Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/1753bc-d276-4713-8ed2-d236d96cc2af/1/dZWIYeeWNbXNuMF0JZsgr8bqLZQ.roa
File:                     dZWIYeeWNbXNuMF0JZsgr8bqLZQ.roa (raw, json)
Hash identifier:          jkH79btlNu7Vh1mNk5V4h+zv+b9+mvicQIK2SNJi8Ss=
Subject key identifier:   75:95:88:61:E7:96:35:B5:CD:B8:C1:74:25:9B:20:AF:C6:EA:2D:94
Certificate issuer:       /CN=cf1280119f440eb99c1e64d735f2db1efcf93827
Certificate serial:       019449DFEA91DC8FF635CE467634C28ACA0A
Authority key identifier: CF:12:80:11:9F:44:0E:B9:9C:1E:64:D7:35:F2:DB:1E:FC:F9:38:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zxKAEZ9EDrmcHmTXNfLbHvz5OCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/1753bc-d276-4713-8ed2-d236d96cc2af/1/dZWIYeeWNbXNuMF0JZsgr8bqLZQ.roa
Signing time:             Thu 09 Jan 2025 07:03:18 +0000
ROA not before:           Thu 09 Jan 2025 07:03:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        193.105.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/1753bc-d276-4713-8ed2-d236d96cc2af/1/zxKAEZ9EDrmcHmTXNfLbHvz5OCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/1753bc-d276-4713-8ed2-d236d96cc2af/1/zxKAEZ9EDrmcHmTXNfLbHvz5OCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zxKAEZ9EDrmcHmTXNfLbHvz5OCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:49:df:ea:91:dc:8f:f6:35:ce:46:76:34:c2:8a:ca:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1280119f440eb99c1e64d735f2db1efcf93827
        Validity
            Not Before: Jan  9 07:03:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75958861e79635b5cdb8c174259b20afc6ea2d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:c7:fb:22:01:2a:29:c2:8c:98:36:80:9e:51:
                    e8:5b:45:2b:35:7b:81:ba:7e:9e:10:19:04:f8:f9:
                    ae:96:b4:88:83:93:8e:87:8a:30:d4:e8:03:68:42:
                    3b:6e:02:39:0f:83:01:f3:c3:ef:85:74:ca:a9:ea:
                    1d:d5:44:21:7e:39:bc:bb:2e:b8:84:4c:d9:61:6e:
                    f9:59:68:73:4d:cc:61:07:3c:84:02:50:db:04:8b:
                    12:7f:5e:a9:9a:d4:1a:0e:2a:04:5d:77:e0:f6:d2:
                    4f:ae:72:55:2a:d9:fa:48:29:ea:b8:f0:03:2f:28:
                    72:4a:03:ae:3e:7f:d3:14:2a:44:e8:75:02:b3:4c:
                    1f:4c:16:f9:fd:54:11:bd:95:0c:a4:3b:b6:5c:42:
                    6c:f4:08:95:f6:7e:4e:ca:4c:67:72:22:db:71:c1:
                    bc:70:a7:b7:6e:00:ef:7b:5f:d9:1a:d8:58:d7:8b:
                    35:26:b0:b7:8d:f2:b2:20:c1:f7:4d:60:3a:b0:c1:
                    73:f0:d1:5c:f8:f9:04:ef:d8:da:81:f8:9e:13:c2:
                    09:2e:3e:c2:92:d2:47:b6:e4:ff:02:5f:8e:1a:18:
                    ea:6b:f4:4b:85:2a:a2:12:89:06:e1:c2:a6:f3:11:
                    1a:e0:1b:96:9b:d4:d8:fa:59:ec:0b:7b:50:37:5e:
                    8e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:95:88:61:E7:96:35:B5:CD:B8:C1:74:25:9B:20:AF:C6:EA:2D:94
            X509v3 Authority Key Identifier:
                keyid:CF:12:80:11:9F:44:0E:B9:9C:1E:64:D7:35:F2:DB:1E:FC:F9:38:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zxKAEZ9EDrmcHmTXNfLbHvz5OCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1753bc-d276-4713-8ed2-d236d96cc2af/1/dZWIYeeWNbXNuMF0JZsgr8bqLZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/1753bc-d276-4713-8ed2-d236d96cc2af/1/zxKAEZ9EDrmcHmTXNfLbHvz5OCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:b2:88:dd:1b:c4:3b:49:90:69:b9:29:a8:e1:f1:3d:d9:78:
         46:25:74:89:d5:f2:25:3b:65:5a:19:fa:6f:a5:25:c1:db:95:
         33:59:58:2a:25:02:f0:16:ff:da:8c:85:78:e7:58:ff:19:d2:
         2a:0f:8b:7e:24:a5:4a:13:eb:f4:bf:27:0b:6a:f3:a6:ee:d9:
         22:4b:f1:2d:58:9f:f5:53:9c:43:6e:bc:da:e5:75:eb:49:8a:
         f8:fd:af:9f:3b:0a:92:1a:83:38:61:63:92:1e:45:ca:64:88:
         65:78:84:4a:c9:63:46:62:90:84:9f:ca:51:ad:df:77:0b:50:
         0e:fe:6d:a8:66:d8:2d:06:00:0a:14:96:09:ea:72:d0:3d:0b:
         49:9f:7b:3b:3e:d5:6d:bc:48:9c:d5:94:6c:b0:fc:bb:8a:79:
         0c:2a:9f:8c:ab:eb:d1:d1:82:ef:c8:e4:b8:70:10:cf:d6:86:
         47:72:f9:b7:74:b0:5c:67:d3:38:f1:a1:c3:77:e5:34:19:e7:
         98:95:90:2e:92:bf:2b:b5:43:e3:8a:d3:26:0f:fd:d5:e1:e5:
         2f:3f:73:2a:f0:fa:7c:7b:19:83:ed:fb:da:d8:45:3f:d4:dd:
         cf:be:25:87:26:ab:5a:92:23:2f:c0:72:2b:28:47:f9:76:50:
         f0:ad:f9:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRJ3+qR3I/2Nc5GdjTCisoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMTI4MDExOWY0NDBlYjk5YzFlNjRkNzM1ZjJkYjFlZmNm
OTM4MjcwHhcNMjUwMTA5MDcwMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTk1ODg2MWU3OTYzNWI1Y2RiOGMxNzQyNTliMjBhZmM2ZWEyZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Mf7IgEqKcKMmDaAnlHoW0UrNXuB
un6eEBkE+PmulrSIg5OOh4ow1OgDaEI7bgI5D4MB88PvhXTKqeod1UQhfjm8uy64
hEzZYW75WWhzTcxhBzyEAlDbBIsSf16pmtQaDioEXXfg9tJPrnJVKtn6SCnquPAD
LyhySgOuPn/TFCpE6HUCs0wfTBb5/VQRvZUMpDu2XEJs9AiV9n5OykxnciLbccG8
cKe3bgDve1/ZGthY14s1JrC3jfKyIMH3TWA6sMFz8NFc+PkE79jagfieE8IJLj7C
ktJHtuT/Al+OGhjqa/RLhSqiEokG4cKm8xEa4BuWm9TY+lnsC3tQN16ODQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWViGHnljW1zbjBdCWbIK/G6i2UMB8GA1UdIwQY
MBaAFM8SgBGfRA65nB5k1zXy2x78+TgnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenhLQUVaOUVEcm1jSG1UWE5mTGJIdno1T0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8xNzUzYmMtZDI3Ni00NzEzLThlZDIt
ZDIzNmQ5NmNjMmFmLzEvZFpXSVllZVdOYlhOdU1GMEpac2dyOGJxTFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8xNzUzYmMtZDI3Ni00NzEzLThlZDItZDIzNmQ5NmNjMmFm
LzEvenhLQUVaOUVEcm1jSG1UWE5mTGJIdno1T0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkhMA0G
CSqGSIb3DQEBCwUAA4IBAQC5sojdG8Q7SZBpuSmo4fE92XhGJXSJ1fIlO2VaGfpv
pSXB25UzWVgqJQLwFv/ajIV451j/GdIqD4t+JKVKE+v0vycLavOm7tkiS/EtWJ/1
U5xDbrza5XXrSYr4/a+fOwqSGoM4YWOSHkXKZIhleIRKyWNGYpCEn8pRrd93C1AO
/m2oZtgtBgAKFJYJ6nLQPQtJn3s7PtVtvEic1ZRssPy7inkMKp+Mq+vR0YLvyOS4
cBDP1oZHcvm3dLBcZ9M48aHDd+U0GeeYlZAukr8rtUPjitMmD/3V4eUvP3Mq8Pp8
exmD7fva2EU/1N3PviWHJqtakiMvwHIrKEf5dlDwrfl3
-----END CERTIFICATE-----