Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/cnIUEBp3phqGDXYXxa5p7T8jWY0.roa
File:                     cnIUEBp3phqGDXYXxa5p7T8jWY0.roa (raw, json)
Hash identifier:          21mwHMHJChj4cEkQMRqgYENj1XT/YYF+oEi//tfVJ30=
Subject key identifier:   72:72:14:10:1A:77:A6:1A:86:0D:76:17:C5:AE:69:ED:3F:23:59:8D
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BF04457D6C122DA274329ACB8D491
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/cnIUEBp3phqGDXYXxa5p7T8jWY0.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203613
IP address blocks:        193.192.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f0:44:57:d6:c1:22:da:27:43:29:ac:b8:d4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=727214101a77a61a860d7617c5ae69ed3f23598d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0a:1c:83:e9:80:23:73:11:6c:fc:a7:3c:d4:
                    0c:6d:06:60:cb:3e:7f:f2:f1:37:db:09:9c:e4:58:
                    18:55:27:f4:8b:9d:56:87:ec:e5:68:74:8e:21:d8:
                    a6:53:92:d0:09:65:6a:41:62:eb:d0:30:59:0d:82:
                    b9:78:f2:79:9b:6f:0e:f3:fd:2b:43:6c:54:49:3f:
                    fb:1b:54:3c:70:08:77:2c:8a:50:b6:99:e0:40:34:
                    5f:5a:b4:5b:8b:60:71:e0:f0:1d:0a:a4:cc:0a:15:
                    f1:c4:8b:40:f8:de:6f:ff:87:55:b5:05:32:c8:2f:
                    b7:44:df:9f:ea:94:31:f2:ed:43:32:c6:96:11:a0:
                    52:db:7a:b5:62:09:39:dc:d1:f3:6d:d1:52:9c:c5:
                    88:18:f8:c2:0d:7e:2b:fb:3c:43:f9:35:fc:fe:5e:
                    87:9a:0b:79:08:1f:62:02:db:98:f2:5f:46:65:bd:
                    0c:63:ad:97:5f:79:6c:6d:80:fd:e1:8c:11:91:a6:
                    cb:aa:63:ae:2d:ab:74:69:ab:c3:5e:6d:66:cf:d1:
                    cb:a1:46:95:e4:ab:c0:ed:d2:ba:da:fe:44:e9:c4:
                    cf:64:05:ba:84:48:f9:f6:4c:52:68:43:a6:39:25:
                    fe:9d:b1:dd:b0:71:ff:1d:7c:82:88:55:4f:5b:08:
                    91:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:72:14:10:1A:77:A6:1A:86:0D:76:17:C5:AE:69:ED:3F:23:59:8D
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/cnIUEBp3phqGDXYXxa5p7T8jWY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:be:65:07:90:28:e5:01:83:d9:c8:7e:2a:30:a1:5f:b6:8e:
         28:4d:d7:a3:c2:96:e8:55:8c:29:88:3b:20:1b:86:4b:85:c7:
         aa:e6:4d:24:5d:7c:90:8a:05:b8:5e:85:5b:8f:cf:11:94:76:
         13:3e:55:e5:bc:73:51:4d:7c:63:47:91:52:cb:89:f0:19:89:
         04:54:f9:41:a2:71:b3:3f:0b:bb:3f:cf:9a:0c:bd:44:4e:c7:
         c9:bf:a5:f4:fe:39:62:61:ce:f6:8c:e6:df:7a:04:15:69:14:
         ce:43:49:f0:5d:59:12:f5:09:88:b9:c1:5a:1e:a2:61:64:d5:
         3c:27:9a:37:36:2a:72:63:bf:f9:04:01:6a:25:b8:d7:b0:a8:
         76:e9:f9:d2:65:81:ee:30:a1:3c:f2:53:92:e9:10:4f:4e:60:
         13:e6:93:24:1d:8d:7f:65:6a:62:d0:f7:b3:46:f5:31:6d:11:
         3f:9c:ca:f7:31:ca:a6:a0:59:d6:42:9e:28:2b:6e:55:b6:23:
         f2:d6:b4:ed:c6:f2:ea:79:9c:29:f5:60:87:ed:f3:7c:65:4b:
         91:c4:1f:cd:17:87:79:63:dd:93:ef:10:25:80:f0:ad:66:35:
         84:cf:f6:4e:4f:6c:22:bd:c5:c1:5d:67:3c:fd:4c:83:e1:f9:
         bc:56:73:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma/BEV9bBItonQymsuNSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjcyMTQxMDFhNzdhNjFhODYwZDc2MTdjNWFlNjllZDNmMjM1OThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Qocg+mAI3MRbPynPNQMbQZgyz5/
8vE32wmc5FgYVSf0i51Wh+zlaHSOIdimU5LQCWVqQWLr0DBZDYK5ePJ5m28O8/0r
Q2xUST/7G1Q8cAh3LIpQtpngQDRfWrRbi2Bx4PAdCqTMChXxxItA+N5v/4dVtQUy
yC+3RN+f6pQx8u1DMsaWEaBS23q1Ygk53NHzbdFSnMWIGPjCDX4r+zxD+TX8/l6H
mgt5CB9iAtuY8l9GZb0MY62XX3lsbYD94YwRkabLqmOuLat0aavDXm1mz9HLoUaV
5KvA7dK62v5E6cTPZAW6hEj59kxSaEOmOSX+nbHdsHH/HXyCiFVPWwiReQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJyFBAad6Yahg12F8Wuae0/I1mNMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvY25JVUVCcDNwaHFHRFhZWHhhNXA3VDhqV1kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcC5MA0G
CSqGSIb3DQEBCwUAA4IBAQBMvmUHkCjlAYPZyH4qMKFfto4oTdejwpboVYwpiDsg
G4ZLhceq5k0kXXyQigW4XoVbj88RlHYTPlXlvHNRTXxjR5FSy4nwGYkEVPlBonGz
Pwu7P8+aDL1ETsfJv6X0/jliYc72jObfegQVaRTOQ0nwXVkS9QmIucFaHqJhZNU8
J5o3NipyY7/5BAFqJbjXsKh26fnSZYHuMKE88lOS6RBPTmAT5pMkHY1/ZWpi0Pez
RvUxbRE/nMr3McqmoFnWQp4oK25VtiPy1rTtxvLqeZwp9WCH7fN8ZUuRxB/NF4d5
Y92T7xAlgPCtZjWEz/ZOT2wivcXBXWc8/UyD4fm8VnNN
-----END CERTIFICATE-----