Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/833FmQyz-5vw3V1ZpD3pqMArHGw.roa
File:                     833FmQyz-5vw3V1ZpD3pqMArHGw.roa (raw, json)
Hash identifier:          eyX1KEkROJtBb4g504oMdjM6lbQ+P16xnRGxTkb5zHU=
Subject key identifier:   F3:7D:C5:99:0C:B3:FB:9B:F0:DD:5D:59:A4:3D:E9:A8:C0:2B:1C:6C
Certificate issuer:       /CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
Certificate serial:       019421443A4B6B97FD44011040F638D90309
Authority key identifier: E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/833FmQyz-5vw3V1ZpD3pqMArHGw.roa
Signing time:             Wed 01 Jan 2025 09:48:26 +0000
ROA not before:           Wed 01 Jan 2025 09:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58192
IP address blocks:        185.93.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3a:4b:6b:97:fd:44:01:10:40:f6:38:d9:03:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f37dc5990cb3fb9bf0dd5d59a43de9a8c02b1c6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:68:de:77:da:7a:d0:cb:57:65:a7:52:57:df:
                    b2:b4:4a:ef:7a:82:47:3f:e4:35:42:fc:8e:89:5e:
                    32:67:c8:cf:fe:29:dc:ab:92:82:43:c4:72:d5:44:
                    03:20:a5:6a:97:fa:dd:84:ee:3b:5b:52:43:fb:c7:
                    40:43:d7:39:c9:3c:b0:c7:e7:7d:60:64:1e:e6:a2:
                    bb:84:31:c3:de:28:77:4e:1e:80:ac:c8:7b:37:76:
                    30:89:e2:46:0b:83:a0:0e:ea:b4:93:0a:81:f1:a1:
                    dd:cd:36:ed:2e:cc:5c:c5:51:4d:d9:ea:dc:1e:7d:
                    71:6a:fb:88:95:27:db:96:6f:c6:5f:ab:36:72:4b:
                    03:81:04:1c:1b:69:c1:f0:7f:92:24:60:96:1f:c2:
                    28:e9:d9:6c:78:00:ca:72:68:d1:74:ac:5c:19:cb:
                    0d:26:22:48:e4:7e:bb:b0:56:22:d7:c5:86:d8:78:
                    8e:d6:70:08:2b:80:93:b4:47:7f:df:27:84:f2:af:
                    ae:ec:b3:14:f5:75:2c:4c:35:7d:f8:06:c0:ac:55:
                    b8:2b:38:9f:80:1c:97:62:22:0a:97:e3:16:fa:93:
                    e2:ab:fb:03:aa:45:cc:9d:7d:9b:51:71:52:70:39:
                    ac:a2:49:d0:09:b5:8e:2e:e3:d9:47:b6:e3:06:7e:
                    6c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:7D:C5:99:0C:B3:FB:9B:F0:DD:5D:59:A4:3D:E9:A8:C0:2B:1C:6C
            X509v3 Authority Key Identifier:
                keyid:E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/833FmQyz-5vw3V1ZpD3pqMArHGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:94:67:3f:cb:9e:61:8a:6c:01:7b:60:31:dc:d1:94:c2:34:
         63:43:9c:b0:5c:a7:d2:b7:ed:f8:bf:2b:fa:a7:dc:5e:b1:4e:
         4f:bb:bb:6e:86:2b:8c:d7:62:7e:f2:ea:b9:de:b1:62:88:39:
         1b:f0:f6:49:8a:e6:5e:9f:80:e9:bf:fb:90:d7:e8:a9:e9:d1:
         95:be:65:7e:2a:d0:75:da:40:4b:09:c2:5e:21:1a:c2:6e:88:
         ad:9d:e1:1e:7d:a7:8b:b0:34:4f:40:2a:a2:76:ce:cd:00:65:
         4b:1f:0a:57:90:6c:96:20:c6:00:96:e9:c2:5b:60:e5:7f:41:
         8a:ce:9e:55:16:92:a2:e3:06:df:7a:e0:23:46:fb:17:6f:a5:
         f5:ea:de:21:8b:1c:2c:8b:6c:69:ed:8b:9f:8b:8e:9f:09:52:
         38:9f:cd:0f:7b:08:d8:2b:84:16:ab:c5:f5:b1:75:ca:28:c0:
         b9:db:6b:56:e0:f0:11:85:65:51:34:01:f2:d1:84:8e:2c:b2:
         e5:d8:da:6e:0a:16:ac:f9:fb:a9:25:0d:d6:b2:9a:05:28:d8:
         08:ee:ab:d0:02:11:a6:ab:fa:ac:32:e4:9d:84:02:81:9b:98:
         34:c1:26:b6:a5:f6:4d:eb:8b:dd:4b:13:de:bf:c4:a2:d7:2b:
         34:9f:1d:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDpLa5f9RAEQQPY42QMJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDczZmZjM2YzN2M0ZmVjNGJkMzVhZDFjNTk1Y2QwNTZi
YWVjZmQwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzdkYzU5OTBjYjNmYjliZjBkZDVkNTlhNDNkZTlhOGMwMmIxYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmjed9p60MtXZadSV9+ytErveoJH
P+Q1QvyOiV4yZ8jP/incq5KCQ8Ry1UQDIKVql/rdhO47W1JD+8dAQ9c5yTywx+d9
YGQe5qK7hDHD3ih3Th6ArMh7N3YwieJGC4OgDuq0kwqB8aHdzTbtLsxcxVFN2erc
Hn1xavuIlSfblm/GX6s2cksDgQQcG2nB8H+SJGCWH8Io6dlseADKcmjRdKxcGcsN
JiJI5H67sFYi18WG2HiO1nAIK4CTtEd/3yeE8q+u7LMU9XUsTDV9+AbArFW4Kzif
gByXYiIKl+MW+pPiq/sDqkXMnX2bUXFScDmsoknQCbWOLuPZR7bjBn5sEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPN9xZkMs/ub8N1dWaQ96ajAKxxsMB8GA1UdIwQY
MBaAFOLXP/w/N8T+xL01rRxZXNBWuuz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUt
YWEwYzRkYzAzMjIyLzEvODMzRm1ReXotNXZ3M1YxWnBEM3BxTUFySEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUtYWEwYzRkYzAzMjIy
LzEvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBRlGc/y55himwBe2Ax3NGUwjRjQ5ywXKfSt+34vyv6
p9xesU5Pu7tuhiuM12J+8uq53rFiiDkb8PZJiuZen4Dpv/uQ1+ip6dGVvmV+KtB1
2kBLCcJeIRrCboitneEefaeLsDRPQCqids7NAGVLHwpXkGyWIMYAlunCW2Dlf0GK
zp5VFpKi4wbfeuAjRvsXb6X16t4hixwsi2xp7Yufi46fCVI4n80PewjYK4QWq8X1
sXXKKMC522tW4PARhWVRNAHy0YSOLLLl2NpuChas+fupJQ3WspoFKNgI7qvQAhGm
q/qsMuSdhAKBm5g0wSa2pfZN64vdSxPev8Si1ys0nx1P
-----END CERTIFICATE-----