Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/msFkodHiiLA7yYTUvQfg1svzo58.roa
File:                     msFkodHiiLA7yYTUvQfg1svzo58.roa (raw, json)
Hash identifier:          8maRWfYNuUoSqjA1l1zPbJ9FPRTfD/7OAF7wZnEEN9A=
Subject key identifier:   9A:C1:64:A1:D1:E2:88:B0:3B:C9:84:D4:BD:07:E0:D6:CB:F3:A3:9F
Certificate issuer:       /CN=ddd9770c307ea3960c8da268a8865a4a9fa634c9
Certificate serial:       0194244588177A19D9EB7F4EB8C87F71099C
Authority key identifier: DD:D9:77:0C:30:7E:A3:96:0C:8D:A2:68:A8:86:5A:4A:9F:A6:34:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/msFkodHiiLA7yYTUvQfg1svzo58.roa
Signing time:             Wed 01 Jan 2025 23:48:44 +0000
ROA not before:           Wed 01 Jan 2025 23:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        193.34.56.0/24 maxlen: 24
                          193.34.57.0/24 maxlen: 24
                          193.34.58.0/24 maxlen: 24
                          193.34.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:88:17:7a:19:d9:eb:7f:4e:b8:c8:7f:71:09:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddd9770c307ea3960c8da268a8865a4a9fa634c9
        Validity
            Not Before: Jan  1 23:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ac164a1d1e288b03bc984d4bd07e0d6cbf3a39f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bc:86:ea:76:3d:87:4a:d6:55:cf:4f:a6:53:
                    2c:99:7f:c2:63:49:05:a8:94:fb:19:80:18:8c:1a:
                    c9:b1:95:7c:43:b8:66:2e:3d:66:b7:3a:56:30:bb:
                    3b:d1:0a:49:ca:9a:c3:4e:98:9e:35:4a:2b:d4:01:
                    8f:8f:e6:a2:2e:3e:ec:b1:e0:09:fd:a4:07:b6:bc:
                    fd:a2:33:ce:38:8a:66:92:13:bd:89:46:8f:84:ef:
                    17:da:02:d4:2b:3c:6f:90:52:10:64:30:e5:42:46:
                    70:ff:fb:4f:8a:a3:a2:bc:22:37:73:31:d4:08:9d:
                    b0:80:71:00:8f:60:c5:94:bc:b2:8e:ee:b1:70:38:
                    5e:30:e7:81:be:1e:07:c0:b9:01:14:13:31:d9:f3:
                    6c:a4:47:a0:87:a5:a5:3b:24:bb:98:4b:4f:c6:c0:
                    e3:e0:fc:d0:c8:ed:ca:fc:00:ed:ed:a1:2a:e3:10:
                    9f:68:77:25:2c:0b:ac:b6:a1:11:59:aa:9a:43:89:
                    64:07:a6:66:d7:87:82:17:54:b0:db:78:6f:2f:02:
                    1f:d1:43:3d:f7:27:95:51:f8:d6:6e:cd:59:37:20:
                    cb:58:38:16:e9:73:13:4e:14:ba:e0:4f:4e:41:ac:
                    c2:06:7c:f0:ff:0c:bf:e2:ea:8f:92:a5:36:30:fb:
                    5c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C1:64:A1:D1:E2:88:B0:3B:C9:84:D4:BD:07:E0:D6:CB:F3:A3:9F
            X509v3 Authority Key Identifier:
                keyid:DD:D9:77:0C:30:7E:A3:96:0C:8D:A2:68:A8:86:5A:4A:9F:A6:34:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/msFkodHiiLA7yYTUvQfg1svzo58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:4b:30:17:25:19:71:00:c6:48:41:e6:6f:55:01:39:92:cc:
         67:35:3f:74:27:82:e9:e2:e7:81:87:60:8d:17:84:79:79:3e:
         ff:cf:68:f2:f7:b6:ce:a6:df:9a:83:99:5b:2c:11:79:74:65:
         58:22:8a:74:5d:49:63:5c:1e:36:d3:6c:79:ca:84:9f:be:9b:
         0e:d0:cb:71:c6:72:9b:37:3d:61:fc:bb:18:1a:29:e3:0c:b9:
         e8:f7:7e:dc:e5:54:1c:4c:fa:8e:f9:38:6f:6b:e9:94:13:ac:
         17:3b:f2:d6:7c:83:31:73:d9:e6:1a:70:6f:64:67:f2:1a:55:
         92:32:12:30:8c:04:d6:15:c5:a6:9f:d3:25:f3:82:cc:3a:9f:
         01:86:76:8b:50:79:f6:ea:d8:8e:6d:35:03:50:27:4c:11:95:
         07:4a:85:32:99:3d:a5:79:e6:7f:31:e7:e3:8b:cc:e1:33:ff:
         fe:0a:6c:0f:f7:b1:88:62:ae:22:57:0c:95:51:4a:9d:60:c7:
         ee:39:f8:40:03:fd:45:31:c0:b4:75:25:e1:c3:98:99:83:0b:
         9b:b7:ca:f1:cc:ed:1e:f5:f9:78:d5:5c:05:2e:4c:b5:38:c3:
         53:9e:2e:8a:76:08:ff:1b:c6:1f:77:3a:6b:1d:d3:35:7f:47:
         73:2d:8c:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYgXehnZ639OuMh/cQmcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZDk3NzBjMzA3ZWEzOTYwYzhkYTI2OGE4ODY1YTRhOWZh
NjM0YzkwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWMxNjRhMWQxZTI4OGIwM2JjOTg0ZDRiZDA3ZTBkNmNiZjNhMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7yG6nY9h0rWVc9PplMsmX/CY0kF
qJT7GYAYjBrJsZV8Q7hmLj1mtzpWMLs70QpJyprDTpieNUor1AGPj+aiLj7sseAJ
/aQHtrz9ojPOOIpmkhO9iUaPhO8X2gLUKzxvkFIQZDDlQkZw//tPiqOivCI3czHU
CJ2wgHEAj2DFlLyyju6xcDheMOeBvh4HwLkBFBMx2fNspEegh6WlOyS7mEtPxsDj
4PzQyO3K/ADt7aEq4xCfaHclLAustqERWaqaQ4lkB6Zm14eCF1Sw23hvLwIf0UM9
9yeVUfjWbs1ZNyDLWDgW6XMTThS64E9OQazCBnzw/wy/4uqPkqU2MPtciwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrBZKHR4oiwO8mE1L0H4NbL86OfMB8GA1UdIwQY
MBaAFN3ZdwwwfqOWDI2iaKiGWkqfpjTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2RsM0REQi1vNVlNamFKb3FJWmFTcC1tTk1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My80NDQ0YWItM2RhMy00MThiLWExMDUt
ZjJmZTBkMDRiZmJmLzEvbXNGa29kSGlpTEE3eVlUVXZRZmcxc3Z6bzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My80NDQ0YWItM2RhMy00MThiLWExMDUtZjJmZTBkMDRiZmJm
LzEvM2RsM0REQi1vNVlNamFKb3FJWmFTcC1tTk1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSI4MA0G
CSqGSIb3DQEBCwUAA4IBAQAeSzAXJRlxAMZIQeZvVQE5ksxnNT90J4Lp4ueBh2CN
F4R5eT7/z2jy97bOpt+ag5lbLBF5dGVYIop0XUljXB4202x5yoSfvpsO0MtxxnKb
Nz1h/LsYGinjDLno937c5VQcTPqO+Thva+mUE6wXO/LWfIMxc9nmGnBvZGfyGlWS
MhIwjATWFcWmn9Ml84LMOp8BhnaLUHn26tiObTUDUCdMEZUHSoUymT2leeZ/Mefj
i8zhM//+CmwP97GIYq4iVwyVUUqdYMfuOfhAA/1FMcC0dSXhw5iZgwubt8rxzO0e
9fl41VwFLky1OMNTni6Kdgj/G8YfdzprHdM1f0dzLYzn
-----END CERTIFICATE-----