Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/pWYX2715Q-5BkbFDg0Sh9v9WvPs.roa
File:                     pWYX2715Q-5BkbFDg0Sh9v9WvPs.roa (raw, json)
Hash identifier:          TgnvC3W5sZgU6RXpmwyf5MNyrmOzs/Lefze2pwDj6yc=
Subject key identifier:   A5:66:17:DB:BD:79:43:EE:41:91:B1:43:83:44:A1:F6:FF:56:BC:FB
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       019424458D1B1159D4EAABF128397B7CF7BC
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/pWYX2715Q-5BkbFDg0Sh9v9WvPs.roa
Signing time:             Wed 01 Jan 2025 23:48:45 +0000
ROA not before:           Wed 01 Jan 2025 23:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198173
IP address blocks:        188.247.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8d:1b:11:59:d4:ea:ab:f1:28:39:7b:7c:f7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  1 23:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a56617dbbd7943ee4191b1438344a1f6ff56bcfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:79:4e:2b:50:e9:3b:18:71:69:b0:d7:b3:ee:
                    97:94:ed:a5:05:25:47:b4:4b:d6:35:53:81:fa:6f:
                    78:f6:d8:93:9d:87:22:73:63:e0:a9:35:30:b2:8c:
                    fe:6e:97:29:ac:ea:db:39:e4:69:ff:40:8f:63:d6:
                    69:b8:b9:b7:1e:7a:ea:2b:fa:1c:80:fd:6b:e9:b8:
                    a7:c9:57:65:b8:31:a2:a7:bb:62:64:f0:29:9c:e5:
                    a7:18:cd:7c:a1:38:f7:94:08:e3:7a:a4:10:73:2c:
                    bb:c7:6a:55:cd:0d:d3:76:78:7d:69:33:4f:ef:fa:
                    2f:30:b4:79:f0:22:4d:88:4e:b7:5a:df:4b:55:46:
                    8c:86:bb:d3:92:fa:79:f3:bb:37:d6:61:21:99:c4:
                    09:9f:bb:82:65:f5:db:e5:3a:b4:ad:62:9c:bc:d0:
                    d4:ce:63:d5:c5:e3:02:b0:51:07:b5:6e:4a:da:54:
                    5f:37:51:25:eb:3b:dd:75:94:c0:d7:95:0b:b3:07:
                    9c:8c:52:62:a5:95:f3:3f:1d:56:75:71:bd:e6:9a:
                    91:2d:cd:1c:4c:ef:ab:1e:9a:7b:df:67:14:ad:a0:
                    f9:72:4c:af:1e:bd:b3:3b:3f:91:b9:4a:c4:cd:77:
                    81:21:ae:73:45:aa:77:ce:d0:61:c1:4e:23:35:07:
                    6f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:66:17:DB:BD:79:43:EE:41:91:B1:43:83:44:A1:F6:FF:56:BC:FB
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/pWYX2715Q-5BkbFDg0Sh9v9WvPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.247.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:f1:b6:8f:41:97:cb:fd:b7:b8:c0:21:99:26:f6:27:84:4d:
         53:7d:03:d7:d3:6b:0b:0d:e4:9e:8b:ab:a6:81:db:c7:ff:18:
         2b:f0:30:f1:c0:3a:62:c8:ca:85:05:b2:8e:2c:9b:07:ca:17:
         23:d9:64:6c:f8:f2:a3:07:14:f4:ca:e3:f0:12:d0:79:ed:f6:
         35:23:a2:1f:82:26:c3:9c:2a:e9:9b:6c:b0:3f:92:30:4d:8d:
         4c:5b:c3:63:34:ab:a6:8c:4d:1d:60:3f:45:68:a4:8d:8a:57:
         11:82:80:58:50:5c:ce:c4:ae:fa:59:0e:40:e0:a7:a2:78:f9:
         fc:46:b7:a6:91:20:f0:24:de:38:41:1d:99:0b:40:90:61:33:
         43:4b:8b:37:9d:93:f9:d9:0d:47:1b:67:ce:e3:c1:33:21:bd:
         54:27:40:d9:8e:a0:f0:8a:a0:6b:b3:be:a2:10:c9:77:2f:79:
         3f:eb:02:a1:c0:3b:0b:57:9f:69:1a:e9:31:06:8d:36:68:ac:
         34:9a:ea:ae:ac:7c:92:12:8f:bc:5a:f6:22:fd:73:c2:bb:97:
         96:66:bb:47:b3:ad:66:13:df:fe:3b:1f:0b:29:91:8f:29:6b:
         f2:b2:f4:2c:87:c2:ff:22:0d:2a:37:1a:6e:f5:f9:15:ea:b8:
         cf:33:08:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRY0bEVnU6qvxKDl7fPe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTY2MTdkYmJkNzk0M2VlNDE5MWIxNDM4MzQ0YTFmNmZmNTZiY2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnlOK1DpOxhxabDXs+6XlO2lBSVH
tEvWNVOB+m949tiTnYcic2PgqTUwsoz+bpcprOrbOeRp/0CPY9ZpuLm3HnrqK/oc
gP1r6binyVdluDGip7tiZPApnOWnGM18oTj3lAjjeqQQcyy7x2pVzQ3Tdnh9aTNP
7/ovMLR58CJNiE63Wt9LVUaMhrvTkvp587s31mEhmcQJn7uCZfXb5Tq0rWKcvNDU
zmPVxeMCsFEHtW5K2lRfN1El6zvddZTA15ULswecjFJipZXzPx1WdXG95pqRLc0c
TO+rHpp732cUraD5ckyvHr2zOz+RuUrEzXeBIa5zRap3ztBhwU4jNQdvpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVmF9u9eUPuQZGxQ4NEofb/Vrz7MB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvcFdZWDI3MTVRLTVCa2JGRGcwU2g5djlXdlBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPfpMA0G
CSqGSIb3DQEBCwUAA4IBAQCR8baPQZfL/be4wCGZJvYnhE1TfQPX02sLDeSei6um
gdvH/xgr8DDxwDpiyMqFBbKOLJsHyhcj2WRs+PKjBxT0yuPwEtB57fY1I6IfgibD
nCrpm2ywP5IwTY1MW8NjNKumjE0dYD9FaKSNilcRgoBYUFzOxK76WQ5A4KeiePn8
RremkSDwJN44QR2ZC0CQYTNDS4s3nZP52Q1HG2fO48EzIb1UJ0DZjqDwiqBrs76i
EMl3L3k/6wKhwDsLV59pGukxBo02aKw0muqurHySEo+8WvYi/XPCu5eWZrtHs61m
E9/+Ox8LKZGPKWvysvQsh8L/Ig0qNxpu9fkV6rjPMwgV
-----END CERTIFICATE-----