Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/e1849f-24a6-4f92-8063-626fc0403ac9/1/bYTh9rqmyoD0Z9Or16ek84SzWn4.roa
File:                     bYTh9rqmyoD0Z9Or16ek84SzWn4.roa (raw, json)
Hash identifier:          4klJmHJXl6kfKkt89+CuaKwDfZrFu99Y5sLGCeYnZ1E=
Subject key identifier:   6D:84:E1:F6:BA:A6:CA:80:F4:67:D3:AB:D7:A7:A4:F3:84:B3:5A:7E
Certificate issuer:       /CN=82c78627794e87ff9718db1b0df7eee2edb33595
Certificate serial:       01942747789146829FD030AFF718C5DE50AB
Authority key identifier: 82:C7:86:27:79:4E:87:FF:97:18:DB:1B:0D:F7:EE:E2:ED:B3:35:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gseGJ3lOh_-XGNsbDffu4u2zNZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/e1849f-24a6-4f92-8063-626fc0403ac9/1/bYTh9rqmyoD0Z9Or16ek84SzWn4.roa
Signing time:             Thu 02 Jan 2025 13:49:42 +0000
ROA not before:           Thu 02 Jan 2025 13:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        193.8.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/e1849f-24a6-4f92-8063-626fc0403ac9/1/gseGJ3lOh_-XGNsbDffu4u2zNZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/e1849f-24a6-4f92-8063-626fc0403ac9/1/gseGJ3lOh_-XGNsbDffu4u2zNZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gseGJ3lOh_-XGNsbDffu4u2zNZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:78:91:46:82:9f:d0:30:af:f7:18:c5:de:50:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82c78627794e87ff9718db1b0df7eee2edb33595
        Validity
            Not Before: Jan  2 13:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d84e1f6baa6ca80f467d3abd7a7a4f384b35a7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:dd:71:fc:c9:68:40:f5:3d:c7:45:6b:ae:c9:
                    87:d6:b1:01:5c:0d:fd:35:36:e4:c9:94:d7:df:00:
                    f1:ff:32:8b:22:d0:bb:3d:91:fc:24:3d:cb:ca:b5:
                    e5:37:84:03:14:9f:d7:4b:9c:b8:08:0a:d4:22:a7:
                    d6:49:09:08:b5:af:26:06:61:bd:ba:12:a5:06:cc:
                    49:71:91:e2:e8:05:fc:ce:e8:0c:64:5c:81:08:0b:
                    01:b4:95:19:ce:02:47:e8:20:27:b8:98:a4:bb:1e:
                    19:1f:c5:b9:ba:43:9e:fe:e1:a9:35:17:6e:68:7b:
                    6f:bb:38:d5:21:f7:78:86:74:c4:d8:ac:da:ea:31:
                    ae:f6:d5:b4:79:5c:90:ce:d0:e5:6f:22:d1:bf:22:
                    86:b5:a8:df:7c:6e:2d:a0:f4:26:1a:9c:cb:6d:b3:
                    23:c2:01:c7:4e:52:de:dc:64:fe:c5:76:45:97:5b:
                    79:61:2d:44:d3:5b:6a:5b:79:f0:f7:fe:a9:89:f3:
                    23:06:d1:17:b6:5b:23:48:47:9a:4f:b7:be:0e:31:
                    9a:aa:fc:9f:f1:5c:a3:43:19:8c:0f:c6:30:ca:63:
                    e8:a4:32:84:4f:3f:b9:23:52:5f:9e:34:49:fa:b0:
                    4a:11:ff:c8:4f:7b:cd:c1:fd:1a:56:05:53:df:78:
                    5a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:84:E1:F6:BA:A6:CA:80:F4:67:D3:AB:D7:A7:A4:F3:84:B3:5A:7E
            X509v3 Authority Key Identifier:
                keyid:82:C7:86:27:79:4E:87:FF:97:18:DB:1B:0D:F7:EE:E2:ED:B3:35:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gseGJ3lOh_-XGNsbDffu4u2zNZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/e1849f-24a6-4f92-8063-626fc0403ac9/1/bYTh9rqmyoD0Z9Or16ek84SzWn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/e1849f-24a6-4f92-8063-626fc0403ac9/1/gseGJ3lOh_-XGNsbDffu4u2zNZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:a3:eb:8c:38:ae:38:f8:a0:c3:78:c3:fb:9b:bc:82:06:24:
         66:2f:8c:6d:b8:9c:98:38:38:f8:f4:4d:ca:b3:47:ae:3a:95:
         32:92:ee:40:13:68:59:7b:81:ef:e8:27:72:2d:ce:94:e4:ff:
         76:4a:c6:de:9e:0c:bb:06:63:97:f2:ca:fc:af:f7:8c:94:42:
         96:49:54:5e:38:a3:f6:f8:a5:8a:3c:d5:5a:92:87:b7:99:c7:
         09:28:5e:fc:82:da:15:ed:d8:1e:0b:b0:35:ed:89:c6:31:84:
         13:fd:80:80:a1:22:62:41:ea:4e:51:28:73:fd:f4:b4:95:a2:
         17:02:9d:62:ea:ea:51:f4:db:54:27:b5:0e:03:38:42:f5:9c:
         1b:ed:35:f9:ac:cc:5e:66:1c:25:b5:c3:d4:e6:41:36:b3:15:
         e9:68:14:b1:98:d3:4a:c7:76:a8:45:3f:28:63:46:b6:68:6f:
         d2:e2:ae:b3:b4:d6:fa:1a:7d:52:5e:ea:e0:8e:df:5b:4c:eb:
         3c:fd:40:22:31:b9:9a:62:5c:b3:9c:b6:07:4d:7a:d7:83:0f:
         3c:17:90:c1:f2:99:b2:30:5c:8d:82:24:bb:09:d8:32:3d:93:
         4e:87:cd:a8:7c:a3:9e:95:99:2e:ed:46:66:c0:50:64:93:13:
         95:de:f2:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR3iRRoKf0DCv9xjF3lCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYzc4NjI3Nzk0ZTg3ZmY5NzE4ZGIxYjBkZjdlZWUyZWRi
MzM1OTUwHhcNMjUwMTAyMTM0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDg0ZTFmNmJhYTZjYTgwZjQ2N2QzYWJkN2E3YTRmMzg0YjM1YTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2N1x/MloQPU9x0VrrsmH1rEBXA39
NTbkyZTX3wDx/zKLItC7PZH8JD3LyrXlN4QDFJ/XS5y4CArUIqfWSQkIta8mBmG9
uhKlBsxJcZHi6AX8zugMZFyBCAsBtJUZzgJH6CAnuJikux4ZH8W5ukOe/uGpNRdu
aHtvuzjVIfd4hnTE2Kza6jGu9tW0eVyQztDlbyLRvyKGtajffG4toPQmGpzLbbMj
wgHHTlLe3GT+xXZFl1t5YS1E01tqW3nw9/6pifMjBtEXtlsjSEeaT7e+DjGaqvyf
8VyjQxmMD8YwymPopDKETz+5I1JfnjRJ+rBKEf/IT3vNwf0aVgVT33hasQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2E4fa6psqA9GfTq9enpPOEs1p+MB8GA1UdIwQY
MBaAFILHhid5Tof/lxjbGw337uLtszWVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3NlR0ozbE9oXy1YR05zYkRmZnU0dTJ6TlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9lMTg0OWYtMjRhNi00ZjkyLTgwNjMt
NjI2ZmMwNDAzYWM5LzEvYllUaDlycW15b0QwWjlPcjE2ZWs4NFN6V240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9lMTg0OWYtMjRhNi00ZjkyLTgwNjMtNjI2ZmMwNDAzYWM5
LzEvZ3NlR0ozbE9oXy1YR05zYkRmZnU0dTJ6TlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQiRMA0G
CSqGSIb3DQEBCwUAA4IBAQAuo+uMOK44+KDDeMP7m7yCBiRmL4xtuJyYODj49E3K
s0euOpUyku5AE2hZe4Hv6CdyLc6U5P92Ssbengy7BmOX8sr8r/eMlEKWSVReOKP2
+KWKPNVakoe3mccJKF78gtoV7dgeC7A17YnGMYQT/YCAoSJiQepOUShz/fS0laIX
Ap1i6upR9NtUJ7UOAzhC9Zwb7TX5rMxeZhwltcPU5kE2sxXpaBSxmNNKx3aoRT8o
Y0a2aG/S4q6ztNb6Gn1SXurgjt9bTOs8/UAiMbmaYlyznLYHTXrXgw88F5DB8pmy
MFyNgiS7CdgyPZNOh82ofKOelZku7UZmwFBkkxOV3vJ0
-----END CERTIFICATE-----