Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/GRF2bMt45GUg8Rs22zB5kafSnfw.roa
File:                     GRF2bMt45GUg8Rs22zB5kafSnfw.roa (raw, json)
Hash identifier:          POA0gjYA6M0Utx5jRtzJV0tvSkimO4coFlCnQ2NmufU=
Subject key identifier:   19:11:76:6C:CB:78:E4:65:20:F1:1B:36:DB:30:79:91:A7:D2:9D:FC
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       0194D67B84A0436EFFD1B993990DF9CD613A
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/GRF2bMt45GUg8Rs22zB5kafSnfw.roa
Signing time:             Wed 05 Feb 2025 14:20:06 +0000
ROA not before:           Wed 05 Feb 2025 14:20:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215009
IP address blocks:        193.34.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d6:7b:84:a0:43:6e:ff:d1:b9:93:99:0d:f9:cd:61:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Feb  5 14:20:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1911766ccb78e46520f11b36db307991a7d29dfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d8:50:1d:b8:c0:75:fe:5f:e7:df:05:da:f2:
                    4f:ff:2d:7d:6b:da:ea:6b:13:60:e3:18:e7:21:0b:
                    a8:9e:44:12:7d:12:0e:be:22:ae:1d:41:2a:f2:09:
                    9d:d0:d0:07:79:22:ee:1f:52:d9:e2:eb:7f:af:b6:
                    dd:74:97:ff:b2:c0:90:7f:02:22:65:2c:ee:4c:97:
                    57:ab:92:f6:b7:d9:13:09:74:67:6e:c4:9a:df:3b:
                    03:c3:8e:b0:f8:46:e8:77:1f:bc:58:01:23:8e:55:
                    5c:f1:ff:98:a7:88:ad:41:4c:db:97:6e:7d:16:0c:
                    73:e3:a0:33:8c:ef:d6:b5:3a:66:25:52:3a:35:d6:
                    91:59:da:e9:8d:37:d5:54:8c:98:8d:07:df:d2:43:
                    27:7c:c1:12:23:b8:f3:f4:c5:4d:3b:4e:4f:06:36:
                    17:c0:db:98:03:b7:ae:71:6b:47:01:f8:85:39:75:
                    d3:66:67:27:83:b6:60:11:27:84:d0:62:2c:9d:4c:
                    23:fd:7d:1f:4b:dd:e5:0d:0c:a4:d2:93:a8:a5:14:
                    fb:3f:91:80:ea:44:1d:43:5c:a1:d1:ed:e7:6b:29:
                    df:a1:7c:90:5b:73:33:5a:0b:d6:7c:7b:79:14:06:
                    b7:f9:81:96:39:9b:6a:d0:87:75:30:a8:c8:a8:9b:
                    73:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:11:76:6C:CB:78:E4:65:20:F1:1B:36:DB:30:79:91:A7:D2:9D:FC
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/GRF2bMt45GUg8Rs22zB5kafSnfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:54:b7:22:bd:38:c1:44:d0:83:da:b2:20:f3:47:d4:96:2c:
         b4:11:2d:4c:f8:d6:a8:51:0a:e0:ed:c6:b8:6e:76:08:e9:ad:
         3f:59:e1:d8:4d:a8:13:31:8b:df:11:34:f4:1a:19:05:e5:1b:
         c5:89:46:0f:7b:bb:d7:da:78:64:d3:95:ca:f0:35:79:79:3b:
         49:54:cc:7d:ce:d0:0b:2a:16:70:af:ed:63:da:7f:37:3b:61:
         b8:ea:80:7c:af:39:8b:14:34:e1:5c:48:8b:18:0f:08:95:65:
         05:95:46:f4:f7:a5:ec:a0:bf:49:b1:81:76:86:f1:2a:62:4d:
         2b:b1:2d:25:f3:80:fa:7a:7c:c4:ef:c0:c7:06:e9:25:30:e5:
         72:56:b1:9d:7d:a5:43:b1:2e:f6:12:0d:27:ab:bf:e6:f1:99:
         48:9a:6a:12:da:89:01:cb:85:14:7b:b9:83:dd:11:dd:4f:18:
         f1:86:53:ff:89:8d:37:a0:03:12:e7:7d:f8:d3:9e:cf:38:33:
         5d:a5:c9:c7:3b:ae:9e:4e:ec:15:1d:57:ca:be:f0:5b:b3:55:
         0a:c7:87:f6:81:b9:33:0d:bc:07:83:b8:e7:09:64:93:25:de:
         93:cd:70:94:34:0d:b3:17:73:81:4c:01:97:91:5d:ff:2e:95:
         5b:4a:85:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTWe4SgQ27/0bmTmQ35zWE6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjUwMjA1MTQyMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTExNzY2Y2NiNzhlNDY1MjBmMTFiMzZkYjMwNzk5MWE3ZDI5ZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdhQHbjAdf5f598F2vJP/y19a9rq
axNg4xjnIQuonkQSfRIOviKuHUEq8gmd0NAHeSLuH1LZ4ut/r7bddJf/ssCQfwIi
ZSzuTJdXq5L2t9kTCXRnbsSa3zsDw46w+Ebodx+8WAEjjlVc8f+Yp4itQUzbl259
Fgxz46AzjO/WtTpmJVI6NdaRWdrpjTfVVIyYjQff0kMnfMESI7jz9MVNO05PBjYX
wNuYA7eucWtHAfiFOXXTZmcng7ZgESeE0GIsnUwj/X0fS93lDQyk0pOopRT7P5GA
6kQdQ1yh0e3naynfoXyQW3MzWgvWfHt5FAa3+YGWOZtq0Id1MKjIqJtzmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkRdmzLeORlIPEbNtsweZGn0p38MB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvR1JGMmJNdDQ1R1VnOFJzMjJ6QjVrYWZTbmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSIxMA0G
CSqGSIb3DQEBCwUAA4IBAQA0VLcivTjBRNCD2rIg80fUliy0ES1M+NaoUQrg7ca4
bnYI6a0/WeHYTagTMYvfETT0GhkF5RvFiUYPe7vX2nhk05XK8DV5eTtJVMx9ztAL
KhZwr+1j2n83O2G46oB8rzmLFDThXEiLGA8IlWUFlUb096XsoL9JsYF2hvEqYk0r
sS0l84D6enzE78DHBuklMOVyVrGdfaVDsS72Eg0nq7/m8ZlImmoS2okBy4UUe7mD
3RHdTxjxhlP/iY03oAMS5334057PODNdpcnHO66eTuwVHVfKvvBbs1UKx4f2gbkz
DbwHg7jnCWSTJd6TzXCUNA2zF3OBTAGXkV3/LpVbSoWW
-----END CERTIFICATE-----