Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/5ea425-af1a-4e30-8bb0-bfa636877e90/1/Y_M-V8EEZggpxHGYY_EMcxsEtBk.roa
File:                     Y_M-V8EEZggpxHGYY_EMcxsEtBk.roa (raw, json)
Hash identifier:          6Rgj1vHtvv9h08odpQgGP8Qj63U3c9jYSW+di7UNAlU=
Subject key identifier:   63:F3:3E:57:C1:04:66:08:29:C4:71:98:63:F1:0C:73:1B:04:B4:19
Certificate issuer:       /CN=964768a6d8708b363143aa8811e5d9768264ef5f
Certificate serial:       019423D6EBABC0E2DC643DFEEDACDF0E8D32
Authority key identifier: 96:47:68:A6:D8:70:8B:36:31:43:AA:88:11:E5:D9:76:82:64:EF:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lkdopthwizYxQ6qIEeXZdoJk718.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/5ea425-af1a-4e30-8bb0-bfa636877e90/1/Y_M-V8EEZggpxHGYY_EMcxsEtBk.roa
Signing time:             Wed 01 Jan 2025 21:47:55 +0000
ROA not before:           Wed 01 Jan 2025 21:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15943
IP address blocks:        193.31.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/5ea425-af1a-4e30-8bb0-bfa636877e90/1/lkdopthwizYxQ6qIEeXZdoJk718.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/5ea425-af1a-4e30-8bb0-bfa636877e90/1/lkdopthwizYxQ6qIEeXZdoJk718.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lkdopthwizYxQ6qIEeXZdoJk718.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:eb:ab:c0:e2:dc:64:3d:fe:ed:ac:df:0e:8d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=964768a6d8708b363143aa8811e5d9768264ef5f
        Validity
            Not Before: Jan  1 21:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63f33e57c104660829c4719863f10c731b04b419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:99:dc:fe:d2:14:ed:77:51:bb:05:a7:80:20:
                    00:61:44:ad:72:56:8d:23:0c:62:98:6a:37:a6:9c:
                    10:b2:c2:4e:02:e6:d4:99:68:a2:71:3a:0d:73:23:
                    30:33:23:b1:93:06:5f:7d:fb:fa:97:b7:07:f1:8c:
                    3a:13:11:c4:52:45:f1:9d:ff:1b:07:64:76:bf:3d:
                    f0:07:75:a6:f4:7a:81:b1:f2:b0:fd:e2:52:7a:4b:
                    6f:2c:fb:1b:89:d9:e6:8d:22:93:2a:90:fc:88:d2:
                    51:c6:5a:b0:b2:40:39:73:7f:86:09:22:96:1d:62:
                    cd:0c:32:da:38:5f:3c:9f:72:f5:8d:1f:40:2e:fd:
                    55:6b:70:18:30:f0:60:b6:cc:9e:80:8a:d1:4f:ad:
                    5c:57:83:ff:8c:cd:9b:5b:fd:b6:25:59:a5:f4:e9:
                    24:4a:be:bb:1b:92:b2:40:18:a9:43:0d:c9:cf:90:
                    03:d8:95:0e:67:a8:74:84:d0:19:13:a5:fe:06:60:
                    3e:0e:83:f8:a3:79:1c:ee:da:a0:38:80:71:1a:cb:
                    9a:6b:79:43:35:1f:cc:ac:50:54:d4:7c:63:dd:01:
                    46:7f:07:d6:99:44:52:10:d7:fb:44:bb:f9:6e:2e:
                    90:e9:98:23:54:3f:93:8e:a7:4d:53:c6:40:12:e1:
                    1b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F3:3E:57:C1:04:66:08:29:C4:71:98:63:F1:0C:73:1B:04:B4:19
            X509v3 Authority Key Identifier:
                keyid:96:47:68:A6:D8:70:8B:36:31:43:AA:88:11:E5:D9:76:82:64:EF:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lkdopthwizYxQ6qIEeXZdoJk718.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5ea425-af1a-4e30-8bb0-bfa636877e90/1/Y_M-V8EEZggpxHGYY_EMcxsEtBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5ea425-af1a-4e30-8bb0-bfa636877e90/1/lkdopthwizYxQ6qIEeXZdoJk718.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:13:f6:75:e6:57:92:94:c0:98:21:62:14:28:2e:39:15:fa:
         16:33:18:70:d4:25:b2:77:8a:e1:39:f6:60:25:0f:b6:13:86:
         5c:13:e5:23:d7:ee:fc:bf:a0:6c:02:0b:8b:f6:3b:86:28:74:
         9a:58:50:54:ca:4f:62:0c:2e:be:0b:c0:e7:d5:39:32:10:9a:
         f0:62:3f:19:70:fa:45:f0:ee:08:37:b1:b6:80:f4:f7:16:38:
         af:48:7a:89:80:6f:9f:c3:55:e4:fd:2f:39:bc:f9:fc:7e:69:
         9c:9f:34:55:40:05:ec:41:40:c9:f2:e5:7c:1c:15:c4:23:1d:
         e4:48:d5:05:96:09:e9:29:cf:f4:82:a6:04:2b:f7:8b:2c:b2:
         c2:47:f9:3d:cc:53:e0:2c:b6:77:32:24:2b:c5:83:60:c9:9f:
         41:0b:1f:64:17:94:4c:fa:b7:90:fa:f6:6e:bc:ba:16:1d:e4:
         82:a0:55:47:d5:98:af:99:a4:9d:1d:42:22:a2:ff:a0:9f:b7:
         97:7a:c5:a5:06:77:0f:2e:64:46:6c:50:32:08:47:25:5d:2f:
         e3:01:a5:f8:c9:c3:9f:73:47:7f:5e:ff:fd:4e:dd:e2:14:51:
         ad:7a:f7:f7:ec:79:c0:73:f5:3b:05:13:82:71:5d:85:d6:fe:
         2f:0a:89:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1uurwOLcZD3+7azfDo0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NDc2OGE2ZDg3MDhiMzYzMTQzYWE4ODExZTVkOTc2ODI2
NGVmNWYwHhcNMjUwMTAxMjE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2YzM2U1N2MxMDQ2NjA4MjljNDcxOTg2M2YxMGM3MzFiMDRiNDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05nc/tIU7XdRuwWngCAAYUStclaN
IwximGo3ppwQssJOAubUmWiicToNcyMwMyOxkwZfffv6l7cH8Yw6ExHEUkXxnf8b
B2R2vz3wB3Wm9HqBsfKw/eJSektvLPsbidnmjSKTKpD8iNJRxlqwskA5c3+GCSKW
HWLNDDLaOF88n3L1jR9ALv1Va3AYMPBgtsyegIrRT61cV4P/jM2bW/22JVml9Okk
Sr67G5KyQBipQw3Jz5AD2JUOZ6h0hNAZE6X+BmA+DoP4o3kc7tqgOIBxGsuaa3lD
NR/MrFBU1Hxj3QFGfwfWmURSENf7RLv5bi6Q6ZgjVD+TjqdNU8ZAEuEbTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPzPlfBBGYIKcRxmGPxDHMbBLQZMB8GA1UdIwQY
MBaAFJZHaKbYcIs2MUOqiBHl2XaCZO9fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGtkb3B0aHdpell4UTZxSUVlWFpkb0prNzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC81ZWE0MjUtYWYxYS00ZTMwLThiYjAt
YmZhNjM2ODc3ZTkwLzEvWV9NLVY4RUVaZ2dweEhHWVlfRU1jeHNFdEJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC81ZWE0MjUtYWYxYS00ZTMwLThiYjAtYmZhNjM2ODc3ZTkw
LzEvbGtkb3B0aHdpell4UTZxSUVlWFpkb0prNzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR8DMA0G
CSqGSIb3DQEBCwUAA4IBAQBhE/Z15leSlMCYIWIUKC45FfoWMxhw1CWyd4rhOfZg
JQ+2E4ZcE+Uj1+78v6BsAguL9juGKHSaWFBUyk9iDC6+C8Dn1TkyEJrwYj8ZcPpF
8O4IN7G2gPT3FjivSHqJgG+fw1Xk/S85vPn8fmmcnzRVQAXsQUDJ8uV8HBXEIx3k
SNUFlgnpKc/0gqYEK/eLLLLCR/k9zFPgLLZ3MiQrxYNgyZ9BCx9kF5RM+reQ+vZu
vLoWHeSCoFVH1ZivmaSdHUIiov+gn7eXesWlBncPLmRGbFAyCEclXS/jAaX4ycOf
c0d/Xv/9Tt3iFFGtevf37HnAc/U7BROCcV2F1v4vCon3
-----END CERTIFICATE-----