Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/831f53-90d1-4208-a6d5-c5fe44420c09/1/COcUW0x5kxM0ZoYaE6bjH_ilI5I.roa
File:                     COcUW0x5kxM0ZoYaE6bjH_ilI5I.roa (raw, json)
Hash identifier:          DiDBhNFDOT29doleyEuXM5Xz1UWaH+5+crJRRQCdBnI=
Subject key identifier:   08:E7:14:5B:4C:79:93:13:34:66:86:1A:13:A6:E3:1F:F8:A5:23:92
Certificate issuer:       /CN=6133ec1a240143dae111bb92d192dabf775d81ec
Certificate serial:       019427B5A274D50034F75F7419DAFBEE371C
Authority key identifier: 61:33:EC:1A:24:01:43:DA:E1:11:BB:92:D1:92:DA:BF:77:5D:81:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YTPsGiQBQ9rhEbuS0ZLav3ddgew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/831f53-90d1-4208-a6d5-c5fe44420c09/1/COcUW0x5kxM0ZoYaE6bjH_ilI5I.roa
Signing time:             Thu 02 Jan 2025 15:50:02 +0000
ROA not before:           Thu 02 Jan 2025 15:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57225
IP address blocks:        193.150.106.0/24 maxlen: 24
                          2a0a:b400::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/831f53-90d1-4208-a6d5-c5fe44420c09/1/YTPsGiQBQ9rhEbuS0ZLav3ddgew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/831f53-90d1-4208-a6d5-c5fe44420c09/1/YTPsGiQBQ9rhEbuS0ZLav3ddgew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YTPsGiQBQ9rhEbuS0ZLav3ddgew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:a2:74:d5:00:34:f7:5f:74:19:da:fb:ee:37:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6133ec1a240143dae111bb92d192dabf775d81ec
        Validity
            Not Before: Jan  2 15:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08e7145b4c7993133466861a13a6e31ff8a52392
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bc:42:fb:c3:9a:ca:f4:02:5c:e8:ed:d5:98:
                    f2:62:b8:7d:06:38:4a:00:b3:e0:fe:c2:bd:75:32:
                    d6:af:38:9f:3d:b2:09:b5:0b:c1:b0:dd:bb:aa:72:
                    9f:88:21:8c:b4:05:49:98:19:2c:37:e0:63:33:a5:
                    78:07:35:f0:bb:b9:61:78:c6:a9:d7:22:c9:03:86:
                    26:ac:2e:dc:79:07:0b:f2:69:e9:13:c3:5e:2d:57:
                    fc:92:20:80:21:53:b3:7f:03:9c:62:bd:8f:21:31:
                    f8:91:c0:61:c5:f6:9f:8e:8b:94:09:5b:c9:6e:1a:
                    b7:a9:04:7f:f5:c4:34:29:09:b3:22:f2:03:37:1d:
                    01:60:5d:3c:19:77:bc:66:5d:5e:43:cf:c1:c6:7f:
                    ef:ed:35:c2:20:1c:68:b3:27:d1:ca:5a:15:a7:31:
                    ea:8d:63:93:03:ed:85:f6:a5:c5:84:45:02:60:05:
                    ff:df:77:e4:5e:ed:cf:c9:9f:12:18:66:b9:3d:39:
                    4d:0c:c2:ac:fc:0c:49:fb:88:99:39:1b:84:ed:3d:
                    69:68:57:7e:61:05:20:32:f7:73:1e:96:3f:d8:c8:
                    e2:32:46:64:8d:c6:53:5b:bc:6b:e3:f1:1f:a2:47:
                    dd:4f:38:c3:1d:83:57:fe:aa:65:f1:99:2e:bc:94:
                    e6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E7:14:5B:4C:79:93:13:34:66:86:1A:13:A6:E3:1F:F8:A5:23:92
            X509v3 Authority Key Identifier:
                keyid:61:33:EC:1A:24:01:43:DA:E1:11:BB:92:D1:92:DA:BF:77:5D:81:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YTPsGiQBQ9rhEbuS0ZLav3ddgew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/831f53-90d1-4208-a6d5-c5fe44420c09/1/COcUW0x5kxM0ZoYaE6bjH_ilI5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/831f53-90d1-4208-a6d5-c5fe44420c09/1/YTPsGiQBQ9rhEbuS0ZLav3ddgew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.106.0/24
                IPv6:
                  2a0a:b400::/31

    Signature Algorithm: sha256WithRSAEncryption
         44:9f:2e:ea:f3:ae:cb:48:ec:9f:85:f2:9e:d7:46:0c:a6:f4:
         09:f7:1c:bd:fe:3b:d7:75:de:76:dd:33:f7:a7:a7:9f:37:7a:
         59:99:ae:90:52:7a:96:99:37:82:41:34:11:8b:e2:3d:23:b8:
         fe:8f:00:22:77:d8:aa:cc:b7:37:7b:dd:9b:64:8d:91:b2:14:
         59:45:1b:e7:57:83:1d:4e:2f:72:9a:e1:a9:76:79:7a:6b:be:
         a9:2e:fe:8b:06:f4:12:8a:01:c6:8a:9f:f6:58:eb:5f:8c:5a:
         8a:a0:34:d0:bb:26:88:34:c0:50:06:18:8d:82:05:d0:aa:c3:
         79:60:33:4b:1f:48:2d:7d:7f:07:6b:ba:96:14:f5:b3:90:ab:
         0e:b2:9b:13:f5:43:90:f6:88:79:48:57:de:96:91:4c:23:28:
         e7:3e:94:4d:9c:00:59:16:13:40:d0:1f:30:3f:db:ae:d6:60:
         93:b0:dd:17:20:17:a8:a9:9a:dd:62:a4:eb:a8:03:ff:6f:d1:
         a0:46:5c:a6:fb:9b:8b:fb:a7:23:1f:44:d3:82:a8:af:bd:b0:
         98:d8:df:b5:fb:06:4b:b8:44:8e:6d:02:82:04:0c:ff:ad:6d:
         fd:90:a5:c1:75:a0:9c:6e:b6:f8:fc:c9:48:14:59:80:07:42:
         6e:f6:25:2c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntaJ01QA09190Gdr77jccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxMzNlYzFhMjQwMTQzZGFlMTExYmI5MmQxOTJkYWJmNzc1
ZDgxZWMwHhcNMjUwMTAyMTU1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGU3MTQ1YjRjNzk5MzEzMzQ2Njg2MWExM2E2ZTMxZmY4YTUyMzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLxC+8OayvQCXOjt1ZjyYrh9BjhK
ALPg/sK9dTLWrzifPbIJtQvBsN27qnKfiCGMtAVJmBksN+BjM6V4BzXwu7lheMap
1yLJA4YmrC7ceQcL8mnpE8NeLVf8kiCAIVOzfwOcYr2PITH4kcBhxfafjouUCVvJ
bhq3qQR/9cQ0KQmzIvIDNx0BYF08GXe8Zl1eQ8/Bxn/v7TXCIBxosyfRyloVpzHq
jWOTA+2F9qXFhEUCYAX/33fkXu3PyZ8SGGa5PTlNDMKs/AxJ+4iZORuE7T1paFd+
YQUgMvdzHpY/2MjiMkZkjcZTW7xr4/EfokfdTzjDHYNX/qpl8ZkuvJTm9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAjnFFtMeZMTNGaGGhOm4x/4pSOSMB8GA1UdIwQY
MBaAFGEz7BokAUPa4RG7ktGS2r93XYHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVRQc0dpUUJROXJoRWJ1UzBaTGF2M2RkZ2V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84MzFmNTMtOTBkMS00MjA4LWE2ZDUt
YzVmZTQ0NDIwYzA5LzEvQ09jVVcweDVreE0wWm9ZYUU2YmpIX2lsSTVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84MzFmNTMtOTBkMS00MjA4LWE2ZDUtYzVmZTQ0NDIwYzA5
LzEvWVRQc0dpUUJROXJoRWJ1UzBaTGF2M2RkZ2V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwZZqMA0E
AgACMAcDBQEqCrQAMA0GCSqGSIb3DQEBCwUAA4IBAQBEny7q867LSOyfhfKe10YM
pvQJ9xy9/jvXdd523TP3p6efN3pZma6QUnqWmTeCQTQRi+I9I7j+jwAid9iqzLc3
e92bZI2RshRZRRvnV4MdTi9ymuGpdnl6a76pLv6LBvQSigHGip/2WOtfjFqKoDTQ
uyaINMBQBhiNggXQqsN5YDNLH0gtfX8Ha7qWFPWzkKsOspsT9UOQ9oh5SFfelpFM
IyjnPpRNnABZFhNA0B8wP9uu1mCTsN0XIBeoqZrdYqTrqAP/b9GgRlym+5uL+6cj
H0TTgqivvbCY2N+1+wZLuESObQKCBAz/rW39kKXBdaCcbrb4/MlIFFmAB0Ju9iUs
-----END CERTIFICATE-----