Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1Ngy1ODEHs93JvmL96-tYNCSYwE.roa
File:                     1Ngy1ODEHs93JvmL96-tYNCSYwE.roa (raw, json)
Hash identifier:          bx1a2G2LT8Uwu3zq0jzkOHV7fEnokyI6prTwxyHY314=
Subject key identifier:   D4:D8:32:D4:E0:C4:1E:CF:77:26:F9:8B:F7:AF:AD:60:D0:92:63:01
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01946F6BDA261E58D3E3DD813F93B9C859DA
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1Ngy1ODEHs93JvmL96-tYNCSYwE.roa
Signing time:             Thu 16 Jan 2025 14:02:06 +0000
ROA not before:           Thu 16 Jan 2025 14:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62403
IP address blocks:        193.221.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6f:6b:da:26:1e:58:d3:e3:dd:81:3f:93:b9:c8:59:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan 16 14:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4d832d4e0c41ecf7726f98bf7afad60d0926301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:36:a9:33:b0:74:e6:46:8a:e9:c5:a0:eb:96:
                    5c:06:ad:d0:98:01:e5:8b:dd:1d:3f:8a:eb:ab:37:
                    67:9d:05:02:d9:ba:45:02:19:eb:a6:c2:44:ef:01:
                    8e:f4:36:fc:72:ba:e2:a4:db:49:43:2d:7b:2d:12:
                    80:90:6b:d4:62:67:b1:91:43:a6:d4:be:20:d8:0d:
                    c0:21:25:ee:bf:94:b4:28:b7:3e:c8:45:5b:7b:51:
                    50:a0:7b:2d:eb:6f:38:e3:19:65:a8:3d:13:92:ef:
                    78:85:f3:ca:d5:a9:00:9f:17:3e:ff:4e:b4:04:4c:
                    3e:ec:c3:28:bb:fb:1d:26:2d:c3:6e:3d:90:af:b0:
                    a6:23:50:a6:cd:02:dd:11:08:2e:f4:aa:03:4c:9b:
                    b9:82:82:8c:f2:ca:03:98:94:81:6e:44:3e:43:68:
                    f8:77:57:17:a5:c7:fb:19:7a:3f:c5:32:de:75:f7:
                    fc:3d:f4:55:76:e1:ff:95:09:ae:1a:c6:23:36:1e:
                    11:76:a9:42:ba:a9:71:85:c2:db:02:94:e8:2a:bf:
                    51:19:7c:96:d6:a6:b7:bf:fa:ac:63:e4:45:52:47:
                    98:ef:89:9a:20:f1:bf:26:d9:f9:4f:58:81:16:01:
                    49:bf:f0:7f:f8:36:ff:f2:54:b3:55:be:a9:ad:d4:
                    11:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D8:32:D4:E0:C4:1E:CF:77:26:F9:8B:F7:AF:AD:60:D0:92:63:01
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/1Ngy1ODEHs93JvmL96-tYNCSYwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.221.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:73:f4:83:7c:fe:85:f4:10:6e:43:0b:9f:79:67:81:9b:99:
         69:b0:c7:b8:9d:3c:75:83:67:da:8e:1d:e1:b5:aa:ae:4c:1e:
         ca:dc:61:2c:d8:b9:5f:0b:bf:a7:a1:fc:99:c7:3a:93:d9:2b:
         c3:84:a7:6a:7f:bd:98:f3:5d:6f:47:41:b0:37:a1:df:71:db:
         2b:a4:12:ef:05:5f:82:58:6e:4b:b9:0f:b0:9f:38:e9:cf:23:
         e1:41:8d:5a:10:b4:7c:40:45:86:0a:d3:50:d3:f7:55:2b:c5:
         ee:ef:cf:40:26:6f:15:93:fd:09:d1:69:a4:32:06:09:ef:22:
         21:32:18:b5:62:d5:e4:a0:4c:d0:ea:4a:73:96:0b:dd:50:bc:
         ac:1e:4b:f9:29:e7:4e:2b:78:da:19:c6:43:af:cf:1f:4a:46:
         50:b6:85:0a:06:69:db:2e:88:07:31:33:57:81:e6:9e:52:41:
         38:4a:83:67:36:38:22:75:62:dc:53:f9:36:50:dc:77:fc:ec:
         04:23:d6:95:35:a3:14:76:d8:08:5a:81:8e:16:04:ef:aa:31:
         3e:f4:4b:2b:85:80:9e:b0:bc:2e:38:88:f0:8c:42:a8:35:a2:
         2c:a4:81:fa:a5:f4:37:1c:0f:8f:da:96:52:cf:65:e6:52:38:
         f6:1e:c6:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRva9omHljT492BP5O5yFnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTE2MTQwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGQ4MzJkNGUwYzQxZWNmNzcyNmY5OGJmN2FmYWQ2MGQwOTI2MzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjapM7B05kaK6cWg65ZcBq3QmAHl
i90dP4rrqzdnnQUC2bpFAhnrpsJE7wGO9Db8crripNtJQy17LRKAkGvUYmexkUOm
1L4g2A3AISXuv5S0KLc+yEVbe1FQoHst62844xllqD0Tku94hfPK1akAnxc+/060
BEw+7MMou/sdJi3Dbj2Qr7CmI1CmzQLdEQgu9KoDTJu5goKM8soDmJSBbkQ+Q2j4
d1cXpcf7GXo/xTLedff8PfRVduH/lQmuGsYjNh4RdqlCuqlxhcLbApToKr9RGXyW
1qa3v/qsY+RFUkeY74maIPG/Jtn5T1iBFgFJv/B/+Db/8lSzVb6prdQRlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTYMtTgxB7Pdyb5i/evrWDQkmMBMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvMU5neTFPREVIczkzSnZtTDk2LXRZTkNTWXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwd3CMA0G
CSqGSIb3DQEBCwUAA4IBAQAzc/SDfP6F9BBuQwufeWeBm5lpsMe4nTx1g2fajh3h
taquTB7K3GEs2LlfC7+nofyZxzqT2SvDhKdqf72Y811vR0GwN6HfcdsrpBLvBV+C
WG5LuQ+wnzjpzyPhQY1aELR8QEWGCtNQ0/dVK8Xu789AJm8Vk/0J0WmkMgYJ7yIh
Mhi1YtXkoEzQ6kpzlgvdULysHkv5KedOK3jaGcZDr88fSkZQtoUKBmnbLogHMTNX
geaeUkE4SoNnNjgidWLcU/k2UNx3/OwEI9aVNaMUdtgIWoGOFgTvqjE+9EsrhYCe
sLwuOIjwjEKoNaIspIH6pfQ3HA+P2pZSz2XmUjj2HsbJ
-----END CERTIFICATE-----