Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/vJHGOA0KHjRfMKlYQ7_Py25Rox4.roa
File:                     vJHGOA0KHjRfMKlYQ7_Py25Rox4.roa (raw, json)
Hash identifier:          tdVVI7b56aFQgi+odsqYA6gQEoRboQqZ6BFmzhkuKvI=
Subject key identifier:   BC:91:C6:38:0D:0A:1E:34:5F:30:A9:58:43:BF:CF:CB:6E:51:A3:1E
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019695DBCD22EC5A8E846172F403E16185E6
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/vJHGOA0KHjRfMKlYQ7_Py25Rox4.roa
Signing time:             Sat 03 May 2025 11:15:32 +0000
ROA not before:           Sat 03 May 2025 11:15:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        194.41.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 17:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:95:db:cd:22:ec:5a:8e:84:61:72:f4:03:e1:61:85:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: May  3 11:15:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc91c6380d0a1e345f30a95843bfcfcb6e51a31e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6c:46:a8:77:93:35:07:39:72:0e:ea:22:5d:
                    74:85:e7:1d:a5:36:79:f8:8e:af:a6:a5:ac:13:2c:
                    3f:bb:60:e9:37:06:b7:b3:d4:25:38:df:fe:67:51:
                    46:e6:0e:03:10:7f:8f:43:e3:b3:ed:d0:86:32:c4:
                    f1:bc:8f:e0:61:4b:5b:70:ef:f8:ac:ec:38:cd:dc:
                    8b:11:d1:14:a2:db:6a:c0:90:2e:b5:69:99:25:5d:
                    d1:fb:fd:eb:ac:ef:6e:80:f8:e2:f1:72:a8:5f:1e:
                    7c:fe:a5:ae:9d:63:fd:c1:b8:69:b2:62:5e:df:a9:
                    f2:2e:5b:8f:8c:44:3d:d8:ce:12:c5:cd:ab:51:c8:
                    60:83:be:56:2a:27:ae:11:9a:ed:24:20:4c:94:80:
                    16:da:c2:25:8c:52:50:7f:5c:56:79:a3:47:3b:e1:
                    38:de:c7:e1:44:35:dc:c4:fb:ff:12:1e:46:b4:10:
                    f7:e2:f8:0f:50:f2:1c:86:f0:09:30:53:bd:c2:de:
                    29:2d:a9:e7:82:bd:7e:71:46:69:cd:68:22:0b:85:
                    e9:31:8f:15:a1:93:cf:32:83:44:83:39:3c:14:0b:
                    b2:2e:59:97:a2:ab:e0:36:47:12:ee:be:60:94:71:
                    d4:49:bb:79:af:b0:70:b0:93:0a:8c:25:a3:b4:b0:
                    48:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:91:C6:38:0D:0A:1E:34:5F:30:A9:58:43:BF:CF:CB:6E:51:A3:1E
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/vJHGOA0KHjRfMKlYQ7_Py25Rox4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.41.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:f2:fb:07:dc:01:2f:be:4c:72:63:ae:12:84:62:9a:e4:f4:
         be:39:ab:2c:90:14:e6:cc:91:c2:7e:38:6c:eb:3f:8b:b0:a5:
         c7:83:06:c5:f7:eb:0a:a3:7c:eb:4c:76:e4:ee:e2:6b:26:0f:
         b5:85:9b:fb:10:a9:42:6e:78:48:fe:bc:5a:75:16:c9:47:f7:
         66:06:b0:c4:95:bd:b9:8f:f7:dd:c7:7a:4b:0f:93:5e:ba:8c:
         df:dc:4b:fb:8e:67:29:cd:f1:c3:96:68:c0:38:05:bb:0a:16:
         1f:7b:0f:62:67:15:d5:44:f0:81:0d:cd:cc:6e:f6:67:5d:9f:
         70:e3:17:c7:a5:00:ef:6f:07:5e:1d:fa:3f:9f:b4:39:3f:da:
         6f:30:79:e5:f1:e9:88:aa:7d:63:e2:30:93:bf:c1:6e:c1:ca:
         8b:1e:a8:1d:20:2b:bf:58:b6:2d:ad:6f:22:b8:13:e4:4a:c2:
         3d:73:ed:ae:db:8b:bf:8f:13:4c:bd:ff:ca:09:a1:18:fe:5a:
         e6:c8:30:80:b8:82:ec:5a:50:e4:91:bf:3d:f4:de:69:00:0e:
         8a:5b:e8:d9:25:1e:bb:21:1e:92:3f:f7:44:48:2d:52:f9:57:
         c0:58:22:2d:28:cd:a5:eb:39:69:40:a5:ab:29:79:ef:3e:92:
         f7:8f:71:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaV280i7FqOhGFy9APhYYXmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNTAzMTExNTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzkxYzYzODBkMGExZTM0NWYzMGE5NTg0M2JmY2ZjYjZlNTFhMzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2xGqHeTNQc5cg7qIl10hecdpTZ5
+I6vpqWsEyw/u2DpNwa3s9QlON/+Z1FG5g4DEH+PQ+Oz7dCGMsTxvI/gYUtbcO/4
rOw4zdyLEdEUottqwJAutWmZJV3R+/3rrO9ugPji8XKoXx58/qWunWP9wbhpsmJe
36nyLluPjEQ92M4Sxc2rUchgg75WKieuEZrtJCBMlIAW2sIljFJQf1xWeaNHO+E4
3sfhRDXcxPv/Eh5GtBD34vgPUPIchvAJMFO9wt4pLanngr1+cUZpzWgiC4XpMY8V
oZPPMoNEgzk8FAuyLlmXoqvgNkcS7r5glHHUSbt5r7BwsJMKjCWjtLBIuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyRxjgNCh40XzCpWEO/z8tuUaMeMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvdkpIR09BMEtIalJmTUtsWVE3X1B5MjVSb3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwilwMA0G
CSqGSIb3DQEBCwUAA4IBAQA68vsH3AEvvkxyY64ShGKa5PS+OasskBTmzJHCfjhs
6z+LsKXHgwbF9+sKo3zrTHbk7uJrJg+1hZv7EKlCbnhI/rxadRbJR/dmBrDElb25
j/fdx3pLD5Neuozf3Ev7jmcpzfHDlmjAOAW7ChYfew9iZxXVRPCBDc3MbvZnXZ9w
4xfHpQDvbwdeHfo/n7Q5P9pvMHnl8emIqn1j4jCTv8FuwcqLHqgdICu/WLYtrW8i
uBPkSsI9c+2u24u/jxNMvf/KCaEY/lrmyDCAuILsWlDkkb899N5pAA6KW+jZJR67
IR6SP/dESC1S+VfAWCItKM2l6zlpQKWrKXnvPpL3j3F6
-----END CERTIFICATE-----