Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/8d0bcf-6f35-4d79-884a-502b77ce92f8/1/ABHkV05s8th27UlOQfZqHpvCN9M.roa
File:                     ABHkV05s8th27UlOQfZqHpvCN9M.roa (raw, json)
Hash identifier:          W21GRUIPND/bYNl8U/r+S01S2Z9vywL8FOAp0ejiALY=
Subject key identifier:   00:11:E4:57:4E:6C:F2:D8:76:ED:49:4E:41:F6:6A:1E:9B:C2:37:D3
Certificate issuer:       /CN=06f92e6831df1f2ebcd5d5eb0e5999c5b0475c51
Certificate serial:       019423D6FE64BBD5F57659A135F0E701183B
Authority key identifier: 06:F9:2E:68:31:DF:1F:2E:BC:D5:D5:EB:0E:59:99:C5:B0:47:5C:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BvkuaDHfHy681dXrDlmZxbBHXFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/8d0bcf-6f35-4d79-884a-502b77ce92f8/1/ABHkV05s8th27UlOQfZqHpvCN9M.roa
Signing time:             Wed 01 Jan 2025 21:47:59 +0000
ROA not before:           Wed 01 Jan 2025 21:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        193.150.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/8d0bcf-6f35-4d79-884a-502b77ce92f8/1/BvkuaDHfHy681dXrDlmZxbBHXFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/8d0bcf-6f35-4d79-884a-502b77ce92f8/1/BvkuaDHfHy681dXrDlmZxbBHXFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BvkuaDHfHy681dXrDlmZxbBHXFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:fe:64:bb:d5:f5:76:59:a1:35:f0:e7:01:18:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06f92e6831df1f2ebcd5d5eb0e5999c5b0475c51
        Validity
            Not Before: Jan  1 21:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0011e4574e6cf2d876ed494e41f66a1e9bc237d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f0:95:ab:2d:6b:9d:19:47:cd:4e:4c:32:5d:
                    8c:25:e4:53:1c:27:e9:03:2b:91:99:16:6d:c9:89:
                    00:95:fa:67:57:4c:9b:19:de:78:4c:73:5b:28:99:
                    a1:30:77:15:ce:95:7b:82:81:92:28:1f:03:0d:eb:
                    51:2f:e7:bf:25:03:15:27:39:ec:b0:b5:de:74:00:
                    e0:e6:bf:4f:59:aa:c0:d1:f1:02:7b:b2:9a:b6:53:
                    a0:80:a3:fd:bf:db:9d:2c:c4:a6:07:89:f0:00:9c:
                    1e:37:72:33:e6:55:58:45:e7:37:e7:66:14:55:29:
                    27:b2:7e:f2:1c:2f:85:00:8d:f6:80:f9:38:4b:a5:
                    62:83:78:a5:ca:6e:4f:c8:41:c8:7e:3d:85:a7:f3:
                    c4:82:a4:e1:25:f2:7e:56:20:29:93:24:af:d6:ac:
                    24:f0:54:2e:41:51:00:94:b1:50:aa:e0:9a:1e:f2:
                    6f:61:eb:6f:f7:c2:0e:0c:75:99:98:1e:e1:3d:64:
                    b6:8f:a3:a4:db:93:ca:3f:85:0d:8f:4f:3b:48:b7:
                    50:2b:19:cf:3b:d6:67:65:a9:d3:70:47:bf:4e:ae:
                    b0:6f:ee:a4:c5:a1:4f:33:db:bf:3c:57:29:ed:38:
                    71:24:c7:3f:46:b9:90:22:9a:22:56:b4:8b:05:1d:
                    48:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:11:E4:57:4E:6C:F2:D8:76:ED:49:4E:41:F6:6A:1E:9B:C2:37:D3
            X509v3 Authority Key Identifier:
                keyid:06:F9:2E:68:31:DF:1F:2E:BC:D5:D5:EB:0E:59:99:C5:B0:47:5C:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BvkuaDHfHy681dXrDlmZxbBHXFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/8d0bcf-6f35-4d79-884a-502b77ce92f8/1/ABHkV05s8th27UlOQfZqHpvCN9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/8d0bcf-6f35-4d79-884a-502b77ce92f8/1/BvkuaDHfHy681dXrDlmZxbBHXFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:3c:62:ee:70:6a:7a:7d:0c:77:9d:46:d1:b9:80:e7:b6:bb:
         a8:02:36:ac:04:35:80:02:59:62:ee:33:2a:0a:61:07:a6:6b:
         b8:3b:22:5e:b3:3e:f2:f3:8e:c5:1e:20:81:b0:57:dd:13:4b:
         93:28:26:52:45:bc:e2:be:5f:f1:33:cc:71:47:75:8e:80:38:
         f8:ab:79:93:9b:69:4c:75:cd:25:ac:8a:fd:bd:c0:9e:fb:38:
         45:75:40:7b:74:a3:28:c8:4a:76:eb:a4:b8:2c:65:2d:0c:20:
         ef:fe:e8:0a:f4:49:b2:93:ec:76:5e:40:36:93:f6:aa:59:e0:
         13:84:76:b1:52:92:90:38:f5:c0:d4:9d:cb:ac:23:7b:4d:9e:
         88:ef:0b:7e:a7:a6:fb:ac:db:b6:c6:10:f6:cf:70:23:78:35:
         e0:9d:5e:17:83:76:82:0c:6a:54:c0:43:52:6a:8a:f6:ff:f4:
         28:69:5a:c0:53:18:1a:29:01:75:7f:d2:c1:c3:05:14:45:26:
         ba:a9:6f:b2:ae:eb:64:4a:d7:08:a2:c4:43:7d:a8:13:0a:09:
         8c:70:21:30:96:8c:52:c9:a7:85:b4:63:82:85:32:9d:4e:0d:
         d7:ec:c6:ae:73:7d:a9:2c:fb:c8:70:e4:4a:ce:34:5a:23:2b:
         57:fd:11:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1v5ku9X1dlmhNfDnARg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZjkyZTY4MzFkZjFmMmViY2Q1ZDVlYjBlNTk5OWM1YjA0
NzVjNTEwHhcNMjUwMTAxMjE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDExZTQ1NzRlNmNmMmQ4NzZlZDQ5NGU0MWY2NmExZTliYzIzN2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fCVqy1rnRlHzU5MMl2MJeRTHCfp
AyuRmRZtyYkAlfpnV0ybGd54THNbKJmhMHcVzpV7goGSKB8DDetRL+e/JQMVJzns
sLXedADg5r9PWarA0fECe7KatlOggKP9v9udLMSmB4nwAJweN3Iz5lVYRec352YU
VSknsn7yHC+FAI32gPk4S6Vig3ilym5PyEHIfj2Fp/PEgqThJfJ+ViApkySv1qwk
8FQuQVEAlLFQquCaHvJvYetv98IODHWZmB7hPWS2j6Ok25PKP4UNj087SLdQKxnP
O9ZnZanTcEe/Tq6wb+6kxaFPM9u/PFcp7ThxJMc/RrmQIpoiVrSLBR1IgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAR5FdObPLYdu1JTkH2ah6bwjfTMB8GA1UdIwQY
MBaAFAb5Lmgx3x8uvNXV6w5ZmcWwR1xRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnZrdWFESGZIeTY4MWRYckRsbVp4YkJIWEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy84ZDBiY2YtNmYzNS00ZDc5LTg4NGEt
NTAyYjc3Y2U5MmY4LzEvQUJIa1YwNXM4dGgyN1VsT1FmWnFIcHZDTjlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy84ZDBiY2YtNmYzNS00ZDc5LTg4NGEtNTAyYjc3Y2U5MmY4
LzEvQnZrdWFESGZIeTY4MWRYckRsbVp4YkJIWEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZakMA0G
CSqGSIb3DQEBCwUAA4IBAQB+PGLucGp6fQx3nUbRuYDntruoAjasBDWAAlli7jMq
CmEHpmu4OyJesz7y847FHiCBsFfdE0uTKCZSRbzivl/xM8xxR3WOgDj4q3mTm2lM
dc0lrIr9vcCe+zhFdUB7dKMoyEp266S4LGUtDCDv/ugK9Emyk+x2XkA2k/aqWeAT
hHaxUpKQOPXA1J3LrCN7TZ6I7wt+p6b7rNu2xhD2z3AjeDXgnV4Xg3aCDGpUwENS
aor2//QoaVrAUxgaKQF1f9LBwwUURSa6qW+yrutkStcIosRDfagTCgmMcCEwloxS
yaeFtGOChTKdTg3X7Mauc32pLPvIcORKzjRaIytX/RF1
-----END CERTIFICATE-----