Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/W3rPvUkflCFuxF0ug4dEXW6S2Kc.roa
File:                     W3rPvUkflCFuxF0ug4dEXW6S2Kc.roa (raw, json)
Hash identifier:          3G2s7uZotQeaUTGQLu0pJAmRVfSsV9ARqhmMaAPkMDY=
Subject key identifier:   5B:7A:CF:BD:49:1F:94:21:6E:C4:5D:2E:83:87:44:5D:6E:92:D8:A7
Certificate issuer:       /CN=838ec3942813d3f3536c127e1a821bfbef6db2a4
Certificate serial:       01942143E86E13189A45EB9F70ADBAF85D86
Authority key identifier: 83:8E:C3:94:28:13:D3:F3:53:6C:12:7E:1A:82:1B:FB:EF:6D:B2:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g47DlCgT0_NTbBJ-GoIb--9tsqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/W3rPvUkflCFuxF0ug4dEXW6S2Kc.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211416
IP address blocks:        193.56.134.0/24 maxlen: 24
                          2a10:e840::/32 maxlen: 64
                          2a10:e840:1::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/g47DlCgT0_NTbBJ-GoIb--9tsqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/g47DlCgT0_NTbBJ-GoIb--9tsqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g47DlCgT0_NTbBJ-GoIb--9tsqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 21:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e8:6e:13:18:9a:45:eb:9f:70:ad:ba:f8:5d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=838ec3942813d3f3536c127e1a821bfbef6db2a4
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b7acfbd491f94216ec45d2e8387445d6e92d8a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:89:81:0b:e8:85:47:73:c6:e4:61:20:0d:b0:
                    b8:c8:54:49:76:65:79:fe:6b:57:f0:ca:bd:02:45:
                    72:e0:b1:a5:2f:07:7b:0c:10:82:99:c2:dd:7e:81:
                    5f:a1:0f:5a:9a:ed:fb:1e:f3:3e:08:fd:42:d8:0c:
                    a6:6c:0c:85:69:d9:ed:b0:f0:5e:c4:8a:3c:ae:c2:
                    c7:ed:7b:8f:6d:56:bd:b5:b2:4c:a5:39:c5:0b:38:
                    3d:7e:8b:9b:c3:33:8c:4e:c5:e0:a7:ac:8c:85:7d:
                    8b:29:b6:fb:24:27:b4:91:a6:40:4d:18:e7:13:1d:
                    c7:81:93:25:75:b5:a6:62:23:69:08:93:55:f9:10:
                    35:f7:28:bf:70:2f:ec:89:ea:46:bc:3c:2c:39:d8:
                    68:5d:ec:d5:63:50:34:ef:52:74:b4:3b:73:01:a4:
                    9d:29:dc:cd:7b:01:eb:ea:6f:a3:e9:bb:39:ed:fa:
                    90:9e:35:86:13:09:59:23:98:b3:57:5e:81:df:35:
                    44:08:d0:0c:81:52:90:ff:bb:56:d7:ab:c1:ed:03:
                    d1:4d:ab:c0:88:f1:a2:9c:98:d8:72:10:67:f7:34:
                    8f:87:3c:be:27:d9:db:b6:b9:01:ca:dd:ce:81:03:
                    36:6b:49:68:33:22:52:3c:7e:d6:c4:2b:3d:75:31:
                    d6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:7A:CF:BD:49:1F:94:21:6E:C4:5D:2E:83:87:44:5D:6E:92:D8:A7
            X509v3 Authority Key Identifier:
                keyid:83:8E:C3:94:28:13:D3:F3:53:6C:12:7E:1A:82:1B:FB:EF:6D:B2:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g47DlCgT0_NTbBJ-GoIb--9tsqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/W3rPvUkflCFuxF0ug4dEXW6S2Kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/0c4b16-6b94-4080-9165-b853567da0ea/1/g47DlCgT0_NTbBJ-GoIb--9tsqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.134.0/24
                IPv6:
                  2a10:e840::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:57:b6:af:08:8e:27:63:34:b3:5e:65:c2:a2:0f:b8:17:a3:
         5a:8b:e5:f6:4f:60:8a:bc:25:bf:01:e2:d7:97:12:2e:53:48:
         74:33:7d:0b:71:82:a2:49:f2:0e:db:97:ec:90:31:03:cf:55:
         b2:da:f5:af:66:36:e1:df:bb:a8:45:27:9d:df:2c:1b:04:0f:
         64:56:aa:6c:78:9b:60:b9:11:e6:b6:a8:f9:c4:e6:29:16:8e:
         f3:2b:7c:6f:51:ed:fd:20:31:57:27:8a:58:07:cc:d9:14:75:
         c1:87:4c:ba:92:b7:b3:d7:83:91:18:72:58:dc:cd:4d:bf:a6:
         ba:e4:87:01:60:35:2f:5b:06:43:53:fd:ca:78:99:cb:db:e5:
         17:10:d8:de:dc:ab:5f:40:54:95:45:54:aa:0d:78:61:b5:a4:
         bf:4d:c7:8c:99:86:5a:fe:02:66:86:75:3e:7e:7e:e9:56:32:
         8e:a0:33:6c:e1:cd:47:de:13:76:21:bc:a7:af:34:d9:b9:e6:
         b9:d0:a6:e6:4f:53:09:06:2c:aa:fc:a9:52:f5:ea:37:b0:49:
         44:50:33:fb:ad:68:7a:75:b0:28:b8:0b:09:b0:a3:e9:8e:85:
         48:6b:c1:d3:b3:2a:ba:d9:44:01:e2:e7:7e:af:d7:6a:8a:6c:
         b7:51:e4:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ+huExiaReufcK26+F2GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOGVjMzk0MjgxM2QzZjM1MzZjMTI3ZTFhODIxYmZiZWY2
ZGIyYTQwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjdhY2ZiZDQ5MWY5NDIxNmVjNDVkMmU4Mzg3NDQ1ZDZlOTJkOGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4mBC+iFR3PG5GEgDbC4yFRJdmV5
/mtX8Mq9AkVy4LGlLwd7DBCCmcLdfoFfoQ9amu37HvM+CP1C2AymbAyFadntsPBe
xIo8rsLH7XuPbVa9tbJMpTnFCzg9foubwzOMTsXgp6yMhX2LKbb7JCe0kaZATRjn
Ex3HgZMldbWmYiNpCJNV+RA19yi/cC/siepGvDwsOdhoXezVY1A071J0tDtzAaSd
KdzNewHr6m+j6bs57fqQnjWGEwlZI5izV16B3zVECNAMgVKQ/7tW16vB7QPRTavA
iPGinJjYchBn9zSPhzy+J9nbtrkByt3OgQM2a0loMyJSPH7WxCs9dTHWHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFt6z71JH5QhbsRdLoOHRF1uktinMB8GA1UdIwQY
MBaAFIOOw5QoE9PzU2wSfhqCG/vvbbKkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzQ3RGxDZ1QwX05UYkJKLUdvSWItLTl0c3FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wYzRiMTYtNmI5NC00MDgwLTkxNjUt
Yjg1MzU2N2RhMGVhLzEvVzNyUHZVa2ZsQ0Z1eEYwdWc0ZEVYVzZTMktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wYzRiMTYtNmI5NC00MDgwLTkxNjUtYjg1MzU2N2RhMGVh
LzEvZzQ3RGxDZ1QwX05UYkJKLUdvSWItLTl0c3FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwTiGMA0E
AgACMAcDBQAqEOhAMA0GCSqGSIb3DQEBCwUAA4IBAQAoV7avCI4nYzSzXmXCog+4
F6Nai+X2T2CKvCW/AeLXlxIuU0h0M30LcYKiSfIO25fskDEDz1Wy2vWvZjbh37uo
RSed3ywbBA9kVqpseJtguRHmtqj5xOYpFo7zK3xvUe39IDFXJ4pYB8zZFHXBh0y6
krez14ORGHJY3M1Nv6a65IcBYDUvWwZDU/3KeJnL2+UXENje3KtfQFSVRVSqDXhh
taS/TceMmYZa/gJmhnU+fn7pVjKOoDNs4c1H3hN2IbynrzTZuea50KbmT1MJBiyq
/KlS9eo3sElEUDP7rWh6dbAouAsJsKPpjoVIa8HTsyq62UQB4ud+r9dqimy3UeRA
-----END CERTIFICATE-----