Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/fe3fef-e176-451a-95d5-905196eba0be/1/q5bfraBywGI6OWgME5lOUXQvdtQ.roa
File:                     q5bfraBywGI6OWgME5lOUXQvdtQ.roa (raw, json)
Hash identifier:          VPJfRwAlvqbFoPlw0asR42eLfzS3WBMbNuvc2HvQmEs=
Subject key identifier:   AB:96:DF:AD:A0:72:C0:62:3A:39:68:0C:13:99:4E:51:74:2F:76:D4
Certificate issuer:       /CN=33ea24084f6b89b065559910e0311eb514bebb11
Certificate serial:       019420D5AA866DD15DA2A33B40819BB0766A
Authority key identifier: 33:EA:24:08:4F:6B:89:B0:65:55:99:10:E0:31:1E:B5:14:BE:BB:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M-okCE9ribBlVZkQ4DEetRS-uxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/fe3fef-e176-451a-95d5-905196eba0be/1/q5bfraBywGI6OWgME5lOUXQvdtQ.roa
Signing time:             Wed 01 Jan 2025 07:47:41 +0000
ROA not before:           Wed 01 Jan 2025 07:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203767
IP address blocks:        194.195.102.0/24 maxlen: 24
                          194.195.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/fe3fef-e176-451a-95d5-905196eba0be/1/M-okCE9ribBlVZkQ4DEetRS-uxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/fe3fef-e176-451a-95d5-905196eba0be/1/M-okCE9ribBlVZkQ4DEetRS-uxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M-okCE9ribBlVZkQ4DEetRS-uxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:aa:86:6d:d1:5d:a2:a3:3b:40:81:9b:b0:76:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33ea24084f6b89b065559910e0311eb514bebb11
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab96dfada072c0623a39680c13994e51742f76d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4a:9b:aa:ae:c0:fe:6e:25:d8:10:cd:da:d6:
                    1a:03:f2:db:bc:6d:be:a8:8a:08:3b:96:bc:6d:aa:
                    e0:69:98:7d:4f:22:ca:50:6d:d7:99:e3:3b:cd:cd:
                    3f:05:ff:65:4b:89:14:36:66:c2:9c:69:1d:b4:f5:
                    fe:da:4d:e7:86:93:cb:8e:4a:2e:76:3c:9d:2a:ac:
                    3b:a0:c8:0a:2f:fe:c2:ce:14:97:3e:4f:67:e4:8d:
                    02:14:3a:fd:23:83:72:69:30:8f:cd:04:9e:68:c4:
                    1a:fc:83:23:35:45:ee:d8:45:ca:d4:ff:4e:11:c5:
                    34:b0:c6:54:bc:ba:40:25:0a:4a:93:54:0c:cf:2c:
                    63:b0:4e:b7:8f:27:54:60:94:09:81:f9:12:6a:2f:
                    64:a1:cb:f1:ea:f4:f5:07:2e:0e:4e:ff:02:05:04:
                    d1:59:5b:b7:2c:6c:44:1d:0d:69:2c:30:85:59:ac:
                    8a:99:87:84:9b:06:32:a7:44:0f:f6:12:28:45:f9:
                    eb:97:aa:0c:a2:ad:14:67:17:e7:9f:fe:30:1c:10:
                    1d:a2:7d:50:7b:b0:b3:30:95:81:7c:cc:e5:17:cd:
                    91:f8:49:5f:7e:43:81:80:41:3d:14:4d:c7:0f:69:
                    e6:23:49:d0:ae:ad:75:54:ee:2e:1b:c3:c9:9c:44:
                    f3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:96:DF:AD:A0:72:C0:62:3A:39:68:0C:13:99:4E:51:74:2F:76:D4
            X509v3 Authority Key Identifier:
                keyid:33:EA:24:08:4F:6B:89:B0:65:55:99:10:E0:31:1E:B5:14:BE:BB:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M-okCE9ribBlVZkQ4DEetRS-uxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/fe3fef-e176-451a-95d5-905196eba0be/1/q5bfraBywGI6OWgME5lOUXQvdtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/fe3fef-e176-451a-95d5-905196eba0be/1/M-okCE9ribBlVZkQ4DEetRS-uxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.195.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:b9:88:cd:33:3a:a7:bb:0a:98:c6:e5:94:34:30:f5:bd:9d:
         af:66:4a:b7:78:84:73:60:11:a7:59:00:79:a8:71:c4:6b:87:
         06:36:79:1b:f4:f1:0d:e4:61:b7:5f:48:f1:a7:05:74:63:4a:
         64:a0:6f:b8:4a:94:98:f1:77:65:16:39:b0:38:4d:e6:5c:0b:
         81:ec:93:b9:62:16:24:98:64:1d:a0:d9:bf:cc:81:75:db:ad:
         54:11:b1:7b:d3:7d:5c:20:81:e1:d0:e8:10:43:0b:79:e2:da:
         c5:6d:70:50:22:ed:7d:bc:49:1d:8d:09:61:6a:ac:a2:8f:17:
         e0:2e:e3:12:8a:67:c6:6a:47:6a:7d:4a:ab:7e:29:60:81:d7:
         dd:62:ff:e9:9c:b7:3e:f5:ce:93:15:26:77:89:cb:ca:84:44:
         ee:2a:8f:0c:56:83:78:14:35:65:d6:a0:57:6f:f6:de:e0:7f:
         c4:ad:36:19:59:22:ab:96:b9:fd:aa:90:5a:05:ca:7f:a2:49:
         ba:29:58:6f:77:96:68:d9:24:ea:e3:2e:2d:2a:e0:dd:10:df:
         37:38:34:eb:58:b8:e1:74:4c:1f:f0:4d:50:c2:2d:e5:14:b3:
         d0:d7:dd:3f:de:4e:37:1b:74:88:51:25:01:71:23:87:f6:06:
         75:56:f6:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1aqGbdFdoqM7QIGbsHZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZWEyNDA4NGY2Yjg5YjA2NTU1OTkxMGUwMzExZWI1MTRi
ZWJiMTEwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjk2ZGZhZGEwNzJjMDYyM2EzOTY4MGMxMzk5NGU1MTc0MmY3NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUqbqq7A/m4l2BDN2tYaA/LbvG2+
qIoIO5a8bargaZh9TyLKUG3XmeM7zc0/Bf9lS4kUNmbCnGkdtPX+2k3nhpPLjkou
djydKqw7oMgKL/7CzhSXPk9n5I0CFDr9I4NyaTCPzQSeaMQa/IMjNUXu2EXK1P9O
EcU0sMZUvLpAJQpKk1QMzyxjsE63jydUYJQJgfkSai9kocvx6vT1By4OTv8CBQTR
WVu3LGxEHQ1pLDCFWayKmYeEmwYyp0QP9hIoRfnrl6oMoq0UZxfnn/4wHBAdon1Q
e7CzMJWBfMzlF82R+ElffkOBgEE9FE3HD2nmI0nQrq11VO4uG8PJnETzJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuW362gcsBiOjloDBOZTlF0L3bUMB8GA1UdIwQY
MBaAFDPqJAhPa4mwZVWZEOAxHrUUvrsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTS1va0NFOXJpYkJsVlprUTRERWV0UlMtdXhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mZTNmZWYtZTE3Ni00NTFhLTk1ZDUt
OTA1MTk2ZWJhMGJlLzEvcTViZnJhQnl3R0k2T1dnTUU1bE9VWFF2ZHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mZTNmZWYtZTE3Ni00NTFhLTk1ZDUtOTA1MTk2ZWJhMGJl
LzEvTS1va0NFOXJpYkJsVlprUTRERWV0UlMtdXhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwsNmMA0G
CSqGSIb3DQEBCwUAA4IBAQCNuYjNMzqnuwqYxuWUNDD1vZ2vZkq3eIRzYBGnWQB5
qHHEa4cGNnkb9PEN5GG3X0jxpwV0Y0pkoG+4SpSY8XdlFjmwOE3mXAuB7JO5YhYk
mGQdoNm/zIF1261UEbF7031cIIHh0OgQQwt54trFbXBQIu19vEkdjQlhaqyijxfg
LuMSimfGakdqfUqrfilggdfdYv/pnLc+9c6TFSZ3icvKhETuKo8MVoN4FDVl1qBX
b/be4H/ErTYZWSKrlrn9qpBaBcp/okm6KVhvd5Zo2STq4y4tKuDdEN83ODTrWLjh
dEwf8E1Qwi3lFLPQ190/3k43G3SIUSUBcSOH9gZ1VvZy
-----END CERTIFICATE-----