Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/AZt7Se6557jhGabESg2f7LNf6s4.roa
File:                     AZt7Se6557jhGabESg2f7LNf6s4.roa (raw, json)
Hash identifier:          1ba1sNNM9lYSgyXFdL1/tvNcApCQY3MX2LcXuVatgJo=
Subject key identifier:   01:9B:7B:49:EE:B9:E7:B8:E1:19:A6:C4:4A:0D:9F:EC:B3:5F:EA:CE
Certificate issuer:       /CN=0b356087c20c7a325416fda803cb76f3da7947a9
Certificate serial:       019424B25FC9A17A9AD19E0A5CCE8C6F8BA7
Authority key identifier: 0B:35:60:87:C2:0C:7A:32:54:16:FD:A8:03:CB:76:F3:DA:79:47:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CzVgh8IMejJUFv2oA8t289p5R6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/AZt7Se6557jhGabESg2f7LNf6s4.roa
Signing time:             Thu 02 Jan 2025 01:47:36 +0000
ROA not before:           Thu 02 Jan 2025 01:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42446
IP address blocks:        193.142.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/CzVgh8IMejJUFv2oA8t289p5R6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/CzVgh8IMejJUFv2oA8t289p5R6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CzVgh8IMejJUFv2oA8t289p5R6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 13:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:5f:c9:a1:7a:9a:d1:9e:0a:5c:ce:8c:6f:8b:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b356087c20c7a325416fda803cb76f3da7947a9
        Validity
            Not Before: Jan  2 01:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=019b7b49eeb9e7b8e119a6c44a0d9fecb35feace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:da:58:18:bb:78:2d:48:8f:d5:1c:e5:c9:e8:
                    de:e4:b0:6b:03:de:e3:6b:75:b8:f4:63:ac:72:7d:
                    28:ed:4e:4f:06:4c:f7:a5:b7:1d:79:5e:09:e2:97:
                    d2:15:97:c4:24:28:8f:c9:af:06:4c:3a:9a:fc:60:
                    6d:5e:ef:8b:eb:5f:5c:a5:10:c5:0b:ff:af:51:5d:
                    cf:5f:b5:88:63:cd:77:0b:20:30:b3:46:b3:8f:17:
                    99:7f:7d:db:37:0c:c1:5b:47:74:44:80:6d:6b:d1:
                    df:07:c5:fc:6f:d2:6a:11:19:62:b9:e9:81:9d:f6:
                    d8:e5:45:b4:56:dc:7a:58:59:67:13:53:ac:91:7a:
                    a3:e1:5b:b6:00:3b:46:eb:db:ea:8b:07:f3:21:96:
                    e1:3f:42:0f:fe:d0:8e:36:57:fd:80:54:d8:34:27:
                    97:b0:60:cd:2c:be:5d:8f:b5:00:a8:9d:2e:49:f2:
                    74:88:e4:9a:50:c7:1c:68:0c:9e:27:51:bc:17:c4:
                    c4:8f:3e:57:35:7c:d7:20:6d:88:86:c5:be:de:b9:
                    f9:ad:65:f7:5d:e3:3d:a0:c3:45:4e:44:8d:3d:e3:
                    3d:20:8c:55:36:47:73:10:71:88:ec:2d:4c:05:18:
                    95:1b:ea:9f:08:9f:64:43:2a:3b:51:59:5b:fd:ed:
                    1c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:9B:7B:49:EE:B9:E7:B8:E1:19:A6:C4:4A:0D:9F:EC:B3:5F:EA:CE
            X509v3 Authority Key Identifier:
                keyid:0B:35:60:87:C2:0C:7A:32:54:16:FD:A8:03:CB:76:F3:DA:79:47:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CzVgh8IMejJUFv2oA8t289p5R6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/AZt7Se6557jhGabESg2f7LNf6s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d7cf94-ac61-4fbf-adf0-57eaf833ab0b/1/CzVgh8IMejJUFv2oA8t289p5R6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:0e:a4:c0:fc:1c:f0:61:9e:9e:39:93:40:87:a6:bd:23:2c:
         e9:48:bd:62:6f:80:e6:40:3a:b3:37:b8:c9:7d:3d:b5:53:37:
         9c:7a:fd:5e:5e:b6:d8:84:77:8c:51:d4:c6:00:13:f2:bf:96:
         b2:d1:e1:60:b9:e1:b5:e4:9e:a0:56:3b:52:01:1b:a5:06:ea:
         76:d2:c8:0f:37:c8:18:7a:6c:81:bb:6d:28:3b:30:6a:6c:90:
         21:0f:45:29:36:ff:5f:15:91:db:0c:aa:0c:2b:35:3e:4e:02:
         4a:a7:81:a5:39:ad:58:36:8f:90:a7:bc:e6:5b:dc:aa:93:8b:
         92:71:a9:26:71:4a:19:19:67:12:f4:e8:2b:31:02:53:47:17:
         30:78:45:d1:54:4d:27:05:49:53:32:10:bc:92:21:b1:a4:f2:
         da:72:27:74:b1:ca:20:3c:60:d3:ff:66:b9:f2:af:f6:53:27:
         a3:06:87:b1:bd:70:8e:7f:60:bb:a8:92:81:4b:6c:b1:d3:77:
         29:83:0e:62:3d:27:19:ec:48:27:bc:d1:ec:9f:82:bd:f2:a5:
         35:98:f0:4e:d4:1e:c7:cb:fe:2b:0c:28:62:a6:87:56:93:e4:
         e4:d9:5a:ed:07:c7:49:7d:56:48:3d:e0:67:d9:72:ab:ba:b1:
         f2:dc:d2:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksl/JoXqa0Z4KXM6Mb4unMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMzU2MDg3YzIwYzdhMzI1NDE2ZmRhODAzY2I3NmYzZGE3
OTQ3YTkwHhcNMjUwMTAyMDE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTliN2I0OWVlYjllN2I4ZTExOWE2YzQ0YTBkOWZlY2IzNWZlYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNpYGLt4LUiP1Rzlyeje5LBrA97j
a3W49GOscn0o7U5PBkz3pbcdeV4J4pfSFZfEJCiPya8GTDqa/GBtXu+L619cpRDF
C/+vUV3PX7WIY813CyAws0azjxeZf33bNwzBW0d0RIBta9HfB8X8b9JqERliuemB
nfbY5UW0Vtx6WFlnE1OskXqj4Vu2ADtG69vqiwfzIZbhP0IP/tCONlf9gFTYNCeX
sGDNLL5dj7UAqJ0uSfJ0iOSaUMccaAyeJ1G8F8TEjz5XNXzXIG2IhsW+3rn5rWX3
XeM9oMNFTkSNPeM9IIxVNkdzEHGI7C1MBRiVG+qfCJ9kQyo7UVlb/e0cKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGbe0nuuee44RmmxEoNn+yzX+rOMB8GA1UdIwQY
MBaAFAs1YIfCDHoyVBb9qAPLdvPaeUepMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3pWZ2g4SU1lakpVRnYyb0E4dDI4OXA1UjZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kN2NmOTQtYWM2MS00ZmJmLWFkZjAt
NTdlYWY4MzNhYjBiLzEvQVp0N1NlNjU1N2poR2FiRVNnMmY3TE5mNnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kN2NmOTQtYWM2MS00ZmJmLWFkZjAtNTdlYWY4MzNhYjBi
LzEvQ3pWZ2g4SU1lakpVRnYyb0E4dDI4OXA1UjZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY4AMA0G
CSqGSIb3DQEBCwUAA4IBAQA4DqTA/BzwYZ6eOZNAh6a9IyzpSL1ib4DmQDqzN7jJ
fT21Uzecev1eXrbYhHeMUdTGABPyv5ay0eFgueG15J6gVjtSARulBup20sgPN8gY
emyBu20oOzBqbJAhD0UpNv9fFZHbDKoMKzU+TgJKp4GlOa1YNo+Qp7zmW9yqk4uS
cakmcUoZGWcS9OgrMQJTRxcweEXRVE0nBUlTMhC8kiGxpPLacid0scogPGDT/2a5
8q/2UyejBoexvXCOf2C7qJKBS2yx03cpgw5iPScZ7EgnvNHsn4K98qU1mPBO1B7H
y/4rDChipodWk+Tk2VrtB8dJfVZIPeBn2XKrurHy3NLG
-----END CERTIFICATE-----