Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/y4gQpfTPRcitVr25VP-twnptmvE.roa
File:                     y4gQpfTPRcitVr25VP-twnptmvE.roa (raw, json)
Hash identifier:          OvMK6obtD8GE0uGeIeGjeBIL4CSoip9fhbcWHpqNnSY=
Subject key identifier:   CB:88:10:A5:F4:CF:45:C8:AD:56:BD:B9:54:FF:AD:C2:7A:6D:9A:F1
Certificate issuer:       /CN=d79d856aaa9ead12f75cb68cdae96a0d2c8dde1e
Certificate serial:       019424457FBB61123BA1530A9D111A5A6232
Authority key identifier: D7:9D:85:6A:AA:9E:AD:12:F7:5C:B6:8C:DA:E9:6A:0D:2C:8D:DE:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/y4gQpfTPRcitVr25VP-twnptmvE.roa
Signing time:             Wed 01 Jan 2025 23:48:41 +0000
ROA not before:           Wed 01 Jan 2025 23:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5416
IP address blocks:        193.188.12.0/23 maxlen: 23
                          193.188.12.0/24 maxlen: 24
                          193.188.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:7f:bb:61:12:3b:a1:53:0a:9d:11:1a:5a:62:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79d856aaa9ead12f75cb68cdae96a0d2c8dde1e
        Validity
            Not Before: Jan  1 23:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb8810a5f4cf45c8ad56bdb954ffadc27a6d9af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:21:9b:53:d8:c9:06:eb:be:d0:8d:bf:5a:48:
                    18:86:23:35:51:31:d9:d0:40:f5:50:65:a1:5a:03:
                    f5:41:29:5f:4d:9b:41:d4:ea:0e:85:e5:a9:6c:ae:
                    dd:31:6a:dd:ec:b9:e4:60:e7:38:c1:49:00:83:df:
                    9c:a0:e3:04:0a:4d:c0:c9:90:12:d9:5c:d1:93:4d:
                    60:c5:bc:06:b8:68:27:71:bb:16:a2:82:44:99:48:
                    3b:11:33:42:e9:c8:5d:0c:59:30:d8:cb:f1:1c:f6:
                    ca:01:aa:b9:3f:4c:75:fc:78:02:e9:4a:3a:36:fd:
                    e7:f4:ed:f3:86:01:e3:87:d8:67:30:72:b5:07:59:
                    66:04:fe:33:39:94:75:89:44:88:3e:79:cd:be:1d:
                    3a:f2:95:73:68:79:ce:0a:a0:c6:dc:08:2f:4c:b8:
                    8f:85:91:03:c1:89:af:a5:fb:e1:fc:4d:61:7f:3b:
                    37:e6:9e:91:e0:d5:9b:54:ae:d0:e1:00:76:20:d3:
                    3f:7d:eb:a0:4c:ba:69:0d:43:c6:b4:62:37:17:7b:
                    8e:e9:16:8d:7d:af:25:49:1d:ba:b2:39:23:ee:09:
                    5a:5e:5b:8e:4e:19:b1:9c:a1:6e:83:c8:8a:10:03:
                    93:15:18:a3:b4:82:74:2e:dc:c8:d7:b4:7e:1c:4c:
                    98:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:88:10:A5:F4:CF:45:C8:AD:56:BD:B9:54:FF:AD:C2:7A:6D:9A:F1
            X509v3 Authority Key Identifier:
                keyid:D7:9D:85:6A:AA:9E:AD:12:F7:5C:B6:8C:DA:E9:6A:0D:2C:8D:DE:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/152FaqqerRL3XLaM2ulqDSyN3h4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/y4gQpfTPRcitVr25VP-twnptmvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/a5baa2-2a35-4c76-a940-5990cd4de88b/1/152FaqqerRL3XLaM2ulqDSyN3h4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:2c:97:01:c4:ac:e7:20:9e:97:fb:0b:98:e9:c8:80:f4:f6:
         f6:a7:b8:3d:42:f1:10:15:7b:e4:bd:6c:c2:81:54:00:d4:6a:
         cd:ad:0f:70:f8:c3:b5:5f:ed:43:a5:8e:65:7b:5c:8a:c6:dd:
         35:e4:00:d7:50:dc:1d:71:f5:17:8c:83:d0:27:ac:ac:a2:a0:
         55:9f:8f:5e:d9:8d:4b:53:8c:f5:30:77:aa:fe:f8:41:cc:ea:
         81:7d:e7:bb:c2:f7:a2:86:ba:7c:b1:4e:7c:6c:0c:d7:90:25:
         e0:a3:10:aa:50:a2:1e:b7:a7:81:ad:87:14:5c:43:25:36:5b:
         16:17:58:e9:01:e8:03:f9:c2:7b:01:b7:0d:d0:e6:ec:df:a6:
         48:be:e3:0e:a9:d5:e4:42:37:cf:ef:43:da:53:f9:4d:fd:86:
         83:42:63:dd:f0:88:89:0d:6e:d0:e7:1a:1d:a0:5b:5a:7a:de:
         85:50:31:a0:cb:27:a2:8c:8f:19:e1:09:4c:ab:24:6e:db:77:
         9d:1e:49:54:7f:14:7f:e2:71:45:12:c6:91:0e:38:d6:1e:3e:
         c1:05:d8:f1:f6:87:52:7e:e2:e9:6d:e3:2e:0d:36:09:4d:b1:
         15:81:77:0f:a5:3f:09:b1:8a:27:b5:98:04:24:d9:16:a8:e8:
         43:93:4b:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRX+7YRI7oVMKnREaWmIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OWQ4NTZhYWE5ZWFkMTJmNzVjYjY4Y2RhZTk2YTBkMmM4
ZGRlMWUwHhcNMjUwMTAxMjM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjg4MTBhNWY0Y2Y0NWM4YWQ1NmJkYjk1NGZmYWRjMjdhNmQ5YWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SGbU9jJBuu+0I2/WkgYhiM1UTHZ
0ED1UGWhWgP1QSlfTZtB1OoOheWpbK7dMWrd7LnkYOc4wUkAg9+coOMECk3AyZAS
2VzRk01gxbwGuGgncbsWooJEmUg7ETNC6chdDFkw2MvxHPbKAaq5P0x1/HgC6Uo6
Nv3n9O3zhgHjh9hnMHK1B1lmBP4zOZR1iUSIPnnNvh068pVzaHnOCqDG3AgvTLiP
hZEDwYmvpfvh/E1hfzs35p6R4NWbVK7Q4QB2INM/feugTLppDUPGtGI3F3uO6RaN
fa8lSR26sjkj7glaXluOThmxnKFug8iKEAOTFRijtIJ0LtzI17R+HEyYgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuIEKX0z0XIrVa9uVT/rcJ6bZrxMB8GA1UdIwQY
MBaAFNedhWqqnq0S91y2jNrpag0sjd4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTUyRmFxcWVyUkwzWExhTTJ1bHFEU3lOM2g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9hNWJhYTItMmEzNS00Yzc2LWE5NDAt
NTk5MGNkNGRlODhiLzEveTRnUXBmVFBSY2l0VnIyNVZQLXR3bnB0bXZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9hNWJhYTItMmEzNS00Yzc2LWE5NDAtNTk5MGNkNGRlODhi
LzEvMTUyRmFxcWVyUkwzWExhTTJ1bHFEU3lOM2g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbwMMA0G
CSqGSIb3DQEBCwUAA4IBAQCnLJcBxKznIJ6X+wuY6ciA9Pb2p7g9QvEQFXvkvWzC
gVQA1GrNrQ9w+MO1X+1DpY5le1yKxt015ADXUNwdcfUXjIPQJ6ysoqBVn49e2Y1L
U4z1MHeq/vhBzOqBfee7wveihrp8sU58bAzXkCXgoxCqUKIet6eBrYcUXEMlNlsW
F1jpAegD+cJ7AbcN0Obs36ZIvuMOqdXkQjfP70PaU/lN/YaDQmPd8IiJDW7Q5xod
oFtaet6FUDGgyyeijI8Z4QlMqyRu23edHklUfxR/4nFFEsaRDjjWHj7BBdjx9odS
fuLpbeMuDTYJTbEVgXcPpT8JsYontZgEJNkWqOhDk0uJ
-----END CERTIFICATE-----