Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/DBhdVQnWbQeKdQzgQiCpHErXzhE.roa
File:                     DBhdVQnWbQeKdQzgQiCpHErXzhE.roa (raw, json)
Hash identifier:          ke+PE6qJEQ9z2GmlNhQtn8qkPU8ewvFXiEh0aYxuqOo=
Subject key identifier:   0C:18:5D:55:09:D6:6D:07:8A:75:0C:E0:42:20:A9:1C:4A:D7:CE:11
Certificate issuer:       /CN=f7e5647cd0b7f722bed4569f37b8bf8f92538cf5
Certificate serial:       01942067C5A77F7B3AD21E481E909C43161B
Authority key identifier: F7:E5:64:7C:D0:B7:F7:22:BE:D4:56:9F:37:B8:BF:8F:92:53:8C:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/DBhdVQnWbQeKdQzgQiCpHErXzhE.roa
Signing time:             Wed 01 Jan 2025 05:47:39 +0000
ROA not before:           Wed 01 Jan 2025 05:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57033
IP address blocks:        193.106.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c5:a7:7f:7b:3a:d2:1e:48:1e:90:9c:43:16:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7e5647cd0b7f722bed4569f37b8bf8f92538cf5
        Validity
            Not Before: Jan  1 05:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c185d5509d66d078a750ce04220a91c4ad7ce11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:68:b7:47:0f:28:d8:cb:a6:ad:c4:94:30:6d:
                    c6:d0:04:dc:80:89:91:63:eb:9d:bf:ff:8f:d0:cf:
                    0a:86:9b:2e:27:be:be:a9:ba:ca:13:51:c5:a8:2b:
                    15:99:92:b9:d5:6f:5e:5c:b9:0b:d9:44:5b:43:5b:
                    6c:15:bb:01:e7:f8:d3:48:4a:77:1f:7d:53:af:af:
                    08:23:fc:f9:f5:4a:56:cd:1b:1e:95:82:f8:72:8d:
                    d0:db:7f:13:bd:9b:83:6a:fc:e3:48:99:dd:04:71:
                    c9:66:d7:3e:3b:fa:63:ef:54:9f:bd:90:79:40:d8:
                    25:42:f5:29:d4:56:68:6e:81:cd:af:df:b2:18:01:
                    b3:32:10:5d:a2:cd:09:93:c2:77:2b:09:d2:db:ba:
                    0a:11:a2:65:ad:4e:96:8a:74:69:18:a5:37:4c:58:
                    a3:f0:25:7d:4f:ed:e9:e0:a3:4a:08:e5:4c:9c:92:
                    16:27:40:74:17:ed:e6:4b:62:96:99:b1:7a:73:3d:
                    eb:af:15:a0:3c:2a:df:bf:9f:4c:d4:98:0a:27:1f:
                    30:83:8c:62:b6:cf:aa:1f:b4:df:90:dc:fd:14:47:
                    2b:85:6a:0d:cc:a2:5c:a9:44:e9:73:ed:48:da:4e:
                    01:29:8e:bf:32:aa:f6:a9:f5:a8:ed:14:09:a3:8b:
                    83:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:18:5D:55:09:D6:6D:07:8A:75:0C:E0:42:20:A9:1C:4A:D7:CE:11
            X509v3 Authority Key Identifier:
                keyid:F7:E5:64:7C:D0:B7:F7:22:BE:D4:56:9F:37:B8:BF:8F:92:53:8C:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/DBhdVQnWbQeKdQzgQiCpHErXzhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:28:72:b5:59:da:c7:74:e3:f3:43:d7:c7:08:96:c3:5c:69:
         54:b3:db:b0:ac:49:ca:22:eb:43:99:41:df:d0:65:ae:73:fd:
         5f:ab:65:ff:22:f2:26:8c:0d:58:b0:74:41:ba:b8:c9:37:3f:
         08:25:7d:14:5a:44:69:54:29:19:5d:79:fa:48:17:ef:37:c5:
         28:54:4d:38:ea:8c:8d:4a:e0:e9:e5:d5:46:7c:f5:9f:a5:94:
         8a:30:6f:c9:14:11:dc:eb:a6:a6:4e:ae:3d:39:89:23:1b:56:
         c8:ca:5d:cb:98:a9:8f:a1:a0:e6:ad:87:7b:58:bd:0c:02:6d:
         64:16:85:c3:f1:d2:fe:a1:6e:6a:54:ec:11:7a:c3:56:0e:83:
         cc:50:b3:e4:ae:7d:44:ef:79:bc:7c:6c:7c:30:9a:e9:c6:42:
         d8:06:dd:bf:c9:b9:d6:22:98:23:cf:92:c5:1f:0c:4e:34:22:
         2e:c9:3e:5e:2e:63:fb:05:03:3e:82:c7:a3:f1:58:a7:39:fe:
         77:12:c3:bf:c5:b0:a1:a5:11:4a:6e:21:af:0f:35:09:52:56:
         98:93:57:e2:7a:44:c3:a1:5a:89:97:14:9e:f6:20:24:7b:9e:
         9c:91:0b:0b:d1:ea:db:dc:76:1f:9e:65:54:cf:ec:a5:c0:41:
         0d:cc:bf:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8Wnf3s60h5IHpCcQxYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZTU2NDdjZDBiN2Y3MjJiZWQ0NTY5ZjM3YjhiZjhmOTI1
MzhjZjUwHhcNMjUwMTAxMDU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzE4NWQ1NTA5ZDY2ZDA3OGE3NTBjZTA0MjIwYTkxYzRhZDdjZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2i3Rw8o2MumrcSUMG3G0ATcgImR
Y+udv/+P0M8KhpsuJ76+qbrKE1HFqCsVmZK51W9eXLkL2URbQ1tsFbsB5/jTSEp3
H31Tr68II/z59UpWzRselYL4co3Q238TvZuDavzjSJndBHHJZtc+O/pj71SfvZB5
QNglQvUp1FZoboHNr9+yGAGzMhBdos0Jk8J3KwnS27oKEaJlrU6WinRpGKU3TFij
8CV9T+3p4KNKCOVMnJIWJ0B0F+3mS2KWmbF6cz3rrxWgPCrfv59M1JgKJx8wg4xi
ts+qH7TfkNz9FEcrhWoNzKJcqUTpc+1I2k4BKY6/Mqr2qfWo7RQJo4uD5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAwYXVUJ1m0HinUM4EIgqRxK184RMB8GA1UdIwQY
MBaAFPflZHzQt/civtRWnze4v4+SU4z1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOS1Wa2ZOQzM5eUstMUZhZk43aV9qNUpUalBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9mOTA4MmItY2JhMy00ZmJjLWFkYTIt
ZGYwNjM3NjdjM2Y2LzEvREJoZFZRbldiUWVLZFF6Z1FpQ3BIRXJYemhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9mOTA4MmItY2JhMy00ZmJjLWFkYTItZGYwNjM3NjdjM2Y2
LzEvOS1Wa2ZOQzM5eUstMUZhZk43aV9qNUpUalBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWpCMA0G
CSqGSIb3DQEBCwUAA4IBAQACKHK1WdrHdOPzQ9fHCJbDXGlUs9uwrEnKIutDmUHf
0GWuc/1fq2X/IvImjA1YsHRBurjJNz8IJX0UWkRpVCkZXXn6SBfvN8UoVE046oyN
SuDp5dVGfPWfpZSKMG/JFBHc66amTq49OYkjG1bIyl3LmKmPoaDmrYd7WL0MAm1k
FoXD8dL+oW5qVOwResNWDoPMULPkrn1E73m8fGx8MJrpxkLYBt2/ybnWIpgjz5LF
HwxONCIuyT5eLmP7BQM+gsej8VinOf53EsO/xbChpRFKbiGvDzUJUlaYk1fiekTD
oVqJlxSe9iAke56ckQsL0erb3HYfnmVUz+ylwEENzL/X
-----END CERTIFICATE-----