Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/NuPZabEjwj0Zl1ftGcMBtd-pDXA.roa
File:                     NuPZabEjwj0Zl1ftGcMBtd-pDXA.roa (raw, json)
Hash identifier:          +dUUuU1kwfnIBk7+1pVXttGVzaNSvBfz3v21l1kMiPM=
Subject key identifier:   36:E3:D9:69:B1:23:C2:3D:19:97:57:ED:19:C3:01:B5:DF:A9:0D:70
Certificate issuer:       /CN=450c581248b11ae2a46f552e5ca43c69d65e72a8
Certificate serial:       0194228E3A90F8A7A1BB603753D027E73484
Authority key identifier: 45:0C:58:12:48:B1:1A:E2:A4:6F:55:2E:5C:A4:3C:69:D6:5E:72:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RQxYEkixGuKkb1UuXKQ8adZecqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/NuPZabEjwj0Zl1ftGcMBtd-pDXA.roa
Signing time:             Wed 01 Jan 2025 15:48:53 +0000
ROA not before:           Wed 01 Jan 2025 15:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        193.101.11.0/24 maxlen: 24
                          193.101.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/RQxYEkixGuKkb1UuXKQ8adZecqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/RQxYEkixGuKkb1UuXKQ8adZecqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RQxYEkixGuKkb1UuXKQ8adZecqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:3a:90:f8:a7:a1:bb:60:37:53:d0:27:e7:34:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=450c581248b11ae2a46f552e5ca43c69d65e72a8
        Validity
            Not Before: Jan  1 15:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36e3d969b123c23d199757ed19c301b5dfa90d70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:61:4f:65:d3:9c:6b:46:e2:fb:75:f1:df:99:
                    c7:d9:9c:85:c3:60:e2:8b:93:df:d0:07:ae:60:b1:
                    57:fd:04:0d:52:97:ed:05:db:42:1a:6b:d5:96:c7:
                    b4:d5:66:5b:4c:de:0e:1a:ab:4a:dc:1a:3b:79:cd:
                    e3:a7:47:c5:bf:11:fd:2d:9c:1c:64:e0:2b:ff:d1:
                    c3:aa:9c:af:9f:bf:ed:e3:36:6e:ff:9e:01:85:77:
                    aa:e4:2f:1f:15:c4:34:d5:f0:20:cf:eb:72:f1:26:
                    50:a0:bf:f3:65:e7:cb:a6:b7:ff:54:75:3d:25:96:
                    c4:d2:93:3c:b7:3b:4c:26:d1:f5:ad:64:e1:2a:61:
                    44:f8:65:aa:fd:99:5e:74:10:91:78:d9:9c:51:d6:
                    c7:6c:ce:d7:8c:f9:50:d1:9d:72:bd:57:0b:ed:6a:
                    01:70:df:fa:31:94:c5:2c:4e:be:3a:5f:0b:5d:ff:
                    ce:c7:db:6c:a0:d0:4b:a3:2c:2a:65:ad:f6:fc:da:
                    ce:59:c1:79:5b:79:87:da:c3:cd:2e:08:42:93:9e:
                    dd:ca:d7:75:62:ac:26:8e:c5:53:c3:a1:88:a6:5a:
                    5b:01:c8:2e:b8:b3:dc:eb:40:a1:cf:c1:d1:20:77:
                    00:1a:2c:92:ca:ac:0c:a2:c4:06:8a:21:ab:2a:cb:
                    69:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E3:D9:69:B1:23:C2:3D:19:97:57:ED:19:C3:01:B5:DF:A9:0D:70
            X509v3 Authority Key Identifier:
                keyid:45:0C:58:12:48:B1:1A:E2:A4:6F:55:2E:5C:A4:3C:69:D6:5E:72:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RQxYEkixGuKkb1UuXKQ8adZecqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/NuPZabEjwj0Zl1ftGcMBtd-pDXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/1cf0b2-c51d-45f5-84dc-7499a8231f56/1/RQxYEkixGuKkb1UuXKQ8adZecqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.101.11.0/24
                  193.101.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0d:61:b4:95:ba:7c:01:d2:82:27:89:81:25:a5:f5:2c:00:82:
         95:55:19:c5:ba:98:ca:be:21:06:75:96:60:73:73:ce:08:0b:
         70:8f:37:e3:24:13:f8:e6:ef:22:c6:0b:7a:a6:5b:4a:7d:1e:
         49:dc:77:63:05:69:d8:8b:b6:4b:47:5e:88:e6:56:a7:37:6c:
         c6:61:d7:f0:c3:9a:94:34:22:99:26:87:c5:05:61:5f:17:cd:
         69:7e:b3:ca:c1:de:72:af:9a:99:62:b1:47:98:aa:f7:34:9b:
         1e:a8:d3:f2:d5:6a:c8:bb:7d:aa:e8:6a:d1:31:24:16:94:9e:
         92:1a:90:fc:0e:f1:d7:f0:1f:6e:5f:df:d2:4e:35:06:40:29:
         ab:06:c9:7d:2c:63:ce:e5:a0:cf:b2:89:f8:f4:41:f1:14:3b:
         79:6d:2b:b0:bf:67:81:17:ea:92:72:04:50:ce:4e:41:f9:94:
         88:04:d6:5c:e6:fd:87:cc:8a:a0:ba:36:1c:be:eb:c9:9a:a8:
         f1:f7:bc:dd:70:aa:3a:83:f2:0c:c4:c0:88:b8:6f:b2:cc:0a:
         a3:57:d2:a0:9c:36:31:bc:21:37:9c:89:dc:14:92:42:52:d9:
         88:2e:15:4c:9a:0c:09:a4:d9:5c:84:98:58:17:a2:8a:46:36:
         66:20:a2:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijjqQ+Kehu2A3U9An5zSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MGM1ODEyNDhiMTFhZTJhNDZmNTUyZTVjYTQzYzY5ZDY1
ZTcyYTgwHhcNMjUwMTAxMTU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmUzZDk2OWIxMjNjMjNkMTk5NzU3ZWQxOWMzMDFiNWRmYTkwZDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymFPZdOca0bi+3Xx35nH2ZyFw2Di
i5Pf0AeuYLFX/QQNUpftBdtCGmvVlse01WZbTN4OGqtK3Bo7ec3jp0fFvxH9LZwc
ZOAr/9HDqpyvn7/t4zZu/54BhXeq5C8fFcQ01fAgz+ty8SZQoL/zZefLprf/VHU9
JZbE0pM8tztMJtH1rWThKmFE+GWq/ZledBCReNmcUdbHbM7XjPlQ0Z1yvVcL7WoB
cN/6MZTFLE6+Ol8LXf/Ox9tsoNBLoywqZa32/NrOWcF5W3mH2sPNLghCk57dytd1
YqwmjsVTw6GIplpbAcguuLPc60Chz8HRIHcAGiySyqwMosQGiiGrKstpNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDbj2WmxI8I9GZdX7RnDAbXfqQ1wMB8GA1UdIwQY
MBaAFEUMWBJIsRripG9VLlykPGnWXnKoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlF4WUVraXhHdUtrYjFVdVhLUThhZFplY3FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xY2YwYjItYzUxZC00NWY1LTg0ZGMt
NzQ5OWE4MjMxZjU2LzEvTnVQWmFiRWp3ajBabDFmdEdjTUJ0ZC1wRFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xY2YwYjItYzUxZC00NWY1LTg0ZGMtNzQ5OWE4MjMxZjU2
LzEvUlF4WUVraXhHdUtrYjFVdVhLUThhZFplY3FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwWULAwQD
wWUYMA0GCSqGSIb3DQEBCwUAA4IBAQANYbSVunwB0oIniYElpfUsAIKVVRnFupjK
viEGdZZgc3POCAtwjzfjJBP45u8ixgt6pltKfR5J3HdjBWnYi7ZLR16I5lanN2zG
Ydfww5qUNCKZJofFBWFfF81pfrPKwd5yr5qZYrFHmKr3NJseqNPy1WrIu32q6GrR
MSQWlJ6SGpD8DvHX8B9uX9/STjUGQCmrBsl9LGPO5aDPson49EHxFDt5bSuwv2eB
F+qScgRQzk5B+ZSIBNZc5v2HzIqgujYcvuvJmqjx97zdcKo6g/IMxMCIuG+yzAqj
V9KgnDYxvCE3nIncFJJCUtmILhVMmgwJpNlchJhYF6KKRjZmIKLs
-----END CERTIFICATE-----