Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ryTyw64KDoM9VZcpVTbfxAnFAMA.roa
File:                     ryTyw64KDoM9VZcpVTbfxAnFAMA.roa (raw, json)
Hash identifier:          Qe3Z/a1dn0vF5jF0XsGDyAzcP+kHfxv4VC1drPYspAw=
Subject key identifier:   AF:24:F2:C3:AE:0A:0E:83:3D:55:97:29:55:36:DF:C4:09:C5:00:C0
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBC4F5F50CB6D10B78616C15C43B11
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ryTyw64KDoM9VZcpVTbfxAnFAMA.roa
Signing time:             Wed 01 Jan 2025 17:48:32 +0000
ROA not before:           Wed 01 Jan 2025 17:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214774
IP address blocks:        193.30.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c4:f5:f5:0c:b6:d1:0b:78:61:6c:15:c4:3b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af24f2c3ae0a0e833d5597295536dfc409c500c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:14:65:ca:7b:34:d8:40:d1:2d:c2:2c:f7:84:
                    23:d6:99:08:04:bf:24:dc:88:b8:6c:45:ee:4c:b5:
                    f0:43:f0:85:27:04:8d:a3:f7:44:d0:cc:30:ca:66:
                    e8:59:e7:66:a4:f4:81:2c:26:87:84:f3:cf:aa:db:
                    e6:2a:7f:49:34:0e:3d:72:67:a1:0a:8d:66:fd:cd:
                    80:4b:88:55:f4:cb:ff:27:81:d8:9d:9b:d3:50:ba:
                    35:6d:5d:63:db:ae:be:64:37:a5:33:03:52:57:d4:
                    aa:16:57:f6:69:4f:7e:39:4e:7c:dc:6d:37:56:b8:
                    62:36:5e:a1:b0:1e:86:b3:60:1c:cc:7f:99:50:be:
                    59:8d:19:20:19:15:3d:f0:88:81:1c:da:77:56:3d:
                    8a:b0:be:92:c8:db:d4:47:00:ae:3d:e7:24:4f:a8:
                    ed:2b:c6:d9:dc:65:f9:ff:f5:3f:3a:ca:c0:a4:a5:
                    aa:67:2c:d2:19:cd:c3:df:52:81:5f:1f:37:d3:2e:
                    b6:31:fa:97:40:cd:5f:96:ae:34:17:6e:92:cf:c3:
                    9d:52:7c:da:ee:a8:0b:94:57:09:dd:6b:e0:4e:0b:
                    c5:97:79:25:49:99:d0:d5:b3:fe:d3:b8:39:a2:54:
                    3f:05:33:59:14:ee:2e:6c:f3:0f:21:a6:e7:87:bc:
                    e3:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:24:F2:C3:AE:0A:0E:83:3D:55:97:29:55:36:DF:C4:09:C5:00:C0
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ryTyw64KDoM9VZcpVTbfxAnFAMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:19:f9:d4:5c:85:b2:41:82:9f:11:45:fb:99:76:25:1a:a2:
         22:6b:c0:01:91:ff:33:eb:22:54:1d:89:0f:62:78:53:dd:06:
         89:05:4d:b3:97:89:d4:ab:0b:25:3e:ed:5a:8e:fe:4c:e2:8e:
         15:56:a8:45:bc:1b:b5:13:a0:b6:d2:88:c3:a3:62:c4:11:f4:
         ee:a4:56:f3:15:66:4f:14:4f:9b:5e:0a:83:6d:a5:51:b5:c6:
         3d:d4:8d:10:e0:ed:c9:51:67:08:3a:d9:4c:b2:7d:82:cd:3c:
         80:3a:03:0d:9e:10:36:ab:d7:0a:90:65:f7:c5:b7:8c:23:dc:
         ca:ce:fa:36:a2:f8:18:ce:66:e0:c9:83:e3:51:cd:08:61:12:
         59:32:6d:da:da:4e:5e:50:7d:05:d8:0a:17:65:79:93:da:f3:
         dc:92:86:45:e6:59:70:30:59:8b:35:a3:8d:2f:db:7b:93:f1:
         be:1d:13:73:e7:65:b2:26:93:b0:29:6e:fa:40:df:97:07:e0:
         b5:e8:a3:9e:69:1f:45:af:52:86:bc:3b:23:e4:29:55:de:c3:
         64:0f:4b:04:ed:75:42:b2:9f:29:7a:bc:be:9f:6b:98:d5:3e:
         a8:c7:da:96:1f:1c:d7:f5:3c:20:1c:7d:fa:66:a2:cb:c1:07:
         77:72:eb:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+8T19Qy20Qt4YWwVxDsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjI0ZjJjM2FlMGEwZTgzM2Q1NTk3Mjk1NTM2ZGZjNDA5YzUwMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohRlyns02EDRLcIs94Qj1pkIBL8k
3Ii4bEXuTLXwQ/CFJwSNo/dE0MwwymboWedmpPSBLCaHhPPPqtvmKn9JNA49cmeh
Co1m/c2AS4hV9Mv/J4HYnZvTULo1bV1j266+ZDelMwNSV9SqFlf2aU9+OU583G03
VrhiNl6hsB6Gs2AczH+ZUL5ZjRkgGRU98IiBHNp3Vj2KsL6SyNvURwCuPeckT6jt
K8bZ3GX5//U/OsrApKWqZyzSGc3D31KBXx830y62MfqXQM1flq40F26Sz8OdUnza
7qgLlFcJ3WvgTgvFl3klSZnQ1bP+07g5olQ/BTNZFO4ubPMPIabnh7zjTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8k8sOuCg6DPVWXKVU238QJxQDAMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvcnlUeXc2NEtEb005VlpjcFZUYmZ4QW5GQU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR7xMA0G
CSqGSIb3DQEBCwUAA4IBAQAvGfnUXIWyQYKfEUX7mXYlGqIia8ABkf8z6yJUHYkP
YnhT3QaJBU2zl4nUqwslPu1ajv5M4o4VVqhFvBu1E6C20ojDo2LEEfTupFbzFWZP
FE+bXgqDbaVRtcY91I0Q4O3JUWcIOtlMsn2CzTyAOgMNnhA2q9cKkGX3xbeMI9zK
zvo2ovgYzmbgyYPjUc0IYRJZMm3a2k5eUH0F2AoXZXmT2vPckoZF5llwMFmLNaON
L9t7k/G+HRNz52WyJpOwKW76QN+XB+C16KOeaR9Fr1KGvDsj5ClV3sNkD0sE7XVC
sp8pery+n2uY1T6ox9qWHxzX9TwgHH36ZqLLwQd3cuur
-----END CERTIFICATE-----