Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/tO7FKCFax-gtGeKJuusgZ6pHQQ8.roa
File:                     tO7FKCFax-gtGeKJuusgZ6pHQQ8.roa (raw, json)
Hash identifier:          o1Lh17vyaKAVv+dEziVl9qAFWYzZNADmVMYgNFzVQxc=
Subject key identifier:   B4:EE:C5:28:21:5A:C7:E8:2D:19:E2:89:BA:EB:20:67:AA:47:41:0F
Certificate issuer:       /CN=d1d78826e1717ec993eb64dd1187876b065e8f58
Certificate serial:       0195FFCF4A97F829E21FCBBE9104573B60E4
Authority key identifier: D1:D7:88:26:E1:71:7E:C9:93:EB:64:DD:11:87:87:6B:06:5E:8F:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/tO7FKCFax-gtGeKJuusgZ6pHQQ8.roa
Signing time:             Fri 04 Apr 2025 07:58:49 +0000
ROA not before:           Fri 04 Apr 2025 07:58:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.33.112.0/23 maxlen: 23
                          193.33.112.0/24 maxlen: 24
                          193.33.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ff:cf:4a:97:f8:29:e2:1f:cb:be:91:04:57:3b:60:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1d78826e1717ec993eb64dd1187876b065e8f58
        Validity
            Not Before: Apr  4 07:58:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4eec528215ac7e82d19e289baeb2067aa47410f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:08:9e:ca:10:08:d3:cb:31:fb:4e:f9:1d:5e:
                    52:e8:20:71:9e:7b:fb:79:f2:23:cd:c5:87:67:43:
                    e9:33:5d:05:d1:90:68:9d:7e:1d:ce:e2:3b:59:e8:
                    53:29:f5:41:35:e1:df:9f:dd:5c:72:8c:9a:90:4a:
                    44:bf:a2:d2:65:6a:81:36:2c:cd:4b:32:ab:74:b4:
                    0b:8f:13:c9:6f:4d:2f:9e:f5:2b:67:a6:f0:be:c5:
                    d9:5c:ab:80:4c:d6:f0:d3:8f:0c:5b:ad:a5:a3:03:
                    12:be:f2:f2:f4:31:ec:5a:1a:9a:dd:f8:a4:c7:63:
                    77:12:64:5f:14:9f:4d:7b:51:4e:2d:b1:e5:e4:4d:
                    de:ce:1b:c8:13:16:19:bf:bb:1d:8e:b5:f7:0b:ee:
                    53:dc:7a:10:9b:40:97:da:f9:d5:27:e1:f8:7f:95:
                    7f:ae:1d:c4:88:e4:8e:81:6a:b3:8d:db:0a:46:ea:
                    b0:be:c3:a4:de:c0:9d:13:08:7a:3d:34:88:ab:c8:
                    40:41:d1:fe:97:50:b5:50:db:71:3b:d4:26:a6:a2:
                    45:e1:a2:fc:ec:17:34:4c:7d:ee:30:a6:23:53:60:
                    67:8d:c2:9b:ec:06:79:c3:9a:3f:af:22:81:57:da:
                    df:89:9f:6d:ed:4e:f7:80:60:1a:f0:70:7e:cb:71:
                    30:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:EE:C5:28:21:5A:C7:E8:2D:19:E2:89:BA:EB:20:67:AA:47:41:0F
            X509v3 Authority Key Identifier:
                keyid:D1:D7:88:26:E1:71:7E:C9:93:EB:64:DD:11:87:87:6B:06:5E:8F:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0deIJuFxfsmT62TdEYeHawZej1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/tO7FKCFax-gtGeKJuusgZ6pHQQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0eeb2f-1aa0-4762-b4e8-b59c2ac951cb/1/0deIJuFxfsmT62TdEYeHawZej1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:9a:1d:5c:04:48:da:68:ed:33:a1:d0:40:dc:e1:d5:83:27:
         48:4e:fd:3c:df:04:33:d4:1d:f2:a3:d6:22:e8:d3:77:b5:4f:
         b1:29:a6:bf:e0:dd:e2:9f:47:8c:4b:25:34:ef:bd:5e:1c:8f:
         86:be:52:9c:27:14:58:81:87:d6:22:5e:37:2d:b6:43:e4:13:
         e2:4e:06:37:8f:26:0b:2e:4b:cb:9b:c5:c0:ef:e9:e0:f5:cd:
         a7:57:b7:b1:e4:09:88:7c:75:21:d4:7b:02:25:91:06:47:c1:
         b9:a7:b9:27:31:8b:bf:9d:10:c1:50:fe:38:00:3e:6a:1f:1b:
         b4:fc:4b:4f:c5:73:3a:10:88:07:92:58:75:2c:d3:cf:f0:3c:
         56:c1:c4:7a:de:c7:76:1a:db:71:dc:65:e1:ec:33:b4:0a:66:
         e1:a4:65:2d:bd:a8:47:5e:0c:bb:64:4d:2a:df:dc:a1:f7:db:
         3e:17:4b:ba:ab:0f:2d:b7:ff:50:c8:04:e6:89:83:02:9f:ba:
         78:0b:9f:12:93:9a:6f:c0:b7:72:02:7a:ec:7f:fc:88:f3:9a:
         c9:56:d4:e9:15:ef:8f:db:8c:5c:5f:5b:c3:61:bc:11:85:be:
         b4:ff:1d:10:67:1b:f5:8e:91:44:05:15:28:1c:ae:69:2e:15:
         45:a2:a9:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX/z0qX+CniH8u+kQRXO2DkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZDc4ODI2ZTE3MTdlYzk5M2ViNjRkZDExODc4NzZiMDY1
ZThmNTgwHhcNMjUwNDA0MDc1ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGVlYzUyODIxNWFjN2U4MmQxOWUyODliYWViMjA2N2FhNDc0MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AieyhAI08sx+075HV5S6CBxnnv7
efIjzcWHZ0PpM10F0ZBonX4dzuI7WehTKfVBNeHfn91ccoyakEpEv6LSZWqBNizN
SzKrdLQLjxPJb00vnvUrZ6bwvsXZXKuATNbw048MW62lowMSvvLy9DHsWhqa3fik
x2N3EmRfFJ9Ne1FOLbHl5E3ezhvIExYZv7sdjrX3C+5T3HoQm0CX2vnVJ+H4f5V/
rh3EiOSOgWqzjdsKRuqwvsOk3sCdEwh6PTSIq8hAQdH+l1C1UNtxO9QmpqJF4aL8
7Bc0TH3uMKYjU2BnjcKb7AZ5w5o/ryKBV9rfiZ9t7U73gGAa8HB+y3EwvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTuxSghWsfoLRniibrrIGeqR0EPMB8GA1UdIwQY
MBaAFNHXiCbhcX7Jk+tk3RGHh2sGXo9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGRlSUp1Rnhmc21UNjJUZEVZZUhhd1plajFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wZWViMmYtMWFhMC00NzYyLWI0ZTgt
YjU5YzJhYzk1MWNiLzEvdE83RktDRmF4LWd0R2VLSnV1c2daNnBIUVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wZWViMmYtMWFhMC00NzYyLWI0ZTgtYjU5YzJhYzk1MWNi
LzEvMGRlSUp1Rnhmc21UNjJUZEVZZUhhd1plajFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSFwMA0G
CSqGSIb3DQEBCwUAA4IBAQAgmh1cBEjaaO0zodBA3OHVgydITv083wQz1B3yo9Yi
6NN3tU+xKaa/4N3in0eMSyU0771eHI+GvlKcJxRYgYfWIl43LbZD5BPiTgY3jyYL
LkvLm8XA7+ng9c2nV7ex5AmIfHUh1HsCJZEGR8G5p7knMYu/nRDBUP44AD5qHxu0
/EtPxXM6EIgHklh1LNPP8DxWwcR63sd2Gttx3GXh7DO0CmbhpGUtvahHXgy7ZE0q
39yh99s+F0u6qw8tt/9QyATmiYMCn7p4C58Sk5pvwLdyAnrsf/yI85rJVtTpFe+P
24xcX1vDYbwRhb60/x0QZxv1jpFEBRUoHK5pLhVFoqnW
-----END CERTIFICATE-----