Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/CWGhSuH7Prq7nBeXCwJSQ8R7MLY.roa
File:                     CWGhSuH7Prq7nBeXCwJSQ8R7MLY.roa (raw, json)
Hash identifier:          kJD3A5DYARZjtb9aiv1WyX0nnGUXwOPoDx5EHff3F+I=
Subject key identifier:   09:61:A1:4A:E1:FB:3E:BA:BB:9C:17:97:0B:02:52:43:C4:7B:30:B6
Certificate issuer:       /CN=2b2244c8a3eb4a3c6d776d046ce92abf01c6c22f
Certificate serial:       019422FBEFBE741B6703DFED7386D5A782C1
Authority key identifier: 2B:22:44:C8:A3:EB:4A:3C:6D:77:6D:04:6C:E9:2A:BF:01:C6:C2:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KyJEyKPrSjxtd20EbOkqvwHGwi8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/CWGhSuH7Prq7nBeXCwJSQ8R7MLY.roa
Signing time:             Wed 01 Jan 2025 17:48:43 +0000
ROA not before:           Wed 01 Jan 2025 17:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196879
IP address blocks:        193.106.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/KyJEyKPrSjxtd20EbOkqvwHGwi8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/KyJEyKPrSjxtd20EbOkqvwHGwi8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KyJEyKPrSjxtd20EbOkqvwHGwi8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ef:be:74:1b:67:03:df:ed:73:86:d5:a7:82:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b2244c8a3eb4a3c6d776d046ce92abf01c6c22f
        Validity
            Not Before: Jan  1 17:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0961a14ae1fb3ebabb9c17970b025243c47b30b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:62:b0:bf:6d:c1:5d:fb:a5:19:d7:44:3f:e2:
                    75:49:ff:79:32:29:b9:17:cf:3a:50:2d:74:26:a7:
                    3e:93:4f:28:70:5f:85:de:3a:e7:b6:3f:87:b4:db:
                    dc:0b:d5:9b:68:60:f8:17:8e:df:63:89:08:de:e8:
                    3c:6a:d5:e7:29:46:c6:a3:60:12:f6:ef:2f:ce:c6:
                    60:ed:c3:1e:31:5e:9b:37:14:db:cc:2f:60:eb:7e:
                    2a:ab:29:1d:29:18:88:2e:b2:24:ce:03:30:5c:1d:
                    bf:18:26:b5:0e:20:15:fb:df:fe:03:a2:2a:d0:fe:
                    43:c0:35:b2:cc:24:71:c0:78:ad:36:94:13:74:fe:
                    b8:d1:d3:13:ee:13:36:fa:3d:88:1d:68:0f:b4:3f:
                    16:46:58:e4:d7:13:56:cb:f8:79:8b:e9:1a:eb:d5:
                    76:9c:a6:c9:72:af:5a:e2:88:1b:5a:6e:19:51:a6:
                    6f:46:88:25:3b:76:74:74:85:08:2a:a5:9b:90:d9:
                    6b:22:b0:4a:88:2f:a0:42:7f:67:8c:62:c7:c9:e3:
                    3f:65:da:f8:be:9f:c4:29:06:a5:40:b2:a7:40:1b:
                    ea:9b:60:4a:41:b2:a9:be:94:1e:97:19:b1:60:bf:
                    cf:09:11:b1:ed:69:9f:ff:b5:8a:d2:a5:81:10:68:
                    5b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:61:A1:4A:E1:FB:3E:BA:BB:9C:17:97:0B:02:52:43:C4:7B:30:B6
            X509v3 Authority Key Identifier:
                keyid:2B:22:44:C8:A3:EB:4A:3C:6D:77:6D:04:6C:E9:2A:BF:01:C6:C2:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KyJEyKPrSjxtd20EbOkqvwHGwi8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/CWGhSuH7Prq7nBeXCwJSQ8R7MLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7cc7a7-aef1-408a-a1c6-df1cce4e6950/1/KyJEyKPrSjxtd20EbOkqvwHGwi8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:93:1e:b4:aa:17:a6:51:63:82:62:35:28:ae:0b:9e:fb:d7:
         1a:06:1d:58:27:5e:96:54:a9:bc:86:58:b9:b3:60:ef:29:0e:
         4a:b4:21:ee:f1:fc:7e:f7:f4:26:ff:bf:56:fc:df:65:8a:52:
         83:16:87:c3:0a:62:ee:9f:15:a1:89:64:50:79:70:7d:e5:b0:
         cb:d6:3b:89:40:60:46:b1:41:7f:5c:83:74:87:56:8c:75:60:
         6f:0e:6d:07:ea:39:bb:a8:db:16:05:a6:90:c0:28:e0:f1:9b:
         ef:d4:f7:20:6e:3e:61:f9:97:8b:3f:35:a4:3d:8d:cc:88:71:
         22:2b:48:31:1c:b4:7e:4b:5d:d1:42:bd:eb:8c:ed:78:75:8f:
         96:e1:aa:e7:b5:92:73:04:b5:38:35:c1:49:79:6c:96:9f:f3:
         74:56:aa:ab:86:78:2a:3f:ec:7a:ee:4c:96:3a:d3:93:a2:a1:
         dc:af:29:f2:f6:62:e6:e6:fa:b3:53:fe:17:5a:ac:27:05:6c:
         96:c5:ed:0f:df:e2:a4:df:ee:e0:81:a1:1d:ba:fd:f7:31:7e:
         9f:ea:ac:74:17:5b:9b:d0:23:31:39:e8:04:9f:df:47:76:b1:
         ae:17:0c:7e:58:25:71:af:36:72:4b:10:e3:ec:e7:45:e8:14:
         72:e3:8c:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi++++dBtnA9/tc4bVp4LBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjI0NGM4YTNlYjRhM2M2ZDc3NmQwNDZjZTkyYWJmMDFj
NmMyMmYwHhcNMjUwMTAxMTc0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTYxYTE0YWUxZmIzZWJhYmI5YzE3OTcwYjAyNTI0M2M0N2IzMGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWKwv23BXfulGddEP+J1Sf95Mim5
F886UC10Jqc+k08ocF+F3jrntj+HtNvcC9WbaGD4F47fY4kI3ug8atXnKUbGo2AS
9u8vzsZg7cMeMV6bNxTbzC9g634qqykdKRiILrIkzgMwXB2/GCa1DiAV+9/+A6Iq
0P5DwDWyzCRxwHitNpQTdP640dMT7hM2+j2IHWgPtD8WRljk1xNWy/h5i+ka69V2
nKbJcq9a4ogbWm4ZUaZvRoglO3Z0dIUIKqWbkNlrIrBKiC+gQn9njGLHyeM/Zdr4
vp/EKQalQLKnQBvqm2BKQbKpvpQelxmxYL/PCRGx7Wmf/7WK0qWBEGhbMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAlhoUrh+z66u5wXlwsCUkPEezC2MB8GA1UdIwQY
MBaAFCsiRMij60o8bXdtBGzpKr8BxsIvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lKRXlLUHJTanh0ZDIwRWJPa3F2d0hHd2k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83Y2M3YTctYWVmMS00MDhhLWExYzYt
ZGYxY2NlNGU2OTUwLzEvQ1dHaFN1SDdQcnE3bkJlWEN3SlNROFI3TUxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83Y2M3YTctYWVmMS00MDhhLWExYzYtZGYxY2NlNGU2OTUw
LzEvS3lKRXlLUHJTanh0ZDIwRWJPa3F2d0hHd2k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWpsMA0G
CSqGSIb3DQEBCwUAA4IBAQA2kx60qhemUWOCYjUorgue+9caBh1YJ16WVKm8hli5
s2DvKQ5KtCHu8fx+9/Qm/79W/N9lilKDFofDCmLunxWhiWRQeXB95bDL1juJQGBG
sUF/XIN0h1aMdWBvDm0H6jm7qNsWBaaQwCjg8Zvv1Pcgbj5h+ZeLPzWkPY3MiHEi
K0gxHLR+S13RQr3rjO14dY+W4arntZJzBLU4NcFJeWyWn/N0VqqrhngqP+x67kyW
OtOToqHcryny9mLm5vqzU/4XWqwnBWyWxe0P3+Kk3+7ggaEduv33MX6f6qx0F1ub
0CMxOegEn99HdrGuFwx+WCVxrzZySxDj7OdF6BRy44y+
-----END CERTIFICATE-----