Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/024554-7aa6-4c9f-a487-df7b45be46c7/1/z5t3MUctHGLyNYnasAsmy7myIE0.roa
File:                     z5t3MUctHGLyNYnasAsmy7myIE0.roa (raw, json)
Hash identifier:          mO/iLAoYiC6aPBgVm4fsRrMygy6NYm/K/6/lkuaPce4=
Subject key identifier:   CF:9B:77:31:47:2D:1C:62:F2:35:89:DA:B0:0B:26:CB:B9:B2:20:4D
Certificate issuer:       /CN=28069b4ec047c6c2d80a4992e4228b317cc8b20c
Certificate serial:       019424B3BBE18426247F51ED8A2FC10A4B21
Authority key identifier: 28:06:9B:4E:C0:47:C6:C2:D8:0A:49:92:E4:22:8B:31:7C:C8:B2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KAabTsBHxsLYCkmS5CKLMXzIsgw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/024554-7aa6-4c9f-a487-df7b45be46c7/1/z5t3MUctHGLyNYnasAsmy7myIE0.roa
Signing time:             Thu 02 Jan 2025 01:49:06 +0000
ROA not before:           Thu 02 Jan 2025 01:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212435
IP address blocks:        193.163.76.0/24 maxlen: 24
                          2a12:4b80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/024554-7aa6-4c9f-a487-df7b45be46c7/1/KAabTsBHxsLYCkmS5CKLMXzIsgw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/024554-7aa6-4c9f-a487-df7b45be46c7/1/KAabTsBHxsLYCkmS5CKLMXzIsgw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KAabTsBHxsLYCkmS5CKLMXzIsgw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:bb:e1:84:26:24:7f:51:ed:8a:2f:c1:0a:4b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28069b4ec047c6c2d80a4992e4228b317cc8b20c
        Validity
            Not Before: Jan  2 01:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf9b7731472d1c62f23589dab00b26cbb9b2204d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:69:7d:62:1b:d3:ec:58:81:a3:19:69:08:40:
                    2b:93:ed:6b:21:dc:85:53:50:b0:d6:a3:e2:d3:ec:
                    45:bf:2c:2b:e8:9d:9f:e9:89:27:f5:df:dd:02:99:
                    03:e6:27:22:23:cd:4e:e1:3e:f4:fa:c4:35:26:3a:
                    90:bc:37:7d:87:10:c7:45:ea:6f:f3:91:8a:b2:48:
                    2c:af:77:09:fa:25:cd:41:0a:d0:e2:b8:23:c0:f6:
                    55:d6:44:67:0a:6f:2d:30:5d:cf:26:5b:44:63:f6:
                    14:15:68:7d:95:eb:28:8d:14:af:37:75:2d:26:04:
                    30:47:ed:73:37:0e:33:23:64:6a:5c:fb:40:f1:83:
                    e1:f6:ed:6e:ec:4c:73:5f:3a:08:3b:46:e3:42:6c:
                    64:90:2e:3d:ab:02:3b:f5:bd:14:5d:fc:be:8c:1a:
                    b6:44:ea:94:98:98:8e:cd:e8:43:13:40:7a:41:ce:
                    02:96:6d:5d:12:99:09:07:b0:7c:d2:69:02:76:76:
                    dd:c0:4f:dd:b7:a5:cb:e3:53:2e:9c:dc:82:20:e6:
                    5d:e3:97:64:2c:0e:bf:7c:22:07:e7:f8:86:3d:c0:
                    77:26:fc:dd:27:18:c2:09:f9:1c:07:1f:4e:4c:d2:
                    5a:63:b3:df:3d:a2:4a:fd:ea:bc:7f:bd:e2:e4:6e:
                    ad:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:9B:77:31:47:2D:1C:62:F2:35:89:DA:B0:0B:26:CB:B9:B2:20:4D
            X509v3 Authority Key Identifier:
                keyid:28:06:9B:4E:C0:47:C6:C2:D8:0A:49:92:E4:22:8B:31:7C:C8:B2:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KAabTsBHxsLYCkmS5CKLMXzIsgw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/024554-7aa6-4c9f-a487-df7b45be46c7/1/z5t3MUctHGLyNYnasAsmy7myIE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/024554-7aa6-4c9f-a487-df7b45be46c7/1/KAabTsBHxsLYCkmS5CKLMXzIsgw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.76.0/24
                IPv6:
                  2a12:4b80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:be:10:d2:92:18:45:7d:db:a8:c0:90:ea:2e:7b:ac:a7:51:
         fd:54:f8:25:06:3c:d3:7d:1c:96:f9:8e:9a:54:e5:5e:ee:a5:
         65:b3:c7:b4:b2:80:19:ea:57:e4:f8:57:10:42:9c:45:a2:59:
         ad:07:63:5d:be:f3:4d:4d:be:f6:4c:28:9c:e1:20:e5:88:51:
         2d:5f:6a:04:57:97:a5:91:b7:b3:ad:29:1b:62:54:a8:27:35:
         a8:74:f9:55:2e:54:3e:5c:71:53:7a:b5:1a:36:6d:76:6b:71:
         d3:0f:98:32:85:d4:4c:b4:8b:40:6c:95:9f:eb:47:28:15:62:
         d0:d7:41:da:a4:ae:06:f3:ab:1e:41:d0:89:e3:ec:40:73:f7:
         06:a1:d2:c7:d7:e3:2f:48:a3:6f:20:67:ba:aa:84:9d:fc:69:
         d4:76:87:6e:21:43:36:51:e0:7a:26:9c:62:d2:ca:c0:2c:60:
         09:1e:40:29:59:be:e6:7a:8f:14:49:a8:68:55:65:f9:86:41:
         ec:5a:8f:93:21:c8:76:78:2d:de:33:f6:0c:08:9c:5b:a6:87:
         1b:71:2e:c1:d5:fb:9a:e5:8d:1d:fd:fa:5e:a9:6d:a4:70:7f:
         61:6c:14:1b:f5:bf:7d:76:ae:0f:4e:ac:d1:a9:80:75:3d:5c:
         bc:7f:98:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks7vhhCYkf1Htii/BCkshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MDY5YjRlYzA0N2M2YzJkODBhNDk5MmU0MjI4YjMxN2Nj
OGIyMGMwHhcNMjUwMTAyMDE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjliNzczMTQ3MmQxYzYyZjIzNTg5ZGFiMDBiMjZjYmI5YjIyMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ml9YhvT7FiBoxlpCEArk+1rIdyF
U1Cw1qPi0+xFvywr6J2f6Ykn9d/dApkD5iciI81O4T70+sQ1JjqQvDd9hxDHRepv
85GKskgsr3cJ+iXNQQrQ4rgjwPZV1kRnCm8tMF3PJltEY/YUFWh9lesojRSvN3Ut
JgQwR+1zNw4zI2RqXPtA8YPh9u1u7ExzXzoIO0bjQmxkkC49qwI79b0UXfy+jBq2
ROqUmJiOzehDE0B6Qc4Clm1dEpkJB7B80mkCdnbdwE/dt6XL41MunNyCIOZd45dk
LA6/fCIH5/iGPcB3JvzdJxjCCfkcBx9OTNJaY7PfPaJK/eq8f73i5G6t9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFM+bdzFHLRxi8jWJ2rALJsu5siBNMB8GA1UdIwQY
MBaAFCgGm07AR8bC2ApJkuQiizF8yLIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0FhYlRzQkh4c0xZQ2ttUzVDS0xNWHpJc2d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8wMjQ1NTQtN2FhNi00YzlmLWE0ODct
ZGY3YjQ1YmU0NmM3LzEvejV0M01VY3RIR0x5TlluYXNBc215N215SUUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8wMjQ1NTQtN2FhNi00YzlmLWE0ODctZGY3YjQ1YmU0NmM3
LzEvS0FhYlRzQkh4c0xZQ2ttUzVDS0xNWHpJc2d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaNMMA0E
AgACMAcDBQMqEkuAMA0GCSqGSIb3DQEBCwUAA4IBAQCwvhDSkhhFfduowJDqLnus
p1H9VPglBjzTfRyW+Y6aVOVe7qVls8e0soAZ6lfk+FcQQpxFolmtB2NdvvNNTb72
TCic4SDliFEtX2oEV5elkbezrSkbYlSoJzWodPlVLlQ+XHFTerUaNm12a3HTD5gy
hdRMtItAbJWf60coFWLQ10HapK4G86seQdCJ4+xAc/cGodLH1+MvSKNvIGe6qoSd
/GnUdoduIUM2UeB6Jpxi0srALGAJHkApWb7meo8USahoVWX5hkHsWo+TIch2eC3e
M/YMCJxbpocbcS7B1fua5Y0d/fpeqW2kcH9hbBQb9b99dq4PTqzRqYB1PVy8f5hX
-----END CERTIFICATE-----