Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/leDNi0WllP1YqULzb4LrZ9SaXNU.roa
File:                     leDNi0WllP1YqULzb4LrZ9SaXNU.roa (raw, json)
Hash identifier:          AZ3w2uOyWeGoSd1JRW2Ly2oonBucnhh8DC++gdjBL6M=
Subject key identifier:   95:E0:CD:8B:45:A5:94:FD:58:A9:42:F3:6F:82:EB:67:D4:9A:5C:D5
Certificate issuer:       /CN=6f5792ab8b759aa773038d92077a99bcf8d81aa0
Certificate serial:       019424B3C87718E77A76DF55C088318A709D
Authority key identifier: 6F:57:92:AB:8B:75:9A:A7:73:03:8D:92:07:7A:99:BC:F8:D8:1A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b1eSq4t1mqdzA42SB3qZvPjYGqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/leDNi0WllP1YqULzb4LrZ9SaXNU.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8708
IP address blocks:        193.22.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/b1eSq4t1mqdzA42SB3qZvPjYGqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/b1eSq4t1mqdzA42SB3qZvPjYGqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b1eSq4t1mqdzA42SB3qZvPjYGqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c8:77:18:e7:7a:76:df:55:c0:88:31:8a:70:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f5792ab8b759aa773038d92077a99bcf8d81aa0
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95e0cd8b45a594fd58a942f36f82eb67d49a5cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:27:b1:62:47:8b:1c:42:60:dd:0f:12:c3:a2:
                    42:62:f7:b2:c1:d9:c6:81:c7:02:a7:9b:77:1c:47:
                    bd:ba:15:f2:3a:1e:c0:34:9f:f2:d2:94:ef:91:b9:
                    a5:1f:3e:c0:93:d7:d3:83:99:98:36:a8:1f:a9:ec:
                    87:03:9b:da:43:76:6a:9d:5f:a7:c3:9c:cd:b0:98:
                    f0:ac:40:c4:26:e0:49:1c:cc:cb:ee:7b:4b:eb:d6:
                    f7:91:40:74:f1:b6:6d:22:5c:cf:51:cb:5e:90:19:
                    5c:ce:9f:dd:ca:b7:f0:cb:5d:c7:b7:94:79:5f:98:
                    c4:ec:1b:98:20:6a:ea:b5:0a:00:a5:eb:c1:71:43:
                    f6:e4:c1:cd:89:4e:0c:93:d4:4d:8c:7c:21:02:04:
                    2d:0c:49:bd:a3:6d:f2:e7:7b:a7:d2:d0:2f:ea:22:
                    16:83:a1:32:76:81:b5:37:a6:fe:d6:42:c4:3a:20:
                    89:04:28:dc:85:f3:09:c5:80:13:3d:aa:e9:ad:bf:
                    84:66:f2:7e:33:66:3d:db:24:93:d8:a5:08:cb:f5:
                    95:fd:5c:b4:30:e1:d4:4a:61:10:7b:5a:53:3b:16:
                    2e:73:e1:d2:3c:d0:dc:9e:63:9f:a8:f4:e8:72:fe:
                    33:a9:3d:19:2b:d3:19:78:b8:1b:31:5c:34:93:31:
                    a8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E0:CD:8B:45:A5:94:FD:58:A9:42:F3:6F:82:EB:67:D4:9A:5C:D5
            X509v3 Authority Key Identifier:
                keyid:6F:57:92:AB:8B:75:9A:A7:73:03:8D:92:07:7A:99:BC:F8:D8:1A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1eSq4t1mqdzA42SB3qZvPjYGqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/leDNi0WllP1YqULzb4LrZ9SaXNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/7f9978-1fe4-4b99-8143-5d1b1ecb99bf/1/b1eSq4t1mqdzA42SB3qZvPjYGqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:2b:77:33:20:36:82:41:80:23:61:7a:b6:d7:1d:0e:e7:74:
         89:f4:2d:77:69:3a:20:61:08:85:1f:36:1f:54:46:1a:2a:2f:
         5d:98:c9:30:06:73:54:8f:9e:30:ef:1d:e0:71:df:ee:48:e7:
         c6:2d:43:98:8f:3c:5b:52:85:be:62:2d:4e:2c:4d:1d:60:c0:
         8d:0f:e3:90:bc:69:b6:64:7c:cc:b0:0e:4d:fd:cc:11:fc:92:
         d5:8e:96:42:73:e2:4d:5d:38:af:a4:6a:82:82:e7:bb:f9:98:
         fc:ef:2f:a0:e5:28:0e:03:76:07:d3:fc:71:c1:c0:ca:81:da:
         f1:1e:23:16:bb:4e:9f:1e:0b:c2:74:2d:3f:32:97:47:25:bd:
         64:2e:3f:15:7a:25:4b:5a:5b:55:d8:73:a1:b7:9f:f8:90:14:
         24:77:d4:3f:eb:40:52:64:56:e3:0a:b3:0d:8c:87:10:68:ea:
         ff:92:e5:de:3c:38:6c:a2:88:46:cf:1e:74:9c:f5:70:72:25:
         bc:64:f0:21:5a:e4:48:1f:7a:f3:dc:eb:eb:27:5b:95:52:fc:
         29:90:82:24:0e:25:34:01:f9:a2:dc:cd:34:22:a1:ad:f1:a8:
         27:b1:b8:8e:78:89:0d:64:be:e9:ff:b3:ac:75:38:b8:50:82:
         e9:63:64:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8h3GOd6dt9VwIgxinCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNTc5MmFiOGI3NTlhYTc3MzAzOGQ5MjA3N2E5OWJjZjhk
ODFhYTAwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWUwY2Q4YjQ1YTU5NGZkNThhOTQyZjM2ZjgyZWI2N2Q0OWE1Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriexYkeLHEJg3Q8Sw6JCYveywdnG
gccCp5t3HEe9uhXyOh7ANJ/y0pTvkbmlHz7Ak9fTg5mYNqgfqeyHA5vaQ3ZqnV+n
w5zNsJjwrEDEJuBJHMzL7ntL69b3kUB08bZtIlzPUctekBlczp/dyrfwy13Ht5R5
X5jE7BuYIGrqtQoApevBcUP25MHNiU4Mk9RNjHwhAgQtDEm9o23y53un0tAv6iIW
g6EydoG1N6b+1kLEOiCJBCjchfMJxYATParprb+EZvJ+M2Y92yST2KUIy/WV/Vy0
MOHUSmEQe1pTOxYuc+HSPNDcnmOfqPTocv4zqT0ZK9MZeLgbMVw0kzGoKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXgzYtFpZT9WKlC82+C62fUmlzVMB8GA1UdIwQY
MBaAFG9XkquLdZqncwONkgd6mbz42BqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjFlU3E0dDFtcWR6QTQyU0IzcVp2UGpZR3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni83Zjk5NzgtMWZlNC00Yjk5LTgxNDMt
NWQxYjFlY2I5OWJmLzEvbGVETmkwV2xsUDFZcVVMemI0THJaOVNhWE5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni83Zjk5NzgtMWZlNC00Yjk5LTgxNDMtNWQxYjFlY2I5OWJm
LzEvYjFlU3E0dDFtcWR6QTQyU0IzcVp2UGpZR3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRatMA0G
CSqGSIb3DQEBCwUAA4IBAQCXK3czIDaCQYAjYXq21x0O53SJ9C13aTogYQiFHzYf
VEYaKi9dmMkwBnNUj54w7x3gcd/uSOfGLUOYjzxbUoW+Yi1OLE0dYMCND+OQvGm2
ZHzMsA5N/cwR/JLVjpZCc+JNXTivpGqCgue7+Zj87y+g5SgOA3YH0/xxwcDKgdrx
HiMWu06fHgvCdC0/MpdHJb1kLj8VeiVLWltV2HOht5/4kBQkd9Q/60BSZFbjCrMN
jIcQaOr/kuXePDhsoohGzx50nPVwciW8ZPAhWuRIH3rz3OvrJ1uVUvwpkIIkDiU0
Afmi3M00IqGt8agnsbiOeIkNZL7p/7OsdTi4UILpY2SX
-----END CERTIFICATE-----