Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/6afcbe-6df0-4f77-af34-c61803c34657/1/r2MDM9YmqLIjylrH2WoKfJ8F-hk.roa
File:                     r2MDM9YmqLIjylrH2WoKfJ8F-hk.roa (raw, json)
Hash identifier:          5oJl1RSDkKpv/NrAOtgSj/GjDfrDxGm50iGVTH3ViuU=
Subject key identifier:   AF:63:03:33:D6:26:A8:B2:23:CA:5A:C7:D9:6A:0A:7C:9F:05:FA:19
Certificate issuer:       /CN=7ace176a69ccc9c996e1610925c0b6bdf76b207c
Certificate serial:       01942444BA942B2C7B2B22ABB41508193755
Authority key identifier: 7A:CE:17:6A:69:CC:C9:C9:96:E1:61:09:25:C0:B6:BD:F7:6B:20:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/es4XamnMycmW4WEJJcC2vfdrIHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/6afcbe-6df0-4f77-af34-c61803c34657/1/r2MDM9YmqLIjylrH2WoKfJ8F-hk.roa
Signing time:             Wed 01 Jan 2025 23:47:51 +0000
ROA not before:           Wed 01 Jan 2025 23:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9211
IP address blocks:        193.194.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/6afcbe-6df0-4f77-af34-c61803c34657/1/es4XamnMycmW4WEJJcC2vfdrIHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/6afcbe-6df0-4f77-af34-c61803c34657/1/es4XamnMycmW4WEJJcC2vfdrIHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/es4XamnMycmW4WEJJcC2vfdrIHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ba:94:2b:2c:7b:2b:22:ab:b4:15:08:19:37:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ace176a69ccc9c996e1610925c0b6bdf76b207c
        Validity
            Not Before: Jan  1 23:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af630333d626a8b223ca5ac7d96a0a7c9f05fa19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4e:93:a9:80:02:94:51:9f:7b:6a:a3:8f:f4:
                    18:af:f4:5e:0b:d8:61:ba:28:d9:d3:85:ba:ec:cf:
                    0b:13:0e:59:d9:95:eb:a8:86:7b:89:9e:0b:a3:93:
                    e2:34:ff:62:0b:c6:37:5b:58:83:75:d7:a2:7b:20:
                    30:58:5f:7d:fa:65:c1:28:7f:a2:bd:a2:c6:9b:5f:
                    59:23:af:c6:ff:a9:75:5d:3a:c5:a7:41:8f:2d:04:
                    74:cb:e8:78:5e:33:a1:25:55:5d:35:f2:73:6a:8a:
                    75:e1:59:8b:b3:9a:61:6b:66:ce:31:16:ef:26:21:
                    04:aa:29:af:d8:0d:47:fa:f9:16:17:3d:a9:be:7f:
                    fc:d6:21:23:41:6b:c4:b9:64:d6:f3:70:16:ad:15:
                    e7:0d:22:b8:9c:85:4b:ab:6c:25:0c:56:38:a5:d1:
                    8c:b8:ca:a9:a0:5a:15:9f:c4:27:9a:c2:27:77:a0:
                    61:74:80:98:fc:31:82:a7:7c:1a:dd:d8:38:b3:ad:
                    e1:f7:20:ab:1d:5a:d2:c3:f2:30:66:f8:b6:d1:f6:
                    1a:77:92:a9:9d:2f:ef:31:1d:9d:54:e7:e8:c1:c7:
                    8e:c9:f5:e5:19:3e:66:9d:a1:85:45:df:79:b6:bd:
                    b2:ba:21:74:0b:8d:3d:4b:4e:ab:c6:61:3c:c3:5a:
                    88:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:63:03:33:D6:26:A8:B2:23:CA:5A:C7:D9:6A:0A:7C:9F:05:FA:19
            X509v3 Authority Key Identifier:
                keyid:7A:CE:17:6A:69:CC:C9:C9:96:E1:61:09:25:C0:B6:BD:F7:6B:20:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es4XamnMycmW4WEJJcC2vfdrIHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6afcbe-6df0-4f77-af34-c61803c34657/1/r2MDM9YmqLIjylrH2WoKfJ8F-hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/6afcbe-6df0-4f77-af34-c61803c34657/1/es4XamnMycmW4WEJJcC2vfdrIHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.194.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:13:bd:cf:27:f9:23:07:de:bf:31:64:71:ad:fb:5b:85:83:
         d5:19:a2:6d:1f:13:9c:5b:8f:ef:ec:2c:c5:54:74:66:bc:a7:
         18:d1:64:2e:42:a8:47:53:a3:a2:b5:e0:bf:1d:bd:8d:b2:65:
         ef:93:75:62:08:9b:a0:e3:7b:8f:db:62:2f:10:7c:b9:bb:aa:
         32:bd:20:3d:f0:8c:32:e1:e4:6e:6a:17:70:b5:b2:36:06:9e:
         f2:70:2e:a4:b0:62:45:f8:e2:06:7b:d1:5d:46:da:dd:b6:6f:
         be:f7:ce:9f:35:de:9a:ec:d9:ea:b1:54:fe:69:10:55:3b:89:
         0c:21:7b:ed:f2:44:9a:3d:18:95:1a:f2:56:fd:a5:52:64:f7:
         aa:44:e6:d9:e5:06:dc:d4:62:af:8b:43:8e:4d:73:0d:e1:a5:
         c2:bc:15:09:92:a0:a7:47:88:70:d8:48:c9:7d:a1:bc:68:74:
         29:36:a8:b3:1e:9f:c7:45:ec:ff:8a:e2:dc:cf:3c:45:42:96:
         72:6e:a9:31:c5:c4:cd:d2:a5:47:f7:52:de:1c:08:9b:ae:1b:
         3d:b4:79:fd:12:de:dc:9c:28:b3:c6:e4:4f:42:57:4b:e5:af:
         68:b0:0c:b4:6d:ed:3e:23:23:c6:f3:ad:b5:73:35:60:6f:97:
         74:ef:6c:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRLqUKyx7KyKrtBUIGTdVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2UxNzZhNjljY2M5Yzk5NmUxNjEwOTI1YzBiNmJkZjc2
YjIwN2MwHhcNMjUwMTAxMjM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjYzMDMzM2Q2MjZhOGIyMjNjYTVhYzdkOTZhMGE3YzlmMDVmYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU6TqYAClFGfe2qjj/QYr/ReC9hh
uijZ04W67M8LEw5Z2ZXrqIZ7iZ4Lo5PiNP9iC8Y3W1iDddeieyAwWF99+mXBKH+i
vaLGm19ZI6/G/6l1XTrFp0GPLQR0y+h4XjOhJVVdNfJzaop14VmLs5pha2bOMRbv
JiEEqimv2A1H+vkWFz2pvn/81iEjQWvEuWTW83AWrRXnDSK4nIVLq2wlDFY4pdGM
uMqpoFoVn8QnmsInd6BhdICY/DGCp3wa3dg4s63h9yCrHVrSw/IwZvi20fYad5Kp
nS/vMR2dVOfowceOyfXlGT5mnaGFRd95tr2yuiF0C409S06rxmE8w1qIUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9jAzPWJqiyI8pax9lqCnyfBfoZMB8GA1UdIwQY
MBaAFHrOF2ppzMnJluFhCSXAtr33ayB8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXM0WGFtbk15Y21XNFdFSkpjQzJ2ZmRySUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My82YWZjYmUtNmRmMC00Zjc3LWFmMzQt
YzYxODAzYzM0NjU3LzEvcjJNRE05WW1xTElqeWxySDJXb0tmSjhGLWhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My82YWZjYmUtNmRmMC00Zjc3LWFmMzQtYzYxODAzYzM0NjU3
LzEvZXM0WGFtbk15Y21XNFdFSkpjQzJ2ZmRySUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcKBMA0G
CSqGSIb3DQEBCwUAA4IBAQC6E73PJ/kjB96/MWRxrftbhYPVGaJtHxOcW4/v7CzF
VHRmvKcY0WQuQqhHU6OiteC/Hb2NsmXvk3ViCJug43uP22IvEHy5u6oyvSA98Iwy
4eRuahdwtbI2Bp7ycC6ksGJF+OIGe9FdRtrdtm++986fNd6a7NnqsVT+aRBVO4kM
IXvt8kSaPRiVGvJW/aVSZPeqRObZ5Qbc1GKvi0OOTXMN4aXCvBUJkqCnR4hw2EjJ
faG8aHQpNqizHp/HRez/iuLczzxFQpZybqkxxcTN0qVH91LeHAibrhs9tHn9Et7c
nCizxuRPQldL5a9osAy0be0+IyPG8621czVgb5d072zU
-----END CERTIFICATE-----