Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/nBzRioAspYogjhuqMfmeJKfieBA.roa
File:                     nBzRioAspYogjhuqMfmeJKfieBA.roa (raw, json)
Hash identifier:          zMCnSjaFE4ydwmXDRAVpua0IoyMIX5RMql4K/75vlGo=
Subject key identifier:   9C:1C:D1:8A:80:2C:A5:8A:20:8E:1B:AA:31:F9:9E:24:A7:E2:78:10
Certificate issuer:       /CN=ced755733e91203a17c3093ca5d9cb0392d94f61
Certificate serial:       0194206858EB1A1F346881B51EB3ADB9C640
Authority key identifier: CE:D7:55:73:3E:91:20:3A:17:C3:09:3C:A5:D9:CB:03:92:D9:4F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ztdVcz6RIDoXwwk8pdnLA5LZT2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/nBzRioAspYogjhuqMfmeJKfieBA.roa
Signing time:             Wed 01 Jan 2025 05:48:16 +0000
ROA not before:           Wed 01 Jan 2025 05:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21320
IP address blocks:        83.97.88.0/21 maxlen: 21
                          2001:799::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ztdVcz6RIDoXwwk8pdnLA5LZT2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ztdVcz6RIDoXwwk8pdnLA5LZT2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ztdVcz6RIDoXwwk8pdnLA5LZT2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:58:eb:1a:1f:34:68:81:b5:1e:b3:ad:b9:c6:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ced755733e91203a17c3093ca5d9cb0392d94f61
        Validity
            Not Before: Jan  1 05:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c1cd18a802ca58a208e1baa31f99e24a7e27810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fb:d9:59:6b:01:b1:cd:dd:c0:22:3a:64:5b:
                    ab:cd:fe:4a:bc:47:f2:48:84:48:f5:2b:c5:b9:57:
                    cc:97:29:88:19:b5:1f:bc:71:9f:4a:d8:e2:79:46:
                    f5:84:49:94:09:90:e1:5d:4f:09:76:70:e8:9c:61:
                    42:3d:5a:02:1c:3a:cb:64:ed:3c:2c:15:02:90:3d:
                    c2:00:bf:93:da:9d:09:ae:00:59:27:3a:17:25:3f:
                    22:fb:02:af:c3:7d:02:e2:69:7f:b7:c0:b9:98:9a:
                    df:a5:ea:e9:2c:4e:6f:e6:e9:94:56:d2:a8:33:4c:
                    03:5a:e7:10:6e:b5:bb:14:87:7c:a6:75:6c:61:e4:
                    00:cd:08:f4:7e:d6:3e:76:10:8e:74:8e:dd:9d:75:
                    15:d7:67:2d:2f:8f:1b:8f:43:15:3a:74:04:47:ad:
                    a0:71:b1:e9:73:f1:34:75:1e:64:20:ab:a8:14:c2:
                    96:d6:3b:f0:fe:e0:b4:a0:db:9a:de:16:d8:34:37:
                    dc:32:d8:66:ce:41:e3:50:29:30:85:31:f4:98:8e:
                    fb:e4:39:1c:16:97:06:83:37:77:35:d8:66:e2:2f:
                    69:de:ea:00:4d:61:01:56:9c:c8:cc:67:e7:de:18:
                    c2:6b:ac:96:55:0c:46:88:80:bb:14:5a:2c:99:cc:
                    58:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:1C:D1:8A:80:2C:A5:8A:20:8E:1B:AA:31:F9:9E:24:A7:E2:78:10
            X509v3 Authority Key Identifier:
                keyid:CE:D7:55:73:3E:91:20:3A:17:C3:09:3C:A5:D9:CB:03:92:D9:4F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ztdVcz6RIDoXwwk8pdnLA5LZT2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/nBzRioAspYogjhuqMfmeJKfieBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c2f61a-15f9-4c6b-90e5-ef4b659eff8d/1/ztdVcz6RIDoXwwk8pdnLA5LZT2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.88.0/21
                IPv6:
                  2001:799::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:c8:be:8a:10:32:a5:2a:f1:6a:2d:06:6b:1d:25:99:99:17:
         66:bd:4b:fb:c8:4e:f2:e2:42:84:b0:e7:18:60:fe:21:44:3f:
         a0:1c:10:7f:22:a8:7a:68:87:33:9c:f3:0d:75:67:fe:b5:04:
         1f:80:70:ac:eb:b5:ac:8c:89:99:1c:7d:7d:a7:ed:56:5e:51:
         a9:4c:5d:7c:7d:e6:62:7e:da:64:20:ce:a0:a2:13:65:aa:a9:
         ee:9a:2e:d7:60:1d:84:b4:a5:09:2a:82:da:d1:6d:b8:89:f0:
         d4:94:7e:33:aa:4c:62:a6:32:73:17:fb:cb:24:8d:cb:0b:1d:
         b7:96:16:62:77:7a:e3:5c:38:4d:0a:bb:fa:77:91:73:9f:8d:
         44:68:f8:8c:f3:e2:54:94:a3:fb:0c:8b:a9:30:54:35:bf:a1:
         e8:7a:9d:6e:c0:aa:f7:d8:18:cc:4b:b9:bd:0d:68:2f:68:54:
         65:ae:56:23:99:9e:ed:7e:64:73:3e:77:60:bb:46:aa:fb:0e:
         5c:1e:e6:30:ab:c5:07:0f:c1:2e:6a:55:60:13:19:ba:19:fc:
         c2:58:c9:3c:bf:82:d8:14:01:a3:8b:38:43:c0:b9:44:09:a6:
         78:3a:6f:86:5a:2e:af:c2:11:d9:7d:be:bd:0f:dc:1e:bb:52:
         eb:bf:19:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaFjrGh80aIG1HrOtucZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlZDc1NTczM2U5MTIwM2ExN2MzMDkzY2E1ZDljYjAzOTJk
OTRmNjEwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzFjZDE4YTgwMmNhNThhMjA4ZTFiYWEzMWY5OWUyNGE3ZTI3ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvvZWWsBsc3dwCI6ZFurzf5KvEfy
SIRI9SvFuVfMlymIGbUfvHGfStjieUb1hEmUCZDhXU8JdnDonGFCPVoCHDrLZO08
LBUCkD3CAL+T2p0JrgBZJzoXJT8i+wKvw30C4ml/t8C5mJrfperpLE5v5umUVtKo
M0wDWucQbrW7FId8pnVsYeQAzQj0ftY+dhCOdI7dnXUV12ctL48bj0MVOnQER62g
cbHpc/E0dR5kIKuoFMKW1jvw/uC0oNua3hbYNDfcMthmzkHjUCkwhTH0mI775Dkc
FpcGgzd3Ndhm4i9p3uoATWEBVpzIzGfn3hjCa6yWVQxGiIC7FFosmcxYgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJwc0YqALKWKII4bqjH5niSn4ngQMB8GA1UdIwQY
MBaAFM7XVXM+kSA6F8MJPKXZywOS2U9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenRkVmN6NlJJRG9Yd3drOHBkbkxBNUxaVDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jMmY2MWEtMTVmOS00YzZiLTkwZTUt
ZWY0YjY1OWVmZjhkLzEvbkJ6UmlvQXNwWW9namh1cU1mbWVKS2ZpZUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jMmY2MWEtMTVmOS00YzZiLTkwZTUtZWY0YjY1OWVmZjhk
LzEvenRkVmN6NlJJRG9Yd3drOHBkbkxBNUxaVDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU2FYMA0E
AgACMAcDBQAgAQeZMA0GCSqGSIb3DQEBCwUAA4IBAQBzyL6KEDKlKvFqLQZrHSWZ
mRdmvUv7yE7y4kKEsOcYYP4hRD+gHBB/Iqh6aIcznPMNdWf+tQQfgHCs67WsjImZ
HH19p+1WXlGpTF18feZiftpkIM6gohNlqqnumi7XYB2EtKUJKoLa0W24ifDUlH4z
qkxipjJzF/vLJI3LCx23lhZid3rjXDhNCrv6d5Fzn41EaPiM8+JUlKP7DIupMFQ1
v6Hoep1uwKr32BjMS7m9DWgvaFRlrlYjmZ7tfmRzPndgu0aq+w5cHuYwq8UHD8Eu
alVgExm6GfzCWMk8v4LYFAGjizhDwLlECaZ4Om+GWi6vwhHZfb69D9weu1LrvxmD
-----END CERTIFICATE-----