Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/gKn9w2HjuJeDuvDGB4i7KMCUEOw.roa
File:                     gKn9w2HjuJeDuvDGB4i7KMCUEOw.roa (raw, json)
Hash identifier:          9RL0o8ItMk9D70n/zJYOrxlmErXzvmrmjIlOb2QhCXA=
Subject key identifier:   80:A9:FD:C3:61:E3:B8:97:83:BA:F0:C6:07:88:BB:28:C0:94:10:EC
Certificate issuer:       /CN=21698c1cdc66dc285d0f807629c46261a88b2de7
Certificate serial:       019422FBCF5126A3664CB4E4815C5005D697
Authority key identifier: 21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/gKn9w2HjuJeDuvDGB4i7KMCUEOw.roa
Signing time:             Wed 01 Jan 2025 17:48:35 +0000
ROA not before:           Wed 01 Jan 2025 17:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49408
IP address blocks:        193.164.84.0/24 maxlen: 24
                          193.164.85.0/24 maxlen: 24
                          193.164.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 20:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:cf:51:26:a3:66:4c:b4:e4:81:5c:50:05:d6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21698c1cdc66dc285d0f807629c46261a88b2de7
        Validity
            Not Before: Jan  1 17:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80a9fdc361e3b89783baf0c60788bb28c09410ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e5:71:af:84:55:9a:8b:b5:7c:0b:f8:84:8e:
                    d4:6d:68:bc:c5:a5:9d:01:5e:83:1e:61:75:5f:72:
                    3f:0c:f3:bc:78:e8:a8:0d:f6:3c:1e:1d:ff:9e:bf:
                    19:a6:7d:1e:e6:76:93:b0:a3:6a:3f:15:4a:28:2d:
                    1f:e8:6c:7c:f0:92:ac:5d:ef:71:b6:6c:14:3a:16:
                    8d:22:04:3b:94:a1:8e:56:53:00:f1:82:a2:a0:4a:
                    43:34:53:d3:ae:df:16:24:1c:71:9e:42:75:0e:48:
                    b0:29:ac:72:3c:25:af:31:c0:a1:20:27:c1:52:4e:
                    6a:5e:3c:9d:dd:a6:f7:4f:5e:49:2f:c8:c4:49:3c:
                    c9:91:e9:d3:d4:4c:fd:97:c3:bd:11:86:d7:94:d3:
                    98:5f:ed:fd:44:58:6b:c3:ae:32:89:3d:36:8e:d0:
                    f9:c9:a2:1e:ca:86:df:98:cb:a4:be:e8:24:af:b3:
                    2c:bc:4e:13:ca:cf:fc:56:c7:e9:67:1d:ef:aa:ba:
                    69:2e:d2:db:4f:8a:86:ee:bf:3d:bb:07:4b:2e:46:
                    30:0d:b3:ba:f2:6b:03:25:d0:f3:a0:d4:59:ee:31:
                    33:28:2d:1b:11:ac:90:d9:4c:20:fd:fa:da:90:1d:
                    ed:27:92:b9:ba:30:fd:23:9c:9e:f5:65:5a:9d:e8:
                    65:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A9:FD:C3:61:E3:B8:97:83:BA:F0:C6:07:88:BB:28:C0:94:10:EC
            X509v3 Authority Key Identifier:
                keyid:21:69:8C:1C:DC:66:DC:28:5D:0F:80:76:29:C4:62:61:A8:8B:2D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWmMHNxm3ChdD4B2KcRiYaiLLec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/gKn9w2HjuJeDuvDGB4i7KMCUEOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/11dc71-8170-45b5-8c5b-4d73730f7d32/1/IWmMHNxm3ChdD4B2KcRiYaiLLec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.84.0/23
                  193.164.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f5:8b:2e:d9:f7:0d:23:bf:04:05:22:42:4d:a6:00:28:2c:
         34:79:27:6c:4a:49:58:ea:9d:c7:40:3a:6e:95:d2:8b:77:d3:
         da:f7:ca:21:df:c0:90:37:f0:89:70:82:b4:b1:f9:e8:0f:f5:
         3e:f9:29:cd:8a:c4:7a:d9:e9:92:91:73:12:8f:35:d6:24:df:
         6a:0d:14:b2:5e:75:f4:25:ba:52:db:59:e4:f2:e8:70:40:a8:
         0c:99:cd:1d:80:46:b1:c9:62:72:05:e8:b4:90:50:19:96:9e:
         9a:bc:0d:82:00:a6:70:45:f5:fc:ec:08:08:66:39:00:8a:5d:
         ed:a5:d3:a6:94:eb:b8:7f:3c:69:de:13:f9:66:c3:f9:68:7d:
         01:08:00:d5:ba:ae:5f:49:84:de:b3:d2:fc:72:9c:7b:af:cb:
         59:5a:ef:49:98:0d:3e:a2:67:61:2f:5e:c9:a5:da:65:dc:4e:
         1f:ad:e5:c6:cb:04:60:1c:5b:a6:e3:56:4b:83:91:28:aa:23:
         fe:0c:92:07:97:56:75:45:17:8e:34:ff:e4:3c:0d:ea:6d:12:
         3e:1c:83:73:81:f3:9c:d3:6c:1a:78:81:2a:01:39:53:b1:70:
         96:6a:dd:58:b1:1b:e8:c5:8f:2f:14:48:8f:39:fd:50:2d:0c:
         66:56:25:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+89RJqNmTLTkgVxQBdaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjk4YzFjZGM2NmRjMjg1ZDBmODA3NjI5YzQ2MjYxYTg4
YjJkZTcwHhcNMjUwMTAxMTc0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGE5ZmRjMzYxZTNiODk3ODNiYWYwYzYwNzg4YmIyOGMwOTQxMGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+Vxr4RVmou1fAv4hI7UbWi8xaWd
AV6DHmF1X3I/DPO8eOioDfY8Hh3/nr8Zpn0e5naTsKNqPxVKKC0f6Gx88JKsXe9x
tmwUOhaNIgQ7lKGOVlMA8YKioEpDNFPTrt8WJBxxnkJ1DkiwKaxyPCWvMcChICfB
Uk5qXjyd3ab3T15JL8jESTzJkenT1Ez9l8O9EYbXlNOYX+39RFhrw64yiT02jtD5
yaIeyobfmMukvugkr7MsvE4Tys/8VsfpZx3vqrppLtLbT4qG7r89uwdLLkYwDbO6
8msDJdDzoNRZ7jEzKC0bEayQ2Uwg/frakB3tJ5K5ujD9I5ye9WVanehlqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFICp/cNh47iXg7rwxgeIuyjAlBDsMB8GA1UdIwQY
MBaAFCFpjBzcZtwoXQ+AdinEYmGoiy3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWIt
NGQ3MzczMGY3ZDMyLzEvZ0tuOXcySGp1SmVEdXZER0I0aTdLTUNVRU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xMWRjNzEtODE3MC00NWI1LThjNWItNGQ3MzczMGY3ZDMy
LzEvSVdtTUhOeG0zQ2hkRDRCMktjUmlZYWlMTGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwaRUAwQA
waRYMA0GCSqGSIb3DQEBCwUAA4IBAQA09Ysu2fcNI78EBSJCTaYAKCw0eSdsSklY
6p3HQDpuldKLd9Pa98oh38CQN/CJcIK0sfnoD/U++SnNisR62emSkXMSjzXWJN9q
DRSyXnX0JbpS21nk8uhwQKgMmc0dgEaxyWJyBei0kFAZlp6avA2CAKZwRfX87AgI
ZjkAil3tpdOmlOu4fzxp3hP5ZsP5aH0BCADVuq5fSYTes9L8cpx7r8tZWu9JmA0+
omdhL17Jpdpl3E4freXGywRgHFum41ZLg5EoqiP+DJIHl1Z1RReONP/kPA3qbRI+
HINzgfOc02waeIEqATlTsXCWat1YsRvoxY8vFEiPOf1QLQxmViUw
-----END CERTIFICATE-----