Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/c7nY0rggG6raEqDRkehzGz_VYtA.roa
File:                     c7nY0rggG6raEqDRkehzGz_VYtA.roa (raw, json)
Hash identifier:          EhNdOxX4vcohdV7gKrHWK7+fsvt8pGFZe0311VfzJ1M=
Subject key identifier:   73:B9:D8:D2:B8:20:1B:AA:DA:12:A0:D1:91:E8:73:1B:3F:D5:62:D0
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       0194221FB1B5CB9DD275A2628E906D15ACFA
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/c7nY0rggG6raEqDRkehzGz_VYtA.roa
Signing time:             Wed 01 Jan 2025 13:48:09 +0000
ROA not before:           Wed 01 Jan 2025 13:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11251
IP address blocks:        157.23.224.0/20 maxlen: 24
                          2a0e:bbc0:8000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b1:b5:cb:9d:d2:75:a2:62:8e:90:6d:15:ac:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  1 13:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73b9d8d2b8201baada12a0d191e8731b3fd562d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b1:26:1c:ac:58:96:22:a1:d4:85:20:8a:71:
                    ee:28:45:ba:23:02:d1:ea:0c:5a:0d:88:b4:52:ee:
                    d0:b9:76:95:4d:0b:f2:ff:bc:86:55:c1:ff:ed:2e:
                    d1:fd:15:01:d6:65:84:5e:b9:e5:f1:1e:ca:da:1f:
                    52:09:eb:cb:32:36:c3:d2:5e:02:da:78:1e:71:3c:
                    bd:54:ce:4e:80:22:89:d0:8e:95:e3:26:95:da:1e:
                    a0:1e:53:21:6a:19:f4:af:c5:7b:d0:98:79:74:b1:
                    31:7f:ce:b6:d7:1e:f9:40:21:14:ab:4f:01:30:2a:
                    e3:50:73:43:f4:ef:71:35:37:81:5c:7e:9a:8b:de:
                    ea:d5:5b:60:3c:19:dd:88:30:3a:f0:0d:e9:26:56:
                    94:0f:0a:38:3c:8a:8f:b4:88:eb:fe:09:07:e5:b8:
                    bc:cf:27:fc:88:d7:54:2e:9f:58:23:78:e3:93:03:
                    b2:6a:a6:34:da:b6:3c:bd:89:d8:f9:ce:f2:27:63:
                    81:f5:d4:56:85:1f:88:3b:7b:e9:15:6d:ed:17:55:
                    63:b9:d6:12:e1:39:57:89:34:98:79:8b:ad:6f:91:
                    9b:7a:08:0f:af:1b:e9:f9:ec:04:0d:ad:88:77:a6:
                    ef:76:cd:86:ab:c6:64:18:bf:0e:35:5f:28:bc:47:
                    f5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B9:D8:D2:B8:20:1B:AA:DA:12:A0:D1:91:E8:73:1B:3F:D5:62:D0
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/c7nY0rggG6raEqDRkehzGz_VYtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.224.0/20
                IPv6:
                  2a0e:bbc0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         55:89:10:13:cd:32:4b:14:a5:78:15:ac:ad:2f:86:26:0a:bd:
         31:56:25:b6:cd:8c:bd:33:73:e0:a4:58:51:d5:42:9d:a2:35:
         93:0b:23:44:ae:82:53:9f:91:ef:a8:3e:b3:95:89:82:47:01:
         27:f3:2b:a1:42:31:88:64:27:cf:7a:b3:34:c6:b2:36:47:16:
         13:68:ae:cf:67:d7:ff:9d:40:20:41:59:a5:a1:bb:bc:b5:41:
         b7:c5:d6:d2:20:1e:96:34:ca:9f:62:3b:6b:20:cf:d0:1e:ea:
         a6:0f:f4:bf:89:5b:e1:fc:e3:22:04:cf:a5:3c:83:94:ea:3a:
         c1:de:8e:2a:60:8f:89:10:14:9c:f4:09:61:ff:77:33:18:e9:
         28:ac:a8:89:71:2e:98:27:08:1a:25:c4:9b:e2:16:ce:91:16:
         9a:aa:ed:5a:17:70:fc:04:c9:10:4d:9f:6b:6c:76:08:d3:dd:
         da:b2:30:22:eb:da:4a:e5:1b:e8:4a:b7:fe:96:3e:77:8a:b1:
         db:0c:fb:3e:d7:42:e8:36:a4:8a:f4:b2:4d:fb:e8:a5:46:46:
         c3:b6:65:c3:21:f6:a0:92:7a:61:3f:55:10:fe:fa:78:88:bd:
         49:42:54:29:57:d3:70:a8:1a:8b:7f:b8:19:fc:33:9b:e2:d3:
         1e:89:af:27
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQiH7G1y53SdaJijpBtFaz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjUwMTAxMTM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2I5ZDhkMmI4MjAxYmFhZGExMmEwZDE5MWU4NzMxYjNmZDU2MmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7EmHKxYliKh1IUginHuKEW6IwLR
6gxaDYi0Uu7QuXaVTQvy/7yGVcH/7S7R/RUB1mWEXrnl8R7K2h9SCevLMjbD0l4C
2ngecTy9VM5OgCKJ0I6V4yaV2h6gHlMhahn0r8V70Jh5dLExf8621x75QCEUq08B
MCrjUHND9O9xNTeBXH6ai97q1VtgPBndiDA68A3pJlaUDwo4PIqPtIjr/gkH5bi8
zyf8iNdULp9YI3jjkwOyaqY02rY8vYnY+c7yJ2OB9dRWhR+IO3vpFW3tF1VjudYS
4TlXiTSYeYutb5GbeggPrxvp+ewEDa2Id6bvds2Gq8ZkGL8ONV8ovEf1YwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFHO52NK4IBuq2hKg0ZHocxs/1WLQMB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvYzduWTByZ2dHNnJhRXFEUmtlaHpHel9WWXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQEnRfgMA4E
AgACMAgDBgAqDrvAgDANBgkqhkiG9w0BAQsFAAOCAQEAVYkQE80ySxSleBWsrS+G
Jgq9MVYlts2MvTNz4KRYUdVCnaI1kwsjRK6CU5+R76g+s5WJgkcBJ/MroUIxiGQn
z3qzNMayNkcWE2iuz2fX/51AIEFZpaG7vLVBt8XW0iAeljTKn2I7ayDP0B7qpg/0
v4lb4fzjIgTPpTyDlOo6wd6OKmCPiRAUnPQJYf93MxjpKKyoiXEumCcIGiXEm+IW
zpEWmqrtWhdw/ATJEE2fa2x2CNPd2rIwIuvaSuUb6Eq3/pY+d4qx2wz7PtdC6Dak
ivSyTfvopUZGw7ZlwyH2oJJ6YT9VEP76eIi9SUJUKVfTcKgai3+4Gfwzm+LTHomv
Jw==
-----END CERTIFICATE-----