Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/u67ic7YzK78QcUkHm1snD1e9720.roa
File:                     u67ic7YzK78QcUkHm1snD1e9720.roa (raw, json)
Hash identifier:          csRqjLRtzYYjHQDBckYWBc6iGrmSXKNq8hQ9btgA+2A=
Subject key identifier:   BB:AE:E2:73:B6:33:2B:BF:10:71:49:07:9B:5B:27:0F:57:BD:EF:6D
Certificate issuer:       /CN=501459c027a86e1a55709f860937fe2f81b312f0
Certificate serial:       0194266BBD942409727861B48EBCDA3C598C
Authority key identifier: 50:14:59:C0:27:A8:6E:1A:55:70:9F:86:09:37:FE:2F:81:B3:12:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/u67ic7YzK78QcUkHm1snD1e9720.roa
Signing time:             Thu 02 Jan 2025 09:49:42 +0000
ROA not before:           Thu 02 Jan 2025 09:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35280
IP address blocks:        147.233.0.0/17 maxlen: 17
                          147.233.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:bd:94:24:09:72:78:61:b4:8e:bc:da:3c:59:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=501459c027a86e1a55709f860937fe2f81b312f0
        Validity
            Not Before: Jan  2 09:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbaee273b6332bbf107149079b5b270f57bdef6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d8:20:9c:99:10:78:b5:53:14:e2:93:68:3b:
                    14:0b:70:c5:82:06:fc:93:11:72:e3:25:49:c0:ea:
                    eb:14:27:79:58:f4:4b:e1:b6:d4:95:e6:f8:de:59:
                    ce:86:48:fc:a7:0d:61:42:8b:42:39:b1:62:5b:06:
                    12:9c:40:63:9c:ad:e5:7e:13:5a:cb:95:68:ae:bf:
                    65:d4:a8:a5:ba:b1:04:f1:fb:c5:a2:fb:91:30:4d:
                    4f:c1:0e:42:62:98:d5:c3:db:65:0a:ac:45:97:d5:
                    e3:b0:2c:ea:d0:33:bd:2b:a0:e8:49:4b:a0:af:88:
                    d2:53:db:30:85:5c:cf:f3:16:d0:a7:28:43:67:17:
                    69:42:0f:2f:2f:aa:38:ab:85:6b:16:5c:c7:ba:3d:
                    c5:b1:38:79:89:b0:ff:a1:76:3f:8d:e5:9c:cc:de:
                    43:39:cb:61:da:03:4d:e7:67:5a:d4:4c:bf:ac:d8:
                    6b:f0:74:3e:60:3d:10:b7:f1:e9:6a:fb:7d:41:6b:
                    9c:50:f2:b9:a5:e9:ea:24:90:fd:b9:c5:94:36:22:
                    c4:1c:67:06:11:48:15:76:dd:90:a5:e4:87:1c:79:
                    b0:1f:e5:94:70:f0:31:cd:d9:59:19:98:fb:c9:cd:
                    2f:c7:94:10:9a:4b:10:0c:ce:98:ac:6f:33:f4:f1:
                    5f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AE:E2:73:B6:33:2B:BF:10:71:49:07:9B:5B:27:0F:57:BD:EF:6D
            X509v3 Authority Key Identifier:
                keyid:50:14:59:C0:27:A8:6E:1A:55:70:9F:86:09:37:FE:2F:81:B3:12:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/u67ic7YzK78QcUkHm1snD1e9720.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.233.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:ed:3a:4b:d9:81:ce:14:53:1e:6b:3e:33:91:65:5e:c5:fa:
         ce:84:82:3e:c2:0d:b6:e0:45:86:fd:4b:b8:71:65:b1:98:27:
         82:cb:07:98:1c:88:5f:ad:de:be:76:af:7e:6f:24:52:03:2e:
         16:10:1f:a9:6a:f5:6a:91:8b:a6:be:3e:4d:dc:0e:f6:02:d9:
         04:62:69:9c:e0:77:de:c0:c5:4d:12:12:97:63:68:36:36:59:
         f1:95:48:1c:df:f6:1c:dd:7f:68:88:ec:c8:02:66:79:b4:41:
         a3:be:36:5e:51:76:09:fb:be:cc:8d:ed:da:d4:0c:5c:fe:c7:
         05:13:76:51:f2:f5:65:69:3a:a4:0a:15:7c:55:8a:c0:e1:4b:
         67:c1:51:43:25:a2:72:77:33:fd:27:c9:9c:ec:14:8b:ff:5c:
         be:61:7e:4b:b8:02:ca:be:9d:0a:f3:39:84:23:62:fb:2c:36:
         c5:d8:fc:bc:54:d4:a1:58:63:3c:6b:6c:b1:83:36:d5:a3:eb:
         69:09:ae:d9:89:d1:30:0f:27:f6:58:73:f8:ea:31:ff:50:1c:
         df:13:5a:97:53:07:c0:c4:50:17:86:36:c1:fd:25:72:58:e4:
         bb:b2:f4:8f:01:97:fd:0a:7f:db:c7:e6:47:1b:da:20:a8:45:
         76:85:e0:ee
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQma72UJAlyeGG0jrzaPFmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTQ1OWMwMjdhODZlMWE1NTcwOWY4NjA5MzdmZTJmODFi
MzEyZjAwHhcNMjUwMTAyMDk0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFlZTI3M2I2MzMyYmJmMTA3MTQ5MDc5YjViMjcwZjU3YmRlZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldggnJkQeLVTFOKTaDsUC3DFggb8
kxFy4yVJwOrrFCd5WPRL4bbUleb43lnOhkj8pw1hQotCObFiWwYSnEBjnK3lfhNa
y5Vorr9l1KilurEE8fvFovuRME1PwQ5CYpjVw9tlCqxFl9XjsCzq0DO9K6DoSUug
r4jSU9swhVzP8xbQpyhDZxdpQg8vL6o4q4VrFlzHuj3FsTh5ibD/oXY/jeWczN5D
Octh2gNN52da1Ey/rNhr8HQ+YD0Qt/Hpavt9QWucUPK5penqJJD9ucWUNiLEHGcG
EUgVdt2QpeSHHHmwH+WUcPAxzdlZGZj7yc0vx5QQmksQDM6YrG8z9PFfCQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLuu4nO2Myu/EHFJB5tbJw9Xve9tMB8GA1UdIwQY
MBaAFFAUWcAnqG4aVXCfhgk3/i+BsxLwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJSWndDZW9iaHBWY0otR0NUZi1MNEd6RXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi85ZWRlOTItYTgzOC00MGJjLWEyNjYt
MTYyYjAyYmIxNWJkLzEvdTY3aWM3WXpLNzhRY1VrSG0xc25EMWU5NzIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi85ZWRlOTItYTgzOC00MGJjLWEyNjYtMTYyYjAyYmIxNWJk
LzEvVUJSWndDZW9iaHBWY0otR0NUZi1MNEd6RXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk+kwDQYJ
KoZIhvcNAQELBQADggEBAEPtOkvZgc4UUx5rPjORZV7F+s6Egj7CDbbgRYb9S7hx
ZbGYJ4LLB5gciF+t3r52r35vJFIDLhYQH6lq9WqRi6a+Pk3cDvYC2QRiaZzgd97A
xU0SEpdjaDY2WfGVSBzf9hzdf2iI7MgCZnm0QaO+Nl5Rdgn7vsyN7drUDFz+xwUT
dlHy9WVpOqQKFXxVisDhS2fBUUMlonJ3M/0nyZzsFIv/XL5hfku4Asq+nQrzOYQj
YvssNsXY/LxU1KFYYzxrbLGDNtWj62kJrtmJ0TAPJ/ZYc/jqMf9QHN8TWpdTB8DE
UBeGNsH9JXJY5Luy9I8Bl/0Kf9vH5kcb2iCoRXaF4O4=
-----END CERTIFICATE-----