Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/35bee9-843f-4d38-9286-7aa49becf467/1/CNpxwuWXiobnr753WTcJ-SvZEQU.roa
File:                     CNpxwuWXiobnr753WTcJ-SvZEQU.roa (raw, json)
Hash identifier:          +W4soYxTO8aYTDMgF940blaVc3sdpMhU9iF5WZMoCzU=
Subject key identifier:   08:DA:71:C2:E5:97:8A:86:E7:AF:BE:77:59:37:09:F9:2B:D9:11:05
Certificate issuer:       /CN=4ede4c65d735af79277ed14eb6c4cf5404c788d5
Certificate serial:       019426D9F2A50B38C35EF6982436BD34AB3E
Authority key identifier: 4E:DE:4C:65:D7:35:AF:79:27:7E:D1:4E:B6:C4:CF:54:04:C7:88:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tt5MZdc1r3knftFOtsTPVATHiNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/35bee9-843f-4d38-9286-7aa49becf467/1/CNpxwuWXiobnr753WTcJ-SvZEQU.roa
Signing time:             Thu 02 Jan 2025 11:50:05 +0000
ROA not before:           Thu 02 Jan 2025 11:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49576
IP address blocks:        193.148.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/35bee9-843f-4d38-9286-7aa49becf467/1/Tt5MZdc1r3knftFOtsTPVATHiNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/35bee9-843f-4d38-9286-7aa49becf467/1/Tt5MZdc1r3knftFOtsTPVATHiNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tt5MZdc1r3knftFOtsTPVATHiNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f2:a5:0b:38:c3:5e:f6:98:24:36:bd:34:ab:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ede4c65d735af79277ed14eb6c4cf5404c788d5
        Validity
            Not Before: Jan  2 11:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08da71c2e5978a86e7afbe77593709f92bd91105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:51:fd:81:2f:7f:fe:e0:16:c2:9b:80:6b:31:
                    af:f1:8c:f5:fd:18:48:ed:f9:72:49:3a:06:10:32:
                    04:b8:6c:bd:eb:ca:96:18:1f:2a:62:e8:7f:76:e9:
                    e0:0e:63:5d:d0:75:49:ec:44:5e:37:8a:73:67:27:
                    83:b9:42:7e:80:e6:ac:10:a9:fa:e0:a3:5a:d0:29:
                    26:5e:61:5f:7c:ac:8a:91:14:f4:0e:b3:2d:e0:02:
                    8e:17:e7:68:7a:55:66:85:42:f3:8f:07:bc:17:08:
                    69:00:88:49:17:71:8b:20:2c:78:56:32:53:ec:ab:
                    af:d3:51:0f:57:54:eb:dc:2c:54:29:0f:c0:ac:50:
                    93:39:62:71:b2:c7:61:c6:94:fb:fe:3d:91:50:f8:
                    ef:a0:f6:07:68:e9:0e:73:c7:50:5e:1a:da:02:09:
                    af:12:c4:d2:b7:56:c2:a8:73:a9:b7:95:98:97:bc:
                    46:69:01:78:bf:98:21:35:20:42:fc:dc:5a:ce:06:
                    51:55:ee:4e:71:f4:6a:c8:b6:40:f5:1d:23:73:67:
                    a3:75:53:b1:3f:9a:bd:8e:7a:fd:54:03:9f:9f:a0:
                    ac:7d:c6:e7:ec:26:26:b3:46:bd:88:81:24:dd:d4:
                    cc:48:ac:d2:8d:d9:0b:a7:d3:c0:8e:9a:e4:86:a1:
                    14:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:DA:71:C2:E5:97:8A:86:E7:AF:BE:77:59:37:09:F9:2B:D9:11:05
            X509v3 Authority Key Identifier:
                keyid:4E:DE:4C:65:D7:35:AF:79:27:7E:D1:4E:B6:C4:CF:54:04:C7:88:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tt5MZdc1r3knftFOtsTPVATHiNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/35bee9-843f-4d38-9286-7aa49becf467/1/CNpxwuWXiobnr753WTcJ-SvZEQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/35bee9-843f-4d38-9286-7aa49becf467/1/Tt5MZdc1r3knftFOtsTPVATHiNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.148.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0d:ff:c4:28:25:4a:56:49:73:98:b9:06:2e:55:6d:30:fc:57:
         a8:35:d5:29:0b:74:02:07:88:0b:aa:49:6b:68:e1:e8:b1:e6:
         f3:da:4d:03:b1:0b:95:73:29:e8:de:26:46:4a:ae:b2:6d:75:
         55:91:2e:26:bc:f3:57:fe:c8:6a:a2:4e:38:6e:aa:18:f5:4a:
         6b:ae:fc:d4:b3:d8:9f:02:d7:0d:10:3f:34:28:49:f1:fd:8a:
         31:68:09:07:db:50:23:aa:f9:46:f1:95:67:70:b8:38:58:b5:
         28:60:c6:a6:28:b7:63:2d:ab:b5:0b:29:9d:3f:bf:45:fd:a8:
         25:c9:7e:6d:90:22:c5:c3:f7:df:d7:3d:26:ee:9a:d9:73:d0:
         3a:af:8c:d2:c8:ed:c6:29:4b:70:ad:eb:17:eb:e3:6b:33:97:
         22:87:f3:cf:43:d2:6e:ff:48:c9:f5:76:93:06:df:b6:68:bb:
         0f:44:da:ef:84:07:d8:43:45:b8:67:d0:c0:36:64:ac:c7:b1:
         e7:df:73:21:8d:7f:31:bc:fe:d7:a1:c6:31:bf:27:47:87:2f:
         98:3f:16:f3:52:5e:f4:48:6b:72:c7:d8:6b:b3:bd:8e:ec:15:
         d2:a9:c4:b0:2d:8f:f3:b2:47:a1:0d:f6:a6:8b:56:4c:13:7d:
         0a:91:35:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2fKlCzjDXvaYJDa9NKs+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZGU0YzY1ZDczNWFmNzkyNzdlZDE0ZWI2YzRjZjU0MDRj
Nzg4ZDUwHhcNMjUwMTAyMTE1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGRhNzFjMmU1OTc4YTg2ZTdhZmJlNzc1OTM3MDlmOTJiZDkxMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVH9gS9//uAWwpuAazGv8Yz1/RhI
7flySToGEDIEuGy968qWGB8qYuh/dungDmNd0HVJ7EReN4pzZyeDuUJ+gOasEKn6
4KNa0CkmXmFffKyKkRT0DrMt4AKOF+doelVmhULzjwe8FwhpAIhJF3GLICx4VjJT
7Kuv01EPV1Tr3CxUKQ/ArFCTOWJxssdhxpT7/j2RUPjvoPYHaOkOc8dQXhraAgmv
EsTSt1bCqHOpt5WYl7xGaQF4v5ghNSBC/NxazgZRVe5OcfRqyLZA9R0jc2ejdVOx
P5q9jnr9VAOfn6Csfcbn7CYms0a9iIEk3dTMSKzSjdkLp9PAjprkhqEULwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjaccLll4qG56++d1k3Cfkr2REFMB8GA1UdIwQY
MBaAFE7eTGXXNa95J37RTrbEz1QEx4jVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHQ1TVpkYzFyM2tuZnRGT3RzVFBWQVRIaU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zNWJlZTktODQzZi00ZDM4LTkyODYt
N2FhNDliZWNmNDY3LzEvQ05weHd1V1hpb2Jucjc1M1dUY0otU3ZaRVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zNWJlZTktODQzZi00ZDM4LTkyODYtN2FhNDliZWNmNDY3
LzEvVHQ1TVpkYzFyM2tuZnRGT3RzVFBWQVRIaU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwZRgMA0G
CSqGSIb3DQEBCwUAA4IBAQAN/8QoJUpWSXOYuQYuVW0w/FeoNdUpC3QCB4gLqklr
aOHosebz2k0DsQuVcyno3iZGSq6ybXVVkS4mvPNX/shqok44bqoY9UprrvzUs9if
AtcNED80KEnx/YoxaAkH21AjqvlG8ZVncLg4WLUoYMamKLdjLau1CymdP79F/agl
yX5tkCLFw/ff1z0m7prZc9A6r4zSyO3GKUtwresX6+NrM5cih/PPQ9Ju/0jJ9XaT
Bt+2aLsPRNrvhAfYQ0W4Z9DANmSsx7Hn33MhjX8xvP7XocYxvydHhy+YPxbzUl70
SGtyx9hrs72O7BXSqcSwLY/zskehDfami1ZME30KkTXh
-----END CERTIFICATE-----