Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b1e63b-01ab-4c05-84a7-45e1c77a18c0/1/cKLVURSgkoMYO4wy8vne_qwgRmg.roa
File:                     cKLVURSgkoMYO4wy8vne_qwgRmg.roa (raw, json)
Hash identifier:          SnmmNcbbOM0qBXdozd7WzP3UhHfxrlR5ILW9dCCKUpI=
Subject key identifier:   70:A2:D5:51:14:A0:92:83:18:3B:8C:32:F2:F9:DE:FE:AC:20:46:68
Certificate issuer:       /CN=71d39d6c50dd309ee9286c302dfb15245bdbaf23
Certificate serial:       019423695F92B146D1FCC2A1C3F81D7498E2
Authority key identifier: 71:D3:9D:6C:50:DD:30:9E:E9:28:6C:30:2D:FB:15:24:5B:DB:AF:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdOdbFDdMJ7pKGwwLfsVJFvbryM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b1e63b-01ab-4c05-84a7-45e1c77a18c0/1/cKLVURSgkoMYO4wy8vne_qwgRmg.roa
Signing time:             Wed 01 Jan 2025 19:48:15 +0000
ROA not before:           Wed 01 Jan 2025 19:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58333
IP address blocks:        193.35.62.0/24 maxlen: 24
                          193.222.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b1e63b-01ab-4c05-84a7-45e1c77a18c0/1/cdOdbFDdMJ7pKGwwLfsVJFvbryM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b1e63b-01ab-4c05-84a7-45e1c77a18c0/1/cdOdbFDdMJ7pKGwwLfsVJFvbryM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cdOdbFDdMJ7pKGwwLfsVJFvbryM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:5f:92:b1:46:d1:fc:c2:a1:c3:f8:1d:74:98:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d39d6c50dd309ee9286c302dfb15245bdbaf23
        Validity
            Not Before: Jan  1 19:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70a2d55114a09283183b8c32f2f9defeac204668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:38:6e:e2:00:eb:14:6c:68:32:6f:d4:5b:3b:
                    a8:23:5b:82:7f:2d:93:f5:e8:0f:c4:e9:d3:ca:1e:
                    b2:6f:66:28:d3:00:13:04:1d:91:38:16:72:61:28:
                    77:c8:86:21:ea:92:75:38:d1:b4:84:d2:94:57:39:
                    39:95:98:a4:fa:39:59:53:61:36:4c:11:c2:4d:17:
                    67:53:75:d4:11:60:be:ba:5f:6f:cb:78:bf:28:e8:
                    2b:ca:b0:d7:99:20:d5:1d:6b:d2:8a:f5:f1:60:69:
                    dd:5a:21:d2:02:dc:fa:9d:86:b5:4c:e2:40:8f:29:
                    a5:4a:05:93:8a:9d:2f:62:55:e9:55:d4:de:d7:64:
                    05:bb:a7:22:f1:25:a0:b1:de:0f:38:06:11:8f:6c:
                    14:34:11:16:b4:ec:84:1e:d5:85:dd:44:7d:fa:c1:
                    50:f7:e6:c4:12:51:a4:8a:96:4e:d2:e7:db:f5:24:
                    12:81:7f:b7:76:c8:b7:b2:e2:11:c4:f7:40:eb:57:
                    5a:21:a5:d5:fa:2d:fc:c0:1d:a3:f6:11:98:db:3f:
                    be:81:f5:27:92:4c:d0:b9:ce:09:bb:c0:98:e3:47:
                    9f:13:e6:fb:ed:b3:aa:45:a4:f7:0f:e8:37:d1:68:
                    a9:1e:f6:70:d8:ba:15:f4:be:b1:a4:d1:d7:b6:e1:
                    60:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:A2:D5:51:14:A0:92:83:18:3B:8C:32:F2:F9:DE:FE:AC:20:46:68
            X509v3 Authority Key Identifier:
                keyid:71:D3:9D:6C:50:DD:30:9E:E9:28:6C:30:2D:FB:15:24:5B:DB:AF:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdOdbFDdMJ7pKGwwLfsVJFvbryM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b1e63b-01ab-4c05-84a7-45e1c77a18c0/1/cKLVURSgkoMYO4wy8vne_qwgRmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b1e63b-01ab-4c05-84a7-45e1c77a18c0/1/cdOdbFDdMJ7pKGwwLfsVJFvbryM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.62.0/24
                  193.222.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:7f:68:da:de:a9:94:20:9e:a8:09:db:5f:78:61:60:7b:ef:
         c8:17:2e:fb:36:28:59:a1:05:83:66:0c:39:22:04:3e:10:a1:
         8c:0a:c5:0e:16:89:dd:b9:9a:4f:f3:09:69:bf:b1:89:d2:c5:
         36:84:54:e2:2b:0d:c0:cc:d3:98:ea:b7:18:f2:8f:25:e2:9b:
         3e:71:d5:6f:36:d6:f0:55:79:d5:87:3a:1e:ed:88:e2:7f:c5:
         78:e8:f8:e0:fe:45:16:ae:ae:61:f8:f2:b3:b6:6c:4d:6c:63:
         04:3e:e2:47:d5:30:7e:18:d5:c7:57:6d:d9:36:36:58:1f:c3:
         0b:11:ce:ba:a1:3f:b4:a8:77:92:98:8d:fc:44:bc:c7:af:8d:
         f8:6e:d8:cb:0a:3a:e7:5e:55:ee:b8:01:74:42:8f:af:3e:bd:
         e1:55:cd:04:81:4d:fc:fe:b6:a8:ca:51:4b:c1:ad:4b:b7:44:
         45:13:c9:bc:7d:7f:8e:d0:5f:37:92:40:02:35:e9:8f:c2:c5:
         8a:bd:33:b9:15:17:83:13:29:1d:75:87:ff:71:d5:ee:6f:80:
         ce:ff:0c:66:98:36:6d:a9:84:aa:de:44:e3:a1:6a:1d:4a:c9:
         73:a8:47:91:7c:b2:b8:27:11:b8:28:8d:14:87:92:75:b0:b2:
         bb:45:70:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjaV+SsUbR/MKhw/gddJjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZDM5ZDZjNTBkZDMwOWVlOTI4NmMzMDJkZmIxNTI0NWJk
YmFmMjMwHhcNMjUwMTAxMTk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGEyZDU1MTE0YTA5MjgzMTgzYjhjMzJmMmY5ZGVmZWFjMjA0NjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuThu4gDrFGxoMm/UWzuoI1uCfy2T
9egPxOnTyh6yb2Yo0wATBB2ROBZyYSh3yIYh6pJ1ONG0hNKUVzk5lZik+jlZU2E2
TBHCTRdnU3XUEWC+ul9vy3i/KOgryrDXmSDVHWvSivXxYGndWiHSAtz6nYa1TOJA
jymlSgWTip0vYlXpVdTe12QFu6ci8SWgsd4POAYRj2wUNBEWtOyEHtWF3UR9+sFQ
9+bEElGkipZO0ufb9SQSgX+3dsi3suIRxPdA61daIaXV+i38wB2j9hGY2z++gfUn
kkzQuc4Ju8CY40efE+b77bOqRaT3D+g30WipHvZw2LoV9L6xpNHXtuFgPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHCi1VEUoJKDGDuMMvL53v6sIEZoMB8GA1UdIwQY
MBaAFHHTnWxQ3TCe6ShsMC37FSRb268jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2RPZGJGRGRNSjdwS0d3d0xmc1ZKRnZicnlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iMWU2M2ItMDFhYi00YzA1LTg0YTct
NDVlMWM3N2ExOGMwLzEvY0tMVlVSU2drb01ZTzR3eTh2bmVfcXdnUm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iMWU2M2ItMDFhYi00YzA1LTg0YTctNDVlMWM3N2ExOGMw
LzEvY2RPZGJGRGRNSjdwS0d3d0xmc1ZKRnZicnlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSM+AwQA
wd4zMA0GCSqGSIb3DQEBCwUAA4IBAQCff2ja3qmUIJ6oCdtfeGFge+/IFy77NihZ
oQWDZgw5IgQ+EKGMCsUOFonduZpP8wlpv7GJ0sU2hFTiKw3AzNOY6rcY8o8l4ps+
cdVvNtbwVXnVhzoe7Yjif8V46Pjg/kUWrq5h+PKztmxNbGMEPuJH1TB+GNXHV23Z
NjZYH8MLEc66oT+0qHeSmI38RLzHr434btjLCjrnXlXuuAF0Qo+vPr3hVc0EgU38
/raoylFLwa1Lt0RFE8m8fX+O0F83kkACNemPwsWKvTO5FReDEykddYf/cdXub4DO
/wxmmDZtqYSq3kTjoWodSslzqEeRfLK4JxG4KI0Uh5J1sLK7RXAP
-----END CERTIFICATE-----