Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/EAjdVmmPDgRsaYdJzqxZsWJ1dtQ.roa
File:                     EAjdVmmPDgRsaYdJzqxZsWJ1dtQ.roa (raw, json)
Hash identifier:          MpPa88zI8gAyzjuIqd3qZ9dmTTo9CAG0jQ+czPWKrY0=
Subject key identifier:   10:08:DD:56:69:8F:0E:04:6C:69:87:49:CE:AC:59:B1:62:75:76:D4
Certificate issuer:       /CN=846af54e6558cfc86252946e4692ab92777c0e10
Certificate serial:       019425FD744A3FE71DBA4B4355C29C4CD5B5
Authority key identifier: 84:6A:F5:4E:65:58:CF:C8:62:52:94:6E:46:92:AB:92:77:7C:0E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/EAjdVmmPDgRsaYdJzqxZsWJ1dtQ.roa
Signing time:             Thu 02 Jan 2025 07:49:14 +0000
ROA not before:           Thu 02 Jan 2025 07:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198380
IP address blocks:        193.24.40.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:74:4a:3f:e7:1d:ba:4b:43:55:c2:9c:4c:d5:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=846af54e6558cfc86252946e4692ab92777c0e10
        Validity
            Not Before: Jan  2 07:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1008dd56698f0e046c698749ceac59b1627576d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:61:2c:61:c0:26:9d:49:65:75:f6:7e:f7:57:
                    59:8b:8a:fa:38:ee:85:a1:bb:1d:30:b4:48:3a:00:
                    6b:63:f3:ee:83:6a:33:3d:80:78:41:c9:44:5a:e5:
                    17:4e:69:bf:fc:a9:eb:92:00:b3:7e:87:12:f1:28:
                    bb:c9:2f:09:2f:15:d7:08:ab:98:58:1a:48:be:57:
                    02:43:72:00:0e:cb:51:d2:77:32:d2:12:f0:d1:ee:
                    a6:32:5c:6a:a7:83:49:5d:b8:da:e2:82:bf:2f:3f:
                    b2:d0:d6:b5:fd:e1:8f:56:4c:29:7c:1f:46:83:39:
                    0d:6e:72:ed:68:21:c9:14:53:76:23:37:b7:5b:f1:
                    4a:e2:57:56:72:a0:05:26:b8:00:3a:c7:7c:86:e5:
                    82:8e:74:81:2c:30:92:da:28:8d:83:ca:b7:67:05:
                    dd:3b:37:cc:18:0e:ac:56:96:3a:62:22:c4:13:9d:
                    af:b3:c3:8a:80:4b:52:62:37:e0:ec:d3:13:86:98:
                    af:36:90:c0:d0:c9:3a:6d:18:1b:66:4a:91:ec:83:
                    75:0f:f7:2a:02:5f:f4:6f:48:c4:3a:39:88:e2:7c:
                    cc:70:7b:40:17:26:7d:a6:54:89:45:30:9f:0a:4a:
                    10:c7:a6:01:70:4a:04:4e:9f:b2:d7:a9:2d:0a:85:
                    1a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:08:DD:56:69:8F:0E:04:6C:69:87:49:CE:AC:59:B1:62:75:76:D4
            X509v3 Authority Key Identifier:
                keyid:84:6A:F5:4E:65:58:CF:C8:62:52:94:6E:46:92:AB:92:77:7C:0E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/EAjdVmmPDgRsaYdJzqxZsWJ1dtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:26:1b:f1:39:84:7a:67:e0:8a:6b:cf:08:f6:e3:cf:4a:15:
         3f:0e:a8:b9:a1:67:93:f6:2f:1b:81:7e:67:3a:71:4a:1a:30:
         ae:65:a1:9b:38:06:02:5d:5e:f3:f2:ee:c0:22:a0:ef:dd:bc:
         34:1e:10:fa:5c:81:f6:92:c3:bb:51:f7:ce:40:a4:d0:54:33:
         b6:a1:0c:ad:81:41:31:df:ba:81:d9:a1:54:0f:27:39:fb:42:
         e0:8f:00:c7:97:42:2c:e9:af:4a:2d:35:4e:a4:69:6e:28:7a:
         7a:80:d7:7c:08:a9:62:57:5a:52:71:c3:fb:f3:03:aa:8b:8e:
         1e:3b:2c:d9:34:e1:54:b7:2d:19:b2:3b:3f:15:8d:cf:21:fa:
         ee:b8:df:23:c4:3c:c4:67:e6:b4:8b:e3:19:ec:5a:c8:8f:a9:
         04:76:72:56:23:22:d7:cd:2e:5e:2f:01:19:4b:c1:85:3c:bc:
         78:70:11:e1:27:0c:a6:ef:60:5d:af:ac:b7:5d:9c:38:13:70:
         c6:fa:cb:30:54:79:92:59:61:a3:6d:33:86:53:5c:4a:9d:db:
         69:f1:6d:1f:a4:90:b9:a4:ce:09:09:54:72:bb:81:02:33:c6:
         55:f1:48:31:aa:da:d0:cb:07:29:9d:59:d1:3c:af:53:67:13:
         76:ff:39:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/XRKP+cduktDVcKcTNW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NmFmNTRlNjU1OGNmYzg2MjUyOTQ2ZTQ2OTJhYjkyNzc3
YzBlMTAwHhcNMjUwMTAyMDc0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDA4ZGQ1NjY5OGYwZTA0NmM2OTg3NDljZWFjNTliMTYyNzU3NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGEsYcAmnUlldfZ+91dZi4r6OO6F
obsdMLRIOgBrY/Pug2ozPYB4QclEWuUXTmm//KnrkgCzfocS8Si7yS8JLxXXCKuY
WBpIvlcCQ3IADstR0ncy0hLw0e6mMlxqp4NJXbja4oK/Lz+y0Na1/eGPVkwpfB9G
gzkNbnLtaCHJFFN2Ize3W/FK4ldWcqAFJrgAOsd8huWCjnSBLDCS2iiNg8q3ZwXd
OzfMGA6sVpY6YiLEE52vs8OKgEtSYjfg7NMThpivNpDA0Mk6bRgbZkqR7IN1D/cq
Al/0b0jEOjmI4nzMcHtAFyZ9plSJRTCfCkoQx6YBcEoETp+y16ktCoUacwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAI3VZpjw4EbGmHSc6sWbFidXbUMB8GA1UdIwQY
MBaAFIRq9U5lWM/IYlKUbkaSq5J3fA4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEdyMVRtVll6OGhpVXBSdVJwS3JrbmQ4RGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8yODNmZWUtMmMzNi00ZTcwLWJiZTQt
MDdlMzZlZmM1ZTQyLzEvRUFqZFZtbVBEZ1JzYVlkSnpxeFpzV0oxZHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8yODNmZWUtMmMzNi00ZTcwLWJiZTQtMDdlMzZlZmM1ZTQy
LzEvaEdyMVRtVll6OGhpVXBSdVJwS3JrbmQ4RGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRgoMA0G
CSqGSIb3DQEBCwUAA4IBAQBKJhvxOYR6Z+CKa88I9uPPShU/Dqi5oWeT9i8bgX5n
OnFKGjCuZaGbOAYCXV7z8u7AIqDv3bw0HhD6XIH2ksO7UffOQKTQVDO2oQytgUEx
37qB2aFUDyc5+0LgjwDHl0Is6a9KLTVOpGluKHp6gNd8CKliV1pSccP78wOqi44e
OyzZNOFUty0Zsjs/FY3PIfruuN8jxDzEZ+a0i+MZ7FrIj6kEdnJWIyLXzS5eLwEZ
S8GFPLx4cBHhJwym72Bdr6y3XZw4E3DG+sswVHmSWWGjbTOGU1xKndtp8W0fpJC5
pM4JCVRyu4ECM8ZV8UgxqtrQywcpnVnRPK9TZxN2/zkM
-----END CERTIFICATE-----