Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/f14079-4114-4bec-879c-8b06ec564a1b/1/mkUV2uL7S8SkDEP-tvvSkuYTZPc.roa
File:                     mkUV2uL7S8SkDEP-tvvSkuYTZPc.roa (raw, json)
Hash identifier:          L5Tc4xaU93X5XoN2VhSBG5I1ZhMco297PerrS8Pt9IQ=
Subject key identifier:   9A:45:15:DA:E2:FB:4B:C4:A4:0C:43:FE:B6:FB:D2:92:E6:13:64:F7
Certificate issuer:       /CN=4b68e1fba7b44a7b666236b21253d7d6362d0d83
Certificate serial:       01920BF68803249232D2EC8CE3D4766B36FB
Authority key identifier: 4B:68:E1:FB:A7:B4:4A:7B:66:62:36:B2:12:53:D7:D6:36:2D:0D:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S2jh-6e0SntmYjayElPX1jYtDYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/f14079-4114-4bec-879c-8b06ec564a1b/1/mkUV2uL7S8SkDEP-tvvSkuYTZPc.roa
Signing time:             Thu 19 Sep 2024 20:25:58 +0000
ROA not before:           Thu 19 Sep 2024 20:25:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25220
IP address blocks:        193.17.197.0/24 maxlen: 24
                          194.145.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/f14079-4114-4bec-879c-8b06ec564a1b/1/S2jh-6e0SntmYjayElPX1jYtDYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/f14079-4114-4bec-879c-8b06ec564a1b/1/S2jh-6e0SntmYjayElPX1jYtDYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S2jh-6e0SntmYjayElPX1jYtDYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Dec 2024 11:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0b:f6:88:03:24:92:32:d2:ec:8c:e3:d4:76:6b:36:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b68e1fba7b44a7b666236b21253d7d6362d0d83
        Validity
            Not Before: Sep 19 20:25:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a4515dae2fb4bc4a40c43feb6fbd292e61364f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:94:36:d2:51:e7:1b:08:7f:6e:b9:5e:5e:83:
                    71:2a:ee:1a:0f:60:67:ec:d5:37:46:4c:d6:7f:70:
                    72:c4:1b:5f:4e:f8:6e:13:cc:97:a5:f2:17:98:2c:
                    19:3a:53:e2:76:15:25:38:af:a4:96:09:07:1e:34:
                    e1:3f:db:61:a2:50:48:b0:94:ff:a8:ee:53:c6:73:
                    1e:4f:c0:ce:8c:a5:1f:92:47:2d:9f:6f:55:ce:f7:
                    ba:1b:1b:ad:ba:68:7b:2f:f4:d4:60:7a:0e:9b:77:
                    44:0a:68:ac:d3:cd:ca:32:4e:91:07:bb:c6:47:17:
                    a6:a8:1d:7d:06:1e:a2:70:9d:b8:ed:22:09:47:54:
                    5d:2e:aa:4e:b6:f3:da:11:45:eb:74:50:c3:08:45:
                    bc:a0:c0:1a:79:e8:7a:13:c2:36:d5:6e:b7:b7:49:
                    28:01:12:54:cb:60:a3:97:86:9f:58:43:72:19:57:
                    db:11:65:87:28:84:97:4d:3b:d3:fd:47:9c:1b:2c:
                    e7:09:51:d3:38:5d:49:52:1d:4c:d4:80:bc:1f:bb:
                    cd:d9:02:2c:e9:5d:aa:41:a7:26:ec:b3:49:2c:8b:
                    70:57:38:49:13:17:d9:f2:8d:80:b2:df:0a:98:80:
                    60:17:6a:ad:d6:17:3a:03:98:c0:f7:e5:ef:1c:c6:
                    8a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:45:15:DA:E2:FB:4B:C4:A4:0C:43:FE:B6:FB:D2:92:E6:13:64:F7
            X509v3 Authority Key Identifier:
                keyid:4B:68:E1:FB:A7:B4:4A:7B:66:62:36:B2:12:53:D7:D6:36:2D:0D:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S2jh-6e0SntmYjayElPX1jYtDYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f14079-4114-4bec-879c-8b06ec564a1b/1/mkUV2uL7S8SkDEP-tvvSkuYTZPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/f14079-4114-4bec-879c-8b06ec564a1b/1/S2jh-6e0SntmYjayElPX1jYtDYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.197.0/24
                  194.145.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:e9:93:9c:06:6d:1d:6a:ab:5c:89:81:fb:55:2f:e3:07:1f:
         ef:a2:d0:d0:56:75:e4:8d:2a:bf:90:7d:64:e1:f9:d7:02:3b:
         b4:a5:b5:61:0f:1f:c2:3c:57:0b:b1:53:a2:e5:3d:de:18:ba:
         c2:41:da:ba:a5:d4:8e:4a:6e:31:ae:a9:59:40:a5:b8:05:ab:
         17:a6:5f:a0:74:eb:dc:a4:ca:06:6a:6f:e9:fa:06:92:d5:9a:
         ca:48:2d:72:f7:5f:25:49:6b:3e:6c:c1:e2:4c:96:55:0a:a0:
         07:80:48:5f:dd:57:7a:2f:3f:d8:e1:8b:ca:2f:ad:04:6e:78:
         da:52:15:4e:83:eb:6f:66:6a:f7:4e:1c:33:19:08:05:40:57:
         0f:3e:31:62:ec:94:ad:f7:fc:27:54:a0:7f:df:ee:3a:42:04:
         b0:37:36:41:e4:97:e7:30:b7:4b:d9:5a:a4:52:35:14:bd:a3:
         29:98:90:0b:ec:a6:73:3a:fc:cf:3b:02:bc:b5:c1:36:38:d0:
         33:ec:8c:ec:25:a7:3e:b5:6f:29:73:8d:3f:e6:be:73:37:91:
         a6:eb:2d:04:20:b2:ec:b2:cd:7f:44:b1:b2:9d:b8:24:6b:07:
         ac:94:e3:50:45:e5:0b:d1:0f:25:2f:4c:3d:93:18:0e:7f:9b:
         37:58:c1:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIL9ogDJJIy0uyM49R2azb7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNjhlMWZiYTdiNDRhN2I2NjYyMzZiMjEyNTNkN2Q2MzYy
ZDBkODMwHhcNMjQwOTE5MjAyNTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ1MTVkYWUyZmI0YmM0YTQwYzQzZmViNmZiZDI5MmU2MTM2NGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJQ20lHnGwh/brleXoNxKu4aD2Bn
7NU3RkzWf3ByxBtfTvhuE8yXpfIXmCwZOlPidhUlOK+klgkHHjThP9tholBIsJT/
qO5TxnMeT8DOjKUfkkctn29Vzve6Gxutumh7L/TUYHoOm3dECmis083KMk6RB7vG
RxemqB19Bh6icJ247SIJR1RdLqpOtvPaEUXrdFDDCEW8oMAaeeh6E8I21W63t0ko
ARJUy2Cjl4afWENyGVfbEWWHKISXTTvT/UecGyznCVHTOF1JUh1M1IC8H7vN2QIs
6V2qQacm7LNJLItwVzhJExfZ8o2Ast8KmIBgF2qt1hc6A5jA9+XvHMaKpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJpFFdri+0vEpAxD/rb70pLmE2T3MB8GA1UdIwQY
MBaAFEto4funtEp7ZmI2shJT19Y2LQ2DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzJqaC02ZTBTbnRtWWpheUVsUFgxall0RFlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9mMTQwNzktNDExNC00YmVjLTg3OWMt
OGIwNmVjNTY0YTFiLzEvbWtVVjJ1TDdTOFNrREVQLXR2dlNrdVlUWlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9mMTQwNzktNDExNC00YmVjLTg3OWMtOGIwNmVjNTY0YTFi
LzEvUzJqaC02ZTBTbnRtWWpheUVsUFgxall0RFlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRHFAwQA
wpFyMA0GCSqGSIb3DQEBCwUAA4IBAQCI6ZOcBm0daqtciYH7VS/jBx/votDQVnXk
jSq/kH1k4fnXAju0pbVhDx/CPFcLsVOi5T3eGLrCQdq6pdSOSm4xrqlZQKW4BasX
pl+gdOvcpMoGam/p+gaS1ZrKSC1y918lSWs+bMHiTJZVCqAHgEhf3Vd6Lz/Y4YvK
L60EbnjaUhVOg+tvZmr3ThwzGQgFQFcPPjFi7JSt9/wnVKB/3+46QgSwNzZB5Jfn
MLdL2VqkUjUUvaMpmJAL7KZzOvzPOwK8tcE2ONAz7IzsJac+tW8pc40/5r5zN5Gm
6y0EILLsss1/RLGynbgkaweslONQReUL0Q8lL0w9kxgOf5s3WMHx
-----END CERTIFICATE-----