Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/y9f-4HN3LvWji3fYLAdLYvEigj0.roa
File:                     y9f-4HN3LvWji3fYLAdLYvEigj0.roa (raw, json)
Hash identifier:          kai4Orn4fEO8WvpGZ/k46/aPzrmPcAZu6UF1CXncRd8=
Subject key identifier:   CB:D7:FE:E0:73:77:2E:F5:A3:8B:77:D8:2C:07:4B:62:F1:22:82:3D
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420685109CBA816C7DB8F7EEB62476F03
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/y9f-4HN3LvWji3fYLAdLYvEigj0.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204898
IP address blocks:        193.233.5.0/24 maxlen: 24
                          193.233.7.0/24 maxlen: 24
                          193.233.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:51:09:cb:a8:16:c7:db:8f:7e:eb:62:47:6f:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbd7fee073772ef5a38b77d82c074b62f122823d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cd:67:96:7b:07:1a:9e:23:fc:29:98:0b:fc:
                    da:49:a7:91:b9:ae:b0:62:62:02:c2:e9:21:ba:58:
                    85:15:87:3f:26:88:09:d7:44:d0:cf:e2:d0:da:e1:
                    ae:e5:f8:68:36:af:0b:40:1c:7e:a3:6d:e9:d4:be:
                    9d:d8:32:3a:e9:8f:43:be:d0:5f:af:9a:b3:41:24:
                    8f:c5:d8:02:15:3b:4c:fa:b5:7a:5b:a9:e3:30:7b:
                    b4:09:cc:57:93:14:51:31:00:1c:b2:6b:05:96:ff:
                    d3:c6:09:94:d0:08:a3:9f:15:05:17:88:09:a6:39:
                    d9:7d:0a:a0:f4:db:40:ad:21:ad:3d:c2:7a:d0:c5:
                    ac:d1:be:96:5b:af:49:08:79:c5:81:9a:31:83:a1:
                    79:26:1b:c7:3d:a7:13:59:c4:96:78:28:cb:2a:07:
                    cf:ec:a4:ff:06:c0:81:f9:d9:f4:00:d5:4d:6b:0b:
                    2a:2b:f1:60:a8:7c:60:9a:9e:01:a1:17:69:02:be:
                    55:04:9b:0e:1a:3f:a5:3b:dc:0f:30:60:70:de:5c:
                    74:b0:0e:3f:65:44:8c:9d:17:97:d6:dd:e5:4d:8e:
                    8b:84:d0:73:56:fa:32:32:b6:c3:76:f6:68:27:20:
                    5d:a5:9a:4e:bb:3e:96:e3:58:78:76:3d:75:fb:87:
                    06:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:D7:FE:E0:73:77:2E:F5:A3:8B:77:D8:2C:07:4B:62:F1:22:82:3D
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/y9f-4HN3LvWji3fYLAdLYvEigj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.5.0/24
                  193.233.7.0/24
                  193.233.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:81:48:3f:9a:53:70:e4:f6:87:c7:31:f0:76:ee:ca:ee:d8:
         cc:cb:98:a2:f4:b3:34:dd:24:51:b1:14:27:e0:b0:cc:ca:51:
         02:ac:5b:a0:3d:58:32:24:e5:d0:ad:1d:a5:44:b3:71:98:ff:
         d9:2a:06:b7:95:7e:64:3b:0c:6a:83:d8:59:fd:39:ab:be:a9:
         80:3a:07:68:cb:30:c3:fe:97:c1:a2:50:5a:68:ff:3a:5b:88:
         4a:64:9a:9f:96:38:28:33:a8:17:ce:ac:43:b7:bc:65:f0:42:
         46:8f:2c:f0:f9:8b:d9:1b:ec:fa:9c:80:79:c5:ea:a0:8d:bc:
         e3:f1:89:7b:8b:de:2a:cb:a7:69:f0:98:99:c5:22:3d:bc:4e:
         e7:4d:9f:64:c5:e4:c7:89:77:48:b0:08:08:86:4a:6f:91:15:
         31:89:95:94:e0:38:db:93:75:6e:20:c1:d2:ce:e8:8e:1c:d4:
         c6:5c:68:b3:87:19:40:fe:ac:43:67:a6:9e:5f:6f:49:64:5a:
         66:c5:05:13:3d:10:ec:15:25:fe:6d:dc:2a:f9:aa:e3:a6:12:
         7b:22:7e:35:54:c4:ee:5b:63:9a:f3:d4:29:7c:1f:a7:34:a1:
         69:c7:91:92:90:6c:2a:74:80:22:5a:05:c5:34:fd:c7:57:df:
         05:fa:a5:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQgaFEJy6gWx9uPfutiR28DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmQ3ZmVlMDczNzcyZWY1YTM4Yjc3ZDgyYzA3NGI2MmYxMjI4MjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw81nlnsHGp4j/CmYC/zaSaeRua6w
YmICwukhuliFFYc/JogJ10TQz+LQ2uGu5fhoNq8LQBx+o23p1L6d2DI66Y9DvtBf
r5qzQSSPxdgCFTtM+rV6W6njMHu0CcxXkxRRMQAcsmsFlv/TxgmU0AijnxUFF4gJ
pjnZfQqg9NtArSGtPcJ60MWs0b6WW69JCHnFgZoxg6F5JhvHPacTWcSWeCjLKgfP
7KT/BsCB+dn0ANVNawsqK/FgqHxgmp4BoRdpAr5VBJsOGj+lO9wPMGBw3lx0sA4/
ZUSMnReX1t3lTY6LhNBzVvoyMrbDdvZoJyBdpZpOuz6W41h4dj11+4cGtwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMvX/uBzdy71o4t32CwHS2LxIoI9MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveTlmLTRITjNMdldqaTNmWUxBZExZdkVpZ2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwekFAwQA
wekHAwQAwemXMA0GCSqGSIb3DQEBCwUAA4IBAQAGgUg/mlNw5PaHxzHwdu7K7tjM
y5ii9LM03SRRsRQn4LDMylECrFugPVgyJOXQrR2lRLNxmP/ZKga3lX5kOwxqg9hZ
/TmrvqmAOgdoyzDD/pfBolBaaP86W4hKZJqfljgoM6gXzqxDt7xl8EJGjyzw+YvZ
G+z6nIB5xeqgjbzj8Yl7i94qy6dp8JiZxSI9vE7nTZ9kxeTHiXdIsAgIhkpvkRUx
iZWU4Djbk3VuIMHSzuiOHNTGXGizhxlA/qxDZ6aeX29JZFpmxQUTPRDsFSX+bdwq
+arjphJ7In41VMTuW2Oa89QpfB+nNKFpx5GSkGwqdIAiWgXFNP3HV98F+qUN
-----END CERTIFICATE-----