Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/bKwA7ygctFGfYxj37Ulrjy4h7wc.roa
File:                     bKwA7ygctFGfYxj37Ulrjy4h7wc.roa (raw, json)
Hash identifier:          wDr01UuqGpYUgCW7TRCxOE6weB2OEkQge2nt3Tah0ms=
Subject key identifier:   6C:AC:00:EF:28:1C:B4:51:9F:63:18:F7:ED:49:6B:8F:2E:21:EF:07
Certificate issuer:       /CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
Certificate serial:       019420D5AA577DF1938E2A1370C1464BDED2
Authority key identifier: 23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/bKwA7ygctFGfYxj37Ulrjy4h7wc.roa
Signing time:             Wed 01 Jan 2025 07:47:41 +0000
ROA not before:           Wed 01 Jan 2025 07:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        194.146.133.0/24 maxlen: 24
                          194.146.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:aa:57:7d:f1:93:8e:2a:13:70:c1:46:4b:de:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23ba1ec4f035a72dfa39e930ad8ec54368eb7af4
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cac00ef281cb4519f6318f7ed496b8f2e21ef07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a6:19:83:7b:85:76:7b:de:bd:99:79:12:40:
                    40:22:dd:c5:f9:d6:24:41:6e:74:e8:b6:88:1b:1a:
                    52:10:6b:ec:0f:57:e5:7e:a8:c5:ea:be:8a:fe:ea:
                    dd:99:61:c4:2c:50:6f:a3:60:67:81:dd:4c:47:7d:
                    7d:bf:12:04:7c:25:ad:29:a8:a3:a8:4c:38:1b:fc:
                    69:e0:b4:76:b7:97:f5:e4:ed:cb:97:8b:36:59:2d:
                    58:ae:3e:8a:dc:4f:63:92:16:4b:57:f8:d2:92:88:
                    1c:77:3f:a5:95:9f:9d:6b:dc:44:c8:b2:1e:f8:93:
                    3a:87:e9:a5:e6:81:69:a6:2b:40:ac:d3:cb:8d:6f:
                    d2:a8:25:81:d4:41:6e:5d:71:1b:b0:0a:12:82:bb:
                    b3:47:f6:3b:8c:d6:9a:ba:48:24:62:df:c1:be:a8:
                    b1:69:9d:52:ed:55:de:44:d6:3d:14:7e:bb:1c:ce:
                    90:3e:e8:fd:51:b3:08:16:3a:06:33:91:1e:45:98:
                    f7:d1:76:dc:b8:5b:b3:68:5f:a8:b9:2f:af:d4:c0:
                    e5:7f:22:0c:0b:f2:54:e3:b3:bf:63:c6:2a:06:40:
                    43:27:1a:bd:c9:9c:bc:1b:e9:2a:f0:4b:1f:3b:ff:
                    ba:50:9d:30:37:1f:74:54:3c:a3:09:4b:9f:85:c5:
                    67:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:AC:00:EF:28:1C:B4:51:9F:63:18:F7:ED:49:6B:8F:2E:21:EF:07
            X509v3 Authority Key Identifier:
                keyid:23:BA:1E:C4:F0:35:A7:2D:FA:39:E9:30:AD:8E:C5:43:68:EB:7A:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7oexPA1py36OekwrY7FQ2jrevQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/bKwA7ygctFGfYxj37Ulrjy4h7wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/60ed2d-16d5-4d0c-a947-bde6448b786c/1/I7oexPA1py36OekwrY7FQ2jrevQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.133.0/24
                  194.146.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:7e:23:a3:de:e8:9d:57:c4:65:98:99:8a:2c:54:9c:ba:6b:
         52:d6:dd:89:74:6b:92:02:4b:67:4f:a0:dd:65:e6:75:1e:b2:
         37:ee:4b:8c:b5:75:d1:29:e8:21:7e:22:02:a8:b0:2c:57:bb:
         37:e4:9d:2f:2a:76:76:5d:c1:19:e7:c4:a8:19:4d:8c:62:1d:
         5d:70:83:72:4a:f6:96:5f:00:0b:1e:94:b3:b8:56:02:ca:1b:
         65:af:e4:31:51:47:0f:c3:e0:9d:1f:4c:9c:f5:cf:99:7d:31:
         c1:24:bd:98:21:3f:af:42:73:78:eb:8c:8b:c8:de:4f:48:61:
         8e:1e:7b:ce:a4:e8:35:fe:35:eb:cd:17:d9:7a:62:86:4b:f1:
         ba:28:dd:d4:86:61:7b:9b:32:b6:f4:89:ad:f2:87:fd:0b:16:
         48:b0:c3:a9:ef:86:18:67:6e:7c:cc:f3:c7:bc:33:2c:d0:b7:
         de:96:ec:ff:fd:53:26:26:6e:8d:87:da:7e:8e:22:82:70:2b:
         c9:95:a9:3d:36:fa:7b:35:14:a9:c0:38:f5:e3:2f:24:91:7c:
         ed:e9:da:a8:36:95:19:3b:b9:42:72:07:54:86:bd:cf:85:0f:
         90:f0:27:fa:bd:3d:82:97:5b:f9:fc:ab:fd:08:df:65:f2:09:
         ed:3f:00:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1apXffGTjioTcMFGS97SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYmExZWM0ZjAzNWE3MmRmYTM5ZTkzMGFkOGVjNTQzNjhl
YjdhZjQwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2FjMDBlZjI4MWNiNDUxOWY2MzE4ZjdlZDQ5NmI4ZjJlMjFlZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKYZg3uFdnvevZl5EkBAIt3F+dYk
QW506LaIGxpSEGvsD1flfqjF6r6K/urdmWHELFBvo2Bngd1MR319vxIEfCWtKaij
qEw4G/xp4LR2t5f15O3Ll4s2WS1Yrj6K3E9jkhZLV/jSkogcdz+llZ+da9xEyLIe
+JM6h+ml5oFppitArNPLjW/SqCWB1EFuXXEbsAoSgruzR/Y7jNaaukgkYt/Bvqix
aZ1S7VXeRNY9FH67HM6QPuj9UbMIFjoGM5EeRZj30XbcuFuzaF+ouS+v1MDlfyIM
C/JU47O/Y8YqBkBDJxq9yZy8G+kq8EsfO/+6UJ0wNx90VDyjCUufhcVnswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGysAO8oHLRRn2MY9+1Ja48uIe8HMB8GA1UdIwQY
MBaAFCO6HsTwNact+jnpMK2OxUNo63r0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDct
YmRlNjQ0OGI3ODZjLzEvYkt3QTd5Z2N0RkdmWXhqMzdVbHJqeTRoN3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82MGVkMmQtMTZkNS00ZDBjLWE5NDctYmRlNjQ0OGI3ODZj
LzEvSTdvZXhQQTFweTM2T2Vrd3JZN0ZRMmpyZXZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwpKFAwQA
wpKHMA0GCSqGSIb3DQEBCwUAA4IBAQClfiOj3uidV8RlmJmKLFScumtS1t2JdGuS
AktnT6DdZeZ1HrI37kuMtXXRKeghfiICqLAsV7s35J0vKnZ2XcEZ58SoGU2MYh1d
cINySvaWXwALHpSzuFYCyhtlr+QxUUcPw+CdH0yc9c+ZfTHBJL2YIT+vQnN464yL
yN5PSGGOHnvOpOg1/jXrzRfZemKGS/G6KN3UhmF7mzK29Imt8of9CxZIsMOp74YY
Z258zPPHvDMs0Lfeluz//VMmJm6Nh9p+jiKCcCvJlak9Nvp7NRSpwDj14y8kkXzt
6dqoNpUZO7lCcgdUhr3PhQ+Q8Cf6vT2Cl1v5/Kv9CN9l8gntPwCw
-----END CERTIFICATE-----