Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/5h9N95WR6G3ZttKnfAaRL_2XfKs.roa
File:                     5h9N95WR6G3ZttKnfAaRL_2XfKs.roa (raw, json)
Hash identifier:          Wu3zPxSXCsayNSHW7YvNoHAYtN3gQjTl9ho9qfJB69k=
Subject key identifier:   E6:1F:4D:F7:95:91:E8:6D:D9:B6:D2:A7:7C:06:91:2F:FD:97:7C:AB
Certificate issuer:       /CN=22fd1b59d5caaf7506bc0d5c34f30c2159b04398
Certificate serial:       019427B519FD6D43821DD36B807BC4895775
Authority key identifier: 22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/5h9N95WR6G3ZttKnfAaRL_2XfKs.roa
Signing time:             Thu 02 Jan 2025 15:49:27 +0000
ROA not before:           Thu 02 Jan 2025 15:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55002
IP address blocks:        193.26.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:19:fd:6d:43:82:1d:d3:6b:80:7b:c4:89:57:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22fd1b59d5caaf7506bc0d5c34f30c2159b04398
        Validity
            Not Before: Jan  2 15:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e61f4df79591e86dd9b6d2a77c06912ffd977cab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a4:a6:8c:f9:f8:c7:a6:e4:cb:98:2b:24:ba:
                    ea:5c:dd:71:93:05:48:e3:16:ae:8c:b5:89:04:87:
                    03:b7:92:c9:0a:db:cf:6a:e7:3b:52:3c:09:3d:f7:
                    36:56:d6:a0:45:fc:16:62:ac:4b:fe:45:16:5b:d9:
                    9d:29:af:e2:57:3f:29:33:17:23:b3:7d:61:f6:31:
                    07:93:9c:e2:a6:53:22:53:b8:c2:5a:d7:66:28:71:
                    bf:65:30:91:82:8c:71:95:32:19:96:6f:6a:f6:39:
                    91:27:e8:9c:21:82:5a:5f:d5:5c:88:d0:92:9e:1e:
                    65:67:71:09:49:3a:a1:96:61:5e:b4:c0:59:50:6b:
                    58:fc:57:ca:5f:a5:01:6a:04:ef:cd:8d:52:25:c5:
                    1d:ca:b6:10:8e:08:ba:f4:52:ab:63:4a:fa:82:5c:
                    0d:7c:4b:af:23:ac:6c:57:14:15:8d:1c:4b:40:f1:
                    8f:98:b1:02:ea:20:07:56:cb:8a:20:c4:b4:f8:13:
                    6c:2a:96:0e:72:9f:46:9b:2d:cf:37:5b:82:08:6c:
                    39:8a:eb:c1:cf:00:e8:6a:13:e0:45:23:f9:18:96:
                    00:46:3f:a5:2a:d6:a6:ee:13:04:ee:02:33:54:0e:
                    4a:c2:ef:47:11:fc:5f:da:07:33:82:68:96:8b:0f:
                    2d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1F:4D:F7:95:91:E8:6D:D9:B6:D2:A7:7C:06:91:2F:FD:97:7C:AB
            X509v3 Authority Key Identifier:
                keyid:22:FD:1B:59:D5:CA:AF:75:06:BC:0D:5C:34:F3:0C:21:59:B0:43:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/5h9N95WR6G3ZttKnfAaRL_2XfKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/850e96-191f-4dcb-9edb-cd58fa2014dd/1/Iv0bWdXKr3UGvA1cNPMMIVmwQ5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:62:f4:1d:79:b3:fe:2d:94:11:64:00:20:45:8c:ce:5a:be:
         ed:db:e9:d1:71:13:33:85:a9:c4:6d:ac:fa:7f:e4:81:7f:ae:
         af:a2:bb:ff:75:48:c5:38:66:a5:88:a2:e5:7a:e3:b5:5d:da:
         83:be:a4:9d:92:14:5c:ef:01:9d:4a:41:98:dc:09:7c:cf:bd:
         78:02:80:cf:a6:ca:5e:5f:66:a7:7b:1f:18:06:0a:bc:82:f9:
         41:8a:72:20:fd:c1:8d:2b:24:64:12:19:16:cb:0d:8e:79:57:
         d0:13:0d:9e:55:f4:3c:2f:11:85:26:46:af:dc:90:ce:5b:15:
         70:4d:6a:e8:28:b8:84:04:75:51:af:22:0e:30:8e:14:f9:6a:
         83:4a:f0:bb:60:56:aa:1f:cb:68:96:c6:44:3a:e2:67:35:ef:
         b8:c2:6e:b6:59:ac:82:95:85:b7:0c:c9:a8:8b:79:d1:c1:82:
         dd:0e:c5:8a:67:d2:d7:b6:1d:8f:7c:58:a9:01:76:6a:d7:37:
         75:5f:6a:04:f4:86:7c:49:48:5e:28:d4:e0:19:fd:13:2a:85:
         9b:df:6f:d3:13:08:fb:44:d2:71:f3:a0:dd:ea:1c:a0:51:d9:
         9d:a4:ed:88:2b:99:18:3c:8a:4a:25:9a:7d:92:5d:df:13:af:
         15:5d:c0:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntRn9bUOCHdNrgHvEiVd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZmQxYjU5ZDVjYWFmNzUwNmJjMGQ1YzM0ZjMwYzIxNTli
MDQzOTgwHhcNMjUwMTAyMTU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFmNGRmNzk1OTFlODZkZDliNmQyYTc3YzA2OTEyZmZkOTc3Y2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6SmjPn4x6bky5grJLrqXN1xkwVI
4xaujLWJBIcDt5LJCtvPauc7UjwJPfc2VtagRfwWYqxL/kUWW9mdKa/iVz8pMxcj
s31h9jEHk5ziplMiU7jCWtdmKHG/ZTCRgoxxlTIZlm9q9jmRJ+icIYJaX9VciNCS
nh5lZ3EJSTqhlmFetMBZUGtY/FfKX6UBagTvzY1SJcUdyrYQjgi69FKrY0r6glwN
fEuvI6xsVxQVjRxLQPGPmLEC6iAHVsuKIMS0+BNsKpYOcp9Gmy3PN1uCCGw5iuvB
zwDoahPgRSP5GJYARj+lKtam7hME7gIzVA5Kwu9HEfxf2gczgmiWiw8tBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYfTfeVkeht2bbSp3wGkS/9l3yrMB8GA1UdIwQY
MBaAFCL9G1nVyq91BrwNXDTzDCFZsEOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXYwYldkWEtyM1VHdkExY05QTU1JVm13UTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC84NTBlOTYtMTkxZi00ZGNiLTllZGIt
Y2Q1OGZhMjAxNGRkLzEvNWg5Tjk1V1I2RzNadHRLbmZBYVJMXzJYZktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC84NTBlOTYtMTkxZi00ZGNiLTllZGItY2Q1OGZhMjAxNGRk
LzEvSXYwYldkWEtyM1VHdkExY05QTU1JVm13UTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoHMA0G
CSqGSIb3DQEBCwUAA4IBAQC4YvQdebP+LZQRZAAgRYzOWr7t2+nRcRMzhanEbaz6
f+SBf66vorv/dUjFOGaliKLleuO1XdqDvqSdkhRc7wGdSkGY3Al8z714AoDPpspe
X2anex8YBgq8gvlBinIg/cGNKyRkEhkWyw2OeVfQEw2eVfQ8LxGFJkav3JDOWxVw
TWroKLiEBHVRryIOMI4U+WqDSvC7YFaqH8tolsZEOuJnNe+4wm62WayClYW3DMmo
i3nRwYLdDsWKZ9LXth2PfFipAXZq1zd1X2oE9IZ8SUheKNTgGf0TKoWb32/TEwj7
RNJx86Dd6hygUdmdpO2IK5kYPIpKJZp9kl3fE68VXcDS
-----END CERTIFICATE-----