Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/afd611-9ac0-414e-be44-523e445f90dc/1/_JGWiygFUesXv5bnUwI668QYMo0.roa
File:                     _JGWiygFUesXv5bnUwI668QYMo0.roa (raw, json)
Hash identifier:          tSMCpwe6YrahqMRkzD/bacyXkbLZAIyumbRrGFQA0qo=
Subject key identifier:   FC:91:96:8B:28:05:51:EB:17:BF:96:E7:53:02:3A:EB:C4:18:32:8D
Certificate issuer:       /CN=edc3df046e1e1d5bf0522bb913f2957287a49b4b
Certificate serial:       019420D6562ED0F4EE17C6716F06D49BCCF8
Authority key identifier: ED:C3:DF:04:6E:1E:1D:5B:F0:52:2B:B9:13:F2:95:72:87:A4:9B:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7cPfBG4eHVvwUiu5E_KVcoekm0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/afd611-9ac0-414e-be44-523e445f90dc/1/_JGWiygFUesXv5bnUwI668QYMo0.roa
Signing time:             Wed 01 Jan 2025 07:48:25 +0000
ROA not before:           Wed 01 Jan 2025 07:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200916
IP address blocks:        193.100.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/afd611-9ac0-414e-be44-523e445f90dc/1/7cPfBG4eHVvwUiu5E_KVcoekm0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/afd611-9ac0-414e-be44-523e445f90dc/1/7cPfBG4eHVvwUiu5E_KVcoekm0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7cPfBG4eHVvwUiu5E_KVcoekm0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:56:2e:d0:f4:ee:17:c6:71:6f:06:d4:9b:cc:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edc3df046e1e1d5bf0522bb913f2957287a49b4b
        Validity
            Not Before: Jan  1 07:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc91968b280551eb17bf96e753023aebc418328d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fb:fd:22:dd:b6:25:05:f3:66:e3:fe:34:74:
                    ca:af:2f:9b:02:e4:3f:95:64:ac:31:9a:40:cd:95:
                    71:0e:12:ef:fe:3d:6e:99:02:22:7c:c3:6e:cb:7f:
                    74:0d:74:12:d2:5d:4d:ce:ca:e1:de:05:78:2f:4a:
                    cd:d5:df:88:ab:e7:92:c1:99:7d:f6:61:15:67:26:
                    e0:65:db:43:86:6d:90:8a:3a:99:e8:a3:5f:e3:b8:
                    01:79:79:fe:79:40:71:da:5a:cf:ad:83:20:95:62:
                    74:32:c5:ec:97:2c:e9:a4:7e:dd:11:8c:c2:a7:4f:
                    2d:51:8c:3f:ba:9b:b8:a2:b4:fd:2e:6a:c5:af:9b:
                    e0:04:2d:57:72:43:e8:61:e5:bf:62:97:aa:65:7d:
                    e0:0b:05:b5:0e:f3:15:80:f8:5d:94:95:60:65:6d:
                    62:6a:cf:15:57:17:e9:14:da:47:e1:30:5c:0b:a9:
                    2e:f0:3c:f8:9c:aa:25:43:73:81:1e:f0:10:65:97:
                    f5:98:75:1a:75:ab:da:5e:38:91:c9:f9:f2:be:95:
                    26:1f:6a:08:0e:76:e3:bb:9c:44:af:61:fb:a7:a8:
                    5b:63:ff:9d:9d:47:3e:02:d5:71:1d:8a:c6:df:3d:
                    bc:dc:8d:d8:3a:56:25:f0:42:f3:c7:6e:e9:bf:24:
                    e8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:91:96:8B:28:05:51:EB:17:BF:96:E7:53:02:3A:EB:C4:18:32:8D
            X509v3 Authority Key Identifier:
                keyid:ED:C3:DF:04:6E:1E:1D:5B:F0:52:2B:B9:13:F2:95:72:87:A4:9B:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7cPfBG4eHVvwUiu5E_KVcoekm0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/afd611-9ac0-414e-be44-523e445f90dc/1/_JGWiygFUesXv5bnUwI668QYMo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/afd611-9ac0-414e-be44-523e445f90dc/1/7cPfBG4eHVvwUiu5E_KVcoekm0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.100.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:0f:0e:a9:5e:8d:75:fa:fc:b3:80:b3:67:03:6a:3a:27:f7:
         2d:2f:be:46:6f:d3:36:0f:ad:12:65:fe:5e:cc:57:aa:e8:90:
         99:0a:b0:3c:a0:7f:fb:0a:ce:ad:da:06:a6:0e:30:05:03:b7:
         31:5c:fc:af:8a:c5:60:48:1a:c9:be:f0:3f:63:d3:2c:c0:c5:
         44:05:f9:4f:31:25:93:cb:02:23:3b:c5:9d:74:ea:ed:93:a4:
         b7:07:0a:a3:1d:dc:8f:28:87:b6:ab:cf:f0:a1:e1:00:42:37:
         5d:56:c1:b0:fd:d8:a3:7d:7a:63:8f:9c:a9:61:07:a4:ea:d5:
         49:e0:b5:99:cf:bb:48:59:6c:7c:36:bb:4e:c9:80:2c:33:e5:
         58:71:b0:78:5a:07:12:8a:95:a0:77:38:4f:b7:2c:45:29:7c:
         36:e3:55:18:93:d2:63:b5:ed:9c:ff:e3:fe:ed:ca:da:44:68:
         72:e2:d6:ec:bd:59:ec:8b:5b:56:58:b3:23:d5:f7:32:35:0b:
         c4:cd:f9:91:bb:f7:8a:21:3b:78:65:e6:76:e3:ba:1f:b8:3e:
         bc:80:45:aa:41:9e:d3:82:a5:73:b9:7e:13:35:55:0e:9d:68:
         ae:72:e9:85:85:0b:ca:b4:44:ca:c6:52:65:98:f1:25:d1:ba:
         6b:2b:c8:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lYu0PTuF8ZxbwbUm8z4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYzNkZjA0NmUxZTFkNWJmMDUyMmJiOTEzZjI5NTcyODdh
NDliNGIwHhcNMjUwMTAxMDc0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzkxOTY4YjI4MDU1MWViMTdiZjk2ZTc1MzAyM2FlYmM0MTgzMjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovv9It22JQXzZuP+NHTKry+bAuQ/
lWSsMZpAzZVxDhLv/j1umQIifMNuy390DXQS0l1Nzsrh3gV4L0rN1d+Iq+eSwZl9
9mEVZybgZdtDhm2QijqZ6KNf47gBeXn+eUBx2lrPrYMglWJ0MsXslyzppH7dEYzC
p08tUYw/upu4orT9LmrFr5vgBC1XckPoYeW/YpeqZX3gCwW1DvMVgPhdlJVgZW1i
as8VVxfpFNpH4TBcC6ku8Dz4nKolQ3OBHvAQZZf1mHUadavaXjiRyfnyvpUmH2oI
Dnbju5xEr2H7p6hbY/+dnUc+AtVxHYrG3z283I3YOlYl8ELzx27pvyTo9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyRlosoBVHrF7+W51MCOuvEGDKNMB8GA1UdIwQY
MBaAFO3D3wRuHh1b8FIruRPylXKHpJtLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2NQZkJHNGVIVnZ3VWl1NUVfS1Zjb2VrbTBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9hZmQ2MTEtOWFjMC00MTRlLWJlNDQt
NTIzZTQ0NWY5MGRjLzEvX0pHV2l5Z0ZVZXNYdjViblV3STY2OFFZTW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9hZmQ2MTEtOWFjMC00MTRlLWJlNDQtNTIzZTQ0NWY5MGRj
LzEvN2NQZkJHNGVIVnZ3VWl1NUVfS1Zjb2VrbTBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWSnMA0G
CSqGSIb3DQEBCwUAA4IBAQCcDw6pXo11+vyzgLNnA2o6J/ctL75Gb9M2D60SZf5e
zFeq6JCZCrA8oH/7Cs6t2gamDjAFA7cxXPyvisVgSBrJvvA/Y9MswMVEBflPMSWT
ywIjO8WddOrtk6S3BwqjHdyPKIe2q8/woeEAQjddVsGw/dijfXpjj5ypYQek6tVJ
4LWZz7tIWWx8NrtOyYAsM+VYcbB4WgcSipWgdzhPtyxFKXw241UYk9Jjte2c/+P+
7craRGhy4tbsvVnsi1tWWLMj1fcyNQvEzfmRu/eKITt4ZeZ247ofuD68gEWqQZ7T
gqVzuX4TNVUOnWiucumFhQvKtETKxlJlmPEl0bprK8g5
-----END CERTIFICATE-----