Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/mLlBxSB38d4ESKzSw_Din8N_6zE.roa
File:                     mLlBxSB38d4ESKzSw_Din8N_6zE.roa (raw, json)
Hash identifier:          1kbvxfhEWDZFpTM5FNtHdajKII8cz8bt1yQtdO/MM54=
Subject key identifier:   98:B9:41:C5:20:77:F1:DE:04:48:AC:D2:C3:F0:E2:9F:C3:7F:EB:31
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420683DD6E182A7782AAE53E0F682D5EC
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/mLlBxSB38d4ESKzSw_Din8N_6zE.roa
Signing time:             Wed 01 Jan 2025 05:48:10 +0000
ROA not before:           Wed 01 Jan 2025 05:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42745
IP address blocks:        193.233.15.0/24 maxlen: 24
                          193.233.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3d:d6:e1:82:a7:78:2a:ae:53:e0:f6:82:d5:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98b941c52077f1de0448acd2c3f0e29fc37feb31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:81:8e:ae:a9:4c:47:12:cf:a8:3b:7c:d0:9d:
                    b7:59:a9:19:59:dc:0a:a0:8f:5a:97:fe:dc:8f:2a:
                    59:3f:e4:25:34:cf:bb:1a:1e:d7:b2:5e:dd:a2:de:
                    0a:18:4b:5f:28:f0:f7:cc:a4:04:9c:46:98:83:33:
                    15:b9:6a:35:f9:e9:e0:b1:e1:17:bb:c4:2e:ce:f9:
                    37:b6:54:e7:ee:19:c2:08:3f:de:40:00:46:99:60:
                    bf:c2:15:23:a2:d3:5b:b5:47:1c:87:23:40:ed:5c:
                    d2:8e:2d:58:1a:5d:3b:60:b1:09:88:cf:ef:4e:be:
                    1a:55:15:87:37:7e:7f:10:ef:ab:ad:13:ff:55:0a:
                    ad:65:59:31:f1:e6:9f:26:d0:03:c4:a7:48:a1:65:
                    80:7f:50:aa:a9:87:04:bb:eb:2c:0b:e5:80:38:ef:
                    af:f7:f8:97:05:d8:54:f8:0d:52:23:4a:24:84:fc:
                    37:96:39:e5:d9:47:15:d4:08:16:be:e7:7d:3a:d1:
                    da:c8:10:93:74:f0:d1:8e:6a:d0:2e:af:97:90:b1:
                    0b:ce:1a:32:e6:9b:1b:19:1d:96:a3:d0:41:71:75:
                    e1:72:95:48:24:7c:c4:34:ff:5f:54:b3:83:3e:54:
                    b2:30:c6:70:a4:90:fd:a2:0b:b1:8c:88:0e:04:75:
                    1d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B9:41:C5:20:77:F1:DE:04:48:AC:D2:C3:F0:E2:9F:C3:7F:EB:31
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/mLlBxSB38d4ESKzSw_Din8N_6zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.15.0/24
                  193.233.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:e3:61:e9:96:09:09:97:84:3e:a6:18:8f:9a:22:1d:0d:d3:
         47:aa:12:a3:a8:f3:f3:a9:a7:62:44:4e:46:54:38:95:b2:54:
         dc:6b:56:9b:9c:63:cf:c1:33:22:0d:25:5f:85:ef:e1:53:f6:
         d7:bc:45:f2:2a:0b:77:ee:df:34:12:eb:cc:bd:f1:6d:b8:f4:
         9b:af:2b:34:b2:30:76:2e:67:a0:a3:3e:ac:8e:c7:a8:82:eb:
         26:7b:c0:30:1e:7a:68:17:71:40:6c:ba:f6:98:47:fc:d2:5c:
         9f:27:cb:dc:dd:1d:97:ec:96:20:02:b4:6c:9b:64:55:5f:4a:
         68:e3:db:90:da:46:e6:c3:ec:3f:32:37:67:a1:f8:6e:5c:94:
         c2:1d:8f:20:4e:68:d3:85:a4:74:97:fd:53:1c:8d:22:2f:0a:
         4a:f3:68:04:3e:b3:b4:1d:5a:bb:6b:c0:7d:53:ad:ee:cb:6c:
         dd:e4:52:b4:18:db:fc:09:9e:6e:b8:c6:3b:7e:ac:f0:45:6f:
         42:ea:14:da:8c:26:cb:6d:98:53:b7:5a:9e:9f:ef:1b:0c:40:
         83:ed:f1:1a:75:37:e3:23:20:10:f6:2b:f9:8a:16:e1:6f:1c:
         16:c7:35:17:c0:91:a5:a0:59:3e:58:76:de:65:2a:f4:f8:71:
         7e:56:67:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaD3W4YKneCquU+D2gtXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGI5NDFjNTIwNzdmMWRlMDQ0OGFjZDJjM2YwZTI5ZmMzN2ZlYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYGOrqlMRxLPqDt80J23WakZWdwK
oI9al/7cjypZP+QlNM+7Gh7Xsl7dot4KGEtfKPD3zKQEnEaYgzMVuWo1+engseEX
u8Quzvk3tlTn7hnCCD/eQABGmWC/whUjotNbtUcchyNA7VzSji1YGl07YLEJiM/v
Tr4aVRWHN35/EO+rrRP/VQqtZVkx8eafJtADxKdIoWWAf1CqqYcEu+ssC+WAOO+v
9/iXBdhU+A1SI0okhPw3ljnl2UcV1AgWvud9OtHayBCTdPDRjmrQLq+XkLELzhoy
5psbGR2Wo9BBcXXhcpVIJHzENP9fVLODPlSyMMZwpJD9oguxjIgOBHUdPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJi5QcUgd/HeBEis0sPw4p/Df+sxMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbUxsQnhTQjM4ZDRFU0t6U3dfRGluOE5fNnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwekPAwQA
wek/MA0GCSqGSIb3DQEBCwUAA4IBAQCU42HplgkJl4Q+phiPmiIdDdNHqhKjqPPz
qadiRE5GVDiVslTca1abnGPPwTMiDSVfhe/hU/bXvEXyKgt37t80EuvMvfFtuPSb
rys0sjB2Lmegoz6sjseogusme8AwHnpoF3FAbLr2mEf80lyfJ8vc3R2X7JYgArRs
m2RVX0po49uQ2kbmw+w/MjdnofhuXJTCHY8gTmjThaR0l/1THI0iLwpK82gEPrO0
HVq7a8B9U63uy2zd5FK0GNv8CZ5uuMY7fqzwRW9C6hTajCbLbZhTt1qen+8bDECD
7fEadTfjIyAQ9iv5ihbhbxwWxzUXwJGloFk+WHbeZSr0+HF+Vmc1
-----END CERTIFICATE-----