Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/Bo1myrpN4GYHDeA8eZrww4v2MYk.roa
File:                     Bo1myrpN4GYHDeA8eZrww4v2MYk.roa (raw, json)
Hash identifier:          iX1wfmXvs8NDvW8ILAABxp5yjw4VCOGlhTOgUXPFMOo=
Subject key identifier:   06:8D:66:CA:BA:4D:E0:66:07:0D:E0:3C:79:9A:F0:C3:8B:F6:31:89
Certificate issuer:       /CN=a19521c7352d1cac3f98c756fc7a6b4b3ae9753d
Certificate serial:       0194252194036AB4F4E9012352BBBAF160E6
Authority key identifier: A1:95:21:C7:35:2D:1C:AC:3F:98:C7:56:FC:7A:6B:4B:3A:E9:75:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oZUhxzUtHKw_mMdW_HprSzrpdT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/Bo1myrpN4GYHDeA8eZrww4v2MYk.roa
Signing time:             Thu 02 Jan 2025 03:49:04 +0000
ROA not before:           Thu 02 Jan 2025 03:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211597
IP address blocks:        188.74.96.0/19 maxlen: 24
                          2a10:bcc0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/oZUhxzUtHKw_mMdW_HprSzrpdT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/oZUhxzUtHKw_mMdW_HprSzrpdT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oZUhxzUtHKw_mMdW_HprSzrpdT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:94:03:6a:b4:f4:e9:01:23:52:bb:ba:f1:60:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a19521c7352d1cac3f98c756fc7a6b4b3ae9753d
        Validity
            Not Before: Jan  2 03:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=068d66caba4de066070de03c799af0c38bf63189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:29:29:44:ab:c4:64:ec:67:06:b3:2d:74:19:
                    37:4e:04:c8:f5:37:35:e1:85:19:e5:69:58:94:df:
                    e6:a0:8e:17:b8:34:a7:8d:1c:ce:f3:72:ee:5d:20:
                    68:ad:23:ce:97:07:8d:a1:15:44:12:12:94:41:14:
                    62:6e:7d:a2:f3:e2:11:e3:86:53:ff:fc:9b:4c:8f:
                    e2:1e:89:d7:e3:ed:06:b6:7c:f5:78:f2:fb:90:a6:
                    9c:65:d0:0a:38:99:2c:0f:d1:f9:dc:cf:9e:86:0d:
                    db:fb:a9:6e:9a:ae:8a:90:9c:65:49:3b:73:59:67:
                    fe:c8:39:8c:0c:77:73:5b:3b:79:cf:c0:05:5a:7a:
                    ad:02:48:63:7e:75:5c:67:c5:b2:03:e8:2d:49:c2:
                    99:f1:dd:3d:4c:26:17:bb:d3:e6:df:1b:c3:84:48:
                    b3:e0:5c:46:bb:27:a6:a5:2f:98:f0:19:22:df:b2:
                    e5:84:f4:17:2e:0e:d1:f5:c1:45:f6:ea:52:1e:8e:
                    1d:eb:86:d5:27:15:ee:03:52:bd:8f:92:79:e8:12:
                    e3:ac:8a:bb:4a:89:9b:76:e4:8c:86:4e:70:1f:20:
                    4a:7e:20:c4:30:b1:dc:fb:11:66:32:88:10:b8:43:
                    94:e0:d1:1b:65:77:c5:95:c4:39:3d:73:d2:70:7c:
                    0d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:8D:66:CA:BA:4D:E0:66:07:0D:E0:3C:79:9A:F0:C3:8B:F6:31:89
            X509v3 Authority Key Identifier:
                keyid:A1:95:21:C7:35:2D:1C:AC:3F:98:C7:56:FC:7A:6B:4B:3A:E9:75:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oZUhxzUtHKw_mMdW_HprSzrpdT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/Bo1myrpN4GYHDeA8eZrww4v2MYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2b7dc2-c1de-4970-ab53-e5ada36fa1f3/1/oZUhxzUtHKw_mMdW_HprSzrpdT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.74.96.0/19
                IPv6:
                  2a10:bcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:9a:2d:c2:e7:98:61:09:90:c1:75:27:35:72:b0:38:b7:f4:
         4e:55:42:0c:de:48:c6:40:80:65:22:df:32:95:97:9c:57:e0:
         e2:cf:c8:0f:3b:86:75:3d:cb:36:95:7b:84:c9:b3:54:cc:82:
         be:1c:19:c6:a0:4f:58:94:10:54:83:b8:99:16:b9:2a:6c:78:
         e4:85:96:49:bf:6a:52:f5:65:ff:42:a7:ec:a4:ce:b9:47:b6:
         3f:1b:32:4c:c9:98:dd:38:53:8d:37:76:a4:ad:3e:e2:64:eb:
         f8:e8:4a:b3:79:ce:54:bf:fd:a0:dc:ce:fb:04:c7:4c:34:19:
         8e:4d:b9:3d:c1:6e:3d:4e:75:dd:25:8b:0b:27:61:c0:a6:80:
         b9:e2:7c:81:dc:76:6a:9a:41:b6:c1:b3:05:f9:e2:58:e9:c2:
         cc:f8:69:83:fa:ed:53:91:d6:a3:80:47:7e:5f:b1:34:61:ce:
         01:ac:bd:8b:4c:38:78:59:57:63:87:35:3f:46:69:50:97:e0:
         db:d4:c0:6e:69:31:4b:b5:57:ab:8b:80:a5:3a:19:5e:db:aa:
         5a:f2:38:c8:cb:17:a3:ed:45:ef:5f:9a:6f:5a:93:e7:e8:6a:
         80:e7:57:79:11:3e:4f:e8:ef:f1:e1:0a:d3:c8:fa:bb:a0:5d:
         cc:6c:1f:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIZQDarT06QEjUru68WDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOTUyMWM3MzUyZDFjYWMzZjk4Yzc1NmZjN2E2YjRiM2Fl
OTc1M2QwHhcNMjUwMTAyMDM0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjhkNjZjYWJhNGRlMDY2MDcwZGUwM2M3OTlhZjBjMzhiZjYzMTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1SkpRKvEZOxnBrMtdBk3TgTI9Tc1
4YUZ5WlYlN/moI4XuDSnjRzO83LuXSBorSPOlweNoRVEEhKUQRRibn2i8+IR44ZT
//ybTI/iHonX4+0Gtnz1ePL7kKacZdAKOJksD9H53M+ehg3b+6lumq6KkJxlSTtz
WWf+yDmMDHdzWzt5z8AFWnqtAkhjfnVcZ8WyA+gtScKZ8d09TCYXu9Pm3xvDhEiz
4FxGuyempS+Y8Bki37LlhPQXLg7R9cFF9upSHo4d64bVJxXuA1K9j5J56BLjrIq7
SombduSMhk5wHyBKfiDEMLHc+xFmMogQuEOU4NEbZXfFlcQ5PXPScHwNTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAaNZsq6TeBmBw3gPHma8MOL9jGJMB8GA1UdIwQY
MBaAFKGVIcc1LRysP5jHVvx6a0s66XU9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1pVaHh6VXRIS3dfbU1kV19IcHJTenJwZFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yYjdkYzItYzFkZS00OTcwLWFiNTMt
ZTVhZGEzNmZhMWYzLzEvQm8xbXlycE40R1lIRGVBOGVacnd3NHYyTVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yYjdkYzItYzFkZS00OTcwLWFiNTMtZTVhZGEzNmZhMWYz
LzEvb1pVaHh6VXRIS3dfbU1kV19IcHJTenJwZFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFvEpgMA0E
AgACMAcDBQMqELzAMA0GCSqGSIb3DQEBCwUAA4IBAQA7mi3C55hhCZDBdSc1crA4
t/ROVUIM3kjGQIBlIt8ylZecV+Diz8gPO4Z1Pcs2lXuEybNUzIK+HBnGoE9YlBBU
g7iZFrkqbHjkhZZJv2pS9WX/QqfspM65R7Y/GzJMyZjdOFONN3akrT7iZOv46Eqz
ec5Uv/2g3M77BMdMNBmOTbk9wW49TnXdJYsLJ2HApoC54nyB3HZqmkG2wbMF+eJY
6cLM+GmD+u1TkdajgEd+X7E0Yc4BrL2LTDh4WVdjhzU/RmlQl+Db1MBuaTFLtVer
i4ClOhle26pa8jjIyxej7UXvX5pvWpPn6GqA51d5ET5P6O/x4QrTyPq7oF3MbB85
-----END CERTIFICATE-----