Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/O93k6bKhYCgLqm1pwPcFwndFJfc.roa
File:                     O93k6bKhYCgLqm1pwPcFwndFJfc.roa (raw, json)
Hash identifier:          mGQ92ARMuHfH2tnd6YZOf6zGRFHFURqcW968Yoazf28=
Subject key identifier:   3B:DD:E4:E9:B2:A1:60:28:0B:AA:6D:69:C0:F7:05:C2:77:45:25:F7
Certificate issuer:       /CN=c5224ea45d081d402ffd6bf4dd95e3ff6f2dc481
Certificate serial:       01941F8C1F2E542E756499271E9796E806DB
Authority key identifier: C5:22:4E:A4:5D:08:1D:40:2F:FD:6B:F4:DD:95:E3:FF:6F:2D:C4:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xSJOpF0IHUAv_Wv03ZXj_28txIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/O93k6bKhYCgLqm1pwPcFwndFJfc.roa
Signing time:             Wed 01 Jan 2025 01:47:44 +0000
ROA not before:           Wed 01 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        193.43.27.0/24 maxlen: 24
                          2001:67c:168::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/xSJOpF0IHUAv_Wv03ZXj_28txIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/xSJOpF0IHUAv_Wv03ZXj_28txIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xSJOpF0IHUAv_Wv03ZXj_28txIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:1f:2e:54:2e:75:64:99:27:1e:97:96:e8:06:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5224ea45d081d402ffd6bf4dd95e3ff6f2dc481
        Validity
            Not Before: Jan  1 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bdde4e9b2a160280baa6d69c0f705c2774525f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4e:95:53:37:be:55:62:26:57:69:34:8a:1e:
                    06:f2:a0:db:a1:7e:af:1e:1b:80:0f:74:17:de:5f:
                    1d:8c:84:54:30:72:df:0c:18:1f:66:f3:7d:58:0a:
                    45:e7:0b:05:09:06:db:25:b5:51:2f:1a:dd:84:a9:
                    fe:71:0e:df:a2:64:bb:f0:4f:78:44:66:91:8f:6a:
                    45:7a:8e:73:98:e4:4a:0d:3f:81:15:f7:36:27:06:
                    a5:d6:a3:f3:0b:1d:0b:6d:e2:e8:97:b6:23:53:fa:
                    72:4f:76:69:fc:d1:68:5c:e3:83:52:d8:9e:58:15:
                    28:5a:7c:ba:a7:c9:8e:b3:4e:01:3c:c5:83:6a:7d:
                    03:e2:46:a7:24:da:8f:87:cc:46:c4:3f:b5:85:58:
                    85:82:54:7c:13:3d:1b:33:f0:be:12:1c:76:f6:44:
                    f7:fb:ce:d5:c9:ad:e1:73:57:51:0b:df:81:90:e1:
                    93:ab:36:66:41:75:1c:84:88:91:d0:06:ff:92:b5:
                    6d:07:41:73:26:22:38:b2:bf:d7:62:38:20:48:59:
                    cf:16:90:97:fe:81:23:4c:51:0f:4d:0b:fa:09:e5:
                    e3:96:ee:23:82:d5:a9:4c:47:07:0c:da:ed:69:1b:
                    8b:77:bd:9d:1f:eb:13:30:b8:7b:19:ca:20:ca:db:
                    ee:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:DD:E4:E9:B2:A1:60:28:0B:AA:6D:69:C0:F7:05:C2:77:45:25:F7
            X509v3 Authority Key Identifier:
                keyid:C5:22:4E:A4:5D:08:1D:40:2F:FD:6B:F4:DD:95:E3:FF:6F:2D:C4:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xSJOpF0IHUAv_Wv03ZXj_28txIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/O93k6bKhYCgLqm1pwPcFwndFJfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/8154e3-286b-46a3-b8a5-52356cd5da90/1/xSJOpF0IHUAv_Wv03ZXj_28txIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.27.0/24
                IPv6:
                  2001:67c:168::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:48:00:cf:6c:8f:a8:a1:84:dc:ac:11:26:bd:7c:0b:bc:55:
         97:7e:ed:11:2d:a1:1b:f1:97:7f:2a:f7:04:89:de:78:15:8d:
         40:39:c8:cc:84:58:9f:7f:5b:9e:8a:83:ca:66:88:ac:bf:c9:
         6c:b5:ca:52:e3:56:54:67:36:3b:e7:d4:db:45:09:26:15:01:
         64:4d:6c:b1:1a:9b:ec:69:28:c1:6e:9b:93:de:b8:e3:0a:5b:
         e1:03:2c:39:59:e4:c3:cc:6a:7a:2c:39:87:42:4f:4f:f2:ee:
         a5:44:8b:09:e7:b6:00:da:b4:98:f1:b2:a8:04:c8:43:47:fe:
         1b:9a:04:bd:98:37:d6:a6:ee:0f:c6:dd:0f:02:8e:80:84:10:
         e4:26:76:8a:f2:25:5c:ca:be:8f:1f:19:de:b5:47:d6:7a:f5:
         e4:15:b8:9e:56:cb:47:a8:d0:da:aa:2b:e1:10:e9:e8:ca:6d:
         dc:be:e0:cd:10:5a:14:cd:a4:dd:aa:2a:6c:60:64:2c:de:19:
         e5:7d:7e:b0:2f:0d:b0:bc:ab:5b:1a:c9:12:fd:d6:e0:9a:eb:
         0c:65:06:86:b2:e6:84:78:19:ce:4e:bc:ed:96:b8:5a:2f:21:
         dc:fa:dd:a9:af:17:c9:55:73:32:5d:0b:6d:5e:84:eb:bf:78:
         be:27:77:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjB8uVC51ZJknHpeW6AbbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MjI0ZWE0NWQwODFkNDAyZmZkNmJmNGRkOTVlM2ZmNmYy
ZGM0ODEwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmRkZTRlOWIyYTE2MDI4MGJhYTZkNjljMGY3MDVjMjc3NDUyNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0U6VUze+VWImV2k0ih4G8qDboX6v
HhuAD3QX3l8djIRUMHLfDBgfZvN9WApF5wsFCQbbJbVRLxrdhKn+cQ7fomS78E94
RGaRj2pFeo5zmORKDT+BFfc2Jwal1qPzCx0LbeLol7YjU/pyT3Zp/NFoXOODUtie
WBUoWny6p8mOs04BPMWDan0D4kanJNqPh8xGxD+1hViFglR8Ez0bM/C+Ehx29kT3
+87Vya3hc1dRC9+BkOGTqzZmQXUchIiR0Ab/krVtB0FzJiI4sr/XYjggSFnPFpCX
/oEjTFEPTQv6CeXjlu4jgtWpTEcHDNrtaRuLd72dH+sTMLh7GcogytvuCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDvd5OmyoWAoC6ptacD3BcJ3RSX3MB8GA1UdIwQY
MBaAFMUiTqRdCB1AL/1r9N2V4/9vLcSBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFNKT3BGMElIVUF2X1d2MDNaWGpfMjh0eElFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy84MTU0ZTMtMjg2Yi00NmEzLWI4YTUt
NTIzNTZjZDVkYTkwLzEvTzkzazZiS2hZQ2dMcW0xcHdQY0Z3bmRGSmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy84MTU0ZTMtMjg2Yi00NmEzLWI4YTUtNTIzNTZjZDVkYTkw
LzEveFNKT3BGMElIVUF2X1d2MDNaWGpfMjh0eElFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSsbMA8E
AgACMAkDBwAgAQZ8AWgwDQYJKoZIhvcNAQELBQADggEBAKxIAM9sj6ihhNysESa9
fAu8VZd+7REtoRvxl38q9wSJ3ngVjUA5yMyEWJ9/W56Kg8pmiKy/yWy1ylLjVlRn
Njvn1NtFCSYVAWRNbLEam+xpKMFum5PeuOMKW+EDLDlZ5MPManosOYdCT0/y7qVE
iwnntgDatJjxsqgEyENH/huaBL2YN9am7g/G3Q8CjoCEEOQmdoryJVzKvo8fGd61
R9Z69eQVuJ5Wy0eo0NqqK+EQ6ejKbdy+4M0QWhTNpN2qKmxgZCzeGeV9frAvDbC8
q1sayRL91uCa6wxlBoay5oR4Gc5OvO2WuFovIdz63amvF8lVczJdC21ehOu/eL4n
d3s=
-----END CERTIFICATE-----