Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/d49c21-dead-4dc4-9478-a10b7cc98bc8/1/k_l8rtQi2P6fa9dQhkQ5j5jaCYE.roa
File:                     k_l8rtQi2P6fa9dQhkQ5j5jaCYE.roa (raw, json)
Hash identifier:          sMo/6l6OJgyWFVqU8cFbnDYPktbERaDpmId+0GVplIk=
Subject key identifier:   93:F9:7C:AE:D4:22:D8:FE:9F:6B:D7:50:86:44:39:8F:98:DA:09:81
Certificate issuer:       /CN=f95f5a35738c3229e2f4394500c322c8275a97a2
Certificate serial:       019423D741E1BF391EE722558AAEB1A70FE0
Authority key identifier: F9:5F:5A:35:73:8C:32:29:E2:F4:39:45:00:C3:22:C8:27:5A:97:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-V9aNXOMMini9DlFAMMiyCdal6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/d49c21-dead-4dc4-9478-a10b7cc98bc8/1/k_l8rtQi2P6fa9dQhkQ5j5jaCYE.roa
Signing time:             Wed 01 Jan 2025 21:48:17 +0000
ROA not before:           Wed 01 Jan 2025 21:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212462
IP address blocks:        193.3.129.0/24 maxlen: 24
                          2a10:fc00::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/d49c21-dead-4dc4-9478-a10b7cc98bc8/1/1-V9aNXOMMini9DlFAMMiyCdal6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/d49c21-dead-4dc4-9478-a10b7cc98bc8/1/1-V9aNXOMMini9DlFAMMiyCdal6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-V9aNXOMMini9DlFAMMiyCdal6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:41:e1:bf:39:1e:e7:22:55:8a:ae:b1:a7:0f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f95f5a35738c3229e2f4394500c322c8275a97a2
        Validity
            Not Before: Jan  1 21:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93f97caed422d8fe9f6bd7508644398f98da0981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7e:93:74:4d:55:c6:13:fe:39:a0:e3:e0:5d:
                    60:dd:92:0b:99:ff:c6:a1:53:f6:85:d8:a6:a4:e4:
                    45:fd:9d:54:f9:96:9a:b0:4a:a2:20:54:5d:44:c2:
                    e2:91:72:3a:0d:46:70:19:de:a1:45:65:28:af:7c:
                    c7:e4:cb:a9:3f:78:30:63:7a:ef:30:94:7c:4e:0d:
                    d6:55:9e:09:49:25:9d:3b:32:15:cc:8e:f9:46:c4:
                    79:2b:e9:c3:f9:97:0a:6f:d1:da:c9:b6:e4:d5:80:
                    53:85:63:93:9b:63:18:88:b1:dd:57:6e:38:e4:48:
                    9e:ec:2a:9f:24:fa:ca:07:22:e7:12:0b:a4:3c:d6:
                    50:ec:af:58:38:cb:c2:cb:37:0c:6d:ca:e7:09:eb:
                    9b:74:3f:74:8d:fc:18:3a:b3:20:5c:ac:4f:85:71:
                    c7:f5:05:a8:61:ba:1f:a7:0b:ce:18:b6:45:37:bc:
                    58:e5:46:ff:be:ef:3b:5d:ed:80:49:38:2c:99:f6:
                    fa:3c:b3:59:81:4c:34:cb:da:2f:77:8e:ed:a2:b9:
                    16:ee:ee:9e:70:e9:46:d9:2f:39:d8:f8:67:2f:4e:
                    43:40:c4:cc:19:1a:41:7e:04:cc:cd:7f:b2:73:d2:
                    9c:4d:02:ea:97:29:91:7a:57:a9:58:0b:ec:5c:91:
                    bd:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F9:7C:AE:D4:22:D8:FE:9F:6B:D7:50:86:44:39:8F:98:DA:09:81
            X509v3 Authority Key Identifier:
                keyid:F9:5F:5A:35:73:8C:32:29:E2:F4:39:45:00:C3:22:C8:27:5A:97:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-V9aNXOMMini9DlFAMMiyCdal6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/d49c21-dead-4dc4-9478-a10b7cc98bc8/1/k_l8rtQi2P6fa9dQhkQ5j5jaCYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/d49c21-dead-4dc4-9478-a10b7cc98bc8/1/1-V9aNXOMMini9DlFAMMiyCdal6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.129.0/24
                IPv6:
                  2a10:fc00::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:c0:98:5e:01:b4:7c:68:91:ba:80:09:76:88:ea:fb:1a:bc:
         4b:ee:12:0d:aa:c8:3f:bd:d5:98:78:d9:47:11:e1:07:4d:d6:
         06:dd:17:53:17:64:43:ac:89:75:24:ca:b3:0a:cc:d6:f1:a3:
         50:aa:4c:8f:4f:24:0a:6c:87:75:91:e8:f5:db:fe:c1:e9:57:
         79:44:e6:8b:3a:fd:29:68:c6:f8:40:b6:e4:43:b4:29:18:c0:
         cf:b2:37:71:62:60:6c:9a:af:53:6e:43:20:57:2c:5c:4d:11:
         76:8f:84:e4:60:50:db:41:9c:ca:f8:b9:e9:6d:7c:a5:b4:97:
         ef:7e:e5:33:6e:d6:87:f1:74:2c:49:0b:c8:9d:29:d4:c8:6b:
         9e:2a:1b:40:33:a5:05:75:ff:8d:36:5c:63:16:e9:05:7a:a5:
         95:c4:c6:a9:3b:70:cf:43:0d:2e:ef:fb:a3:46:a4:f1:06:be:
         f6:2c:28:a4:05:d0:40:9d:f3:42:bc:c4:b1:b5:b5:34:ce:e3:
         4e:fd:9b:7d:de:d3:f9:51:9c:1d:fe:6a:1b:a3:2b:72:13:50:
         ea:64:88:9f:78:26:74:1e:36:b0:5b:1a:f5:75:6c:8d:86:44:
         77:de:95:97:9b:32:5c:d0:0b:9f:59:bc:61:78:e6:b8:47:09:
         4d:23:eb:fb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQj10Hhvzke5yJViq6xpw/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NWY1YTM1NzM4YzMyMjllMmY0Mzk0NTAwYzMyMmM4Mjc1
YTk3YTIwHhcNMjUwMTAxMjE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2Y5N2NhZWQ0MjJkOGZlOWY2YmQ3NTA4NjQ0Mzk4Zjk4ZGEwOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n6TdE1VxhP+OaDj4F1g3ZILmf/G
oVP2hdimpORF/Z1U+ZaasEqiIFRdRMLikXI6DUZwGd6hRWUor3zH5MupP3gwY3rv
MJR8Tg3WVZ4JSSWdOzIVzI75RsR5K+nD+ZcKb9Haybbk1YBThWOTm2MYiLHdV244
5Eie7CqfJPrKByLnEgukPNZQ7K9YOMvCyzcMbcrnCeubdD90jfwYOrMgXKxPhXHH
9QWoYbofpwvOGLZFN7xY5Ub/vu87Xe2ASTgsmfb6PLNZgUw0y9ovd47torkW7u6e
cOlG2S852PhnL05DQMTMGRpBfgTMzX+yc9KcTQLqlymRelepWAvsXJG9kwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJP5fK7UItj+n2vXUIZEOY+Y2gmBMB8GA1UdIwQY
MBaAFPlfWjVzjDIp4vQ5RQDDIsgnWpeiMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1WOWFOWE9NTWluaTlEbEZBTU1peUNkYWw2SS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDEvZDQ5YzIxLWRlYWQtNGRjNC05NDc4
LWExMGI3Y2M5OGJjOC8xL2tfbDhydFFpMlA2ZmE5ZFFoa1E1ajVqYUNZRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDEvZDQ5YzIxLWRlYWQtNGRjNC05NDc4LWExMGI3Y2M5OGJj
OC8xLzEtVjlhTlhPTU1pbmk5RGxGQU1NaXlDZGFsNkkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBADBA4Ew
DQQCAAIwBwMFAyoQ/AAwDQYJKoZIhvcNAQELBQADggEBAHfAmF4BtHxokbqACXaI
6vsavEvuEg2qyD+91Zh42UcR4QdN1gbdF1MXZEOsiXUkyrMKzNbxo1CqTI9PJAps
h3WR6PXb/sHpV3lE5os6/SloxvhAtuRDtCkYwM+yN3FiYGyar1NuQyBXLFxNEXaP
hORgUNtBnMr4ueltfKW0l+9+5TNu1ofxdCxJC8idKdTIa54qG0AzpQV1/402XGMW
6QV6pZXExqk7cM9DDS7v+6NGpPEGvvYsKKQF0ECd80K8xLG1tTTO4079m33e0/lR
nB3+ahujK3ITUOpkiJ94JnQeNrBbGvV1bI2GRHfelZebMlzQC59ZvGF45rhHCU0j
6/s=
-----END CERTIFICATE-----