Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/b71af2-6697-4d07-adc5-1450efbd9e35/1/RyTD8ysj6_4VmnUX2OFrVA27p2U.roa
File:                     RyTD8ysj6_4VmnUX2OFrVA27p2U.roa (raw, json)
Hash identifier:          dgeC3fAtFGdk1IystX/d2Lto62C1ZW8Kifsbnvy1J74=
Subject key identifier:   47:24:C3:F3:2B:23:EB:FE:15:9A:75:17:D8:E1:6B:54:0D:BB:A7:65
Certificate issuer:       /CN=1a74f27702a62c6b627c5ea70b96fd2982364522
Certificate serial:       0194BD7EBA0C6ED8B3066624D25A84C4CBAD
Authority key identifier: 1A:74:F2:77:02:A6:2C:6B:62:7C:5E:A7:0B:96:FD:29:82:36:45:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GnTydwKmLGtifF6nC5b9KYI2RSI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/b71af2-6697-4d07-adc5-1450efbd9e35/1/RyTD8ysj6_4VmnUX2OFrVA27p2U.roa
Signing time:             Fri 31 Jan 2025 17:53:06 +0000
ROA not before:           Fri 31 Jan 2025 17:53:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44684
IP address blocks:        193.227.244.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/b71af2-6697-4d07-adc5-1450efbd9e35/1/GnTydwKmLGtifF6nC5b9KYI2RSI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/b71af2-6697-4d07-adc5-1450efbd9e35/1/GnTydwKmLGtifF6nC5b9KYI2RSI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GnTydwKmLGtifF6nC5b9KYI2RSI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bd:7e:ba:0c:6e:d8:b3:06:66:24:d2:5a:84:c4:cb:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a74f27702a62c6b627c5ea70b96fd2982364522
        Validity
            Not Before: Jan 31 17:53:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4724c3f32b23ebfe159a7517d8e16b540dbba765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:24:64:b7:5b:ee:96:2b:26:55:de:e5:df:93:
                    ce:ff:56:6a:51:af:09:68:fd:a5:1b:d9:fd:5d:5f:
                    d8:5a:33:ef:8e:bf:66:66:fe:bd:c8:f1:b5:e0:89:
                    94:72:e9:54:e0:2b:24:21:ab:87:47:bc:fd:4a:e0:
                    05:bb:1e:c8:00:fd:09:89:f7:45:df:74:fb:90:a5:
                    09:0f:b1:d0:7c:71:16:8e:99:e2:25:ad:45:14:8e:
                    04:f9:26:47:a5:16:c4:00:fd:75:bc:d6:54:d4:ac:
                    59:d4:50:28:b1:3d:69:82:9a:52:02:ba:90:10:98:
                    38:c2:c2:d6:4f:87:2b:95:e2:4b:0d:17:12:14:83:
                    49:82:58:a4:52:63:fe:34:e4:a6:86:da:34:d4:5e:
                    56:45:df:b0:a0:e0:c8:9e:87:e4:b7:b6:ac:ed:cf:
                    a3:c5:5f:d1:a3:25:4a:0d:1e:9b:42:f6:12:67:f6:
                    a5:95:13:f8:36:8a:81:a4:a5:71:a5:3b:bc:88:c4:
                    84:52:04:d4:b3:1a:6a:26:3e:71:bc:29:b5:e2:42:
                    fb:fc:5e:5c:07:e1:f6:7f:5b:6d:40:48:e6:0c:87:
                    29:60:8a:43:73:c6:8a:ca:51:54:16:de:d7:c0:84:
                    2c:ca:a4:8f:62:bf:71:c8:77:d6:46:29:1e:15:d5:
                    c3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:24:C3:F3:2B:23:EB:FE:15:9A:75:17:D8:E1:6B:54:0D:BB:A7:65
            X509v3 Authority Key Identifier:
                keyid:1A:74:F2:77:02:A6:2C:6B:62:7C:5E:A7:0B:96:FD:29:82:36:45:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GnTydwKmLGtifF6nC5b9KYI2RSI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b71af2-6697-4d07-adc5-1450efbd9e35/1/RyTD8ysj6_4VmnUX2OFrVA27p2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/b71af2-6697-4d07-adc5-1450efbd9e35/1/GnTydwKmLGtifF6nC5b9KYI2RSI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:99:09:e6:3b:f6:3d:ae:4b:f1:ef:c7:64:33:38:ed:1d:a5:
         08:7a:7a:38:cf:5c:c5:51:ae:7a:f5:77:39:72:c1:40:56:61:
         2c:05:9e:38:a9:71:c0:7d:5e:fc:f0:54:93:f4:35:4e:8c:d5:
         97:3d:bf:c1:c4:26:dc:6d:a2:18:f7:20:04:aa:17:a7:14:00:
         43:a2:93:21:a8:5a:a2:d5:49:68:91:fe:13:3a:4b:5c:4b:bd:
         9b:cc:31:30:ef:bc:67:db:b5:97:76:49:4c:1f:88:43:ff:e7:
         45:38:ef:07:c2:c2:62:b1:9c:37:02:21:f1:67:95:61:19:6e:
         af:77:5f:8c:ef:1a:60:70:d2:35:e2:b9:7d:63:e5:d4:f4:31:
         4a:05:a9:fd:72:6a:a0:49:b0:e2:20:71:59:f6:fb:0a:86:69:
         ed:83:d9:f5:a7:eb:fc:ee:1e:52:19:6c:a9:09:40:85:bb:07:
         ee:2c:62:cf:1c:54:5e:a1:b1:3f:bc:3b:7c:dc:64:83:ca:55:
         c6:59:86:47:ee:bb:e3:19:ad:37:95:e2:99:07:85:db:ab:67:
         4b:d1:8e:02:8a:0d:7e:e5:15:57:96:7d:cf:47:6d:b4:58:74:
         60:ba:e1:70:1b:86:80:59:c4:cd:c2:4f:99:a0:f3:79:6b:e5:
         fd:45:32:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS9froMbtizBmYk0lqExMutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNzRmMjc3MDJhNjJjNmI2MjdjNWVhNzBiOTZmZDI5ODIz
NjQ1MjIwHhcNMjUwMTMxMTc1MzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzI0YzNmMzJiMjNlYmZlMTU5YTc1MTdkOGUxNmI1NDBkYmJhNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCRkt1vulismVd7l35PO/1ZqUa8J
aP2lG9n9XV/YWjPvjr9mZv69yPG14ImUculU4CskIauHR7z9SuAFux7IAP0JifdF
33T7kKUJD7HQfHEWjpniJa1FFI4E+SZHpRbEAP11vNZU1KxZ1FAosT1pgppSArqQ
EJg4wsLWT4crleJLDRcSFINJglikUmP+NOSmhto01F5WRd+woODInofkt7as7c+j
xV/RoyVKDR6bQvYSZ/allRP4NoqBpKVxpTu8iMSEUgTUsxpqJj5xvCm14kL7/F5c
B+H2f1ttQEjmDIcpYIpDc8aKylFUFt7XwIQsyqSPYr9xyHfWRikeFdXD4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEckw/MrI+v+FZp1F9jha1QNu6dlMB8GA1UdIwQY
MBaAFBp08ncCpixrYnxepwuW/SmCNkUiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR25UeWR3S21MR3RpZkY2bkM1YjlLWUkyUlNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iNzFhZjItNjY5Ny00ZDA3LWFkYzUt
MTQ1MGVmYmQ5ZTM1LzEvUnlURDh5c2o2XzRWbW5VWDJPRnJWQTI3cDJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iNzFhZjItNjY5Ny00ZDA3LWFkYzUtMTQ1MGVmYmQ5ZTM1
LzEvR25UeWR3S21MR3RpZkY2bkM1YjlLWUkyUlNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBweP0MA0G
CSqGSIb3DQEBCwUAA4IBAQBbmQnmO/Y9rkvx78dkMzjtHaUIeno4z1zFUa569Xc5
csFAVmEsBZ44qXHAfV788FST9DVOjNWXPb/BxCbcbaIY9yAEqhenFABDopMhqFqi
1Ulokf4TOktcS72bzDEw77xn27WXdklMH4hD/+dFOO8HwsJisZw3AiHxZ5VhGW6v
d1+M7xpgcNI14rl9Y+XU9DFKBan9cmqgSbDiIHFZ9vsKhmntg9n1p+v87h5SGWyp
CUCFuwfuLGLPHFReobE/vDt83GSDylXGWYZH7rvjGa03leKZB4Xbq2dL0Y4Cig1+
5RVXln3PR220WHRguuFwG4aAWcTNwk+ZoPN5a+X9RTJ/
-----END CERTIFICATE-----