Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/zLYfKKvwZksRC-Mec9uQxezCf-I.roa
File:                     zLYfKKvwZksRC-Mec9uQxezCf-I.roa (raw, json)
Hash identifier:          7jSn1GJtzfCE3yqBQcJd/SMTsqwM51FfYe/cCLi5Z4A=
Subject key identifier:   CC:B6:1F:28:AB:F0:66:4B:11:0B:E3:1E:73:DB:90:C5:EC:C2:7F:E2
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       0194370BAB03B64DA5954915D51D80A619B9
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/zLYfKKvwZksRC-Mec9uQxezCf-I.roa
Signing time:             Sun 05 Jan 2025 15:18:19 +0000
ROA not before:           Sun 05 Jan 2025 15:18:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     262287
IP address blocks:        193.111.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:37:0b:ab:03:b6:4d:a5:95:49:15:d5:1d:80:a6:19:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  5 15:18:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccb61f28abf0664b110be31e73db90c5ecc27fe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5c:86:cd:fd:45:60:e0:18:d8:b2:d2:04:50:
                    51:92:0e:84:71:a8:b9:a0:17:fa:30:5e:04:4a:0f:
                    05:a6:60:94:5a:ad:24:ea:1d:0b:a2:d4:88:52:2c:
                    d2:03:8c:a3:8a:d8:b5:ac:2c:81:02:e6:34:bd:09:
                    9c:16:40:a4:84:e9:4f:63:8d:ca:33:c2:ee:2b:67:
                    31:dc:4e:ef:2d:4c:b0:da:d2:ed:09:65:39:1e:3e:
                    6b:74:e1:70:32:7a:0b:09:95:35:e1:bd:ff:aa:2d:
                    2c:98:34:8b:0a:ae:6e:cb:37:14:d7:6d:97:38:61:
                    69:66:93:21:f7:a1:c0:e0:8b:30:a4:27:82:9c:fb:
                    51:53:2d:54:d1:ab:1d:9d:a7:f6:5e:9d:61:57:27:
                    8a:05:61:cd:80:bb:2f:f1:5c:bf:07:5c:2b:04:f0:
                    d5:da:cb:1a:6a:e1:63:a7:fd:8e:5f:a9:98:0c:33:
                    f8:30:8f:f8:15:76:61:07:ac:21:b4:5c:73:e1:f7:
                    3f:48:15:3b:03:18:a0:6f:27:8c:f1:53:69:43:67:
                    a2:bb:e2:f1:eb:4a:1b:ef:a7:5f:4d:44:bc:74:3b:
                    64:23:94:1c:9f:04:60:e2:ea:93:5f:68:86:9a:f5:
                    d3:aa:0b:94:6f:5a:25:9f:42:1e:64:7f:f6:95:7f:
                    0b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B6:1F:28:AB:F0:66:4B:11:0B:E3:1E:73:DB:90:C5:EC:C2:7F:E2
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/zLYfKKvwZksRC-Mec9uQxezCf-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:a0:45:af:0a:a7:11:2c:0b:26:cd:32:3f:0b:15:04:e0:f1:
         06:d9:38:d0:e6:38:39:6a:35:8c:dc:43:bd:b5:c5:c8:d1:c2:
         57:c9:dd:7f:71:2c:a4:86:1f:2d:c3:9d:7a:28:e1:65:d5:69:
         09:2b:0e:60:4e:67:27:3d:1a:48:7a:0e:c3:68:f6:87:c9:a5:
         b3:d7:13:8c:19:b8:b5:a4:65:bf:d4:4a:f9:d9:d0:3f:09:89:
         ae:fc:f2:97:08:f6:11:ab:f2:5c:84:72:b7:17:45:7a:c5:db:
         9f:08:32:10:0a:8a:4b:57:c2:f4:2a:dc:5c:4b:e4:b8:aa:58:
         a4:b5:60:15:33:2f:83:92:2e:18:4d:ad:03:0b:de:be:fa:1f:
         ce:32:ae:e4:f1:00:97:58:e1:9e:67:f6:f4:ea:90:8f:d7:1b:
         84:88:dd:f5:89:1b:48:18:42:bf:8a:d6:5f:25:13:8e:2e:50:
         25:46:f4:f5:f5:6b:ba:06:90:26:49:f2:d2:1b:cd:be:3a:62:
         aa:37:72:dc:a1:49:d3:e9:26:f6:b5:84:e9:d6:6c:f5:80:19:
         8c:73:7a:2b:e1:de:ea:76:70:89:61:84:3a:0e:e8:fa:1d:c8:
         2b:9b:2c:a8:32:49:3a:b3:e5:8b:cd:eb:fc:ad:8f:30:e9:5f:
         2e:fa:33:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ3C6sDtk2llUkV1R2Aphm5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjUwMTA1MTUxODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2I2MWYyOGFiZjA2NjRiMTEwYmUzMWU3M2RiOTBjNWVjYzI3ZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFyGzf1FYOAY2LLSBFBRkg6Ecai5
oBf6MF4ESg8FpmCUWq0k6h0LotSIUizSA4yjiti1rCyBAuY0vQmcFkCkhOlPY43K
M8LuK2cx3E7vLUyw2tLtCWU5Hj5rdOFwMnoLCZU14b3/qi0smDSLCq5uyzcU122X
OGFpZpMh96HA4IswpCeCnPtRUy1U0asdnaf2Xp1hVyeKBWHNgLsv8Vy/B1wrBPDV
2ssaauFjp/2OX6mYDDP4MI/4FXZhB6whtFxz4fc/SBU7AxigbyeM8VNpQ2eiu+Lx
60ob76dfTUS8dDtkI5QcnwRg4uqTX2iGmvXTqguUb1oln0IeZH/2lX8LDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMy2Hyir8GZLEQvjHnPbkMXswn/iMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvekxZZktLdndaa3NSQy1NZWM5dVF4ZXpDZi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW+4MA0G
CSqGSIb3DQEBCwUAA4IBAQBZoEWvCqcRLAsmzTI/CxUE4PEG2TjQ5jg5ajWM3EO9
tcXI0cJXyd1/cSykhh8tw516KOFl1WkJKw5gTmcnPRpIeg7DaPaHyaWz1xOMGbi1
pGW/1Er52dA/CYmu/PKXCPYRq/JchHK3F0V6xdufCDIQCopLV8L0KtxcS+S4qlik
tWAVMy+Dki4YTa0DC96++h/OMq7k8QCXWOGeZ/b06pCP1xuEiN31iRtIGEK/itZf
JROOLlAlRvT19Wu6BpAmSfLSG82+OmKqN3LcoUnT6Sb2tYTp1mz1gBmMc3or4d7q
dnCJYYQ6Duj6HcgrmyyoMkk6s+WLzev8rY8w6V8u+jMA
-----END CERTIFICATE-----