Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/AW_xXvWFujKuLbVm-SnUT_Zjgxw.roa
File:                     AW_xXvWFujKuLbVm-SnUT_Zjgxw.roa (raw, json)
Hash identifier:          nFG/6G17wzGxW8RG1K73vy6beJj5zW9L3o6YXtPyInc=
Subject key identifier:   01:6F:F1:5E:F5:85:BA:32:AE:2D:B5:66:F9:29:D4:4F:F6:63:83:1C
Certificate issuer:       /CN=961b9df745c32df27df33ebcfd536f19e13474fe
Certificate serial:       019428232373263DF00D2409DC9611F0644C
Authority key identifier: 96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/AW_xXvWFujKuLbVm-SnUT_Zjgxw.roa
Signing time:             Thu 02 Jan 2025 17:49:38 +0000
ROA not before:           Thu 02 Jan 2025 17:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.100.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:23:73:26:3d:f0:0d:24:09:dc:96:11:f0:64:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=961b9df745c32df27df33ebcfd536f19e13474fe
        Validity
            Not Before: Jan  2 17:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=016ff15ef585ba32ae2db566f929d44ff663831c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:23:23:41:86:83:d0:e1:1c:53:95:5c:fb:a4:
                    f7:0c:fe:2c:16:5e:ba:b6:3d:89:87:62:2c:04:35:
                    97:a5:f6:42:91:e3:40:16:ee:fb:ce:59:72:0f:f6:
                    72:8e:0b:34:4f:b1:39:a1:89:91:30:ce:ae:9c:ec:
                    8c:2b:f7:0e:a2:c3:d9:c5:a1:68:f9:be:86:22:fa:
                    b7:74:2a:83:bd:bf:03:75:16:c9:26:bc:2a:88:57:
                    23:03:af:12:73:da:ed:e5:cc:35:47:9c:8b:42:b9:
                    b9:30:4a:38:5c:c1:2b:2c:3c:87:7e:12:89:b0:8e:
                    fe:79:ec:a6:c1:e6:95:a7:25:c0:9b:cd:86:4c:41:
                    bd:72:31:c5:81:eb:49:e3:0a:70:90:fd:2f:71:18:
                    72:93:ca:dc:11:4e:ac:6d:c1:3c:46:f2:89:7c:e1:
                    6c:12:24:3b:84:79:ae:de:4e:ba:29:c6:94:eb:46:
                    5d:93:47:7b:9a:fb:0f:14:80:9f:8f:87:03:eb:33:
                    fd:a9:ed:89:75:ba:83:96:ee:1a:e9:62:7e:0a:88:
                    54:e4:34:a6:38:ba:53:07:5f:af:3d:13:dc:a7:7f:
                    0c:aa:0f:85:f9:ac:c6:0b:b9:65:c2:fa:69:21:8b:
                    28:86:85:77:9f:dc:1e:d4:93:03:8a:74:c9:7e:c1:
                    17:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:6F:F1:5E:F5:85:BA:32:AE:2D:B5:66:F9:29:D4:4F:F6:63:83:1C
            X509v3 Authority Key Identifier:
                keyid:96:1B:9D:F7:45:C3:2D:F2:7D:F3:3E:BC:FD:53:6F:19:E1:34:74:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhud90XDLfJ98z68_VNvGeE0dP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/AW_xXvWFujKuLbVm-SnUT_Zjgxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e84920-f5cb-46d7-bc99-fe53210b57b6/1/lhud90XDLfJ98z68_VNvGeE0dP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:38:30:9e:9f:b6:e6:0b:71:75:a3:5f:5d:98:37:00:ea:ca:
         75:8d:7d:a3:5c:cd:91:b6:3c:2f:d0:b5:b7:17:99:1d:fe:b7:
         8c:19:53:59:f9:5b:4d:24:94:69:0e:b0:23:c2:84:ac:8c:85:
         fc:34:60:2b:ac:11:23:e2:ec:37:10:07:dd:db:ea:54:b6:08:
         b6:92:13:02:1d:de:ab:a0:4e:3f:2a:f6:06:36:e7:37:1c:b5:
         79:57:30:84:bc:76:fb:7e:44:eb:79:cd:14:a8:a7:37:40:4d:
         f0:0b:27:b8:53:4f:89:6a:a6:0f:c4:c8:68:89:f0:03:d7:8d:
         49:ae:74:6d:94:47:c7:c5:be:2b:ac:60:82:22:c5:a9:04:55:
         87:f8:45:a0:09:47:6d:c6:78:c2:3d:eb:47:1a:cd:37:d3:55:
         3d:2a:a4:cb:ef:b0:25:2f:0c:36:a0:bf:ba:bd:07:1b:ad:b0:
         43:7a:d6:3c:74:69:a9:2b:31:37:00:af:42:a4:c9:43:f1:5f:
         15:b1:18:ed:cd:1b:00:8a:81:f4:b0:37:3b:d3:7a:bc:fb:d5:
         a5:d5:24:b7:30:d0:21:17:82:96:13:30:e4:93:33:e7:1b:81:
         e5:f5:9d:ee:2d:f7:2e:50:c0:61:61:21:00:5f:90:90:15:13:
         7f:92:98:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIyNzJj3wDSQJ3JYR8GRMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MWI5ZGY3NDVjMzJkZjI3ZGYzM2ViY2ZkNTM2ZjE5ZTEz
NDc0ZmUwHhcNMjUwMTAyMTc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTZmZjE1ZWY1ODViYTMyYWUyZGI1NjZmOTI5ZDQ0ZmY2NjM4MzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSMjQYaD0OEcU5Vc+6T3DP4sFl66
tj2Jh2IsBDWXpfZCkeNAFu77zllyD/Zyjgs0T7E5oYmRMM6unOyMK/cOosPZxaFo
+b6GIvq3dCqDvb8DdRbJJrwqiFcjA68Sc9rt5cw1R5yLQrm5MEo4XMErLDyHfhKJ
sI7+eeymweaVpyXAm82GTEG9cjHFgetJ4wpwkP0vcRhyk8rcEU6sbcE8RvKJfOFs
EiQ7hHmu3k66KcaU60Zdk0d7mvsPFICfj4cD6zP9qe2JdbqDlu4a6WJ+CohU5DSm
OLpTB1+vPRPcp38Mqg+F+azGC7llwvppIYsohoV3n9we1JMDinTJfsEXawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFv8V71hboyri21Zvkp1E/2Y4McMB8GA1UdIwQY
MBaAFJYbnfdFwy3yffM+vP1TbxnhNHT+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGh1ZDkwWERMZko5OHo2OF9WTnZHZUUwZFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9lODQ5MjAtZjVjYi00NmQ3LWJjOTkt
ZmU1MzIxMGI1N2I2LzEvQVdfeFh2V0Z1akt1TGJWbS1TblVUX1pqZ3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9lODQ5MjAtZjVjYi00NmQ3LWJjOTktZmU1MzIxMGI1N2I2
LzEvbGh1ZDkwWERMZko5OHo2OF9WTnZHZUUwZFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWRAMA0G
CSqGSIb3DQEBCwUAA4IBAQBhODCen7bmC3F1o19dmDcA6sp1jX2jXM2Rtjwv0LW3
F5kd/reMGVNZ+VtNJJRpDrAjwoSsjIX8NGArrBEj4uw3EAfd2+pUtgi2khMCHd6r
oE4/KvYGNuc3HLV5VzCEvHb7fkTrec0UqKc3QE3wCye4U0+JaqYPxMhoifAD141J
rnRtlEfHxb4rrGCCIsWpBFWH+EWgCUdtxnjCPetHGs0301U9KqTL77AlLww2oL+6
vQcbrbBDetY8dGmpKzE3AK9CpMlD8V8VsRjtzRsAioH0sDc703q8+9Wl1SS3MNAh
F4KWEzDkkzPnG4Hl9Z3uLfcuUMBhYSEAX5CQFRN/kpgo
-----END CERTIFICATE-----