Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/nyuERDVJh6-PTXV2ajcksYw_55g.roa
File:                     nyuERDVJh6-PTXV2ajcksYw_55g.roa (raw, json)
Hash identifier:          K7CKnx/jM/EuzQ/IpR2qcCsRtlnJ0y6qFH+bAbkXnGQ=
Subject key identifier:   9F:2B:84:44:35:49:87:AF:8F:4D:75:76:6A:37:24:B1:8C:3F:E7:98
Certificate issuer:       /CN=d674c4e1b00ce5bfb0d96d4c21efd058d3b5ca79
Certificate serial:       01941F8C7828B2C5C2830DB2C3C944B86347
Authority key identifier: D6:74:C4:E1:B0:0C:E5:BF:B0:D9:6D:4C:21:EF:D0:58:D3:B5:CA:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nTE4bAM5b-w2W1MIe_QWNO1ynk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/nyuERDVJh6-PTXV2ajcksYw_55g.roa
Signing time:             Wed 01 Jan 2025 01:48:07 +0000
ROA not before:           Wed 01 Jan 2025 01:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60855
IP address blocks:        193.17.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/1nTE4bAM5b-w2W1MIe_QWNO1ynk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/1nTE4bAM5b-w2W1MIe_QWNO1ynk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nTE4bAM5b-w2W1MIe_QWNO1ynk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:78:28:b2:c5:c2:83:0d:b2:c3:c9:44:b8:63:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d674c4e1b00ce5bfb0d96d4c21efd058d3b5ca79
        Validity
            Not Before: Jan  1 01:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f2b8444354987af8f4d75766a3724b18c3fe798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:73:b0:bf:9f:16:6e:c1:12:4d:59:cc:b9:c1:
                    40:95:d8:49:96:1a:d5:89:9d:13:71:0d:8b:d2:d1:
                    4a:23:da:9e:ee:86:25:94:22:40:7b:1e:fc:07:18:
                    11:c8:cc:fe:1b:20:cf:e8:29:66:c9:c4:66:cc:a5:
                    7f:cd:78:7b:85:95:b6:00:66:51:e9:69:95:c1:72:
                    63:16:71:23:90:bb:76:b3:6a:b0:d3:48:b1:01:af:
                    23:35:f5:d2:2c:9d:05:40:ad:ce:7d:3f:d3:08:69:
                    4f:0f:58:53:2c:d3:1e:a5:d1:dc:6a:60:c4:a7:a6:
                    44:f6:50:a6:fe:1b:e6:fe:72:dd:d6:85:81:f6:38:
                    d1:9a:d9:d8:d2:a2:73:97:e4:f0:15:ca:0e:c8:3f:
                    98:9a:8c:a5:60:0e:78:c1:bc:c2:39:2c:0c:64:b5:
                    23:c5:76:a2:5c:39:b1:25:3a:0a:2a:a8:55:ec:1d:
                    59:0a:2e:6c:ee:59:55:81:1a:b5:72:e9:58:40:55:
                    81:65:bf:c5:df:fc:c8:b5:1d:ad:21:08:a7:f4:23:
                    ad:24:4f:8b:a2:5e:39:0f:8d:49:38:6e:aa:66:da:
                    bf:c0:a6:b4:ab:92:cc:d9:56:c2:b0:00:1d:7f:8c:
                    73:a2:16:be:d4:c3:f0:ca:f9:00:48:38:ac:b6:56:
                    34:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:2B:84:44:35:49:87:AF:8F:4D:75:76:6A:37:24:B1:8C:3F:E7:98
            X509v3 Authority Key Identifier:
                keyid:D6:74:C4:E1:B0:0C:E5:BF:B0:D9:6D:4C:21:EF:D0:58:D3:B5:CA:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nTE4bAM5b-w2W1MIe_QWNO1ynk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/nyuERDVJh6-PTXV2ajcksYw_55g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bb21fc-b252-4ab2-9878-ba5572e774ed/1/1nTE4bAM5b-w2W1MIe_QWNO1ynk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:61:7e:61:85:13:37:e9:88:c5:4c:a9:5e:9a:c0:91:60:6c:
         25:ae:ef:34:60:18:e9:ba:1f:f4:dc:6a:e4:1c:59:99:7a:bb:
         e2:06:eb:d1:cc:ce:d0:2e:65:95:1c:73:81:1f:a4:db:b9:46:
         73:34:c5:f3:14:25:55:f3:4a:19:b0:a3:4a:0e:a6:95:cd:0b:
         68:2b:24:5c:84:7b:0b:bb:af:d9:bd:98:52:bb:3f:79:32:b1:
         5e:da:4b:ea:97:91:62:0e:af:7b:6f:90:37:01:9c:b0:7b:1c:
         b0:2d:48:24:a2:4f:19:d3:ff:48:34:87:06:e3:f4:fe:6d:a6:
         5c:ca:c2:5f:72:6a:a5:4c:16:0c:d3:f7:73:bc:ef:0e:7d:77:
         1c:44:ca:6e:a2:72:07:9c:43:57:27:cc:4b:09:65:69:55:87:
         8c:78:42:6d:fa:2c:eb:ae:7a:81:54:e7:c2:8c:e1:cb:73:13:
         64:1e:f5:f0:ac:9b:c5:ee:1b:54:8d:2e:be:95:af:05:14:de:
         67:e2:8b:40:5a:70:41:96:40:b5:e8:c7:96:d7:02:aa:a6:a8:
         be:f0:c8:dd:d8:df:ef:26:f4:d1:99:25:15:a4:c8:cd:c4:85:
         c1:03:54:8c:d9:90:ab:4a:b9:54:a0:e5:1c:04:13:a3:cc:1d:
         f2:54:56:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjHgossXCgw2yw8lEuGNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzRjNGUxYjAwY2U1YmZiMGQ5NmQ0YzIxZWZkMDU4ZDNi
NWNhNzkwHhcNMjUwMTAxMDE0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjJiODQ0NDM1NDk4N2FmOGY0ZDc1NzY2YTM3MjRiMThjM2ZlNzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HOwv58WbsESTVnMucFAldhJlhrV
iZ0TcQ2L0tFKI9qe7oYllCJAex78BxgRyMz+GyDP6ClmycRmzKV/zXh7hZW2AGZR
6WmVwXJjFnEjkLt2s2qw00ixAa8jNfXSLJ0FQK3OfT/TCGlPD1hTLNMepdHcamDE
p6ZE9lCm/hvm/nLd1oWB9jjRmtnY0qJzl+TwFcoOyD+YmoylYA54wbzCOSwMZLUj
xXaiXDmxJToKKqhV7B1ZCi5s7llVgRq1culYQFWBZb/F3/zItR2tIQin9COtJE+L
ol45D41JOG6qZtq/wKa0q5LM2VbCsAAdf4xzoha+1MPwyvkASDistlY0BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8rhEQ1SYevj011dmo3JLGMP+eYMB8GA1UdIwQY
MBaAFNZ0xOGwDOW/sNltTCHv0FjTtcp5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5URTRiQU01Yi13MlcxTUllX1FXTk8xeW5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iYjIxZmMtYjI1Mi00YWIyLTk4Nzgt
YmE1NTcyZTc3NGVkLzEvbnl1RVJEVkpoNi1QVFhWMmFqY2tzWXdfNTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iYjIxZmMtYjI1Mi00YWIyLTk4NzgtYmE1NTcyZTc3NGVk
LzEvMW5URTRiQU01Yi13MlcxTUllX1FXTk8xeW5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRETMA0G
CSqGSIb3DQEBCwUAA4IBAQB0YX5hhRM36YjFTKlemsCRYGwlru80YBjpuh/03Grk
HFmZerviBuvRzM7QLmWVHHOBH6TbuUZzNMXzFCVV80oZsKNKDqaVzQtoKyRchHsL
u6/ZvZhSuz95MrFe2kvql5FiDq97b5A3AZywexywLUgkok8Z0/9INIcG4/T+baZc
ysJfcmqlTBYM0/dzvO8OfXccRMpuonIHnENXJ8xLCWVpVYeMeEJt+izrrnqBVOfC
jOHLcxNkHvXwrJvF7htUjS6+la8FFN5n4otAWnBBlkC16MeW1wKqpqi+8Mjd2N/v
JvTRmSUVpMjNxIXBA1SM2ZCrSrlUoOUcBBOjzB3yVFZY
-----END CERTIFICATE-----