Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/0aj2iC8UozSayvcd0gVttauRXrk.roa
File:                     0aj2iC8UozSayvcd0gVttauRXrk.roa (raw, json)
Hash identifier:          58D9vVvqyItBf62Z1ii/QTTlH8NhErcObr48aTP7eUU=
Subject key identifier:   D1:A8:F6:88:2F:14:A3:34:9A:CA:F7:1D:D2:05:6D:B5:AB:91:5E:B9
Certificate issuer:       /CN=94a9eaa9d71b7c51c9b4bbea6819b37ff5291d59
Certificate serial:       01942521B1C58357A223E30367DEE4759CA7
Authority key identifier: 94:A9:EA:A9:D7:1B:7C:51:C9:B4:BB:EA:68:19:B3:7F:F5:29:1D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lKnqqdcbfFHJtLvqaBmzf_UpHVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/0aj2iC8UozSayvcd0gVttauRXrk.roa
Signing time:             Thu 02 Jan 2025 03:49:12 +0000
ROA not before:           Thu 02 Jan 2025 03:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214072
IP address blocks:        193.93.75.0/24 maxlen: 24
                          2a14:2cc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/lKnqqdcbfFHJtLvqaBmzf_UpHVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/lKnqqdcbfFHJtLvqaBmzf_UpHVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lKnqqdcbfFHJtLvqaBmzf_UpHVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b1:c5:83:57:a2:23:e3:03:67:de:e4:75:9c:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94a9eaa9d71b7c51c9b4bbea6819b37ff5291d59
        Validity
            Not Before: Jan  2 03:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1a8f6882f14a3349acaf71dd2056db5ab915eb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4a:b6:51:e9:bf:cb:46:d3:c3:26:4c:da:fe:
                    7b:5f:90:f6:fe:24:38:7a:4b:1d:77:9a:2b:28:1a:
                    a9:8d:49:cf:41:0b:3f:55:2d:f1:fe:d8:59:1f:dc:
                    a4:e5:5e:a7:f3:b7:c3:b0:51:6d:e7:85:42:2c:3c:
                    5d:ff:85:ab:e8:6e:2d:ab:99:0a:ea:9c:88:6e:84:
                    0a:b8:62:f3:bb:38:c3:39:1b:1d:76:0a:a9:66:c6:
                    b9:39:bd:88:82:6a:18:de:b1:9a:66:e9:dc:09:b9:
                    ca:19:27:c2:f0:d9:84:6a:f2:56:b2:d3:91:77:9c:
                    01:38:32:3d:dd:d2:3b:1d:e9:ea:57:5d:3a:b7:19:
                    47:74:59:8a:6a:b0:cf:0f:59:bd:d7:fb:b7:8c:a7:
                    0a:79:ed:89:0b:79:1f:ac:d9:75:87:6b:27:18:58:
                    8e:60:e6:10:a1:59:e6:47:7b:1b:94:cd:f9:d3:d8:
                    b1:92:ca:86:02:95:27:d7:34:7f:78:d4:21:8b:6f:
                    1e:80:5c:0b:2f:81:e7:44:ea:48:e3:5e:8a:76:7f:
                    fa:bf:b9:87:ef:c3:77:5a:4c:94:04:99:3f:6b:53:
                    e1:eb:69:fa:d4:2f:98:1d:2c:d2:41:f0:58:5c:04:
                    63:d7:29:c7:1b:67:8f:fa:68:f3:b1:81:c3:71:60:
                    c1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A8:F6:88:2F:14:A3:34:9A:CA:F7:1D:D2:05:6D:B5:AB:91:5E:B9
            X509v3 Authority Key Identifier:
                keyid:94:A9:EA:A9:D7:1B:7C:51:C9:B4:BB:EA:68:19:B3:7F:F5:29:1D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lKnqqdcbfFHJtLvqaBmzf_UpHVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/0aj2iC8UozSayvcd0gVttauRXrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/443c4f-6406-4041-ac13-393ad25eb340/1/lKnqqdcbfFHJtLvqaBmzf_UpHVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.75.0/24
                IPv6:
                  2a14:2cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:3e:06:13:9f:bd:65:12:a6:7b:82:d7:a6:a4:de:e8:93:4a:
         55:f8:86:0e:ab:82:ea:6d:c3:f8:08:55:76:37:c2:ef:16:81:
         09:23:fc:c1:36:4a:f3:90:83:fe:94:ab:7f:29:54:7d:ed:27:
         a6:63:62:95:26:aa:bd:5f:48:b9:b9:2b:24:c4:67:cd:81:31:
         cc:bd:d5:04:da:34:6a:81:28:6d:21:19:71:4c:08:40:79:cf:
         b6:e7:9a:db:b4:13:81:04:cb:0f:cb:24:09:3d:11:05:d9:ec:
         b0:72:ae:bd:b6:f3:b5:f1:f0:3d:03:02:fd:7c:cb:7c:e5:28:
         19:5f:16:e0:a8:a3:97:17:27:7f:42:e7:d8:eb:17:9e:3d:93:
         83:cd:80:89:5e:df:c1:e1:a5:94:06:78:fe:84:73:74:d9:62:
         d8:f9:99:e3:4b:59:95:aa:2b:17:a4:1a:14:5c:67:f6:e6:46:
         93:a5:6f:1f:44:42:91:39:e7:06:09:db:a9:b5:a9:23:8e:de:
         df:da:78:9d:00:c5:04:90:e3:78:29:64:08:55:60:74:b2:96:
         d4:97:3c:98:2c:fa:00:65:87:14:ae:02:5d:a9:06:ad:df:20:
         99:43:6d:54:51:e6:be:fe:40:fc:e9:2d:11:a5:a2:d5:16:f0:
         e9:cd:41:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIbHFg1eiI+MDZ97kdZynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YTllYWE5ZDcxYjdjNTFjOWI0YmJlYTY4MTliMzdmZjUy
OTFkNTkwHhcNMjUwMTAyMDM0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWE4ZjY4ODJmMTRhMzM0OWFjYWY3MWRkMjA1NmRiNWFiOTE1ZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0q2Uem/y0bTwyZM2v57X5D2/iQ4
eksdd5orKBqpjUnPQQs/VS3x/thZH9yk5V6n87fDsFFt54VCLDxd/4Wr6G4tq5kK
6pyIboQKuGLzuzjDORsddgqpZsa5Ob2IgmoY3rGaZuncCbnKGSfC8NmEavJWstOR
d5wBODI93dI7HenqV106txlHdFmKarDPD1m91/u3jKcKee2JC3kfrNl1h2snGFiO
YOYQoVnmR3sblM3509ixksqGApUn1zR/eNQhi28egFwLL4HnROpI416Kdn/6v7mH
78N3WkyUBJk/a1Ph62n61C+YHSzSQfBYXARj1ynHG2eP+mjzsYHDcWDB+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNGo9ogvFKM0msr3HdIFbbWrkV65MB8GA1UdIwQY
MBaAFJSp6qnXG3xRybS76mgZs3/1KR1ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEtucXFkY2JmRkhKdEx2cWFCbXpmX1VwSFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80NDNjNGYtNjQwNi00MDQxLWFjMTMt
MzkzYWQyNWViMzQwLzEvMGFqMmlDOFVvelNheXZjZDBnVnR0YXVSWHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80NDNjNGYtNjQwNi00MDQxLWFjMTMtMzkzYWQyNWViMzQw
LzEvbEtucXFkY2JmRkhKdEx2cWFCbXpmX1VwSFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwV1LMA0E
AgACMAcDBQMqFCzAMA0GCSqGSIb3DQEBCwUAA4IBAQAePgYTn71lEqZ7gtempN7o
k0pV+IYOq4LqbcP4CFV2N8LvFoEJI/zBNkrzkIP+lKt/KVR97SemY2KVJqq9X0i5
uSskxGfNgTHMvdUE2jRqgShtIRlxTAhAec+255rbtBOBBMsPyyQJPREF2eywcq69
tvO18fA9AwL9fMt85SgZXxbgqKOXFyd/QufY6xeePZODzYCJXt/B4aWUBnj+hHN0
2WLY+ZnjS1mVqisXpBoUXGf25kaTpW8fREKROecGCduptakjjt7f2nidAMUEkON4
KWQIVWB0spbUlzyYLPoAZYcUrgJdqQat3yCZQ21UUea+/kD86S0RpaLVFvDpzUGE
-----END CERTIFICATE-----