Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/5W9yogX_dAouxZPQ3dLdYXhntvc.roa
File:                     5W9yogX_dAouxZPQ3dLdYXhntvc.roa (raw, json)
Hash identifier:          +pHfflarMiVtz0KqAerDMCju+QN51xwOv5Ypziiy0X8=
Subject key identifier:   E5:6F:72:A2:05:FF:74:0A:2E:C5:93:D0:DD:D2:DD:61:78:67:B6:F7
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747F2642F323B5CA87A93F826933A28
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/5W9yogX_dAouxZPQ3dLdYXhntvc.roa
Signing time:             Thu 02 Jan 2025 13:50:14 +0000
ROA not before:           Thu 02 Jan 2025 13:50:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212912
IP address blocks:        193.105.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:f2:64:2f:32:3b:5c:a8:7a:93:f8:26:93:3a:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e56f72a205ff740a2ec593d0ddd2dd617867b6f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d5:1d:56:a5:d7:69:f4:94:ee:20:c3:f5:9a:
                    22:e5:d9:a1:e1:23:06:40:ad:8f:31:5d:c7:c0:f2:
                    7f:63:98:dd:5d:a8:4a:75:c0:a7:ee:22:7c:d8:2b:
                    b8:21:fe:34:32:cd:c7:2c:ed:65:0f:d0:ee:ed:22:
                    16:dc:d1:ab:78:9b:0a:97:13:07:55:38:6d:b1:9a:
                    88:47:74:1f:87:e8:0b:e2:e6:37:32:2b:03:a8:86:
                    e0:27:b5:b0:c1:6a:59:76:34:e3:ab:03:2d:08:53:
                    7c:62:65:0c:ed:c7:e7:32:15:00:a9:46:9e:c0:d6:
                    62:82:b4:e0:65:f3:16:c2:dd:85:ee:85:e5:1e:2e:
                    f1:84:8d:57:b8:bd:5e:1d:68:02:c3:08:35:13:6c:
                    03:d2:16:39:33:da:42:08:64:f2:5b:e7:11:f5:d7:
                    5a:02:a6:25:ec:22:90:cd:9a:67:91:7f:43:77:ab:
                    c5:08:d8:ce:ef:15:68:95:b5:a8:4a:f1:5e:e8:18:
                    43:18:f6:d0:84:69:0f:2f:a1:a1:99:1d:30:60:6d:
                    0b:0e:06:92:fd:b1:ce:54:78:81:65:34:3b:6d:08:
                    0e:3b:b1:ef:d3:9a:b0:34:ba:aa:f5:f2:16:86:39:
                    ca:ad:b6:4b:6a:6d:ee:c6:9f:d4:56:8f:6b:e5:40:
                    56:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:6F:72:A2:05:FF:74:0A:2E:C5:93:D0:DD:D2:DD:61:78:67:B6:F7
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/5W9yogX_dAouxZPQ3dLdYXhntvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:c8:72:93:e7:e9:35:1e:42:f8:d7:e9:8c:d6:cd:65:f0:5b:
         70:44:88:93:e8:d8:b9:e5:f4:4d:2a:8a:a9:22:2f:ad:04:35:
         43:79:30:60:a6:09:a1:7b:0d:ba:fb:95:35:38:97:31:03:55:
         87:1d:ce:d9:01:9d:34:50:0b:50:02:ca:ea:77:cd:3a:82:46:
         67:65:24:87:83:75:fa:d3:54:8f:d3:82:8d:83:fd:1a:b2:bc:
         7e:f7:86:7c:24:be:1b:78:f3:83:ef:40:da:63:8d:69:dd:a1:
         ce:ac:35:c9:1c:56:79:25:75:b6:79:dd:78:b1:77:04:2c:cc:
         30:c5:bb:d7:ea:89:66:c4:b2:da:60:ca:15:2d:22:24:56:19:
         1a:67:3d:b0:e9:43:c7:a5:e2:ab:8a:e3:c6:39:21:55:8b:20:
         7d:3c:a9:1e:92:ad:7a:e4:09:d0:a8:29:1f:eb:a8:ee:7f:08:
         f7:17:dc:a6:de:4b:25:db:34:2d:dc:63:65:8f:22:f2:a5:54:
         87:8f:4d:a5:8a:4d:e0:7b:d9:38:01:ce:4d:02:25:6c:d5:45:
         c1:09:90:d3:e3:8c:96:eb:20:fc:94:34:a9:9f:35:15:c8:9f:
         ca:76:c0:90:e6:8f:c7:8a:90:ec:69:86:07:44:44:90:1d:f5:
         ef:f5:92:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR/JkLzI7XKh6k/gmkzooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTZmNzJhMjA1ZmY3NDBhMmVjNTkzZDBkZGQyZGQ2MTc4NjdiNmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9UdVqXXafSU7iDD9Zoi5dmh4SMG
QK2PMV3HwPJ/Y5jdXahKdcCn7iJ82Cu4If40Ms3HLO1lD9Du7SIW3NGreJsKlxMH
VThtsZqIR3Qfh+gL4uY3MisDqIbgJ7WwwWpZdjTjqwMtCFN8YmUM7cfnMhUAqUae
wNZigrTgZfMWwt2F7oXlHi7xhI1XuL1eHWgCwwg1E2wD0hY5M9pCCGTyW+cR9dda
AqYl7CKQzZpnkX9Dd6vFCNjO7xVolbWoSvFe6BhDGPbQhGkPL6GhmR0wYG0LDgaS
/bHOVHiBZTQ7bQgOO7Hv05qwNLqq9fIWhjnKrbZLam3uxp/UVo9r5UBWAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVvcqIF/3QKLsWT0N3S3WF4Z7b3MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvNVc5eW9nWF9kQW91eFpQUTNkTGRZWGhudHZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWmlMA0G
CSqGSIb3DQEBCwUAA4IBAQAhyHKT5+k1HkL41+mM1s1l8FtwRIiT6Ni55fRNKoqp
Ii+tBDVDeTBgpgmhew26+5U1OJcxA1WHHc7ZAZ00UAtQAsrqd806gkZnZSSHg3X6
01SP04KNg/0asrx+94Z8JL4bePOD70DaY41p3aHOrDXJHFZ5JXW2ed14sXcELMww
xbvX6olmxLLaYMoVLSIkVhkaZz2w6UPHpeKriuPGOSFViyB9PKkekq165AnQqCkf
66jufwj3F9ym3ksl2zQt3GNljyLypVSHj02lik3ge9k4Ac5NAiVs1UXBCZDT44yW
6yD8lDSpnzUVyJ/KdsCQ5o/HipDsaYYHRESQHfXv9ZK1
-----END CERTIFICATE-----