Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/a621a8-e079-4a14-98ba-e36a9793ea6d/1/CpPRk_TNW4CH4jbImpFoaI2OcL4.roa
File:                     CpPRk_TNW4CH4jbImpFoaI2OcL4.roa (raw, json)
Hash identifier:          eYYsy6V5aRdmdwv40uWtw/bgoED55t23eDlp8kMf818=
Subject key identifier:   0A:93:D1:93:F4:CD:5B:80:87:E2:36:C8:9A:91:68:68:8D:8E:70:BE
Certificate issuer:       /CN=ba79c50080297cb9cc0cc934ee389f50c3e73d4a
Certificate serial:       01942521B581C8947DD2810C16718358AC02
Authority key identifier: BA:79:C5:00:80:29:7C:B9:CC:0C:C9:34:EE:38:9F:50:C3:E7:3D:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/unnFAIApfLnMDMk07jifUMPnPUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/a621a8-e079-4a14-98ba-e36a9793ea6d/1/CpPRk_TNW4CH4jbImpFoaI2OcL4.roa
Signing time:             Thu 02 Jan 2025 03:49:13 +0000
ROA not before:           Thu 02 Jan 2025 03:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49337
IP address blocks:        193.26.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/a621a8-e079-4a14-98ba-e36a9793ea6d/1/unnFAIApfLnMDMk07jifUMPnPUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/a621a8-e079-4a14-98ba-e36a9793ea6d/1/unnFAIApfLnMDMk07jifUMPnPUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/unnFAIApfLnMDMk07jifUMPnPUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b5:81:c8:94:7d:d2:81:0c:16:71:83:58:ac:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba79c50080297cb9cc0cc934ee389f50c3e73d4a
        Validity
            Not Before: Jan  2 03:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a93d193f4cd5b8087e236c89a9168688d8e70be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d3:4c:84:5a:85:4d:75:58:51:5a:5d:10:49:
                    5c:e8:f4:b8:b5:3e:bd:9a:53:29:82:f8:6e:b5:88:
                    c4:8c:dc:00:41:19:c5:00:d6:ed:e6:7a:bb:e0:2b:
                    90:b6:f7:6a:3c:ab:69:cd:ef:95:a6:c3:68:50:c6:
                    ba:f5:67:bb:91:b7:e1:a6:bd:c1:bc:5a:0f:20:ec:
                    1c:74:56:09:8b:9f:93:63:81:8e:da:bf:79:16:7d:
                    e6:c7:4f:22:8c:da:97:41:1e:47:46:c1:5c:a5:9f:
                    ae:0a:a5:d1:e0:09:44:34:c8:90:d9:50:94:4f:78:
                    8a:68:8f:f4:5b:5f:70:ff:29:1f:4a:77:76:c4:fa:
                    fe:ba:1a:e4:c4:10:ed:c0:42:79:f7:9b:ba:f7:44:
                    e0:34:a2:2b:47:a1:de:fd:1a:a5:9f:7e:b7:74:8d:
                    b0:d4:5e:c0:33:12:2c:68:a3:17:3b:e9:57:67:09:
                    b4:18:5a:c1:18:c3:a4:65:48:fd:28:bd:ea:93:69:
                    31:46:f2:bc:6e:f4:cf:33:0e:32:32:23:6b:c3:5f:
                    bc:f7:3a:0f:62:97:0a:a0:05:ee:64:e9:6c:a2:8e:
                    02:58:d1:34:fc:a5:e8:8f:40:ef:52:2b:de:44:65:
                    43:1e:45:39:85:0d:d1:0a:37:e0:ca:b0:a7:e7:63:
                    d9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:93:D1:93:F4:CD:5B:80:87:E2:36:C8:9A:91:68:68:8D:8E:70:BE
            X509v3 Authority Key Identifier:
                keyid:BA:79:C5:00:80:29:7C:B9:CC:0C:C9:34:EE:38:9F:50:C3:E7:3D:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/unnFAIApfLnMDMk07jifUMPnPUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a621a8-e079-4a14-98ba-e36a9793ea6d/1/CpPRk_TNW4CH4jbImpFoaI2OcL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/a621a8-e079-4a14-98ba-e36a9793ea6d/1/unnFAIApfLnMDMk07jifUMPnPUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:f0:51:eb:eb:75:29:56:37:58:47:45:b9:ae:5e:fe:41:f6:
         40:1f:9a:1b:f5:86:e7:4a:95:54:21:97:62:b0:3c:b8:f2:73:
         6c:a8:32:de:6a:70:4e:fc:57:9a:de:f0:a5:62:27:08:a8:19:
         5c:65:5d:a6:62:d5:bc:a0:83:90:f4:2a:b8:0b:53:ba:63:3b:
         39:75:39:e1:ef:d1:6c:de:c1:79:92:ff:71:94:81:8d:f2:a6:
         ae:81:ad:71:da:e0:02:6a:06:51:78:a4:69:d2:71:57:ae:68:
         05:8e:35:2d:1f:f7:27:ed:3e:2c:d5:d7:84:68:b2:f4:6b:95:
         22:46:2a:ee:89:6c:89:97:f0:24:dc:7b:1d:c4:2c:95:76:32:
         be:94:82:69:12:5e:dd:62:cf:6b:e1:50:12:b4:b8:64:8b:81:
         98:b7:ec:28:06:08:14:ee:9c:36:3e:fd:c1:8b:bb:2c:7e:84:
         ed:48:cc:85:37:95:56:a3:4b:f1:c4:1c:f1:25:e2:4d:68:30:
         ae:9c:43:df:1f:6b:aa:f2:99:7e:ae:e8:98:2a:e6:44:a5:85:
         1f:37:67:11:81:e3:cb:35:2b:18:a1:40:c7:f1:97:f6:d3:76:
         43:cf:0f:dd:d6:aa:67:db:92:de:e9:e7:94:ed:ba:48:fd:b3:
         44:55:82:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbWByJR90oEMFnGDWKwCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNzljNTAwODAyOTdjYjljYzBjYzkzNGVlMzg5ZjUwYzNl
NzNkNGEwHhcNMjUwMTAyMDM0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTkzZDE5M2Y0Y2Q1YjgwODdlMjM2Yzg5YTkxNjg2ODhkOGU3MGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztNMhFqFTXVYUVpdEElc6PS4tT69
mlMpgvhutYjEjNwAQRnFANbt5nq74CuQtvdqPKtpze+VpsNoUMa69We7kbfhpr3B
vFoPIOwcdFYJi5+TY4GO2r95Fn3mx08ijNqXQR5HRsFcpZ+uCqXR4AlENMiQ2VCU
T3iKaI/0W19w/ykfSnd2xPr+uhrkxBDtwEJ595u690TgNKIrR6He/Rqln363dI2w
1F7AMxIsaKMXO+lXZwm0GFrBGMOkZUj9KL3qk2kxRvK8bvTPMw4yMiNrw1+89zoP
YpcKoAXuZOlsoo4CWNE0/KXoj0DvUiveRGVDHkU5hQ3RCjfgyrCn52PZcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqT0ZP0zVuAh+I2yJqRaGiNjnC+MB8GA1UdIwQY
MBaAFLp5xQCAKXy5zAzJNO44n1DD5z1KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW5uRkFJQXBmTG5NRE1rMDdqaWZVTVBuUFVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9hNjIxYTgtZTA3OS00YTE0LTk4YmEt
ZTM2YTk3OTNlYTZkLzEvQ3BQUmtfVE5XNENINGpiSW1wRm9hSTJPY0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9hNjIxYTgtZTA3OS00YTE0LTk4YmEtZTM2YTk3OTNlYTZk
LzEvdW5uRkFJQXBmTG5NRE1rMDdqaWZVTVBuUFVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRrRMA0G
CSqGSIb3DQEBCwUAA4IBAQA88FHr63UpVjdYR0W5rl7+QfZAH5ob9YbnSpVUIZdi
sDy48nNsqDLeanBO/Fea3vClYicIqBlcZV2mYtW8oIOQ9Cq4C1O6Yzs5dTnh79Fs
3sF5kv9xlIGN8qauga1x2uACagZReKRp0nFXrmgFjjUtH/cn7T4s1deEaLL0a5Ui
RiruiWyJl/Ak3HsdxCyVdjK+lIJpEl7dYs9r4VAStLhki4GYt+woBggU7pw2Pv3B
i7ssfoTtSMyFN5VWo0vxxBzxJeJNaDCunEPfH2uq8pl+ruiYKuZEpYUfN2cRgePL
NSsYoUDH8Zf203ZDzw/d1qpn25Le6eeU7bpI/bNEVYIn
-----END CERTIFICATE-----