Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/d77a60-1227-4de7-97bb-410061e3576a/1/blyZeWce4rBJhg8ME28pqKDnfCo.roa
File:                     blyZeWce4rBJhg8ME28pqKDnfCo.roa (raw, json)
Hash identifier:          pmP+XETNQkgSAUy5VzGeDOXPtY/M0adsiUhjlBBfT5Y=
Subject key identifier:   6E:5C:99:79:67:1E:E2:B0:49:86:0F:0C:13:6F:29:A8:A0:E7:7C:2A
Certificate issuer:       /CN=96eab19bec222c705a1eb03a80df341539d97f14
Certificate serial:       019423D8019D41D47E39E559622CBB20CAD6
Authority key identifier: 96:EA:B1:9B:EC:22:2C:70:5A:1E:B0:3A:80:DF:34:15:39:D9:7F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/luqxm-wiLHBaHrA6gN80FTnZfxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/d77a60-1227-4de7-97bb-410061e3576a/1/blyZeWce4rBJhg8ME28pqKDnfCo.roa
Signing time:             Wed 01 Jan 2025 21:49:06 +0000
ROA not before:           Wed 01 Jan 2025 21:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        193.202.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/d77a60-1227-4de7-97bb-410061e3576a/1/luqxm-wiLHBaHrA6gN80FTnZfxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/d77a60-1227-4de7-97bb-410061e3576a/1/luqxm-wiLHBaHrA6gN80FTnZfxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/luqxm-wiLHBaHrA6gN80FTnZfxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d8:01:9d:41:d4:7e:39:e5:59:62:2c:bb:20:ca:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96eab19bec222c705a1eb03a80df341539d97f14
        Validity
            Not Before: Jan  1 21:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e5c9979671ee2b049860f0c136f29a8a0e77c2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:92:a6:60:70:1d:69:99:92:cd:b3:35:1e:17:
                    f3:c5:d3:18:31:ef:91:11:84:d6:24:18:99:59:ac:
                    75:1c:d1:f5:e5:b1:76:c5:1b:42:a6:82:df:50:0b:
                    48:61:e7:b9:fb:0a:00:2f:f5:76:b1:be:65:d3:7f:
                    6a:17:e1:c1:02:96:04:52:85:0c:42:a4:97:a2:e9:
                    a0:18:91:a8:69:1a:5e:7e:9e:28:5c:f5:99:04:ea:
                    77:9d:a9:e9:2f:65:b4:8c:db:6c:fc:d4:0b:01:6c:
                    79:e2:56:cb:02:63:6f:ff:d4:10:3d:5f:7e:5e:6e:
                    de:a0:40:f2:bd:5f:dc:dc:8b:a7:29:83:43:c6:f8:
                    29:48:cb:ff:20:3c:36:02:dd:5d:d9:ad:91:14:9a:
                    b7:04:c6:37:23:32:90:cb:95:4b:f8:01:7c:f5:59:
                    be:43:22:7b:4e:4b:e2:a4:60:68:4f:2c:01:13:04:
                    ff:39:d1:78:a0:63:ae:57:b2:2b:c4:ee:98:83:b8:
                    e8:1f:b8:ff:6f:fb:6f:09:ec:fe:b5:48:f8:5a:7c:
                    55:48:c9:96:0f:40:c3:77:f5:e1:45:6e:98:2b:f1:
                    14:80:3d:c6:01:31:37:ec:93:65:6b:81:f1:1f:e6:
                    cd:47:43:c5:f4:c7:b6:5f:21:50:71:db:b2:32:2f:
                    22:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5C:99:79:67:1E:E2:B0:49:86:0F:0C:13:6F:29:A8:A0:E7:7C:2A
            X509v3 Authority Key Identifier:
                keyid:96:EA:B1:9B:EC:22:2C:70:5A:1E:B0:3A:80:DF:34:15:39:D9:7F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/luqxm-wiLHBaHrA6gN80FTnZfxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d77a60-1227-4de7-97bb-410061e3576a/1/blyZeWce4rBJhg8ME28pqKDnfCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/d77a60-1227-4de7-97bb-410061e3576a/1/luqxm-wiLHBaHrA6gN80FTnZfxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:3d:9f:44:0b:a4:ca:0d:75:4f:81:25:99:89:a5:c0:58:df:
         04:90:ef:0a:0d:0e:e3:a2:2e:56:33:d8:71:c7:06:e2:37:42:
         a5:c8:77:af:19:5e:c4:38:a8:33:fd:97:d7:a8:85:e7:21:80:
         61:f3:e7:2e:74:3f:9a:2a:19:4d:93:70:ee:d5:01:33:85:9f:
         f0:d5:c9:27:23:af:4d:b9:ac:33:7d:ea:9f:9a:d7:d8:70:74:
         67:3c:9e:2d:4e:1c:d2:b2:0b:21:aa:b7:bb:49:fc:f8:3e:29:
         bd:5e:cb:4a:b6:e9:41:d4:0d:6f:6e:9e:92:9c:d8:78:f1:64:
         6c:da:00:01:f3:d4:4a:5f:cd:15:01:5e:e2:1a:9d:8a:cd:57:
         35:7d:cb:ee:b0:64:89:ca:27:da:87:a0:94:1f:8f:44:35:f2:
         b4:d7:44:5a:ec:10:9d:43:a6:f9:19:7c:57:b0:1c:77:97:b2:
         bf:94:1d:ae:51:bc:30:e5:66:7b:04:4f:f3:e3:e2:87:d9:79:
         85:ce:80:4e:3c:69:78:72:79:68:6c:8b:05:98:57:2b:0e:e3:
         ee:cb:95:83:ed:46:ee:b2:ec:f1:b1:bf:ce:a5:ed:7a:34:58:
         04:37:7d:32:e8:17:e3:cf:9d:17:d2:74:cb:d3:be:d6:dc:4e:
         a5:56:20:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj2AGdQdR+OeVZYiy7IMrWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZWFiMTliZWMyMjJjNzA1YTFlYjAzYTgwZGYzNDE1Mzlk
OTdmMTQwHhcNMjUwMTAxMjE0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTVjOTk3OTY3MWVlMmIwNDk4NjBmMGMxMzZmMjlhOGEwZTc3YzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZKmYHAdaZmSzbM1HhfzxdMYMe+R
EYTWJBiZWax1HNH15bF2xRtCpoLfUAtIYee5+woAL/V2sb5l039qF+HBApYEUoUM
QqSXoumgGJGoaRpefp4oXPWZBOp3nanpL2W0jNts/NQLAWx54lbLAmNv/9QQPV9+
Xm7eoEDyvV/c3IunKYNDxvgpSMv/IDw2At1d2a2RFJq3BMY3IzKQy5VL+AF89Vm+
QyJ7TkvipGBoTywBEwT/OdF4oGOuV7IrxO6Yg7joH7j/b/tvCez+tUj4WnxVSMmW
D0DDd/XhRW6YK/EUgD3GATE37JNla4HxH+bNR0PF9Me2XyFQcduyMi8inQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG5cmXlnHuKwSYYPDBNvKaig53wqMB8GA1UdIwQY
MBaAFJbqsZvsIixwWh6wOoDfNBU52X8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHVxeG0td2lMSEJhSHJBNmdOODBGVG5aZnhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9kNzdhNjAtMTIyNy00ZGU3LTk3YmIt
NDEwMDYxZTM1NzZhLzEvYmx5WmVXY2U0ckJKaGc4TUUyOHBxS0RuZkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9kNzdhNjAtMTIyNy00ZGU3LTk3YmItNDEwMDYxZTM1NzZh
LzEvbHVxeG0td2lMSEJhSHJBNmdOODBGVG5aZnhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcp3MA0G
CSqGSIb3DQEBCwUAA4IBAQDMPZ9EC6TKDXVPgSWZiaXAWN8EkO8KDQ7joi5WM9hx
xwbiN0KlyHevGV7EOKgz/ZfXqIXnIYBh8+cudD+aKhlNk3Du1QEzhZ/w1cknI69N
uawzfeqfmtfYcHRnPJ4tThzSsgshqre7Sfz4Pim9XstKtulB1A1vbp6SnNh48WRs
2gAB89RKX80VAV7iGp2KzVc1fcvusGSJyifah6CUH49ENfK010Ra7BCdQ6b5GXxX
sBx3l7K/lB2uUbww5WZ7BE/z4+KH2XmFzoBOPGl4cnlobIsFmFcrDuPuy5WD7Ubu
suzxsb/Ope16NFgEN30y6Bfjz50X0nTL077W3E6lViC1
-----END CERTIFICATE-----