Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/JqPeTKIiSqFLnMuoE0z5MMpECyE.roa
File:                     JqPeTKIiSqFLnMuoE0z5MMpECyE.roa (raw, json)
Hash identifier:          Sm0VFijktfATyc4h+uw4DoW/FSQrn3UdeoSnPalbaPo=
Subject key identifier:   26:A3:DE:4C:A2:22:4A:A1:4B:9C:CB:A8:13:4C:F9:30:CA:44:0B:21
Certificate issuer:       /CN=3763c7106a5f2640162e7980583eab5bd8008c45
Certificate serial:       019427B639D165A3FA2739BB8D9CA42B4BD7
Authority key identifier: 37:63:C7:10:6A:5F:26:40:16:2E:79:80:58:3E:AB:5B:D8:00:8C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N2PHEGpfJkAWLnmAWD6rW9gAjEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/JqPeTKIiSqFLnMuoE0z5MMpECyE.roa
Signing time:             Thu 02 Jan 2025 15:50:41 +0000
ROA not before:           Thu 02 Jan 2025 15:50:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        193.5.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/N2PHEGpfJkAWLnmAWD6rW9gAjEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/N2PHEGpfJkAWLnmAWD6rW9gAjEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N2PHEGpfJkAWLnmAWD6rW9gAjEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:39:d1:65:a3:fa:27:39:bb:8d:9c:a4:2b:4b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3763c7106a5f2640162e7980583eab5bd8008c45
        Validity
            Not Before: Jan  2 15:50:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26a3de4ca2224aa14b9ccba8134cf930ca440b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:72:45:ac:e2:b7:4d:76:13:ce:95:2d:2c:53:
                    62:b3:c3:de:e0:be:fa:a7:38:61:d4:8b:66:5e:d1:
                    66:80:65:c8:46:68:bc:82:d5:c5:35:f2:89:60:61:
                    a3:b0:2d:3b:7b:e7:36:6c:44:10:45:36:e9:41:20:
                    79:9b:30:cf:cd:2b:15:75:dc:59:8e:34:53:6c:43:
                    08:b3:15:d0:75:6b:09:89:5d:3a:4f:b9:b7:6d:e1:
                    81:5c:59:18:3f:9a:87:e9:78:f9:0e:60:27:81:5c:
                    5f:a6:e5:13:60:39:4f:38:33:71:da:59:b9:93:8f:
                    91:32:d3:ea:89:34:31:f3:a7:c0:bf:03:eb:f7:f9:
                    72:a5:9d:f7:e7:44:66:9d:06:95:f8:ac:da:71:c3:
                    4f:84:32:1b:19:47:66:1d:f1:cf:16:ad:fe:a3:82:
                    9e:f8:67:a5:27:7a:aa:d3:33:c8:cf:09:fa:25:4b:
                    34:b9:60:1d:0e:53:2f:58:20:35:eb:28:7b:d5:90:
                    2a:56:79:25:e5:a3:e7:15:1b:39:ec:ad:2e:c4:15:
                    8d:56:fa:f1:85:12:a3:7c:06:e0:0e:75:cc:61:00:
                    9f:4c:3b:21:dd:4a:39:fe:f8:47:14:7e:4d:77:9d:
                    65:8f:37:40:ed:fc:8e:ce:cc:74:be:05:93:fa:27:
                    14:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:A3:DE:4C:A2:22:4A:A1:4B:9C:CB:A8:13:4C:F9:30:CA:44:0B:21
            X509v3 Authority Key Identifier:
                keyid:37:63:C7:10:6A:5F:26:40:16:2E:79:80:58:3E:AB:5B:D8:00:8C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N2PHEGpfJkAWLnmAWD6rW9gAjEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/JqPeTKIiSqFLnMuoE0z5MMpECyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/33541a-f9ac-475a-b297-88a0e450a17b/1/N2PHEGpfJkAWLnmAWD6rW9gAjEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d1:0b:06:b2:6b:ad:33:e7:9e:56:30:67:0c:3a:eb:1e:01:
         fe:3c:df:fe:47:8f:45:a0:d9:dd:af:54:66:07:ec:7b:44:c5:
         7a:e9:69:2a:e4:23:a3:5c:59:de:37:e3:90:a5:82:45:de:bb:
         2f:e1:31:3f:dc:41:09:00:af:8a:ae:77:18:48:69:e9:be:c0:
         70:fb:8e:33:30:bd:39:49:a9:b8:11:ee:6d:ef:6e:2d:43:24:
         04:41:d8:55:e1:8d:b1:49:0c:d9:83:c3:51:46:b2:5e:64:72:
         50:6d:86:2d:e0:16:17:11:95:25:ad:e2:5a:bf:ce:fb:37:ea:
         53:36:1e:34:a6:10:0a:88:22:91:a4:97:a2:7b:e7:da:02:c4:
         95:f7:01:99:10:8d:82:f6:09:53:cd:c0:3c:93:af:2c:46:49:
         79:1d:3b:d6:93:77:82:5c:70:a2:13:b0:57:40:50:ed:f8:b4:
         d1:af:61:4b:72:ca:57:d5:d9:6a:90:b4:6a:ec:79:74:71:27:
         71:0a:82:08:ab:7c:41:6f:37:bb:a8:4e:02:b9:4c:f3:cf:ea:
         46:82:8c:49:61:9e:14:2a:ed:1c:95:c7:0a:c2:d9:38:65:1a:
         39:d6:d1:85:53:e4:d2:96:cb:a3:07:ad:c8:8c:4c:98:ec:87:
         78:eb:68:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntjnRZaP6Jzm7jZykK0vXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NjNjNzEwNmE1ZjI2NDAxNjJlNzk4MDU4M2VhYjViZDgw
MDhjNDUwHhcNMjUwMTAyMTU1MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmEzZGU0Y2EyMjI0YWExNGI5Y2NiYTgxMzRjZjkzMGNhNDQwYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHJFrOK3TXYTzpUtLFNis8Pe4L76
pzhh1ItmXtFmgGXIRmi8gtXFNfKJYGGjsC07e+c2bEQQRTbpQSB5mzDPzSsVddxZ
jjRTbEMIsxXQdWsJiV06T7m3beGBXFkYP5qH6Xj5DmAngVxfpuUTYDlPODNx2lm5
k4+RMtPqiTQx86fAvwPr9/lypZ3350RmnQaV+KzaccNPhDIbGUdmHfHPFq3+o4Ke
+GelJ3qq0zPIzwn6JUs0uWAdDlMvWCA16yh71ZAqVnkl5aPnFRs57K0uxBWNVvrx
hRKjfAbgDnXMYQCfTDsh3Uo5/vhHFH5Nd51ljzdA7fyOzsx0vgWT+icUaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCaj3kyiIkqhS5zLqBNM+TDKRAshMB8GA1UdIwQY
MBaAFDdjxxBqXyZAFi55gFg+q1vYAIxFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjJQSEVHcGZKa0FXTG5tQVdENnJXOWdBakVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zMzU0MWEtZjlhYy00NzVhLWIyOTct
ODhhMGU0NTBhMTdiLzEvSnFQZVRLSWlTcUZMbk11b0UwejVNTXBFQ3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zMzU0MWEtZjlhYy00NzVhLWIyOTctODhhMGU0NTBhMTdi
LzEvTjJQSEVHcGZKa0FXTG5tQVdENnJXOWdBakVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQWQMA0G
CSqGSIb3DQEBCwUAA4IBAQBy0QsGsmutM+eeVjBnDDrrHgH+PN/+R49FoNndr1Rm
B+x7RMV66Wkq5COjXFneN+OQpYJF3rsv4TE/3EEJAK+KrncYSGnpvsBw+44zML05
Sam4Ee5t724tQyQEQdhV4Y2xSQzZg8NRRrJeZHJQbYYt4BYXEZUlreJav877N+pT
Nh40phAKiCKRpJeie+faAsSV9wGZEI2C9glTzcA8k68sRkl5HTvWk3eCXHCiE7BX
QFDt+LTRr2FLcspX1dlqkLRq7Hl0cSdxCoIIq3xBbze7qE4CuUzzz+pGgoxJYZ4U
Ku0clccKwtk4ZRo51tGFU+TSlsujB63IjEyY7Id462il
-----END CERTIFICATE-----