Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/ZpIa8d84ZFXt_ZFQqAeQWbEn8cE.roa
File:                     ZpIa8d84ZFXt_ZFQqAeQWbEn8cE.roa (raw, json)
Hash identifier:          yg+iHdLIlyvv1zJT3FKVPdTj2ezKdgH8bzRxXJFfD+M=
Subject key identifier:   66:92:1A:F1:DF:38:64:55:ED:FD:91:50:A8:07:90:59:B1:27:F1:C1
Certificate issuer:       /CN=846af54e6558cfc86252946e4692ab92777c0e10
Certificate serial:       019425FD73D4297101894BF8F8D45E42B137
Authority key identifier: 84:6A:F5:4E:65:58:CF:C8:62:52:94:6E:46:92:AB:92:77:7C:0E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/ZpIa8d84ZFXt_ZFQqAeQWbEn8cE.roa
Signing time:             Thu 02 Jan 2025 07:49:14 +0000
ROA not before:           Thu 02 Jan 2025 07:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.24.42.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:73:d4:29:71:01:89:4b:f8:f8:d4:5e:42:b1:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=846af54e6558cfc86252946e4692ab92777c0e10
        Validity
            Not Before: Jan  2 07:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66921af1df386455edfd9150a8079059b127f1c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:11:a7:cf:4b:f5:e7:07:16:cf:bb:33:b1:b6:
                    4a:ff:05:f3:ea:3f:c4:7f:59:2e:2f:0e:05:a2:b5:
                    d6:38:d2:3b:bc:a4:38:95:fc:79:09:f7:c0:21:7e:
                    35:9e:2e:8c:f2:c0:72:16:be:23:83:29:4b:47:98:
                    ff:f5:4f:ba:a9:ac:a7:39:4d:fe:b3:da:79:4f:34:
                    2f:b1:58:f8:5f:bb:af:4b:5a:13:89:ef:17:fa:c1:
                    89:6f:31:bb:8b:bb:44:c6:67:d9:9d:77:b1:3c:a6:
                    b1:54:be:72:a6:b0:6c:37:bd:4d:c2:36:52:3c:d1:
                    00:16:9d:2f:cf:f5:78:55:8a:a5:b3:7c:2c:84:40:
                    6b:64:09:73:f8:05:b9:11:cb:ee:19:6a:dd:ba:bb:
                    2c:b4:0b:69:07:34:3c:e5:45:f8:40:cb:6a:d7:de:
                    9a:2d:c5:32:de:5b:b7:14:d5:32:b3:15:16:52:2d:
                    ae:90:19:08:ab:6f:23:91:3a:a3:e8:aa:72:64:92:
                    48:12:52:77:71:7a:47:7c:b2:7f:2f:99:1e:6d:ab:
                    23:05:57:3a:e8:e3:3b:19:fb:29:04:1b:da:ef:9d:
                    11:51:33:f9:79:37:99:6c:70:bc:c4:59:56:d4:a9:
                    47:cc:28:ea:c0:58:30:16:8d:8b:45:f5:0c:96:7a:
                    4d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:92:1A:F1:DF:38:64:55:ED:FD:91:50:A8:07:90:59:B1:27:F1:C1
            X509v3 Authority Key Identifier:
                keyid:84:6A:F5:4E:65:58:CF:C8:62:52:94:6E:46:92:AB:92:77:7C:0E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hGr1TmVYz8hiUpRuRpKrknd8DhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/ZpIa8d84ZFXt_ZFQqAeQWbEn8cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/283fee-2c36-4e70-bbe4-07e36efc5e42/1/hGr1TmVYz8hiUpRuRpKrknd8DhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:05:46:1e:66:3f:e3:ec:ab:82:7a:69:a4:de:30:cb:42:54:
         44:28:67:d4:cd:7a:6c:be:68:5a:27:66:5a:40:2a:84:d8:de:
         04:ae:e4:84:02:7d:ee:31:6e:da:43:30:a2:34:d5:43:93:2a:
         32:4d:35:f5:8c:43:ba:cf:37:43:66:51:c0:9f:18:b5:7f:55:
         e1:11:d0:a7:f6:b0:02:05:56:3d:37:b6:57:a5:34:fc:e4:c5:
         e7:ca:63:e5:88:a3:6b:1e:6d:29:0c:55:f9:cf:79:4f:0d:6c:
         98:6a:c2:ba:32:99:ce:c6:94:0e:24:fe:4f:77:92:b6:ba:cf:
         a1:57:46:0c:64:86:54:98:c8:b5:d5:c3:9a:10:d9:7c:48:6b:
         ba:35:2d:35:fc:99:f2:e8:9d:e9:41:fc:c2:3f:0a:cf:c4:00:
         24:a8:90:eb:d9:aa:a5:05:06:f6:75:33:62:32:68:02:f0:1d:
         3f:4d:a7:c3:97:81:2f:cb:e5:24:6f:5b:dd:44:ed:ac:b0:72:
         f2:62:f9:87:73:27:30:94:11:fa:28:ae:7d:ca:21:59:4a:67:
         ee:c8:9d:c2:c4:57:24:42:f5:8e:76:b3:0f:38:ca:ac:66:46:
         d9:a9:33:a9:18:d7:a5:68:79:c6:8b:82:99:6d:7e:41:6f:df:
         91:75:3a:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/XPUKXEBiUv4+NReQrE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NmFmNTRlNjU1OGNmYzg2MjUyOTQ2ZTQ2OTJhYjkyNzc3
YzBlMTAwHhcNMjUwMTAyMDc0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjkyMWFmMWRmMzg2NDU1ZWRmZDkxNTBhODA3OTA1OWIxMjdmMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xGnz0v15wcWz7szsbZK/wXz6j/E
f1kuLw4ForXWONI7vKQ4lfx5CffAIX41ni6M8sByFr4jgylLR5j/9U+6qaynOU3+
s9p5TzQvsVj4X7uvS1oTie8X+sGJbzG7i7tExmfZnXexPKaxVL5yprBsN71NwjZS
PNEAFp0vz/V4VYqls3wshEBrZAlz+AW5EcvuGWrdursstAtpBzQ85UX4QMtq196a
LcUy3lu3FNUysxUWUi2ukBkIq28jkTqj6KpyZJJIElJ3cXpHfLJ/L5kebasjBVc6
6OM7GfspBBva750RUTP5eTeZbHC8xFlW1KlHzCjqwFgwFo2LRfUMlnpN+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGaSGvHfOGRV7f2RUKgHkFmxJ/HBMB8GA1UdIwQY
MBaAFIRq9U5lWM/IYlKUbkaSq5J3fA4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEdyMVRtVll6OGhpVXBSdVJwS3JrbmQ4RGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8yODNmZWUtMmMzNi00ZTcwLWJiZTQt
MDdlMzZlZmM1ZTQyLzEvWnBJYThkODRaRlh0X1pGUXFBZVFXYkVuOGNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8yODNmZWUtMmMzNi00ZTcwLWJiZTQtMDdlMzZlZmM1ZTQy
LzEvaEdyMVRtVll6OGhpVXBSdVJwS3JrbmQ4RGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRgqMA0G
CSqGSIb3DQEBCwUAA4IBAQBoBUYeZj/j7KuCemmk3jDLQlREKGfUzXpsvmhaJ2Za
QCqE2N4EruSEAn3uMW7aQzCiNNVDkyoyTTX1jEO6zzdDZlHAnxi1f1XhEdCn9rAC
BVY9N7ZXpTT85MXnymPliKNrHm0pDFX5z3lPDWyYasK6MpnOxpQOJP5Pd5K2us+h
V0YMZIZUmMi11cOaENl8SGu6NS01/Jny6J3pQfzCPwrPxAAkqJDr2aqlBQb2dTNi
MmgC8B0/TafDl4Evy+Ukb1vdRO2ssHLyYvmHcycwlBH6KK59yiFZSmfuyJ3CxFck
QvWOdrMPOMqsZkbZqTOpGNelaHnGi4KZbX5Bb9+RdTrz
-----END CERTIFICATE-----