Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/1-ezSRolehonzd7m4Tnnd0luM6m8.roa
File:                     1-ezSRolehonzd7m4Tnnd0luM6m8.roa (raw, json)
Hash identifier:          On/fPJ39Z5Xcbn6zLcHyJUdx0s6S7SIPAdEzMQoJ3XQ=
Subject key identifier:   F9:EC:D2:46:89:5E:86:89:F3:77:B9:B8:4E:79:DD:D2:5B:8C:EA:6F
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019425FC18BC20F426860862FCCE03B4697C
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/1-ezSRolehonzd7m4Tnnd0luM6m8.roa
Signing time:             Thu 02 Jan 2025 07:47:45 +0000
ROA not before:           Thu 02 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213238
IP address blocks:        193.30.81.0/24 maxlen: 24
                          2a02:1161:800::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:18:bc:20:f4:26:86:08:62:fc:ce:03:b4:69:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  2 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9ecd246895e8689f377b9b84e79ddd25b8cea6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:65:ef:d6:18:25:39:bd:26:7f:3e:05:52:a3:
                    84:df:41:6a:e2:c9:9e:aa:18:05:20:cb:3a:b1:4c:
                    51:46:9c:ee:b1:e1:9b:ca:6e:77:ef:f7:d8:fb:f5:
                    30:66:3e:83:0a:1f:d5:46:6a:5a:fa:51:b3:73:a0:
                    1b:da:f8:c7:c1:cd:9d:ae:19:f6:43:d9:7a:98:3a:
                    a0:1f:99:22:bf:56:ab:a6:47:c1:c2:34:78:33:e4:
                    72:ed:a0:50:da:ff:b5:20:a9:c6:2f:e6:6a:ea:ce:
                    93:9b:2b:27:06:7d:91:26:8b:a4:31:ee:71:a6:e6:
                    82:c5:7d:e9:95:8c:40:24:a7:36:77:51:32:72:4f:
                    d6:de:8f:5b:c9:c0:2b:38:6e:a5:8e:37:d3:87:f4:
                    c6:05:fd:f5:ef:40:a0:11:8e:7c:ea:57:1c:5d:62:
                    cb:c2:00:45:3b:63:43:22:79:12:5d:96:40:ad:ff:
                    f2:6a:2d:2e:50:10:ac:2e:a8:ae:3f:ee:34:db:2a:
                    af:39:47:48:db:70:e6:ee:6b:b9:14:b4:08:1f:9d:
                    30:ec:d4:2e:f9:c6:67:e2:10:14:cc:e5:1e:a5:23:
                    7d:21:3b:da:00:10:37:73:94:76:36:bb:97:dd:9c:
                    91:ba:ba:33:47:31:b9:fe:05:3d:df:20:a9:52:3d:
                    46:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EC:D2:46:89:5E:86:89:F3:77:B9:B8:4E:79:DD:D2:5B:8C:EA:6F
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/1-ezSRolehonzd7m4Tnnd0luM6m8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.81.0/24
                IPv6:
                  2a02:1161:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         3e:a4:36:1f:0e:cb:5f:14:a2:23:cf:83:b7:4b:6c:25:ca:9f:
         21:1c:f6:fa:09:9e:a9:27:ec:0b:2b:1b:d5:e8:91:6d:72:fa:
         9e:21:b9:e0:96:03:26:c8:da:86:49:7d:d6:12:88:b2:0a:b8:
         e5:cc:9e:08:0e:49:91:60:ed:70:f0:62:4b:90:d8:16:72:97:
         36:8b:7d:e2:9f:94:d8:47:6f:8d:e6:a3:cc:88:b9:07:fe:de:
         d1:f9:12:0a:48:cf:1c:07:d2:3f:5b:cc:5b:21:80:a0:0c:d9:
         b0:ef:a8:96:1b:5d:a8:e6:55:c9:a9:00:02:0b:9c:80:6a:f7:
         f5:77:7a:63:e2:0e:85:0d:97:09:8c:fa:a9:f0:68:dd:a6:78:
         f6:c6:70:bf:14:98:bc:88:10:1d:9a:95:06:56:8a:07:b1:74:
         3e:7f:47:c7:00:7c:43:5f:8c:b8:18:f6:56:1b:62:d6:24:70:
         59:eb:cb:f5:a4:47:97:e1:e4:aa:b3:1f:59:be:1b:5b:30:34:
         48:4d:66:59:3b:9c:8a:cd:ec:71:d8:c6:cb:b9:18:59:69:a0:
         57:ce:c2:e2:6d:a4:a7:7f:b9:4e:fb:06:a9:99:71:04:f6:e6:
         ca:d0:04:f2:7e:b9:63:c7:fb:32:13:29:7d:63:c5:f0:9c:ec:
         48:72:24:c5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/Bi8IPQmhghi/M4DtGl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwMTAyMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWVjZDI0Njg5NWU4Njg5ZjM3N2I5Yjg0ZTc5ZGRkMjViOGNlYTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWXv1hglOb0mfz4FUqOE30Fq4sme
qhgFIMs6sUxRRpzuseGbym537/fY+/UwZj6DCh/VRmpa+lGzc6Ab2vjHwc2drhn2
Q9l6mDqgH5kiv1arpkfBwjR4M+Ry7aBQ2v+1IKnGL+Zq6s6TmysnBn2RJoukMe5x
puaCxX3plYxAJKc2d1Eyck/W3o9bycArOG6ljjfTh/TGBf3170CgEY586lccXWLL
wgBFO2NDInkSXZZArf/yai0uUBCsLqiuP+402yqvOUdI23Dm7mu5FLQIH50w7NQu
+cZn4hAUzOUepSN9ITvaABA3c5R2NruX3ZyRurozRzG5/gU93yCpUj1GVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPns0kaJXoaJ83e5uE553dJbjOpvMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvMS1lelNSb2xlaG9uemQ3bTRUbm5kMGx1TTZtOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTYvOGM1MWNiLWEzYmQtNDc2ZC04ODBmLWE5NmM2MjY2YWJk
Yi8xL1Z4Z3FxMXJaNzZPQXBzYndiQUZ1Rll2cGQ3dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAvBggrBgEFBQcBBwEB/wQgMB4wDAQCAAEwBgMEAMEeUTAO
BAIAAjAIAwYAKgIRYQgwDQYJKoZIhvcNAQELBQADggEBAD6kNh8Oy18UoiPPg7dL
bCXKnyEc9voJnqkn7AsrG9XokW1y+p4hueCWAybI2oZJfdYSiLIKuOXMnggOSZFg
7XDwYkuQ2BZylzaLfeKflNhHb43mo8yIuQf+3tH5EgpIzxwH0j9bzFshgKAM2bDv
qJYbXajmVcmpAAILnIBq9/V3emPiDoUNlwmM+qnwaN2mePbGcL8UmLyIEB2alQZW
igexdD5/R8cAfENfjLgY9lYbYtYkcFnry/WkR5fh5KqzH1m+G1swNEhNZlk7nIrN
7HHYxsu5GFlpoFfOwuJtpKd/uU77BqmZcQT25srQBPJ+uWPH+zITKX1jxfCc7Ehy
JMU=
-----END CERTIFICATE-----