Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e3b9d9-be9f-4a76-b3a3-3e05b37e138b/1/VXStklzuRlpg_R8nfz573Xq7Noo.roa
File:                     VXStklzuRlpg_R8nfz573Xq7Noo.roa (raw, json)
Hash identifier:          IbT51sa2OOKxE/XOPtTGvEY7Cw0dCovzg7t9jfSRhHI=
Subject key identifier:   55:74:AD:92:5C:EE:46:5A:60:FD:1F:27:7F:3E:7B:DD:7A:BB:36:8A
Certificate issuer:       /CN=ecbc33fd01178ae2f974eeed5dcdcd3c175e16a7
Certificate serial:       019425FDC7777EBCCE73DBD01D501C5E96A2
Authority key identifier: EC:BC:33:FD:01:17:8A:E2:F9:74:EE:ED:5D:CD:CD:3C:17:5E:16:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Lwz_QEXiuL5dO7tXc3NPBdeFqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/e3b9d9-be9f-4a76-b3a3-3e05b37e138b/1/VXStklzuRlpg_R8nfz573Xq7Noo.roa
Signing time:             Thu 02 Jan 2025 07:49:35 +0000
ROA not before:           Thu 02 Jan 2025 07:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        193.228.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/e3b9d9-be9f-4a76-b3a3-3e05b37e138b/1/7Lwz_QEXiuL5dO7tXc3NPBdeFqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/e3b9d9-be9f-4a76-b3a3-3e05b37e138b/1/7Lwz_QEXiuL5dO7tXc3NPBdeFqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Lwz_QEXiuL5dO7tXc3NPBdeFqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 00:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c7:77:7e:bc:ce:73:db:d0:1d:50:1c:5e:96:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecbc33fd01178ae2f974eeed5dcdcd3c175e16a7
        Validity
            Not Before: Jan  2 07:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5574ad925cee465a60fd1f277f3e7bdd7abb368a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fb:17:23:c7:dc:d6:d5:f4:c6:af:4e:15:7b:
                    ee:c9:75:ad:02:93:d9:56:07:d8:05:d5:f0:d2:67:
                    d2:bf:8a:23:83:d6:b8:a1:5c:5e:3a:2d:1d:db:95:
                    7b:7f:09:af:d4:1c:59:3f:52:5f:c5:c1:d4:8f:f9:
                    e4:d2:19:50:f0:e9:9b:ef:ad:6a:d4:7a:e1:74:74:
                    83:b7:70:1a:11:4c:0b:a1:55:56:f0:5f:55:ac:c0:
                    25:c1:16:90:38:4a:cc:48:b2:b9:12:77:ff:0b:df:
                    41:4b:66:ca:51:3c:cc:22:79:f0:f0:e2:0f:6b:37:
                    50:8b:c2:f7:f0:f1:38:e2:b6:50:f8:96:d8:60:eb:
                    3b:53:45:4b:29:1f:b9:bd:54:ad:2f:84:2f:ba:69:
                    43:8b:80:84:2c:1c:8f:f8:28:ec:f7:cc:e8:0d:94:
                    ab:96:a7:be:74:27:07:db:31:a1:2a:bb:44:08:4c:
                    c4:15:48:77:d6:6e:99:29:a8:14:3e:ad:73:d2:2a:
                    dc:53:1c:39:bf:81:b0:af:fc:14:1e:28:28:75:f4:
                    29:7c:64:17:ab:e9:fe:7b:15:ad:2d:6a:d6:52:de:
                    79:0d:c1:fd:3d:24:b7:07:59:a5:4a:58:75:c8:88:
                    69:a2:6b:36:b0:a3:dd:12:8a:f8:9e:db:35:3e:71:
                    d7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:74:AD:92:5C:EE:46:5A:60:FD:1F:27:7F:3E:7B:DD:7A:BB:36:8A
            X509v3 Authority Key Identifier:
                keyid:EC:BC:33:FD:01:17:8A:E2:F9:74:EE:ED:5D:CD:CD:3C:17:5E:16:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Lwz_QEXiuL5dO7tXc3NPBdeFqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e3b9d9-be9f-4a76-b3a3-3e05b37e138b/1/VXStklzuRlpg_R8nfz573Xq7Noo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e3b9d9-be9f-4a76-b3a3-3e05b37e138b/1/7Lwz_QEXiuL5dO7tXc3NPBdeFqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:ff:66:93:55:23:bb:32:92:8f:ad:0f:1a:1c:43:5b:63:38:
         2f:35:c6:b3:8c:c3:8e:c8:de:2b:12:7b:aa:95:44:6c:34:c7:
         d1:5c:31:7f:b1:f1:f7:d6:9e:06:8f:6d:b2:fb:75:af:a2:f7:
         de:79:5a:3e:54:a9:c2:35:04:f5:6e:f5:5c:81:ea:f5:7e:c8:
         8b:53:17:ab:7b:f4:be:bb:39:1a:3a:67:b3:a3:b3:9b:80:ee:
         ce:55:fc:17:97:98:40:39:ec:a7:71:49:6a:52:3f:e7:85:81:
         58:13:03:47:33:d8:bf:3a:f0:5d:94:ec:89:0e:26:e1:8b:70:
         d1:b9:a9:b6:4d:13:a9:51:29:25:b4:68:75:65:87:e1:ab:80:
         c9:b3:a6:03:5b:4e:0d:7a:40:41:73:6d:c3:58:20:14:45:15:
         b8:a0:59:28:4d:75:a0:c7:d2:88:4b:04:ff:64:cc:fa:f1:5c:
         89:17:db:d6:da:04:5f:9f:26:a8:f5:29:27:b7:7f:a2:5c:f6:
         38:1b:55:50:10:a6:30:ea:a2:2c:0e:32:4b:b8:9b:0c:40:e2:
         28:23:d5:ab:ee:a5:ce:a4:12:60:95:96:b1:75:54:0d:76:d0:
         6f:2e:5b:30:fe:dd:92:8e:a8:5a:6e:7f:67:f2:76:6d:22:bd:
         78:4f:45:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/cd3frzOc9vQHVAcXpaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYmMzM2ZkMDExNzhhZTJmOTc0ZWVlZDVkY2RjZDNjMTc1
ZTE2YTcwHhcNMjUwMTAyMDc0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTc0YWQ5MjVjZWU0NjVhNjBmZDFmMjc3ZjNlN2JkZDdhYmIzNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfsXI8fc1tX0xq9OFXvuyXWtApPZ
VgfYBdXw0mfSv4ojg9a4oVxeOi0d25V7fwmv1BxZP1JfxcHUj/nk0hlQ8Omb761q
1HrhdHSDt3AaEUwLoVVW8F9VrMAlwRaQOErMSLK5Enf/C99BS2bKUTzMInnw8OIP
azdQi8L38PE44rZQ+JbYYOs7U0VLKR+5vVStL4QvumlDi4CELByP+Cjs98zoDZSr
lqe+dCcH2zGhKrtECEzEFUh31m6ZKagUPq1z0ircUxw5v4Gwr/wUHigodfQpfGQX
q+n+exWtLWrWUt55DcH9PSS3B1mlSlh1yIhpoms2sKPdEor4nts1PnHXqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFV0rZJc7kZaYP0fJ38+e916uzaKMB8GA1UdIwQY
MBaAFOy8M/0BF4ri+XTu7V3NzTwXXhanMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0x3el9RRVhpdUw1ZE83dFhjM05QQmRlRnFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lM2I5ZDktYmU5Zi00YTc2LWIzYTMt
M2UwNWIzN2UxMzhiLzEvVlhTdGtsenVSbHBnX1I4bmZ6NTczWHE3Tm9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lM2I5ZDktYmU5Zi00YTc2LWIzYTMtM2UwNWIzN2UxMzhi
LzEvN0x3el9RRVhpdUw1ZE83dFhjM05QQmRlRnFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweQAMA0G
CSqGSIb3DQEBCwUAA4IBAQBv/2aTVSO7MpKPrQ8aHENbYzgvNcazjMOOyN4rEnuq
lURsNMfRXDF/sfH31p4Gj22y+3WvovfeeVo+VKnCNQT1bvVcger1fsiLUxere/S+
uzkaOmezo7ObgO7OVfwXl5hAOeyncUlqUj/nhYFYEwNHM9i/OvBdlOyJDibhi3DR
uam2TROpUSkltGh1ZYfhq4DJs6YDW04NekBBc23DWCAURRW4oFkoTXWgx9KISwT/
ZMz68VyJF9vW2gRfnyao9Sknt3+iXPY4G1VQEKYw6qIsDjJLuJsMQOIoI9Wr7qXO
pBJglZaxdVQNdtBvLlsw/t2Sjqhabn9n8nZtIr14T0WE
-----END CERTIFICATE-----