Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yD7X46pBCO7BwQX3ZZtriaBTxpo.roa
File:                     yD7X46pBCO7BwQX3ZZtriaBTxpo.roa (raw, json)
Hash identifier:          fyGWx3aXb0fyNeT9Nor3HmsuApSnF9PPXHUrr2UngfY=
Subject key identifier:   C8:3E:D7:E3:AA:41:08:EE:C1:C1:05:F7:65:9B:6B:89:A0:53:C6:9A
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       019420684A581608E13DAD21C8EE9B634611
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yD7X46pBCO7BwQX3ZZtriaBTxpo.roa
Signing time:             Wed 01 Jan 2025 05:48:13 +0000
ROA not before:           Wed 01 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62005
IP address blocks:        193.233.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4a:58:16:08:e1:3d:ad:21:c8:ee:9b:63:46:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c83ed7e3aa4108eec1c105f7659b6b89a053c69a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8b:58:f4:ac:1a:40:fb:17:65:41:12:0b:83:
                    11:3d:61:f4:d0:1d:15:9c:54:a3:dc:9a:d5:a4:90:
                    35:6a:2c:a0:41:0b:0e:66:e9:5c:a2:df:e7:ea:7c:
                    6c:68:cb:e8:d9:c4:cd:28:d7:5d:bc:93:8a:25:62:
                    bc:70:86:95:83:ff:81:c3:55:83:48:7a:e0:e8:be:
                    09:c7:fb:64:50:5f:95:f3:e2:ae:f9:c5:37:6a:c1:
                    06:e2:4b:21:2f:58:d8:4d:b5:51:e6:49:31:32:80:
                    bd:6d:fb:a5:a8:15:54:4a:5c:08:ac:5a:e9:ba:8e:
                    eb:2c:2a:b9:d3:23:a8:e1:bc:0e:b8:03:b3:de:9d:
                    b1:d4:7f:ed:3b:87:de:6f:89:c8:e7:d3:ea:33:06:
                    76:93:e7:16:a9:71:ae:7a:29:de:15:71:73:0b:f8:
                    2f:d6:9b:b0:bb:4f:f8:08:eb:7b:16:bf:f1:d6:b4:
                    8f:6c:91:35:8d:f4:d4:71:42:5f:da:cf:ef:67:b8:
                    e5:cb:55:3b:9a:3e:56:c5:a6:35:74:5b:53:71:e4:
                    10:e1:a6:a9:a9:1f:d0:86:14:65:38:3c:99:fe:0e:
                    3f:76:e8:41:c2:c4:e8:c3:2c:19:0c:74:03:9c:b3:
                    86:f1:ae:20:ea:ff:ac:9c:10:59:fc:93:e0:a8:9b:
                    a6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:3E:D7:E3:AA:41:08:EE:C1:C1:05:F7:65:9B:6B:89:A0:53:C6:9A
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yD7X46pBCO7BwQX3ZZtriaBTxpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:d3:bf:61:79:1a:4f:c1:d5:05:3c:e4:25:24:c8:8f:57:1c:
         0a:02:fc:d7:be:bf:2f:9c:94:b0:34:a1:a8:ce:2c:ce:d6:89:
         83:49:4b:d4:94:0c:dd:49:a2:a6:a8:aa:ef:67:92:60:f2:3a:
         04:1b:df:09:fe:6b:44:79:3a:76:c5:7e:83:ad:c1:48:4d:fa:
         3a:3a:87:50:c9:3c:2a:9c:46:b2:52:70:86:14:ef:c6:b3:ef:
         37:84:cf:9a:57:cf:1d:e0:01:ff:0a:01:0b:03:62:fd:cd:38:
         d9:26:fb:0d:b4:b0:17:3f:35:61:f9:d5:74:03:6d:da:9d:0e:
         f5:ac:9e:29:1f:c7:cf:8d:8c:f8:a2:b8:b0:86:da:31:a3:ef:
         c1:50:fe:59:1a:9f:40:c3:6c:bd:20:8f:ba:bd:8f:c8:43:c3:
         80:fe:53:19:24:5d:0f:bd:1a:aa:89:a1:1c:71:34:88:9b:7d:
         2e:36:8a:f1:ed:00:71:12:73:45:5d:27:1c:42:fc:1d:15:fd:
         a4:5a:a4:d4:21:27:ee:56:5b:13:96:6f:7b:8d:8b:b7:fd:a4:
         54:94:72:2c:60:77:08:23:18:7c:96:51:9c:82:68:c0:c4:c8:
         43:5a:07:8e:d5:57:b5:25:16:5d:de:e4:30:04:07:e4:34:7b:
         a9:8b:49:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaEpYFgjhPa0hyO6bY0YRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODNlZDdlM2FhNDEwOGVlYzFjMTA1Zjc2NTliNmI4OWEwNTNjNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4tY9KwaQPsXZUESC4MRPWH00B0V
nFSj3JrVpJA1aiygQQsOZulcot/n6nxsaMvo2cTNKNddvJOKJWK8cIaVg/+Bw1WD
SHrg6L4Jx/tkUF+V8+Ku+cU3asEG4kshL1jYTbVR5kkxMoC9bfulqBVUSlwIrFrp
uo7rLCq50yOo4bwOuAOz3p2x1H/tO4feb4nI59PqMwZ2k+cWqXGueineFXFzC/gv
1puwu0/4COt7Fr/x1rSPbJE1jfTUcUJf2s/vZ7jly1U7mj5WxaY1dFtTceQQ4aap
qR/QhhRlODyZ/g4/duhBwsTowywZDHQDnLOG8a4g6v+snBBZ/JPgqJum6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMg+1+OqQQjuwcEF92Wba4mgU8aaMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveUQ3WDQ2cEJDTzdCd1FYM1padHJpYUJUeHBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwenJMA0G
CSqGSIb3DQEBCwUAA4IBAQAd079heRpPwdUFPOQlJMiPVxwKAvzXvr8vnJSwNKGo
zizO1omDSUvUlAzdSaKmqKrvZ5Jg8joEG98J/mtEeTp2xX6DrcFITfo6OodQyTwq
nEayUnCGFO/Gs+83hM+aV88d4AH/CgELA2L9zTjZJvsNtLAXPzVh+dV0A23anQ71
rJ4pH8fPjYz4oriwhtoxo+/BUP5ZGp9Aw2y9II+6vY/IQ8OA/lMZJF0PvRqqiaEc
cTSIm30uNorx7QBxEnNFXSccQvwdFf2kWqTUISfuVlsTlm97jYu3/aRUlHIsYHcI
Ixh8llGcgmjAxMhDWgeO1Ve1JRZd3uQwBAfkNHupi0lA
-----END CERTIFICATE-----