Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/rEdLOhgJ5xMWvLwmv0wizm-cOW0.roa
File:                     rEdLOhgJ5xMWvLwmv0wizm-cOW0.roa (raw, json)
Hash identifier:          5KEvRv7KqMLhpYGvFA0tU5bp6PFE1qlP3ELvibmeSX4=
Subject key identifier:   AC:47:4B:3A:18:09:E7:13:16:BC:BC:26:BF:4C:22:CE:6F:9C:39:6D
Certificate issuer:       /CN=bdf960b0ee6bc5d0f6a0c64a69f2f86259fdcd58
Certificate serial:       019426D9A5A32BA6884C75801492A4D194F7
Authority key identifier: BD:F9:60:B0:EE:6B:C5:D0:F6:A0:C6:4A:69:F2:F8:62:59:FD:CD:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vflgsO5rxdD2oMZKafL4Yln9zVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/rEdLOhgJ5xMWvLwmv0wizm-cOW0.roa
Signing time:             Thu 02 Jan 2025 11:49:45 +0000
ROA not before:           Thu 02 Jan 2025 11:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49369
IP address blocks:        193.169.34.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/vflgsO5rxdD2oMZKafL4Yln9zVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/vflgsO5rxdD2oMZKafL4Yln9zVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vflgsO5rxdD2oMZKafL4Yln9zVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:a5:a3:2b:a6:88:4c:75:80:14:92:a4:d1:94:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf960b0ee6bc5d0f6a0c64a69f2f86259fdcd58
        Validity
            Not Before: Jan  2 11:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac474b3a1809e71316bcbc26bf4c22ce6f9c396d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:03:9a:c2:f7:18:17:2b:08:73:14:10:82:3e:
                    d7:b0:1d:c3:54:34:5c:4a:c8:14:d7:a3:2e:0f:95:
                    e7:2f:c4:bf:d7:0f:6b:e9:6e:a4:bd:68:ab:3b:02:
                    92:4e:bc:62:41:d7:0c:52:19:99:04:f1:13:14:e4:
                    23:4d:61:e1:e7:97:b5:cc:84:a2:e8:3f:1a:a9:32:
                    d0:b4:85:89:a5:b9:1e:62:c3:6d:16:c2:fd:7e:d0:
                    fd:53:5f:ae:2d:f5:8a:67:41:79:d1:c6:9b:bf:75:
                    1a:d0:52:ba:8d:43:b3:0d:51:c2:66:68:58:13:91:
                    d3:59:9f:f0:f0:73:43:5f:7d:d3:b8:b3:30:56:bc:
                    ab:2b:4e:63:d1:4c:6f:2a:42:45:6b:f2:44:cd:69:
                    f1:6b:05:58:69:07:be:9d:2d:bb:d5:c2:d0:5b:4b:
                    ee:49:b0:e0:7f:00:7d:19:a7:99:c9:8a:1d:3f:1e:
                    ad:65:47:74:c6:a5:c9:7b:3f:d1:57:90:ac:23:01:
                    8c:7a:70:34:78:11:4b:96:32:b5:79:a0:41:e8:72:
                    c5:dc:5a:b8:72:19:da:98:8b:1a:25:f8:2c:8f:27:
                    62:fb:36:d4:f6:49:28:f2:21:e3:b4:e4:65:c2:a6:
                    de:7d:3c:eb:67:55:ca:f1:ab:33:18:c2:1f:33:ba:
                    b9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:47:4B:3A:18:09:E7:13:16:BC:BC:26:BF:4C:22:CE:6F:9C:39:6D
            X509v3 Authority Key Identifier:
                keyid:BD:F9:60:B0:EE:6B:C5:D0:F6:A0:C6:4A:69:F2:F8:62:59:FD:CD:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vflgsO5rxdD2oMZKafL4Yln9zVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/rEdLOhgJ5xMWvLwmv0wizm-cOW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/33684a-12c2-423a-bd3a-3ddffdeb9207/1/vflgsO5rxdD2oMZKafL4Yln9zVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:b1:14:9d:c5:65:7b:79:90:1c:f8:3f:29:5d:c4:ea:c0:fd:
         89:f5:44:93:c6:76:f9:26:a5:92:5c:d9:32:f2:57:38:25:81:
         23:bc:2c:d2:81:0d:f2:43:d8:90:04:b4:ba:25:f6:9f:3e:8f:
         53:de:e8:e6:b4:4b:16:6b:fe:6d:eb:34:f6:1e:43:e5:a5:d0:
         27:af:b7:5b:78:02:93:16:a1:23:80:15:c4:17:ec:91:b4:9e:
         39:90:f4:13:fd:93:1a:c2:12:a6:c2:b2:99:6f:7a:09:4b:b6:
         75:95:82:ac:e8:57:75:d2:59:86:6b:e9:63:9b:25:18:44:2c:
         55:61:4a:3f:4e:87:4f:99:8c:d0:2e:fc:82:77:39:ee:83:41:
         60:67:2b:aa:5c:63:33:24:2e:57:dc:62:d8:07:c4:5a:f9:77:
         c5:44:15:10:0b:a7:a2:a0:89:4b:0c:8a:bb:48:6e:3a:ca:71:
         88:59:8d:f1:dd:bd:61:14:df:b1:0d:38:7d:d2:93:dc:d4:47:
         e7:bb:3a:d5:78:c3:18:5e:11:bf:ec:fa:48:77:14:ac:a6:ff:
         82:33:35:fa:f3:58:76:34:25:45:72:62:92:3e:29:84:8b:50:
         51:0c:a5:40:43:cf:20:80:9d:73:71:da:97:1c:16:7d:16:58:
         99:e9:7d:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2aWjK6aITHWAFJKk0ZT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjk2MGIwZWU2YmM1ZDBmNmEwYzY0YTY5ZjJmODYyNTlm
ZGNkNTgwHhcNMjUwMTAyMTE0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ3NGIzYTE4MDllNzEzMTZiY2JjMjZiZjRjMjJjZTZmOWMzOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgOawvcYFysIcxQQgj7XsB3DVDRc
SsgU16MuD5XnL8S/1w9r6W6kvWirOwKSTrxiQdcMUhmZBPETFOQjTWHh55e1zISi
6D8aqTLQtIWJpbkeYsNtFsL9ftD9U1+uLfWKZ0F50cabv3Ua0FK6jUOzDVHCZmhY
E5HTWZ/w8HNDX33TuLMwVryrK05j0UxvKkJFa/JEzWnxawVYaQe+nS271cLQW0vu
SbDgfwB9GaeZyYodPx6tZUd0xqXJez/RV5CsIwGMenA0eBFLljK1eaBB6HLF3Fq4
chnamIsaJfgsjydi+zbU9kko8iHjtORlwqbefTzrZ1XK8aszGMIfM7q5gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxHSzoYCecTFry8Jr9MIs5vnDltMB8GA1UdIwQY
MBaAFL35YLDua8XQ9qDGSmny+GJZ/c1YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZsZ3NPNXJ4ZEQyb01aS2FmTDRZbG45elZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zMzY4NGEtMTJjMi00MjNhLWJkM2Et
M2RkZmZkZWI5MjA3LzEvckVkTE9oZ0o1eE1Xdkx3bXYwd2l6bS1jT1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zMzY4NGEtMTJjMi00MjNhLWJkM2EtM2RkZmZkZWI5MjA3
LzEvdmZsZ3NPNXJ4ZEQyb01aS2FmTDRZbG45elZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwakiMA0G
CSqGSIb3DQEBCwUAA4IBAQAasRSdxWV7eZAc+D8pXcTqwP2J9USTxnb5JqWSXNky
8lc4JYEjvCzSgQ3yQ9iQBLS6JfafPo9T3ujmtEsWa/5t6zT2HkPlpdAnr7dbeAKT
FqEjgBXEF+yRtJ45kPQT/ZMawhKmwrKZb3oJS7Z1lYKs6Fd10lmGa+ljmyUYRCxV
YUo/TodPmYzQLvyCdznug0FgZyuqXGMzJC5X3GLYB8Ra+XfFRBUQC6eioIlLDIq7
SG46ynGIWY3x3b1hFN+xDTh90pPc1EfnuzrVeMMYXhG/7PpIdxSspv+CMzX681h2
NCVFcmKSPimEi1BRDKVAQ88ggJ1zcdqXHBZ9FliZ6X0B
-----END CERTIFICATE-----