Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/u3IeL1WtwZrppYb7gzyGvxoAWq4.roa
File:                     u3IeL1WtwZrppYb7gzyGvxoAWq4.roa (raw, json)
Hash identifier:          u4/0Flhb+g2HVbYnU4CFZNSkHaVHi6ldxHLZ21W79Xw=
Subject key identifier:   BB:72:1E:2F:55:AD:C1:9A:E9:A5:86:FB:83:3C:86:BF:1A:00:5A:AE
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0194221FF11776692D3B2AE21C347C390F21
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/u3IeL1WtwZrppYb7gzyGvxoAWq4.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47447
IP address blocks:        193.160.223.0/24 maxlen: 24
                          193.168.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f1:17:76:69:2d:3b:2a:e2:1c:34:7c:39:0f:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb721e2f55adc19ae9a586fb833c86bf1a005aae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c6:e9:09:aa:8d:53:f1:75:40:d8:94:23:5c:
                    fe:25:37:a7:a3:00:e2:b2:73:19:b3:ee:e8:d8:73:
                    ca:a3:ad:fb:9b:20:1a:f7:7f:79:05:d8:9e:bf:4e:
                    8f:59:14:59:12:b0:76:d6:ed:12:fe:00:fa:15:c9:
                    23:86:9f:e9:89:ac:29:a3:74:19:bd:89:66:f6:de:
                    09:6d:8b:50:e1:7b:27:cc:07:87:ae:de:d7:96:e7:
                    67:75:a7:4b:38:e1:54:ec:d0:4b:b5:3f:3e:60:cd:
                    a7:91:bf:7c:34:94:f0:70:07:c0:5d:0c:1d:4b:a9:
                    60:e1:de:1d:1a:29:fe:f4:1c:16:22:44:9d:b4:e8:
                    b4:65:4d:30:67:bb:67:3c:e8:e7:bc:7f:9f:83:3f:
                    14:8b:8d:0c:8b:11:5d:17:2b:c7:1b:c2:e2:0d:4d:
                    d2:2c:7d:02:a3:6e:33:f9:69:17:7d:31:b7:50:21:
                    ca:b6:5a:51:01:6d:6e:32:e8:d0:d5:e3:15:87:5e:
                    9b:b4:28:78:ca:16:47:dd:f0:b9:47:38:24:45:3d:
                    3c:8e:e4:77:65:c4:82:55:94:e5:77:60:75:bc:05:
                    41:57:d4:11:c8:a4:09:2b:24:b6:b1:33:8f:41:45:
                    ce:db:57:1d:8f:45:b4:05:81:55:c9:7d:8e:de:d4:
                    fe:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:72:1E:2F:55:AD:C1:9A:E9:A5:86:FB:83:3C:86:BF:1A:00:5A:AE
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/u3IeL1WtwZrppYb7gzyGvxoAWq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.223.0/24
                  193.168.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:d2:64:48:ae:58:24:58:70:41:7b:71:1b:9f:08:f8:7c:f1:
         ae:72:2f:0a:0e:4d:95:ab:ef:ff:d8:10:d1:b9:be:b9:7c:24:
         29:24:6c:1a:26:46:70:38:c9:3b:94:48:ec:c5:93:61:2b:a8:
         b9:c5:1d:30:19:59:56:f0:d6:d0:cf:aa:c3:90:ab:c3:2d:96:
         59:53:c4:27:a9:bb:1f:71:c3:84:68:0b:a7:3e:3f:6c:54:af:
         4d:81:86:cd:37:49:3e:4b:5c:9e:38:9d:43:11:1e:75:76:54:
         b6:82:af:4c:ca:a7:53:67:5b:3b:a6:b4:7c:c1:9c:40:e4:67:
         7e:7e:b4:48:65:1f:4d:22:32:85:bf:39:b3:3e:f4:10:08:ad:
         f8:2c:2d:8d:2b:fb:7c:8f:7d:be:26:89:25:9e:55:3b:a3:2f:
         72:ac:ab:54:c7:6a:aa:68:fa:c5:44:2c:a0:dc:47:a1:f7:c6:
         bf:4b:e0:88:04:af:7a:14:75:96:be:9a:35:50:a1:73:49:b7:
         e9:55:cd:f4:4f:81:3f:ef:3c:b0:8c:0e:e4:1a:7c:0e:de:94:
         6f:69:1f:80:6d:93:ab:e6:9a:bf:f5:7f:46:70:da:8a:66:53:
         2a:1d:a7:d0:fd:d9:ac:06:f1:5d:08:1f:ef:41:af:ba:07:e7:
         fd:4d:f1:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH/EXdmktOyriHDR8OQ8hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjcyMWUyZjU1YWRjMTlhZTlhNTg2ZmI4MzNjODZiZjFhMDA1YWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsbpCaqNU/F1QNiUI1z+JTenowDi
snMZs+7o2HPKo637myAa9395Bdiev06PWRRZErB21u0S/gD6Fckjhp/piawpo3QZ
vYlm9t4JbYtQ4XsnzAeHrt7XludndadLOOFU7NBLtT8+YM2nkb98NJTwcAfAXQwd
S6lg4d4dGin+9BwWIkSdtOi0ZU0wZ7tnPOjnvH+fgz8Ui40MixFdFyvHG8LiDU3S
LH0Co24z+WkXfTG3UCHKtlpRAW1uMujQ1eMVh16btCh4yhZH3fC5RzgkRT08juR3
ZcSCVZTld2B1vAVBV9QRyKQJKyS2sTOPQUXO21cdj0W0BYFVyX2O3tT+lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLtyHi9VrcGa6aWG+4M8hr8aAFquMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvdTNJZUwxV3R3WnJwcFliN2d6eUd2eG9BV3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwaDfAwQA
wajJMA0GCSqGSIb3DQEBCwUAA4IBAQBt0mRIrlgkWHBBe3Ebnwj4fPGuci8KDk2V
q+//2BDRub65fCQpJGwaJkZwOMk7lEjsxZNhK6i5xR0wGVlW8NbQz6rDkKvDLZZZ
U8QnqbsfccOEaAunPj9sVK9NgYbNN0k+S1yeOJ1DER51dlS2gq9MyqdTZ1s7prR8
wZxA5Gd+frRIZR9NIjKFvzmzPvQQCK34LC2NK/t8j32+JoklnlU7oy9yrKtUx2qq
aPrFRCyg3Eeh98a/S+CIBK96FHWWvpo1UKFzSbfpVc30T4E/7zywjA7kGnwO3pRv
aR+AbZOr5pq/9X9GcNqKZlMqHafQ/dmsBvFdCB/vQa+6B+f9TfGi
-----END CERTIFICATE-----