Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/fc022d-f8e5-4a6e-8b1f-58c85d4336bc/1/y3UMX5qqKpS7PayD_PFfS-9xYiA.roa
File:                     y3UMX5qqKpS7PayD_PFfS-9xYiA.roa (raw, json)
Hash identifier:          1x0+PMsy7NMRlTF0Iq4hoHsB7a+mNEhOddx/6ZAYPrE=
Subject key identifier:   CB:75:0C:5F:9A:AA:2A:94:BB:3D:AC:83:FC:F1:5F:4B:EF:71:62:20
Certificate issuer:       /CN=a62a8c7a1f6a4c949e027b5369d97d7576e147f8
Certificate serial:       01942747BCFEC33FD4CB1958A55C38A097BB
Authority key identifier: A6:2A:8C:7A:1F:6A:4C:94:9E:02:7B:53:69:D9:7D:75:76:E1:47:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/piqMeh9qTJSeAntTadl9dXbhR_g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/fc022d-f8e5-4a6e-8b1f-58c85d4336bc/1/y3UMX5qqKpS7PayD_PFfS-9xYiA.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207199
IP address blocks:        193.8.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/fc022d-f8e5-4a6e-8b1f-58c85d4336bc/1/piqMeh9qTJSeAntTadl9dXbhR_g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/fc022d-f8e5-4a6e-8b1f-58c85d4336bc/1/piqMeh9qTJSeAntTadl9dXbhR_g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/piqMeh9qTJSeAntTadl9dXbhR_g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:bc:fe:c3:3f:d4:cb:19:58:a5:5c:38:a0:97:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62a8c7a1f6a4c949e027b5369d97d7576e147f8
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb750c5f9aaa2a94bb3dac83fcf15f4bef716220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3d:0d:0d:93:d0:91:7b:98:ae:0e:73:3f:eb:
                    6c:89:84:58:21:88:2e:37:05:34:7d:37:55:fe:5b:
                    a4:71:7f:d3:55:de:f4:06:7f:d9:93:36:a1:ac:7c:
                    fa:0c:27:0f:6d:65:a3:fd:4c:f2:57:ac:d0:84:de:
                    38:4c:b9:4e:84:67:ae:99:ed:d1:a9:af:7e:85:53:
                    7b:6a:35:29:b6:d2:05:59:0d:d5:d5:6d:59:4f:6e:
                    75:6c:3d:9c:a7:72:1b:19:15:52:3a:cc:39:0d:3a:
                    97:f7:6d:74:7b:cc:5f:a7:9d:9d:21:8b:c9:7d:a6:
                    b2:eb:41:4f:cd:03:b0:ac:43:20:56:c6:7e:83:91:
                    9c:de:4c:bc:f6:f5:82:0c:f0:24:4b:97:fa:6b:d9:
                    94:60:87:74:c3:5c:7c:eb:85:2f:eb:20:c3:af:45:
                    59:8e:ce:5f:dc:a6:b8:11:58:2d:a4:fb:5f:00:df:
                    65:c7:19:e5:ec:c7:d9:5c:57:77:bb:de:db:81:8e:
                    ce:3d:b2:2f:01:b8:62:45:22:4b:01:a2:9d:0c:8a:
                    76:d9:fa:2c:9f:63:e4:80:78:4f:46:a5:62:7d:fb:
                    86:47:27:06:f7:a1:9f:98:dc:65:ed:fb:38:12:75:
                    a1:d5:55:f2:a6:cf:9d:08:53:b2:ca:0f:21:a4:fe:
                    ce:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:75:0C:5F:9A:AA:2A:94:BB:3D:AC:83:FC:F1:5F:4B:EF:71:62:20
            X509v3 Authority Key Identifier:
                keyid:A6:2A:8C:7A:1F:6A:4C:94:9E:02:7B:53:69:D9:7D:75:76:E1:47:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/piqMeh9qTJSeAntTadl9dXbhR_g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/fc022d-f8e5-4a6e-8b1f-58c85d4336bc/1/y3UMX5qqKpS7PayD_PFfS-9xYiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/fc022d-f8e5-4a6e-8b1f-58c85d4336bc/1/piqMeh9qTJSeAntTadl9dXbhR_g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:55:81:02:f5:55:d7:2e:39:a9:8e:67:38:d8:8e:22:66:a4:
         a0:93:88:d2:bd:62:0c:c8:a2:85:70:d0:35:7e:d8:d3:db:d5:
         84:79:a1:5a:2b:3f:77:ce:1e:15:dd:94:d0:07:ab:31:71:a9:
         7f:cc:02:c1:67:e4:b1:1a:b5:70:09:0a:03:e4:f4:06:09:35:
         1d:9f:da:2e:e2:a6:60:af:50:08:55:9d:c7:22:93:a3:05:9b:
         be:20:2d:4d:78:da:b7:c7:d3:ec:a4:58:45:09:cb:d2:d6:db:
         cf:4f:fd:1e:ea:9c:d8:30:e8:f4:a9:69:b5:4b:f9:c7:7e:df:
         54:82:98:0b:1c:f2:9a:cf:22:47:f6:df:ba:2f:8c:21:46:ea:
         e4:2f:4c:d3:00:5e:60:b3:b4:0c:34:bd:b5:51:1b:e7:ea:10:
         a1:48:bf:58:0f:b7:63:1f:2e:04:ae:55:98:32:42:8c:da:92:
         ee:fc:9b:79:85:6f:86:95:86:32:54:e7:c8:fa:49:9f:e8:29:
         ac:99:69:70:76:71:a2:6c:db:43:ec:62:c2:42:a5:08:3e:40:
         23:ac:d3:6e:15:db:4f:21:0c:98:ba:d1:c7:d0:64:14:9c:04:
         42:3b:98:f9:43:49:e2:63:e3:df:e7:17:37:e5:a3:52:dd:3c:
         7f:f0:22:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR7z+wz/UyxlYpVw4oJe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmE4YzdhMWY2YTRjOTQ5ZTAyN2I1MzY5ZDk3ZDc1NzZl
MTQ3ZjgwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjc1MGM1ZjlhYWEyYTk0YmIzZGFjODNmY2YxNWY0YmVmNzE2MjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7D0NDZPQkXuYrg5zP+tsiYRYIYgu
NwU0fTdV/lukcX/TVd70Bn/ZkzahrHz6DCcPbWWj/UzyV6zQhN44TLlOhGeume3R
qa9+hVN7ajUpttIFWQ3V1W1ZT251bD2cp3IbGRVSOsw5DTqX9210e8xfp52dIYvJ
faay60FPzQOwrEMgVsZ+g5Gc3ky89vWCDPAkS5f6a9mUYId0w1x864Uv6yDDr0VZ
js5f3Ka4EVgtpPtfAN9lxxnl7MfZXFd3u97bgY7OPbIvAbhiRSJLAaKdDIp22fos
n2PkgHhPRqViffuGRycG96GfmNxl7fs4EnWh1VXyps+dCFOyyg8hpP7OswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMt1DF+aqiqUuz2sg/zxX0vvcWIgMB8GA1UdIwQY
MBaAFKYqjHofakyUngJ7U2nZfXV24Uf4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGlxTWVoOXFUSlNlQW50VGFkbDlkWGJoUl9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mYzAyMmQtZjhlNS00YTZlLThiMWYt
NThjODVkNDMzNmJjLzEveTNVTVg1cXFLcFM3UGF5RF9QRmZTLTl4WWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mYzAyMmQtZjhlNS00YTZlLThiMWYtNThjODVkNDMzNmJj
LzEvcGlxTWVoOXFUSlNlQW50VGFkbDlkWGJoUl9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQgmMA0G
CSqGSIb3DQEBCwUAA4IBAQAZVYEC9VXXLjmpjmc42I4iZqSgk4jSvWIMyKKFcNA1
ftjT29WEeaFaKz93zh4V3ZTQB6sxcal/zALBZ+SxGrVwCQoD5PQGCTUdn9ou4qZg
r1AIVZ3HIpOjBZu+IC1NeNq3x9PspFhFCcvS1tvPT/0e6pzYMOj0qWm1S/nHft9U
gpgLHPKazyJH9t+6L4whRurkL0zTAF5gs7QMNL21URvn6hChSL9YD7djHy4ErlWY
MkKM2pLu/Jt5hW+GlYYyVOfI+kmf6CmsmWlwdnGibNtD7GLCQqUIPkAjrNNuFdtP
IQyYutHH0GQUnARCO5j5Q0niY+Pf5xc35aNS3Tx/8CJw
-----END CERTIFICATE-----