7:16:83:
         59:44:63:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijiqTkPdwVKpHYlXRL6FNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNDc2YTc0ODZiNzg1NDUxMjkzNTcxMTI2YzVmOWRhM2Vj
NDg1ZDgwHhcNMjUwMTAxMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Q2MzlhYWI4ZWMyMzY0MmRiYWFlZTQ5NjRlMzU5NTBjMjBkNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiA0WuDvCSxl1lhLsIER9rnMfW1q
gTUViA0H6AJtGcXsrYnIq9O7huPpMbsTNQFQQr4hrVMFXPjkztbv3rJVyZX+bV+f
pYyH7eQRFfkwtWPiPpKwFQ79pZiwFhprthH++/PowZrsJySgm+i3NbAo+Ym4pNB2
8SRYpd4trd9OhLS2Re1qCjmWQJFElznRmxPIz/IrYd5HYEqIS7K6CXTXsmzaPlNN
ZOKeAbsLLtPwXpgfsMAwsjmlioP5YsLEM32CnSbtX9XudfdvnKDfUlVW4H2BJwoM
HUISAg88Iyib9eSfOBa9/Ozwglv+NAMNRxWWxW73YHxFgk4OKvzuzSO7hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfWOaq47CNkLbqu5JZONZUMINaIMB8GA1UdIwQY
MBaAFO1HanSGt4VFEpNXESbF+do+xIXYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1VkcWRJYTNoVVVTazFjUkpzWDUyajdFaGRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9hMDE0N2ItMDU4ZC00ZjJkLWI2MDMt
NjFmOWU1NGVkMjM5LzEvSjlZNXFyanNJMlF0dXE3a2xrNDFsUXdnMW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9hMDE0N2ItMDU4ZC00ZjJkLWI2MDMtNjFmOWU1NGVkMjM5
LzEvN1VkcWRJYTNoVVVTazFjUkpzWDUyajdFaGRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAcMA0G
CSqGSIb3DQEBCwUAA4IBAQAxsarAl6ZvDVk4tfBf0gDuSA2f+BQyxI7i+iGl+6OU
fOBFuSAzt6I0/7EQR4IsJ93rg/UNr90Ed1WB7NSIUJ/ayuyuCBiwUnNiT+4+sDdz
TsFfe9zTy1GQijfLisqppoV6wLSlJZQ7+Jhhj8QmiFcTyxV2hE1+ioJQjgEaG6/q
tILS86Sni7j25gdvT3e2Z7xrDP7vWHMQQUb0+JdVYguw5egCmssAYJ28fwiqw3/I
d40yXwiOfT9cwWXS8KvABNEtLL+pQFRsy4P9wvrDcIBmH8iP7PmIkqFPxFi1ssM9
kZ0o82Lfassj2GFjCDEnwL8kG91epAEWnHa3FoNZRGOd
-----END CERTIFICATE-----