Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/501ea8-1839-47fe-aa44-1b417d5e1fbd/1/JKDoGMCZzjSndX7Ct7p3CxyKJR4.roa
File:                     JKDoGMCZzjSndX7Ct7p3CxyKJR4.roa (raw, json)
Hash identifier:          bo2ZyeRjzsKv0IsXJYurWXlAoWDOMikTk02MIFIPMnU=
Subject key identifier:   24:A0:E8:18:C0:99:CE:34:A7:75:7E:C2:B7:BA:77:0B:1C:8A:25:1E
Certificate issuer:       /CN=f4db83adc76baff605700cca48cc4f6f8c529f66
Certificate serial:       01942827376F59A9925BAF490D5376F1B702
Authority key identifier: F4:DB:83:AD:C7:6B:AF:F6:05:70:0C:CA:48:CC:4F:6F:8C:52:9F:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NuDrcdrr_YFcAzKSMxPb4xSn2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/501ea8-1839-47fe-aa44-1b417d5e1fbd/1/JKDoGMCZzjSndX7Ct7p3CxyKJR4.roa
Signing time:             Thu 02 Jan 2025 17:54:06 +0000
ROA not before:           Thu 02 Jan 2025 17:54:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50572
IP address blocks:        193.19.146.0/24 maxlen: 24
                          2001:67c:2530::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/501ea8-1839-47fe-aa44-1b417d5e1fbd/1/9NuDrcdrr_YFcAzKSMxPb4xSn2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/501ea8-1839-47fe-aa44-1b417d5e1fbd/1/9NuDrcdrr_YFcAzKSMxPb4xSn2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NuDrcdrr_YFcAzKSMxPb4xSn2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:37:6f:59:a9:92:5b:af:49:0d:53:76:f1:b7:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4db83adc76baff605700cca48cc4f6f8c529f66
        Validity
            Not Before: Jan  2 17:54:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24a0e818c099ce34a7757ec2b7ba770b1c8a251e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e0:c4:6c:e3:3e:23:e9:78:25:bd:9c:89:d1:
                    b6:a1:dc:52:01:ae:93:6e:81:e7:20:d6:5d:7f:b2:
                    df:d4:32:d3:5f:ef:ca:4d:74:33:e3:bb:e5:e7:35:
                    ad:50:81:6e:02:f8:56:94:c2:5f:15:f6:82:b3:c5:
                    fa:98:53:11:17:3a:db:92:00:47:27:bd:c1:4c:89:
                    ba:e0:07:76:02:59:29:cc:c1:e8:a1:03:41:0d:04:
                    4f:2a:fc:03:bf:e8:9e:37:5e:05:c6:e5:f7:07:1f:
                    58:a4:af:ce:85:97:d1:30:a4:a8:32:93:74:c2:50:
                    6f:4a:60:67:e5:c8:72:fc:bc:38:fb:73:b5:87:6b:
                    14:40:f3:fc:f2:98:de:40:6e:dd:f4:33:08:47:71:
                    d5:18:75:59:5a:29:12:63:43:47:0d:02:49:da:87:
                    4a:ce:f4:60:27:7b:dc:00:5c:a9:7e:e3:ac:72:9e:
                    a3:2d:28:3d:2e:29:d3:95:9f:f5:5d:33:57:e7:37:
                    2e:56:bf:a3:da:41:f0:22:9b:37:f4:bd:3c:a1:88:
                    27:0b:76:9d:87:f3:b7:55:6c:9c:a1:25:e8:fd:c4:
                    4e:1f:fa:33:58:7f:4c:1d:6a:69:17:c2:46:2c:df:
                    cc:c3:0b:81:ee:69:49:55:eb:b8:86:56:d7:74:72:
                    21:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:A0:E8:18:C0:99:CE:34:A7:75:7E:C2:B7:BA:77:0B:1C:8A:25:1E
            X509v3 Authority Key Identifier:
                keyid:F4:DB:83:AD:C7:6B:AF:F6:05:70:0C:CA:48:CC:4F:6F:8C:52:9F:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NuDrcdrr_YFcAzKSMxPb4xSn2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/501ea8-1839-47fe-aa44-1b417d5e1fbd/1/JKDoGMCZzjSndX7Ct7p3CxyKJR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/501ea8-1839-47fe-aa44-1b417d5e1fbd/1/9NuDrcdrr_YFcAzKSMxPb4xSn2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.146.0/24
                IPv6:
                  2001:67c:2530::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:5d:62:4e:80:20:5a:c4:09:49:8b:da:d4:53:a7:46:7f:73:
         8e:5b:34:af:1a:13:6f:ec:75:ba:33:23:49:84:41:54:26:e3:
         f5:33:f3:1c:3f:e2:09:d5:a5:65:d4:dd:3d:9e:67:56:d9:d5:
         e3:d5:14:e5:13:42:72:10:d0:cc:25:48:cd:ba:b4:3e:a7:2e:
         a6:85:c1:2d:15:90:2a:fd:be:9c:a3:6e:e5:cc:95:03:20:2b:
         02:28:a5:1b:53:7f:9c:56:ec:23:76:67:fc:bb:8b:68:41:48:
         e8:05:4c:2f:95:0f:f7:06:85:51:67:f9:18:5d:bb:43:35:ec:
         6f:3a:fd:14:5f:43:5d:52:3e:2a:15:81:69:38:10:6d:78:ab:
         dd:0c:d8:71:2e:c3:06:a6:37:d5:39:ac:6d:b8:52:10:f8:96:
         21:77:57:40:eb:2e:5f:61:0b:0f:7d:d4:0c:c7:80:4f:3f:60:
         8f:79:ea:50:8e:e2:5e:68:ae:76:9c:eb:2e:81:20:c8:dd:9b:
         bb:3e:a9:c8:1e:14:a1:73:03:f7:cb:28:48:54:8d:54:2c:a5:
         eb:b3:96:27:cc:f6:1b:0e:58:50:65:a8:2d:f0:8b:35:e5:5a:
         7a:ed:81:76:02:d7:53:bd:a8:66:ef:9f:a9:64:df:90:f8:84:
         97:9b:6c:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoJzdvWamSW69JDVN28bcCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZGI4M2FkYzc2YmFmZjYwNTcwMGNjYTQ4Y2M0ZjZmOGM1
MjlmNjYwHhcNMjUwMTAyMTc1NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGEwZTgxOGMwOTljZTM0YTc3NTdlYzJiN2JhNzcwYjFjOGEyNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApODEbOM+I+l4Jb2cidG2odxSAa6T
boHnINZdf7Lf1DLTX+/KTXQz47vl5zWtUIFuAvhWlMJfFfaCs8X6mFMRFzrbkgBH
J73BTIm64Ad2AlkpzMHooQNBDQRPKvwDv+ieN14FxuX3Bx9YpK/OhZfRMKSoMpN0
wlBvSmBn5chy/Lw4+3O1h2sUQPP88pjeQG7d9DMIR3HVGHVZWikSY0NHDQJJ2odK
zvRgJ3vcAFypfuOscp6jLSg9LinTlZ/1XTNX5zcuVr+j2kHwIps39L08oYgnC3ad
h/O3VWycoSXo/cROH/ozWH9MHWppF8JGLN/MwwuB7mlJVeu4hlbXdHIhHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCSg6BjAmc40p3V+wre6dwsciiUeMB8GA1UdIwQY
MBaAFPTbg63Ha6/2BXAMykjMT2+MUp9mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU51RHJjZHJyX1lGY0F6S1NNeFBiNHhTbjJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81MDFlYTgtMTgzOS00N2ZlLWFhNDQt
MWI0MTdkNWUxZmJkLzEvSktEb0dNQ1p6alNuZFg3Q3Q3cDNDeHlLSlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81MDFlYTgtMTgzOS00N2ZlLWFhNDQtMWI0MTdkNWUxZmJk
LzEvOU51RHJjZHJyX1lGY0F6S1NNeFBiNHhTbjJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwROSMA8E
AgACMAkDBwAgAQZ8JTAwDQYJKoZIhvcNAQELBQADggEBAJldYk6AIFrECUmL2tRT
p0Z/c45bNK8aE2/sdbozI0mEQVQm4/Uz8xw/4gnVpWXU3T2eZ1bZ1ePVFOUTQnIQ
0MwlSM26tD6nLqaFwS0VkCr9vpyjbuXMlQMgKwIopRtTf5xW7CN2Z/y7i2hBSOgF
TC+VD/cGhVFn+Rhdu0M17G86/RRfQ11SPioVgWk4EG14q90M2HEuwwamN9U5rG24
UhD4liF3V0DrLl9hCw991AzHgE8/YI956lCO4l5ornac6y6BIMjdm7s+qcgeFKFz
A/fLKEhUjVQspeuzlifM9hsOWFBlqC3wizXlWnrtgXYC11O9qGbvn6lk35D4hJeb
bKM=
-----END CERTIFICATE-----