Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/mV-XJ1vsejgnjlqdyhzG37ErD4E.roa
File:                     mV-XJ1vsejgnjlqdyhzG37ErD4E.roa (raw, json)
Hash identifier:          TC9xgNIv9/1wupExIgbkd7gNA+WSlHY9vK/UmMUyrq8=
Subject key identifier:   99:5F:97:27:5B:EC:7A:38:27:8E:5A:9D:CA:1C:C6:DF:B1:2B:0F:81
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942143FF284B469CF4C05C873D88C42BA7
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/mV-XJ1vsejgnjlqdyhzG37ErD4E.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44378
IP address blocks:        193.19.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ff:28:4b:46:9c:f4:c0:5c:87:3d:88:c4:2b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=995f97275bec7a38278e5a9dca1cc6dfb12b0f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2e:df:7a:9d:31:35:93:26:2a:e4:1d:cc:1b:
                    a7:b3:64:cc:39:e2:a9:b9:8a:3d:99:1c:c2:72:a5:
                    dc:7b:66:56:a0:d5:ed:fd:6d:24:3d:f3:0b:8d:23:
                    60:35:f7:71:9f:27:3e:02:0a:ae:72:5c:16:45:eb:
                    84:c6:54:9c:bd:13:6a:dd:51:81:7f:83:97:df:90:
                    2c:04:4a:69:2a:9c:64:b9:05:78:c7:48:77:86:70:
                    3b:e9:30:34:f6:f4:48:a9:88:56:dd:46:3f:87:d0:
                    cd:3f:f3:4d:6b:c9:23:bd:4e:26:81:c0:f5:cb:c4:
                    62:1f:5b:03:90:8f:c8:28:e5:ec:7d:eb:b2:d8:df:
                    b9:fe:cf:ca:15:7e:df:60:60:4b:89:94:6f:db:fe:
                    2b:39:ba:f9:ea:15:19:00:90:d1:6e:98:3a:8e:9a:
                    93:8b:3b:f3:b9:cb:c5:a0:20:e6:d0:be:a6:ba:10:
                    ee:9d:63:5c:26:03:e4:bb:e9:0b:9f:b6:e2:ae:1b:
                    e9:0f:39:03:e3:11:4f:ff:37:cd:5d:ed:e5:62:2b:
                    ae:16:07:70:d2:3d:10:e1:df:e1:86:6e:35:5a:77:
                    6b:c9:c3:2e:bb:07:2e:f3:7f:ca:ce:52:1b:9f:a4:
                    b5:c2:c6:53:72:34:9a:d4:76:4a:8a:de:a0:7a:0c:
                    53:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:5F:97:27:5B:EC:7A:38:27:8E:5A:9D:CA:1C:C6:DF:B1:2B:0F:81
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/mV-XJ1vsejgnjlqdyhzG37ErD4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:4a:4a:03:55:14:ff:c3:c0:1f:69:56:57:dc:13:fa:aa:1e:
         d3:fd:41:9a:42:8e:a8:4b:bd:82:48:96:f1:b7:b2:e2:fd:92:
         7f:60:fc:98:c8:bf:55:6e:21:5d:69:ba:a6:c0:6e:ab:d9:03:
         df:56:a7:a9:ae:c1:2c:ce:b5:8c:de:b2:2a:3f:d4:8a:fa:e7:
         36:73:b0:24:9c:53:5e:fb:e8:00:d4:6f:f7:e2:00:02:14:2b:
         94:d6:74:9a:6e:eb:2c:24:ab:d9:9a:f8:e7:02:2e:71:e2:bc:
         de:d9:fd:78:13:44:d9:f1:0f:77:70:9c:33:2a:bd:14:5b:b2:
         5b:4e:da:09:57:99:8a:4f:d6:24:72:ab:bf:18:8c:ad:b2:1d:
         66:91:11:c8:bc:e0:99:a7:9a:b6:6a:9e:c1:39:50:12:b1:42:
         31:5d:f1:c4:6d:21:99:af:48:03:ea:39:d0:41:34:c6:57:bf:
         34:c1:df:25:1a:1c:72:fc:2b:3c:58:43:08:e5:d2:1d:38:7e:
         80:c4:80:f3:fc:32:a8:4e:78:5a:70:a7:d1:e7:0b:58:c0:e6:
         17:7d:5b:60:87:7c:9e:1a:19:3d:85:e4:48:15:04:36:26:d8:
         80:8f:b7:a5:75:c7:75:83:a1:7e:5d:6c:ea:ad:db:a7:f7:e9:
         ef:7a:a1:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/8oS0ac9MBchz2IxCunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTVmOTcyNzViZWM3YTM4Mjc4ZTVhOWRjYTFjYzZkZmIxMmIwZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC7fep0xNZMmKuQdzBuns2TMOeKp
uYo9mRzCcqXce2ZWoNXt/W0kPfMLjSNgNfdxnyc+AgquclwWReuExlScvRNq3VGB
f4OX35AsBEppKpxkuQV4x0h3hnA76TA09vRIqYhW3UY/h9DNP/NNa8kjvU4mgcD1
y8RiH1sDkI/IKOXsfeuy2N+5/s/KFX7fYGBLiZRv2/4rObr56hUZAJDRbpg6jpqT
izvzucvFoCDm0L6muhDunWNcJgPku+kLn7birhvpDzkD4xFP/zfNXe3lYiuuFgdw
0j0Q4d/hhm41WndrycMuuwcu83/KzlIbn6S1wsZTcjSa1HZKit6gegxTwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlflydb7Ho4J45ancocxt+xKw+BMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvbVYtWEoxdnNlamduamxxZHloekczN0VyRDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRO9MA0G
CSqGSIb3DQEBCwUAA4IBAQAESkoDVRT/w8AfaVZX3BP6qh7T/UGaQo6oS72CSJbx
t7Li/ZJ/YPyYyL9VbiFdabqmwG6r2QPfVqeprsEszrWM3rIqP9SK+uc2c7AknFNe
++gA1G/34gACFCuU1nSabussJKvZmvjnAi5x4rze2f14E0TZ8Q93cJwzKr0UW7Jb
TtoJV5mKT9Ykcqu/GIytsh1mkRHIvOCZp5q2ap7BOVASsUIxXfHEbSGZr0gD6jnQ
QTTGV780wd8lGhxy/Cs8WEMI5dIdOH6AxIDz/DKoTnhacKfR5wtYwOYXfVtgh3ye
Ghk9heRIFQQ2JtiAj7eldcd1g6F+XWzqrdun9+nveqGQ
-----END CERTIFICATE-----