Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/2jTENAxlBTHU0JfXx23WYcOL2SQ.roa
File:                     2jTENAxlBTHU0JfXx23WYcOL2SQ.roa (raw, json)
Hash identifier:          gorJOlr6HI1VVvrZm0ziYTp2vibMZYKA0nUp9ShtL8g=
Subject key identifier:   DA:34:C4:34:0C:65:05:31:D4:D0:97:D7:C7:6D:D6:61:C3:8B:D9:24
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420684B1347464C7898EB9931AC8244D9
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/2jTENAxlBTHU0JfXx23WYcOL2SQ.roa
Signing time:             Wed 01 Jan 2025 05:48:13 +0000
ROA not before:           Wed 01 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135330
IP address blocks:        193.233.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4b:13:47:46:4c:78:98:eb:99:31:ac:82:44:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da34c4340c650531d4d097d7c76dd661c38bd924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:41:7e:05:50:27:f8:3e:ed:e6:bf:2b:58:58:
                    68:b8:29:1b:5b:5c:13:33:0d:1a:ad:5c:52:12:0e:
                    80:7c:38:d0:02:7d:3d:61:0e:06:c0:94:4a:fc:c2:
                    70:26:e4:f5:46:f6:34:ba:aa:dd:fe:8a:41:d7:00:
                    12:bd:c5:d1:a4:f3:df:a1:ac:e6:ac:23:a1:d1:3b:
                    8a:84:89:07:e8:bb:8f:38:75:f1:fd:05:12:ff:9e:
                    a9:1b:a7:e0:6b:27:b7:7b:22:a6:2c:ea:71:ff:2a:
                    04:f1:b2:1c:f0:3a:ee:ae:ab:b0:31:9d:f5:72:33:
                    76:20:7a:d5:5b:e0:f5:ee:14:f8:77:de:98:db:03:
                    6e:99:cf:db:72:ed:2a:5c:00:09:96:23:d8:52:4f:
                    15:ef:02:7d:f1:49:28:c7:ac:02:11:43:fc:69:28:
                    3a:91:c2:61:a6:36:93:36:42:6e:a3:cf:db:5d:f1:
                    fd:32:f4:f3:2e:2b:52:3a:9d:2d:30:b6:9e:ee:c8:
                    69:0a:04:da:05:36:f2:e0:f2:e1:dd:9c:26:f8:63:
                    11:cc:d5:10:91:be:75:14:80:a8:be:71:c4:32:68:
                    66:9c:18:89:5e:cd:aa:ba:cf:c5:00:6e:4e:16:a0:
                    f8:0e:d7:f4:b7:22:36:09:ce:8f:5f:e2:3b:3d:ba:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:34:C4:34:0C:65:05:31:D4:D0:97:D7:C7:6D:D6:61:C3:8B:D9:24
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/2jTENAxlBTHU0JfXx23WYcOL2SQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:df:5b:fe:b2:6e:63:af:1f:29:c1:c6:58:22:ac:ef:6d:74:
         70:72:f0:54:ba:25:db:f9:6a:22:c4:9d:d1:d0:f3:c1:f1:04:
         14:62:10:2b:cf:30:9e:f6:8b:71:36:20:12:40:89:6c:0e:a7:
         c5:c9:66:aa:fc:46:f7:4b:e9:0b:c6:78:9b:5d:3c:5e:fd:89:
         49:d2:2d:75:7d:e9:cf:84:fb:41:1e:59:b4:91:c7:3d:83:92:
         dc:4c:4c:a3:28:14:1c:00:56:2d:63:35:95:84:b0:76:d7:2a:
         90:89:c8:e1:49:21:d0:d3:e1:2b:8e:6e:b0:5b:33:4a:82:17:
         82:f6:f1:10:69:b7:26:65:f1:0f:b2:ec:c4:9f:e2:0f:c4:27:
         4c:62:5b:d6:18:31:3a:37:e9:dd:f3:46:cd:c6:1d:77:ac:a2:
         93:41:26:40:b1:14:8f:2e:71:5a:99:60:7d:0a:33:43:93:1d:
         d9:1f:f7:65:1e:08:59:50:c4:19:f7:07:14:a6:4c:8d:c3:7b:
         1d:fa:c8:77:03:3e:d2:87:a9:f3:3c:35:32:83:1f:7d:15:89:
         7c:e5:c2:9b:02:1c:1d:29:6b:a9:29:7c:81:2f:c1:1a:b2:13:
         eb:48:de:3d:3c:c6:29:fc:85:92:e3:78:8f:6f:5c:70:74:a8:
         6e:ed:cb:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaEsTR0ZMeJjrmTGsgkTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTM0YzQzNDBjNjUwNTMxZDRkMDk3ZDdjNzZkZDY2MWMzOGJkOTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUF+BVAn+D7t5r8rWFhouCkbW1wT
Mw0arVxSEg6AfDjQAn09YQ4GwJRK/MJwJuT1RvY0uqrd/opB1wASvcXRpPPfoazm
rCOh0TuKhIkH6LuPOHXx/QUS/56pG6fgaye3eyKmLOpx/yoE8bIc8DrurquwMZ31
cjN2IHrVW+D17hT4d96Y2wNumc/bcu0qXAAJliPYUk8V7wJ98Ukox6wCEUP8aSg6
kcJhpjaTNkJuo8/bXfH9MvTzLitSOp0tMLae7shpCgTaBTby4PLh3Zwm+GMRzNUQ
kb51FICovnHEMmhmnBiJXs2qus/FAG5OFqD4Dtf0tyI2Cc6PX+I7PbroLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNo0xDQMZQUx1NCX18dt1mHDi9kkMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMmpURU5BeGxCVEhVMEpmWHgyM1dZY09MMlNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwenBMA0G
CSqGSIb3DQEBCwUAA4IBAQBb31v+sm5jrx8pwcZYIqzvbXRwcvBUuiXb+WoixJ3R
0PPB8QQUYhArzzCe9otxNiASQIlsDqfFyWaq/Eb3S+kLxnibXTxe/YlJ0i11fenP
hPtBHlm0kcc9g5LcTEyjKBQcAFYtYzWVhLB21yqQicjhSSHQ0+Erjm6wWzNKgheC
9vEQabcmZfEPsuzEn+IPxCdMYlvWGDE6N+nd80bNxh13rKKTQSZAsRSPLnFamWB9
CjNDkx3ZH/dlHghZUMQZ9wcUpkyNw3sd+sh3Az7Sh6nzPDUygx99FYl85cKbAhwd
KWupKXyBL8EashPrSN49PMYp/IWS43iPb1xwdKhu7cs3
-----END CERTIFICATE-----