Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/ORzdYgpKmwSJL1fVNUo6LmyhjSk.roa
File:                     ORzdYgpKmwSJL1fVNUo6LmyhjSk.roa (raw, json)
Hash identifier:          LmFlM+n+lX0yoflgNqGYgZ3G5C5DbphEooeee/wY1iM=
Subject key identifier:   39:1C:DD:62:0A:4A:9B:04:89:2F:57:D5:35:4A:3A:2E:6C:A1:8D:29
Certificate issuer:       /CN=5afdbf9883c18c4ce165d8b8503c6201745d6887
Certificate serial:       01941FFABA31948F94C7EE0E71E395E6C1F6
Authority key identifier: 5A:FD:BF:98:83:C1:8C:4C:E1:65:D8:B8:50:3C:62:01:74:5D:68:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/ORzdYgpKmwSJL1fVNUo6LmyhjSk.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211268
IP address blocks:        193.32.59.0/24 maxlen: 24
                          193.56.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ba:31:94:8f:94:c7:ee:0e:71:e3:95:e6:c1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5afdbf9883c18c4ce165d8b8503c6201745d6887
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=391cdd620a4a9b04892f57d5354a3a2e6ca18d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:52:ea:74:0d:ac:bb:b6:be:0d:c1:36:58:b7:
                    75:43:67:52:ef:5e:85:da:4d:de:c7:18:de:12:7e:
                    86:f9:e3:e4:7a:a6:3f:1c:ea:a6:4e:ef:ee:51:32:
                    94:75:10:3a:2e:38:7a:c0:9f:14:a2:18:c6:06:37:
                    31:2d:88:34:20:93:c3:06:5d:30:99:b5:02:4d:4b:
                    41:89:3a:4a:27:fc:5a:89:e1:8e:8a:0f:f3:d6:99:
                    fa:21:59:ec:e0:2f:c9:4b:b1:6f:7d:35:07:5d:a9:
                    ea:c0:a1:46:df:f8:b6:92:b3:a4:3b:41:3c:5f:19:
                    d3:1c:cf:5b:f1:7c:94:9e:bc:fc:84:ed:96:09:25:
                    ff:66:ef:11:8d:83:f4:e7:41:1b:44:aa:57:6c:71:
                    c6:4d:ff:eb:ef:2e:37:67:34:aa:0c:e4:4d:8c:33:
                    ee:88:a4:be:8b:3d:f1:f6:11:37:34:a3:6c:68:14:
                    d8:12:14:22:bc:9b:10:b1:ba:21:08:39:73:3a:e4:
                    d2:d7:86:aa:14:d1:7f:81:4a:81:aa:bc:00:c7:96:
                    03:a4:38:dd:ba:4e:4b:16:93:2d:50:17:72:b5:db:
                    ca:84:63:66:a8:6a:c5:0f:34:d2:c6:bb:d2:76:10:
                    05:1e:19:1c:62:f2:88:f6:55:9e:61:a7:22:c8:f1:
                    db:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:1C:DD:62:0A:4A:9B:04:89:2F:57:D5:35:4A:3A:2E:6C:A1:8D:29
            X509v3 Authority Key Identifier:
                keyid:5A:FD:BF:98:83:C1:8C:4C:E1:65:D8:B8:50:3C:62:01:74:5D:68:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/ORzdYgpKmwSJL1fVNUo6LmyhjSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/29440b-c59a-4608-bc63-a4ca3363d701/1/Wv2_mIPBjEzhZdi4UDxiAXRdaIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.59.0/24
                  193.56.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:01:79:9d:19:e2:5a:d7:23:9c:a6:94:35:25:b4:b4:b3:32:
         d9:77:b5:db:dc:a4:98:f1:84:4a:27:02:82:3b:ff:d2:92:9e:
         dc:59:12:a2:26:60:55:14:5b:53:89:64:13:c5:65:39:47:68:
         ac:ec:73:20:60:01:a2:88:69:9c:b0:f7:da:1e:a5:17:e6:f1:
         63:a3:5f:42:df:74:ce:5f:8e:67:aa:73:f5:69:bc:46:f7:e5:
         b3:3b:1f:ad:10:b0:2d:13:90:96:58:35:df:85:f5:8d:c5:b2:
         ff:9d:aa:20:c0:40:ca:d1:3f:3f:3e:98:c7:f5:1c:b1:87:0b:
         d6:1e:01:4b:4c:56:cf:fa:8f:f4:b6:ed:ea:39:f4:b2:cf:75:
         6e:55:f0:6f:2d:8c:ce:ca:44:1a:d9:29:31:90:c0:bf:7e:95:
         6d:bb:a4:13:29:b1:6c:46:b3:1d:9b:72:00:fc:70:0c:d0:8b:
         74:75:b5:01:d9:cf:fe:44:53:c0:87:d1:67:f3:44:db:9a:b8:
         a0:8c:a2:30:ec:77:ba:e0:19:95:c5:f4:e0:a6:a6:2f:6a:71:
         aa:65:ea:87:8f:f1:ae:cb:6c:92:9f:4f:08:19:54:93:f5:18:
         b8:98:ff:09:6b:28:00:23:35:18:76:37:ed:26:0c:0d:62:e2:
         7a:32:45:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+roxlI+Ux+4OceOV5sH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZmRiZjk4ODNjMThjNGNlMTY1ZDhiODUwM2M2MjAxNzQ1
ZDY4ODcwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTFjZGQ2MjBhNGE5YjA0ODkyZjU3ZDUzNTRhM2EyZTZjYTE4ZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVLqdA2su7a+DcE2WLd1Q2dS716F
2k3exxjeEn6G+ePkeqY/HOqmTu/uUTKUdRA6Ljh6wJ8UohjGBjcxLYg0IJPDBl0w
mbUCTUtBiTpKJ/xaieGOig/z1pn6IVns4C/JS7FvfTUHXanqwKFG3/i2krOkO0E8
XxnTHM9b8XyUnrz8hO2WCSX/Zu8RjYP050EbRKpXbHHGTf/r7y43ZzSqDORNjDPu
iKS+iz3x9hE3NKNsaBTYEhQivJsQsbohCDlzOuTS14aqFNF/gUqBqrwAx5YDpDjd
uk5LFpMtUBdytdvKhGNmqGrFDzTSxrvSdhAFHhkcYvKI9lWeYaciyPHbJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDkc3WIKSpsEiS9X1TVKOi5soY0pMB8GA1UdIwQY
MBaAFFr9v5iDwYxM4WXYuFA8YgF0XWiHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3YyX21JUEJqRXpoWmRpNFVEeGlBWFJkYUljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8yOTQ0MGItYzU5YS00NjA4LWJjNjMt
YTRjYTMzNjNkNzAxLzEvT1J6ZFlncEttd1NKTDFmVk5VbzZMbXloalNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8yOTQ0MGItYzU5YS00NjA4LWJjNjMtYTRjYTMzNjNkNzAx
LzEvV3YyX21JUEJqRXpoWmRpNFVEeGlBWFJkYUljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSA7AwQA
wTiEMA0GCSqGSIb3DQEBCwUAA4IBAQCFAXmdGeJa1yOcppQ1JbS0szLZd7Xb3KSY
8YRKJwKCO//Skp7cWRKiJmBVFFtTiWQTxWU5R2is7HMgYAGiiGmcsPfaHqUX5vFj
o19C33TOX45nqnP1abxG9+WzOx+tELAtE5CWWDXfhfWNxbL/naogwEDK0T8/PpjH
9RyxhwvWHgFLTFbP+o/0tu3qOfSyz3VuVfBvLYzOykQa2SkxkMC/fpVtu6QTKbFs
RrMdm3IA/HAM0It0dbUB2c/+RFPAh9Fn80TbmrigjKIw7He64BmVxfTgpqYvanGq
ZeqHj/Guy2ySn08IGVST9Ri4mP8JaygAIzUYdjftJgwNYuJ6MkUm
-----END CERTIFICATE-----