Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/Dfh76wqLJFFyVrWGvNQ86Cd1ugg.roa
File:                     Dfh76wqLJFFyVrWGvNQ86Cd1ugg.roa (raw, json)
Hash identifier:          cQ3NC144NOW+txHpDNWV4+CIEXIR87Btz3V4GE61yOA=
Subject key identifier:   0D:F8:7B:EB:0A:8B:24:51:72:56:B5:86:BC:D4:3C:E8:27:75:BA:08
Certificate issuer:       /CN=c8bebcfe82b2627ea8de8161cb927b245b058e69
Certificate serial:       019422FBE78964FCC95C5963BD8D37620042
Authority key identifier: C8:BE:BC:FE:82:B2:62:7E:A8:DE:81:61:CB:92:7B:24:5B:05:8E:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yL68_oKyYn6o3oFhy5J7JFsFjmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/Dfh76wqLJFFyVrWGvNQ86Cd1ugg.roa
Signing time:             Wed 01 Jan 2025 17:48:41 +0000
ROA not before:           Wed 01 Jan 2025 17:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39222
IP address blocks:        193.30.245.0/24 maxlen: 24
                          194.165.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/yL68_oKyYn6o3oFhy5J7JFsFjmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/yL68_oKyYn6o3oFhy5J7JFsFjmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yL68_oKyYn6o3oFhy5J7JFsFjmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e7:89:64:fc:c9:5c:59:63:bd:8d:37:62:00:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8bebcfe82b2627ea8de8161cb927b245b058e69
        Validity
            Not Before: Jan  1 17:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0df87beb0a8b24517256b586bcd43ce82775ba08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:90:fe:08:8a:78:30:23:38:7e:dc:95:6d:08:
                    41:d1:68:8d:19:a8:08:38:43:18:05:7b:81:e2:71:
                    1b:81:21:d0:df:5a:eb:60:08:5c:63:9d:20:10:36:
                    56:ab:c1:04:b2:96:53:be:de:c8:dc:f9:f4:78:ff:
                    4f:9c:2d:68:f9:81:dc:21:62:20:86:f1:a3:88:6a:
                    1f:7a:d7:69:e9:bb:d4:6c:fe:50:99:46:2c:e0:77:
                    ba:ae:ae:ba:54:dd:1b:8f:64:04:95:8a:21:a2:00:
                    38:e1:fa:5e:be:31:78:90:17:d6:95:17:75:61:a9:
                    01:91:2e:dc:a4:34:c5:dc:7e:a1:85:a2:38:22:8a:
                    f6:38:91:15:a8:a5:04:cc:95:f3:1f:9a:6a:e7:07:
                    bd:5c:f5:7e:a0:37:69:a2:54:a3:16:7c:6e:f4:f2:
                    ed:95:df:23:33:a7:9b:02:da:fc:c4:ef:a3:8d:69:
                    ba:c0:2f:db:a9:0a:bd:83:08:5e:07:6e:7b:8e:fd:
                    27:8c:65:15:02:40:ad:35:19:7e:82:61:e6:2f:a7:
                    59:d0:a4:82:5c:3c:1a:8f:9f:f7:73:55:2c:da:60:
                    2d:78:4a:a0:9d:17:90:be:e6:cb:8a:4a:00:34:f2:
                    cd:fd:b2:f0:40:cb:85:ed:ae:0d:62:08:03:3e:17:
                    0e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:F8:7B:EB:0A:8B:24:51:72:56:B5:86:BC:D4:3C:E8:27:75:BA:08
            X509v3 Authority Key Identifier:
                keyid:C8:BE:BC:FE:82:B2:62:7E:A8:DE:81:61:CB:92:7B:24:5B:05:8E:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yL68_oKyYn6o3oFhy5J7JFsFjmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/Dfh76wqLJFFyVrWGvNQ86Cd1ugg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/ea17b3-d54e-4279-ad98-deef7f151e8e/1/yL68_oKyYn6o3oFhy5J7JFsFjmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.245.0/24
                  194.165.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:28:75:99:cd:5b:80:89:8c:31:76:a3:4c:36:b6:db:29:c0:
         d2:5c:97:0c:ed:ff:95:12:b5:a1:7b:0b:01:52:fd:57:07:76:
         a6:68:08:ac:88:04:3b:8e:ea:e4:ab:51:e3:c6:33:8a:46:24:
         2f:42:8a:e2:e1:d7:0b:0f:80:2d:ff:d0:d9:37:bb:1b:c1:99:
         c9:af:5e:32:57:cc:8c:ff:5b:00:91:52:b3:de:47:90:de:3d:
         cf:77:f9:6b:10:eb:b6:6b:98:21:38:59:a8:ee:33:92:d4:52:
         ff:95:0c:0a:65:9e:ef:45:cc:92:bc:1b:54:75:e8:4d:d8:1e:
         33:9a:73:fd:f4:db:ba:b4:29:0b:c9:00:ee:1d:9d:4e:c3:ac:
         c0:14:6b:68:5d:fe:e9:c9:d3:44:78:6e:7c:03:71:79:58:6b:
         ee:74:2c:ca:c1:c3:ad:8f:3d:ba:0a:d8:57:84:80:4a:9d:d6:
         c6:ce:cc:f2:b1:c0:75:cf:19:db:91:4c:f2:c8:29:a1:a9:2d:
         8f:8d:e3:9b:5f:bf:c4:d6:9f:22:8b:34:57:60:f5:52:da:ad:
         ba:dd:bd:24:8d:f3:20:57:8d:46:e0:db:01:96:13:4a:e2:20:
         9e:d2:29:4b:0c:08:7a:96:2e:80:3a:6f:76:38:fc:48:03:0a:
         dd:70:79:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi++eJZPzJXFljvY03YgBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YmViY2ZlODJiMjYyN2VhOGRlODE2MWNiOTI3YjI0NWIw
NThlNjkwHhcNMjUwMTAxMTc0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGY4N2JlYjBhOGIyNDUxNzI1NmI1ODZiY2Q0M2NlODI3NzViYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5D+CIp4MCM4ftyVbQhB0WiNGagI
OEMYBXuB4nEbgSHQ31rrYAhcY50gEDZWq8EEspZTvt7I3Pn0eP9PnC1o+YHcIWIg
hvGjiGofetdp6bvUbP5QmUYs4He6rq66VN0bj2QElYohogA44fpevjF4kBfWlRd1
YakBkS7cpDTF3H6hhaI4Ior2OJEVqKUEzJXzH5pq5we9XPV+oDdpolSjFnxu9PLt
ld8jM6ebAtr8xO+jjWm6wC/bqQq9gwheB257jv0njGUVAkCtNRl+gmHmL6dZ0KSC
XDwaj5/3c1Us2mAteEqgnReQvubLikoANPLN/bLwQMuF7a4NYggDPhcOnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA34e+sKiyRRcla1hrzUPOgndboIMB8GA1UdIwQY
MBaAFMi+vP6CsmJ+qN6BYcuSeyRbBY5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUw2OF9vS3lZbjZvM29GaHk1SjdKRnNGam1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYTE3YjMtZDU0ZS00Mjc5LWFkOTgt
ZGVlZjdmMTUxZThlLzEvRGZoNzZ3cUxKRkZ5VnJXR3ZOUTg2Q2QxdWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYTE3YjMtZDU0ZS00Mjc5LWFkOTgtZGVlZjdmMTUxZThl
LzEveUw2OF9vS3lZbjZvM29GaHk1SjdKRnNGam1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwR71AwQA
wqUuMA0GCSqGSIb3DQEBCwUAA4IBAQBHKHWZzVuAiYwxdqNMNrbbKcDSXJcM7f+V
ErWhewsBUv1XB3amaAisiAQ7jurkq1HjxjOKRiQvQori4dcLD4At/9DZN7sbwZnJ
r14yV8yM/1sAkVKz3keQ3j3Pd/lrEOu2a5ghOFmo7jOS1FL/lQwKZZ7vRcySvBtU
dehN2B4zmnP99Nu6tCkLyQDuHZ1Ow6zAFGtoXf7pydNEeG58A3F5WGvudCzKwcOt
jz26CthXhIBKndbGzszyscB1zxnbkUzyyCmhqS2PjeObX7/E1p8iizRXYPVS2q26
3b0kjfMgV41G4NsBlhNK4iCe0ilLDAh6li6AOm92OPxIAwrdcHmd
-----END CERTIFICATE-----