Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/q9zEIJSyiAtted-qK0IC2QOIvVc.roa
File:                     q9zEIJSyiAtted-qK0IC2QOIvVc.roa (raw, json)
Hash identifier:          Dw02XDclSknqFZSzdcVjqUMXTqYYIsr90SDwtwPQEIs=
Subject key identifier:   AB:DC:C4:20:94:B2:88:0B:6D:79:DF:AA:2B:42:02:D9:03:88:BD:57
Certificate issuer:       /CN=5afd8667cce95be0ae96058c4550d7088035312f
Certificate serial:       01941FFA1418B77C487EA434EA8D34784195
Authority key identifier: 5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/q9zEIJSyiAtted-qK0IC2QOIvVc.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        193.3.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:14:18:b7:7c:48:7e:a4:34:ea:8d:34:78:41:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5afd8667cce95be0ae96058c4550d7088035312f
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abdcc42094b2880b6d79dfaa2b4202d90388bd57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:22:0f:1a:85:cc:36:7c:16:8d:d2:a1:40:ec:
                    fd:73:eb:5b:1e:25:f4:11:ed:3d:ac:cc:58:91:2b:
                    bd:d1:d4:fb:95:df:92:73:14:63:7c:a1:30:2b:bb:
                    38:9f:01:95:95:9d:e5:65:8e:cd:21:66:3c:11:c7:
                    80:19:06:59:bc:a5:63:54:98:3a:fb:9c:0e:98:93:
                    32:4f:5c:a7:a4:cb:dc:8b:e4:9f:52:d5:59:4c:43:
                    02:61:6e:b0:44:e9:5f:d0:3e:ae:6e:c6:d1:58:f1:
                    df:c0:ca:ad:57:51:54:47:e1:d6:e7:6e:9d:23:26:
                    41:e7:19:10:66:43:b7:48:98:8f:0a:03:87:f1:d2:
                    d0:42:56:ef:d6:7d:8a:07:df:fb:92:57:5d:dc:42:
                    78:6a:16:45:1f:c4:89:73:26:f5:a0:de:d2:66:87:
                    69:a1:6c:a2:11:d0:d0:a0:a4:69:13:ed:80:9b:99:
                    4b:f1:29:67:32:81:20:a0:e6:85:d2:81:5d:7a:6c:
                    fb:96:c1:b0:ef:c7:a9:47:d2:e7:af:61:42:d2:d8:
                    da:fe:01:01:37:78:6a:50:13:53:11:3b:3e:e5:b7:
                    2a:14:b0:93:5a:4e:1c:7a:27:ab:9c:34:c3:38:d2:
                    ce:74:4d:93:3c:8f:70:46:a7:a1:57:17:b8:bd:93:
                    01:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DC:C4:20:94:B2:88:0B:6D:79:DF:AA:2B:42:02:D9:03:88:BD:57
            X509v3 Authority Key Identifier:
                keyid:5A:FD:86:67:CC:E9:5B:E0:AE:96:05:8C:45:50:D7:08:80:35:31:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/q9zEIJSyiAtted-qK0IC2QOIvVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/aacb0a-cf64-4e75-a9df-249ac773c282/1/Wv2GZ8zpW-CulgWMRVDXCIA1MS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:52:c0:31:f3:ae:55:d0:d3:da:04:3d:31:e8:88:e1:4f:31:
         3f:c8:c5:48:29:ee:86:c2:af:04:8a:22:25:bd:54:9b:30:ad:
         7e:1e:2e:fa:41:00:51:9e:4e:d7:76:0f:c1:e3:03:de:81:0d:
         cd:e7:4c:5e:ad:ca:11:6f:b0:13:fd:bf:75:dc:cf:1a:2e:e6:
         35:81:5c:8b:d3:00:2d:2f:4d:4d:de:9f:bf:18:d9:83:b3:36:
         6e:32:f3:f2:e3:fe:84:cf:61:cd:de:06:69:57:6c:68:18:d5:
         dd:e0:39:e5:fd:14:e9:05:7a:d6:59:32:c1:40:d5:95:be:c2:
         dd:96:5c:19:bd:bb:f0:91:6f:85:52:33:6e:f4:8a:5c:ad:00:
         21:6b:00:fc:c1:57:14:e6:6f:36:f1:9c:94:54:ed:df:7c:ca:
         d2:a8:06:75:eb:e8:8e:1c:9b:27:cf:09:fb:4a:99:3f:02:1b:
         de:93:5f:80:9c:a7:c6:5c:4c:0c:d1:41:ed:44:c3:16:a2:33:
         c8:a8:ff:d8:0d:bc:42:1e:7a:f2:85:55:19:8d:fb:4c:62:5a:
         1c:4d:ae:96:95:ae:9f:be:7f:fc:b6:b4:4f:29:54:1f:07:97:
         0b:1b:b1:b5:98:e2:62:ff:8b:6c:7e:04:5a:8e:62:c1:74:2b:
         ce:ac:26:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hQYt3xIfqQ06o00eEGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZmQ4NjY3Y2NlOTViZTBhZTk2MDU4YzQ1NTBkNzA4ODAz
NTMxMmYwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmRjYzQyMDk0YjI4ODBiNmQ3OWRmYWEyYjQyMDJkOTAzODhiZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSIPGoXMNnwWjdKhQOz9c+tbHiX0
Ee09rMxYkSu90dT7ld+ScxRjfKEwK7s4nwGVlZ3lZY7NIWY8EceAGQZZvKVjVJg6
+5wOmJMyT1ynpMvci+SfUtVZTEMCYW6wROlf0D6ubsbRWPHfwMqtV1FUR+HW526d
IyZB5xkQZkO3SJiPCgOH8dLQQlbv1n2KB9/7kldd3EJ4ahZFH8SJcyb1oN7SZodp
oWyiEdDQoKRpE+2Am5lL8SlnMoEgoOaF0oFdemz7lsGw78epR9Lnr2FC0tja/gEB
N3hqUBNTETs+5bcqFLCTWk4ceiernDTDONLOdE2TPI9wRqehVxe4vZMBxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvcxCCUsogLbXnfqitCAtkDiL1XMB8GA1UdIwQY
MBaAFFr9hmfM6VvgrpYFjEVQ1wiANTEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYt
MjQ5YWM3NzNjMjgyLzEvcTl6RUlKU3lpQXR0ZWQtcUswSUMyUU9JdlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9hYWNiMGEtY2Y2NC00ZTc1LWE5ZGYtMjQ5YWM3NzNjMjgy
LzEvV3YyR1o4enBXLUN1bGdXTVJWRFhDSUExTVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMuMA0G
CSqGSIb3DQEBCwUAA4IBAQCXUsAx865V0NPaBD0x6IjhTzE/yMVIKe6Gwq8EiiIl
vVSbMK1+Hi76QQBRnk7Xdg/B4wPegQ3N50xercoRb7AT/b913M8aLuY1gVyL0wAt
L01N3p+/GNmDszZuMvPy4/6Ez2HN3gZpV2xoGNXd4Dnl/RTpBXrWWTLBQNWVvsLd
llwZvbvwkW+FUjNu9IpcrQAhawD8wVcU5m828ZyUVO3ffMrSqAZ16+iOHJsnzwn7
Spk/Ahvek1+AnKfGXEwM0UHtRMMWojPIqP/YDbxCHnryhVUZjftMYlocTa6Wla6f
vn/8trRPKVQfB5cLG7G1mOJi/4tsfgRajmLBdCvOrCYE
-----END CERTIFICATE-----