Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/i63lT8gZ80ZQnoxkIIq3_XH-qGo.roa
File:                     i63lT8gZ80ZQnoxkIIq3_XH-qGo.roa (raw, json)
Hash identifier:          u7r5j40jao9jpdMvyg5KQYNAFcKXMkC3d+QE0v1EduY=
Subject key identifier:   8B:AD:E5:4F:C8:19:F3:46:50:9E:8C:64:20:8A:B7:FD:71:FE:A8:6A
Certificate issuer:       /CN=3c2c854011140a10947da7b53bbb350f3c54b33e
Certificate serial:       019425220F9027024BD7E4C1DDAF577072C8
Authority key identifier: 3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/i63lT8gZ80ZQnoxkIIq3_XH-qGo.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59572
IP address blocks:        193.35.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0f:90:27:02:4b:d7:e4:c1:dd:af:57:70:72:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c2c854011140a10947da7b53bbb350f3c54b33e
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bade54fc819f346509e8c64208ab7fd71fea86a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:01:f4:0b:46:5c:a4:51:2d:fa:22:84:2d:d2:
                    f6:63:5b:68:35:8e:55:43:35:42:ae:b5:db:8e:09:
                    07:08:91:7f:9d:ca:c5:17:08:db:c6:88:35:db:b9:
                    8a:27:97:7d:48:08:e3:1a:cd:a4:c9:b5:a6:49:e6:
                    28:0f:05:8d:6d:30:bb:3c:9f:75:77:71:ca:4d:19:
                    c4:ce:c8:99:8e:3d:cb:d7:d9:58:ab:b6:71:12:52:
                    e5:8a:1e:f1:69:fd:2a:0e:e9:da:07:ce:2c:ba:e3:
                    a0:8f:d5:38:d4:44:f5:f8:e8:6e:0b:b2:c9:59:47:
                    de:b8:78:a6:00:17:ce:fc:3e:a4:c7:08:2b:42:fb:
                    24:63:df:6f:1f:77:30:e0:4b:47:2e:19:e0:88:ed:
                    2e:19:4e:75:44:88:1c:d1:8a:38:32:db:13:7e:8e:
                    d0:f3:ed:ae:35:fa:07:ce:9f:0b:a1:8c:ae:c2:ba:
                    58:76:d5:20:dd:ef:db:8e:2c:aa:89:d2:f6:28:f3:
                    2d:e7:ec:0c:b3:56:2b:ec:4c:1f:78:88:23:fd:cf:
                    7a:79:a1:52:62:fe:0a:ca:6e:bd:2e:b5:ba:04:c0:
                    16:7c:39:c8:47:a3:94:25:61:65:ac:8c:d7:32:8b:
                    d8:3c:f2:93:79:4e:93:5f:be:04:b3:f6:10:04:02:
                    83:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AD:E5:4F:C8:19:F3:46:50:9E:8C:64:20:8A:B7:FD:71:FE:A8:6A
            X509v3 Authority Key Identifier:
                keyid:3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/i63lT8gZ80ZQnoxkIIq3_XH-qGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:e0:30:7f:64:a0:92:5b:13:a1:68:87:80:77:86:29:00:fe:
         7b:2f:79:1d:6b:c9:17:1d:d1:9a:ab:36:23:d6:61:60:1f:56:
         0e:3b:de:b8:67:f4:86:d4:3a:cf:0d:30:31:02:37:c4:58:9f:
         20:39:5d:a7:97:56:dc:5c:10:b8:12:2f:b2:0e:11:4e:bd:b3:
         3c:bb:b3:ca:2c:c5:56:10:fe:b5:e9:b4:53:eb:76:06:33:b5:
         18:a8:4c:f0:95:ba:fd:18:c9:77:97:02:5a:f1:0e:c4:aa:d4:
         ed:42:db:d3:49:bb:7b:05:cf:a0:cd:3a:58:2f:f3:e4:70:e0:
         a9:e7:2c:e9:27:4d:b4:22:a8:56:ca:89:03:33:ad:27:e8:c9:
         7f:60:d4:d9:c7:0b:3a:94:86:c6:64:c4:de:64:1c:29:b7:4c:
         d8:ba:76:f6:69:e1:31:f8:7f:0a:4d:e2:78:ca:d1:f9:c7:ff:
         a6:9d:01:88:a2:7d:7b:1d:d7:23:af:99:cb:25:e9:88:e9:ad:
         32:58:8e:c5:fc:78:3d:79:33:9a:6e:b2:d3:a1:88:aa:b0:ba:
         b0:d0:05:92:97:6e:9b:f5:2e:a8:15:80:3c:21:dd:8c:6b:d7:
         c2:2f:bb:0a:92:33:79:d9:92:3d:21:80:be:7b:d4:a9:c8:32:
         66:55:67:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIg+QJwJL1+TB3a9XcHLIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMmM4NTQwMTExNDBhMTA5NDdkYTdiNTNiYmIzNTBmM2M1
NGIzM2UwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFkZTU0ZmM4MTlmMzQ2NTA5ZThjNjQyMDhhYjdmZDcxZmVhODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwH0C0ZcpFEt+iKELdL2Y1toNY5V
QzVCrrXbjgkHCJF/ncrFFwjbxog127mKJ5d9SAjjGs2kybWmSeYoDwWNbTC7PJ91
d3HKTRnEzsiZjj3L19lYq7ZxElLlih7xaf0qDunaB84suuOgj9U41ET1+OhuC7LJ
WUfeuHimABfO/D6kxwgrQvskY99vH3cw4EtHLhngiO0uGU51RIgc0Yo4MtsTfo7Q
8+2uNfoHzp8LoYyuwrpYdtUg3e/bjiyqidL2KPMt5+wMs1Yr7EwfeIgj/c96eaFS
Yv4Kym69LrW6BMAWfDnIR6OUJWFlrIzXMovYPPKTeU6TX74Es/YQBAKDxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIut5U/IGfNGUJ6MZCCKt/1x/qhqMB8GA1UdIwQY
MBaAFDwshUARFAoQlH2ntTu7NQ88VLM+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYt
YjViYmQwYjVlMGFhLzEvaTYzbFQ4Z1o4MFpRbm94a0lJcTNfWEgtcUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYtYjViYmQwYjVlMGFh
LzEvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSMBMA0G
CSqGSIb3DQEBCwUAA4IBAQBl4DB/ZKCSWxOhaIeAd4YpAP57L3kda8kXHdGaqzYj
1mFgH1YOO964Z/SG1DrPDTAxAjfEWJ8gOV2nl1bcXBC4Ei+yDhFOvbM8u7PKLMVW
EP616bRT63YGM7UYqEzwlbr9GMl3lwJa8Q7EqtTtQtvTSbt7Bc+gzTpYL/PkcOCp
5yzpJ020IqhWyokDM60n6Ml/YNTZxws6lIbGZMTeZBwpt0zYunb2aeEx+H8KTeJ4
ytH5x/+mnQGIon17Hdcjr5nLJemI6a0yWI7F/Hg9eTOabrLToYiqsLqw0AWSl26b
9S6oFYA8Id2Ma9fCL7sKkjN52ZI9IYC+e9SpyDJmVWfD
-----END CERTIFICATE-----