Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/79b3db-22cd-45f0-ad0f-80c7af87cc85/1/ywZPNdm-QKZpeMwj8NoEFpCbBVU.roa
File:                     ywZPNdm-QKZpeMwj8NoEFpCbBVU.roa (raw, json)
Hash identifier:          P+ldS5mV1bes3QVxJQ8BBR4t28oMMRfexpRbrRRe40E=
Subject key identifier:   CB:06:4F:35:D9:BE:40:A6:69:78:CC:23:F0:DA:04:16:90:9B:05:55
Certificate issuer:       /CN=7b6614240bc0f76b02f9e3a3f4060ab4936ff466
Certificate serial:       01946A318A285AB10AEA861C37431601DFEF
Authority key identifier: 7B:66:14:24:0B:C0:F7:6B:02:F9:E3:A3:F4:06:0A:B4:93:6F:F4:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e2YUJAvA92sC-eOj9AYKtJNv9GY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/79b3db-22cd-45f0-ad0f-80c7af87cc85/1/ywZPNdm-QKZpeMwj8NoEFpCbBVU.roa
Signing time:             Wed 15 Jan 2025 13:40:19 +0000
ROA not before:           Wed 15 Jan 2025 13:40:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34278
IP address blocks:        193.17.216.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/79b3db-22cd-45f0-ad0f-80c7af87cc85/1/e2YUJAvA92sC-eOj9AYKtJNv9GY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/79b3db-22cd-45f0-ad0f-80c7af87cc85/1/e2YUJAvA92sC-eOj9AYKtJNv9GY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e2YUJAvA92sC-eOj9AYKtJNv9GY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 10:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:31:8a:28:5a:b1:0a:ea:86:1c:37:43:16:01:df:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b6614240bc0f76b02f9e3a3f4060ab4936ff466
        Validity
            Not Before: Jan 15 13:40:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb064f35d9be40a66978cc23f0da0416909b0555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c6:9f:dd:e2:2e:5c:38:68:32:fa:9b:02:e1:
                    54:f3:69:ad:98:25:a2:49:e0:ef:79:8b:e0:ed:39:
                    e2:ab:c8:86:8c:cb:95:9c:4b:32:6e:d3:16:7b:23:
                    73:bf:52:f2:2c:5c:4c:b1:39:23:cb:42:59:08:d4:
                    ba:a4:d7:74:dd:5e:70:e2:78:0f:9a:9e:f7:c6:bc:
                    b0:2c:e2:fe:00:ac:d7:1f:aa:96:fa:23:fb:4a:9b:
                    0b:57:a0:55:5f:4c:9e:b5:c7:bd:78:2b:64:e1:a1:
                    ff:68:bf:9b:c1:9b:6f:35:e6:15:2e:1b:70:f9:0a:
                    91:b1:21:43:8a:37:52:db:52:8a:cd:50:1e:94:70:
                    c5:a1:fe:c8:b8:de:a0:94:4b:59:85:88:a5:92:e9:
                    42:1d:12:75:35:47:5a:e0:a9:9e:75:f6:b5:d8:4c:
                    20:5b:a5:0c:01:2d:63:ff:34:b1:a8:1f:98:1c:1c:
                    60:2c:6b:10:a9:cb:44:2b:45:b9:3c:7f:f4:fd:56:
                    8d:25:56:34:3d:13:e6:9c:a0:6f:25:0d:f4:7e:5f:
                    2b:ae:ce:e4:91:48:d5:a6:62:2c:74:e2:07:7a:c5:
                    69:70:2a:b7:38:ad:04:f4:a6:51:72:2a:ea:2b:06:
                    ae:f1:e4:60:a3:2b:a0:3a:fa:4d:0c:da:1e:30:49:
                    4b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:06:4F:35:D9:BE:40:A6:69:78:CC:23:F0:DA:04:16:90:9B:05:55
            X509v3 Authority Key Identifier:
                keyid:7B:66:14:24:0B:C0:F7:6B:02:F9:E3:A3:F4:06:0A:B4:93:6F:F4:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2YUJAvA92sC-eOj9AYKtJNv9GY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/79b3db-22cd-45f0-ad0f-80c7af87cc85/1/ywZPNdm-QKZpeMwj8NoEFpCbBVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/79b3db-22cd-45f0-ad0f-80c7af87cc85/1/e2YUJAvA92sC-eOj9AYKtJNv9GY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:00:64:ce:98:87:72:24:1e:02:96:40:4b:35:37:78:13:97:
         ea:a1:86:0b:d9:52:87:88:49:20:ee:e7:93:27:f5:81:f3:d7:
         67:de:35:c6:14:df:de:f8:d9:78:6c:21:8c:c0:e0:e6:bb:3b:
         6e:f0:05:c5:6e:f1:7c:05:16:7a:9a:c7:62:84:39:f3:03:f7:
         4c:1a:e6:61:95:1c:58:10:f2:cb:3e:a1:19:58:07:f9:a3:8c:
         ef:bd:3b:45:0a:ec:27:2c:ab:59:51:18:3b:da:19:02:73:b7:
         df:e7:9b:ab:0b:26:0c:66:d2:5f:21:ae:97:cd:39:8b:8f:e1:
         d0:b7:29:8e:0f:0a:8d:29:b5:49:96:29:42:d5:91:a3:80:e8:
         64:73:5c:b9:b8:4d:75:bf:f3:b8:4f:bf:93:65:30:2a:9a:a4:
         45:8b:b3:63:32:45:1a:cb:6c:08:c5:31:cb:4f:84:15:16:ca:
         5d:06:11:ce:ee:44:63:da:ba:27:72:33:a3:3e:11:52:eb:d5:
         8c:fd:74:a3:26:33:5e:e0:9c:b4:16:06:e3:8d:50:2d:d9:6b:
         fb:c6:c6:4f:d8:e5:ab:93:5d:86:ca:e6:d9:bc:48:b8:a2:cb:
         d2:32:2a:f0:8a:bb:4b:6e:0b:fe:9b:55:16:e5:2e:75:1f:78:
         d4:3e:60:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRqMYooWrEK6oYcN0MWAd/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNjYxNDI0MGJjMGY3NmIwMmY5ZTNhM2Y0MDYwYWI0OTM2
ZmY0NjYwHhcNMjUwMTE1MTM0MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjA2NGYzNWQ5YmU0MGE2Njk3OGNjMjNmMGRhMDQxNjkwOWIwNTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8af3eIuXDhoMvqbAuFU82mtmCWi
SeDveYvg7Tniq8iGjMuVnEsybtMWeyNzv1LyLFxMsTkjy0JZCNS6pNd03V5w4ngP
mp73xrywLOL+AKzXH6qW+iP7SpsLV6BVX0yetce9eCtk4aH/aL+bwZtvNeYVLhtw
+QqRsSFDijdS21KKzVAelHDFof7IuN6glEtZhYilkulCHRJ1NUda4Kmedfa12Ewg
W6UMAS1j/zSxqB+YHBxgLGsQqctEK0W5PH/0/VaNJVY0PRPmnKBvJQ30fl8rrs7k
kUjVpmIsdOIHesVpcCq3OK0E9KZRcirqKwau8eRgoyugOvpNDNoeMElL5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsGTzXZvkCmaXjMI/DaBBaQmwVVMB8GA1UdIwQY
MBaAFHtmFCQLwPdrAvnjo/QGCrSTb/RmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTJZVUpBdkE5MnNDLWVPajlBWUt0Sk52OUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83OWIzZGItMjJjZC00NWYwLWFkMGYt
ODBjN2FmODdjYzg1LzEveXdaUE5kbS1RS1pwZU13ajhOb0VGcENiQlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83OWIzZGItMjJjZC00NWYwLWFkMGYtODBjN2FmODdjYzg1
LzEvZTJZVUpBdkE5MnNDLWVPajlBWUt0Sk52OUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHYMA0G
CSqGSIb3DQEBCwUAA4IBAQCiAGTOmIdyJB4ClkBLNTd4E5fqoYYL2VKHiEkg7ueT
J/WB89dn3jXGFN/e+Nl4bCGMwODmuztu8AXFbvF8BRZ6msdihDnzA/dMGuZhlRxY
EPLLPqEZWAf5o4zvvTtFCuwnLKtZURg72hkCc7ff55urCyYMZtJfIa6XzTmLj+HQ
tymODwqNKbVJlilC1ZGjgOhkc1y5uE11v/O4T7+TZTAqmqRFi7NjMkUay2wIxTHL
T4QVFspdBhHO7kRj2roncjOjPhFS69WM/XSjJjNe4Jy0FgbjjVAt2Wv7xsZP2OWr
k12GyubZvEi4osvSMirwirtLbgv+m1UW5S51H3jUPmAX
-----END CERTIFICATE-----