Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/RtrZUvwvuEHAGUrNZF36dX7rwhw.roa
File:                     RtrZUvwvuEHAGUrNZF36dX7rwhw.roa (raw, json)
Hash identifier:          xnQU6yTCcLAWI3pPW1PWHIIj4ru7KEEsBgowO3cioPE=
Subject key identifier:   46:DA:D9:52:FC:2F:B8:41:C0:19:4A:CD:64:5D:FA:75:7E:EB:C2:1C
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       0196582C73DC701BC960AB443775714EBFA7
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/RtrZUvwvuEHAGUrNZF36dX7rwhw.roa
Signing time:             Mon 21 Apr 2025 11:47:10 +0000
ROA not before:           Mon 21 Apr 2025 11:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        93.177.114.0/23 maxlen: 24
                          185.251.80.0/24 maxlen: 24
                          185.251.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:58:2c:73:dc:70:1b:c9:60:ab:44:37:75:71:4e:bf:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Apr 21 11:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46dad952fc2fb841c0194acd645dfa757eebc21c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:db:b3:47:62:9b:96:d3:7a:7c:95:bd:1a:dc:
                    9a:a1:8b:cc:eb:29:7f:53:3f:e5:e3:ed:67:c0:f5:
                    12:ce:f2:b6:8d:a4:df:4d:a9:9d:9e:7a:0d:45:78:
                    72:28:e3:5b:f7:99:ee:02:b7:4f:6f:e4:40:7e:f6:
                    03:bd:b8:a6:83:fc:03:88:39:12:96:a4:70:31:b2:
                    4c:63:2e:1b:cd:9f:11:e9:be:b5:07:39:51:51:10:
                    6b:7b:e1:9a:e6:42:72:eb:00:51:bb:98:6f:98:09:
                    53:c4:00:8a:b7:63:f3:9a:dc:3d:87:85:ac:c3:5c:
                    0a:8e:07:df:45:f4:e1:d6:67:ed:bd:e1:4e:0f:3d:
                    ad:9f:90:8e:c6:cf:b2:e5:fd:10:2c:d0:28:15:92:
                    f3:f2:6b:f3:39:11:f4:66:b1:24:ec:a8:fa:27:ba:
                    dd:c8:f8:e8:55:16:48:4b:9a:20:0c:e5:db:ee:63:
                    10:ae:75:02:31:21:3d:f4:10:33:13:ba:56:6b:20:
                    40:b7:7c:db:b7:56:14:13:39:c9:7a:77:f0:4e:09:
                    72:bc:c2:20:48:31:4a:0d:11:93:82:f8:b2:4c:e5:
                    c3:65:42:30:22:44:d8:20:2c:02:15:02:3c:68:0e:
                    d8:8e:b8:f9:98:32:e9:91:4f:87:ee:8e:0f:04:4d:
                    da:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:DA:D9:52:FC:2F:B8:41:C0:19:4A:CD:64:5D:FA:75:7E:EB:C2:1C
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/RtrZUvwvuEHAGUrNZF36dX7rwhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.114.0/23
                  185.251.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:95:b5:cf:0e:92:81:01:41:77:d2:03:ab:bb:4c:8b:ed:24:
         a1:50:e9:85:f6:17:aa:c2:e7:b9:bc:3a:1c:64:3e:cb:7f:2f:
         16:21:bf:f9:90:9d:88:a8:b5:21:e8:d1:7b:a5:f0:ac:f6:3f:
         45:46:a9:64:66:86:50:8e:60:8c:64:fe:f6:4c:52:f6:e9:21:
         3e:35:a6:38:dd:cf:c1:73:da:8f:de:ae:75:b5:69:57:5a:32:
         a4:95:d6:20:ea:02:2b:78:c0:78:64:a7:b5:47:c3:b9:5f:42:
         8c:16:c4:78:05:a1:d5:b9:bc:4e:dd:f4:e1:05:98:ec:97:5c:
         62:9c:ef:43:5c:a7:88:01:74:4e:5b:2d:d3:b9:c4:5a:f4:d7:
         66:3c:a2:cd:8f:83:7e:fb:a1:6e:d3:ae:22:e0:de:4f:1a:ae:
         c7:c6:78:65:fa:0d:72:d2:49:df:cd:cb:da:db:1d:fa:f3:e3:
         2f:5d:8d:72:1f:68:3d:71:69:aa:db:52:c9:49:f1:36:1d:9f:
         78:ea:4a:f7:4f:b6:34:8d:f9:10:49:a0:d1:5b:ba:cf:3a:45:
         3d:3c:18:03:7e:68:78:1e:87:b5:f1:43:65:cd:e4:69:ea:9b:
         02:a8:a3:3a:d4:be:a5:12:3e:23:b0:b0:ac:a9:0f:5a:5a:c3:
         4b:8f:cf:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZYLHPccBvJYKtEN3VxTr+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwNDIxMTE0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmRhZDk1MmZjMmZiODQxYzAxOTRhY2Q2NDVkZmE3NTdlZWJjMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9uzR2KbltN6fJW9GtyaoYvM6yl/
Uz/l4+1nwPUSzvK2jaTfTamdnnoNRXhyKONb95nuArdPb+RAfvYDvbimg/wDiDkS
lqRwMbJMYy4bzZ8R6b61BzlRURBre+Ga5kJy6wBRu5hvmAlTxACKt2Pzmtw9h4Ws
w1wKjgffRfTh1mftveFODz2tn5COxs+y5f0QLNAoFZLz8mvzORH0ZrEk7Kj6J7rd
yPjoVRZIS5ogDOXb7mMQrnUCMSE99BAzE7pWayBAt3zbt1YUEznJenfwTglyvMIg
SDFKDRGTgviyTOXDZUIwIkTYICwCFQI8aA7Yjrj5mDLpkU+H7o4PBE3aqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEba2VL8L7hBwBlKzWRd+nV+68IcMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvUnRyWlV2d3Z1RUhBR1VyTlpGMzZkWDdyd2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXbFyAwQB
uftQMA0GCSqGSIb3DQEBCwUAA4IBAQB0lbXPDpKBAUF30gOru0yL7SShUOmF9heq
wue5vDocZD7Lfy8WIb/5kJ2IqLUh6NF7pfCs9j9FRqlkZoZQjmCMZP72TFL26SE+
NaY43c/Bc9qP3q51tWlXWjKkldYg6gIreMB4ZKe1R8O5X0KMFsR4BaHVubxO3fTh
BZjsl1xinO9DXKeIAXROWy3TucRa9NdmPKLNj4N++6Fu064i4N5PGq7Hxnhl+g1y
0knfzcva2x368+MvXY1yH2g9cWmq21LJSfE2HZ946kr3T7Y0jfkQSaDRW7rPOkU9
PBgDfmh4Hoe18UNlzeRp6psCqKM61L6lEj4jsLCsqQ9aWsNLj88M
-----END CERTIFICATE-----