Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/67zW8t21om1pTXvyuagS0QWX12s.roa
File:                     67zW8t21om1pTXvyuagS0QWX12s.roa (raw, json)
Hash identifier:          arwG9XkQ/+2dVagELL/zq8/mCR4dYaym8bqyA1sBk4A=
Subject key identifier:   EB:BC:D6:F2:DD:B5:A2:6D:69:4D:7B:F2:B9:A8:12:D1:05:97:D7:6B
Certificate issuer:       /CN=f638947ddb892f5f3a48a69af97a8fb52103a0d6
Certificate serial:       019423D77EBD9FC013EC85392DD221A3AC85
Authority key identifier: F6:38:94:7D:DB:89:2F:5F:3A:48:A6:9A:F9:7A:8F:B5:21:03:A0:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/67zW8t21om1pTXvyuagS0QWX12s.roa
Signing time:             Wed 01 Jan 2025 21:48:32 +0000
ROA not before:           Wed 01 Jan 2025 21:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        193.35.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:7e:bd:9f:c0:13:ec:85:39:2d:d2:21:a3:ac:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f638947ddb892f5f3a48a69af97a8fb52103a0d6
        Validity
            Not Before: Jan  1 21:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebbcd6f2ddb5a26d694d7bf2b9a812d10597d76b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:06:fe:db:3f:26:08:65:3f:55:a7:1f:5a:09:
                    d4:ad:e6:39:27:09:ba:b9:9c:e0:c8:f2:ba:8f:58:
                    3e:e5:4a:35:50:2c:6a:f2:d8:a1:94:66:bb:af:65:
                    83:cd:2b:0a:ec:73:4e:2a:f8:4a:b4:56:bb:47:34:
                    ed:54:a7:1a:50:a7:b2:0c:c6:02:32:09:34:21:9b:
                    59:cf:73:ff:82:9e:a2:29:04:2a:e4:8a:5e:9d:2f:
                    c3:5a:cd:ba:66:f4:af:90:a7:ff:8a:15:a6:cd:15:
                    80:9f:25:05:2e:18:e0:f8:d6:ac:89:20:5b:f1:e7:
                    43:4d:21:bf:72:8b:c2:98:c3:19:b7:a7:8d:b0:9f:
                    71:2a:05:19:35:83:75:03:14:d3:30:96:ce:12:48:
                    ee:3c:51:4b:dd:57:79:bb:10:53:0e:71:b8:c2:a4:
                    88:81:8d:0e:cc:a4:be:77:d1:5b:90:1b:05:23:b8:
                    7e:85:2f:e9:50:58:f1:07:3e:74:15:5d:3e:13:53:
                    8b:52:ed:46:8e:b7:38:5f:8d:db:c0:c4:ca:d7:22:
                    a6:af:b4:07:7f:94:9e:5d:96:12:6d:29:ed:88:cc:
                    a8:78:8d:db:bd:4f:ff:2a:2f:96:6b:df:7f:48:7a:
                    61:34:b9:bd:6b:9f:cf:9a:19:90:e3:01:c9:0f:dc:
                    61:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:BC:D6:F2:DD:B5:A2:6D:69:4D:7B:F2:B9:A8:12:D1:05:97:D7:6B
            X509v3 Authority Key Identifier:
                keyid:F6:38:94:7D:DB:89:2F:5F:3A:48:A6:9A:F9:7A:8F:B5:21:03:A0:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9jiUfduJL186SKaa-XqPtSEDoNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/67zW8t21om1pTXvyuagS0QWX12s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/289b8d-78de-4160-90d3-61d26603c37c/1/9jiUfduJL186SKaa-XqPtSEDoNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:05:e4:0b:3e:cb:fc:f5:b8:c7:1d:f7:97:da:4c:bd:82:8e:
         3d:25:ee:fd:17:b0:c3:86:6f:38:b9:02:aa:a8:61:40:12:36:
         84:78:b9:2c:3d:9b:9a:db:40:04:0b:eb:85:3b:8c:fe:24:b0:
         3c:eb:01:55:d3:1b:b2:9f:d6:e0:36:91:cc:fb:d2:0c:7e:a1:
         18:32:13:19:59:c7:d3:f5:11:b6:47:75:06:3d:be:49:b2:6c:
         af:ac:4f:ff:db:9e:30:c1:8f:29:82:d0:13:20:ca:19:e9:c2:
         27:ff:c4:cc:ed:9f:40:83:98:86:6f:24:2b:7c:14:c0:65:df:
         b0:36:bc:00:f5:b4:81:f0:5d:2d:3b:63:b4:05:fc:dc:23:e6:
         5c:84:2c:22:44:28:ed:2e:3a:42:29:0e:26:8b:2e:5c:30:fa:
         69:a0:2e:3b:b6:20:66:18:1c:7a:39:d5:d8:5f:54:f6:27:56:
         61:24:b8:41:a1:d6:a9:e8:27:51:d8:78:b4:55:ea:1e:09:ff:
         1d:a2:bb:24:8d:4b:16:f2:fd:e2:61:2b:74:e6:56:cb:46:d2:
         fa:c4:66:a5:33:bb:5c:07:fe:b4:9c:de:09:16:8a:e6:24:e0:
         1b:a0:19:17:b1:a1:33:65:ea:ae:78:bc:16:ce:9a:f5:20:1d:
         4f:e9:48:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1369n8AT7IU5LdIho6yFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2Mzg5NDdkZGI4OTJmNWYzYTQ4YTY5YWY5N2E4ZmI1MjEw
M2EwZDYwHhcNMjUwMTAxMjE0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmJjZDZmMmRkYjVhMjZkNjk0ZDdiZjJiOWE4MTJkMTA1OTdkNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgb+2z8mCGU/VacfWgnUreY5Jwm6
uZzgyPK6j1g+5Uo1UCxq8tihlGa7r2WDzSsK7HNOKvhKtFa7RzTtVKcaUKeyDMYC
Mgk0IZtZz3P/gp6iKQQq5IpenS/DWs26ZvSvkKf/ihWmzRWAnyUFLhjg+NasiSBb
8edDTSG/covCmMMZt6eNsJ9xKgUZNYN1AxTTMJbOEkjuPFFL3Vd5uxBTDnG4wqSI
gY0OzKS+d9FbkBsFI7h+hS/pUFjxBz50FV0+E1OLUu1Gjrc4X43bwMTK1yKmr7QH
f5SeXZYSbSntiMyoeI3bvU//Ki+Wa99/SHphNLm9a5/PmhmQ4wHJD9xhYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOu81vLdtaJtaU178rmoEtEFl9drMB8GA1UdIwQY
MBaAFPY4lH3biS9fOkimmvl6j7UhA6DWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWppVWZkdUpMMTg2U0thYS1YcVB0U0VEb05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8yODliOGQtNzhkZS00MTYwLTkwZDMt
NjFkMjY2MDNjMzdjLzEvNjd6Vzh0MjFvbTFwVFh2eXVhZ1MwUVdYMTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8yODliOGQtNzhkZS00MTYwLTkwZDMtNjFkMjY2MDNjMzdj
LzEvOWppVWZkdUpMMTg2U0thYS1YcVB0U0VEb05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSOdMA0G
CSqGSIb3DQEBCwUAA4IBAQA9BeQLPsv89bjHHfeX2ky9go49Je79F7DDhm84uQKq
qGFAEjaEeLksPZua20AEC+uFO4z+JLA86wFV0xuyn9bgNpHM+9IMfqEYMhMZWcfT
9RG2R3UGPb5JsmyvrE//254wwY8pgtATIMoZ6cIn/8TM7Z9Ag5iGbyQrfBTAZd+w
NrwA9bSB8F0tO2O0BfzcI+ZchCwiRCjtLjpCKQ4miy5cMPppoC47tiBmGBx6OdXY
X1T2J1ZhJLhBodap6CdR2Hi0VeoeCf8dorskjUsW8v3iYSt05lbLRtL6xGalM7tc
B/60nN4JFormJOAboBkXsaEzZequeLwWzpr1IB1P6UgX
-----END CERTIFICATE-----