Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/3UNyKDhAIctkIaiCHfw-i8AjC60.roa
File:                     3UNyKDhAIctkIaiCHfw-i8AjC60.roa (raw, json)
Hash identifier:          RbaiVZW2VnfBiQ5GEAYbSY+TEp7BHi5lhZORNmt7Iwo=
Subject key identifier:   DD:43:72:28:38:40:21:CB:64:21:A8:82:1D:FC:3E:8B:C0:23:0B:AD
Certificate issuer:       /CN=163bcbd9bc93849a7ffdf7294c2de9dfb1eaf283
Certificate serial:       01942444A356B166D0DB2524483BCC229CB3
Authority key identifier: 16:3B:CB:D9:BC:93:84:9A:7F:FD:F7:29:4C:2D:E9:DF:B1:EA:F2:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FjvL2byThJp__fcpTC3p37Hq8oM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/3UNyKDhAIctkIaiCHfw-i8AjC60.roa
Signing time:             Wed 01 Jan 2025 23:47:45 +0000
ROA not before:           Wed 01 Jan 2025 23:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21241
IP address blocks:        193.58.72.0/21 maxlen: 21
                          193.58.72.0/24 maxlen: 24
                          193.58.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/FjvL2byThJp__fcpTC3p37Hq8oM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/FjvL2byThJp__fcpTC3p37Hq8oM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FjvL2byThJp__fcpTC3p37Hq8oM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a3:56:b1:66:d0:db:25:24:48:3b:cc:22:9c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=163bcbd9bc93849a7ffdf7294c2de9dfb1eaf283
        Validity
            Not Before: Jan  1 23:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd437228384021cb6421a8821dfc3e8bc0230bad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:58:b5:68:df:a9:c7:21:af:c2:3b:96:d4:5e:
                    99:bd:aa:00:55:d9:c2:ec:f4:ea:38:0f:5d:b3:59:
                    67:58:f4:3d:33:ae:1d:7b:be:ce:21:72:10:74:92:
                    d3:7f:50:b7:50:0a:68:34:d3:6d:2f:77:2c:72:f0:
                    a8:33:15:88:1d:32:4d:09:36:a4:d4:7e:98:d3:60:
                    49:5a:54:8c:e4:41:4f:db:bd:68:4a:f7:64:76:cd:
                    c2:34:9f:93:9a:87:dd:c2:8f:f6:b7:d7:3b:66:16:
                    83:38:fa:4c:cb:26:5c:43:98:ef:44:33:71:68:21:
                    1c:7c:42:8a:5c:1c:71:83:d7:2f:3c:48:ad:56:d4:
                    d3:54:61:94:40:8e:6e:78:a0:d2:34:63:ed:53:1a:
                    65:d7:97:12:81:85:aa:14:ed:9a:2e:be:4c:d8:d3:
                    24:63:d7:ea:46:77:8d:58:6f:50:04:ce:d8:ae:e8:
                    75:a2:26:4a:5d:59:f1:62:b3:a5:1b:5f:4e:9a:7a:
                    9f:54:e5:c2:cd:24:9d:a2:99:8a:7b:90:ba:40:4f:
                    e4:23:b8:00:5b:11:9b:8c:c9:66:8a:67:67:dd:f9:
                    ea:2d:71:6a:9a:06:fa:f7:df:b8:97:02:81:15:e9:
                    5e:97:93:61:07:1e:a6:8b:86:c2:eb:cf:87:1c:6a:
                    7c:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:43:72:28:38:40:21:CB:64:21:A8:82:1D:FC:3E:8B:C0:23:0B:AD
            X509v3 Authority Key Identifier:
                keyid:16:3B:CB:D9:BC:93:84:9A:7F:FD:F7:29:4C:2D:E9:DF:B1:EA:F2:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FjvL2byThJp__fcpTC3p37Hq8oM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/3UNyKDhAIctkIaiCHfw-i8AjC60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/56c782-6e9e-4fc8-bb99-f640ad3b8cf4/1/FjvL2byThJp__fcpTC3p37Hq8oM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5c:fd:cd:39:ec:9f:a3:92:f3:ad:1c:c2:23:db:87:ca:6d:67:
         46:f5:34:a1:8a:cc:cf:80:e0:13:3b:9e:9d:e1:11:98:cd:8d:
         a5:0b:34:71:5f:a6:24:e9:d6:8f:39:a7:34:7f:51:50:99:5a:
         0d:f4:f9:8a:f3:da:51:77:ce:4b:18:9b:bf:75:04:85:e3:e4:
         af:1d:dc:1d:c4:57:7b:10:58:a5:f9:12:de:05:e9:ef:03:f9:
         3a:2c:69:dc:fd:57:14:6b:22:15:bf:86:00:ac:d8:d3:62:b9:
         7c:0b:33:ca:5e:98:28:ee:c2:c5:92:a8:38:c6:9d:1f:30:4f:
         ed:44:be:a0:7a:9b:0a:61:31:ce:8a:d4:f6:6a:3a:c1:3a:7c:
         fe:96:c2:ff:ac:0a:5e:6f:0d:22:02:49:79:cc:03:04:ed:4a:
         29:16:28:5b:3f:99:3a:d8:ee:72:52:28:40:ff:6d:7a:f0:21:
         6f:5e:dc:81:ed:bb:1c:b6:14:45:bd:89:53:ad:2d:61:d2:d9:
         6d:9b:9c:3f:09:93:3c:4c:8d:c9:26:f8:f9:24:a6:30:3f:88:
         ed:91:bc:2e:fc:92:ce:b9:6a:35:d3:ab:b5:67:3c:0e:75:53:
         15:bd:9d:a4:1d:a2:58:35:b0:57:cf:c1:c1:55:0a:ba:56:75:
         d6:d4:28:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKNWsWbQ2yUkSDvMIpyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2M2JjYmQ5YmM5Mzg0OWE3ZmZkZjcyOTRjMmRlOWRmYjFl
YWYyODMwHhcNMjUwMTAxMjM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDQzNzIyODM4NDAyMWNiNjQyMWE4ODIxZGZjM2U4YmMwMjMwYmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsli1aN+pxyGvwjuW1F6ZvaoAVdnC
7PTqOA9ds1lnWPQ9M64de77OIXIQdJLTf1C3UApoNNNtL3cscvCoMxWIHTJNCTak
1H6Y02BJWlSM5EFP271oSvdkds3CNJ+Tmofdwo/2t9c7ZhaDOPpMyyZcQ5jvRDNx
aCEcfEKKXBxxg9cvPEitVtTTVGGUQI5ueKDSNGPtUxpl15cSgYWqFO2aLr5M2NMk
Y9fqRneNWG9QBM7Yruh1oiZKXVnxYrOlG19OmnqfVOXCzSSdopmKe5C6QE/kI7gA
WxGbjMlmimdn3fnqLXFqmgb699+4lwKBFelel5NhBx6mi4bC68+HHGp8TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1Dcig4QCHLZCGogh38PovAIwutMB8GA1UdIwQY
MBaAFBY7y9m8k4Saf/33KUwt6d+x6vKDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmp2TDJieVRoSnBfX2ZjcFRDM3AzN0hxOG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81NmM3ODItNmU5ZS00ZmM4LWJiOTkt
ZjY0MGFkM2I4Y2Y0LzEvM1VOeUtEaEFJY3RrSWFpQ0hmdy1pOEFqQzYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81NmM3ODItNmU5ZS00ZmM4LWJiOTktZjY0MGFkM2I4Y2Y0
LzEvRmp2TDJieVRoSnBfX2ZjcFRDM3AzN0hxOG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwTpIMA0G
CSqGSIb3DQEBCwUAA4IBAQBc/c057J+jkvOtHMIj24fKbWdG9TShiszPgOATO56d
4RGYzY2lCzRxX6Yk6daPOac0f1FQmVoN9PmK89pRd85LGJu/dQSF4+SvHdwdxFd7
EFil+RLeBenvA/k6LGnc/VcUayIVv4YArNjTYrl8CzPKXpgo7sLFkqg4xp0fME/t
RL6gepsKYTHOitT2ajrBOnz+lsL/rApebw0iAkl5zAME7UopFihbP5k62O5yUihA
/2168CFvXtyB7bscthRFvYlTrS1h0tltm5w/CZM8TI3JJvj5JKYwP4jtkbwu/JLO
uWo106u1ZzwOdVMVvZ2kHaJYNbBXz8HBVQq6VnXW1CiC
-----END CERTIFICATE-----