Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jgu3roXa-ppD5Voc7wD-A3FJYsA.roa
File:                     jgu3roXa-ppD5Voc7wD-A3FJYsA.roa (raw, json)
Hash identifier:          IK8p6mGX+CwHf/aA4cC2k9uGzhRGeTYhI8MfPoXscu0=
Subject key identifier:   8E:0B:B7:AE:85:DA:FA:9A:43:E5:5A:1C:EF:00:FE:03:71:49:62:C0
Certificate issuer:       /CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
Certificate serial:       019426D9E0F004A24298ECD1389D6E5C3711
Authority key identifier: 9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jgu3roXa-ppD5Voc7wD-A3FJYsA.roa
Signing time:             Thu 02 Jan 2025 11:50:00 +0000
ROA not before:           Thu 02 Jan 2025 11:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     251
IP address blocks:        193.34.48.0/22 maxlen: 24
                          195.13.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e0:f0:04:a2:42:98:ec:d1:38:9d:6e:5c:37:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e3533d662c3f0d6bb1e692f3fab6d7ba3824c28
        Validity
            Not Before: Jan  2 11:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e0bb7ae85dafa9a43e55a1cef00fe03714962c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a5:e8:3b:dc:54:68:11:31:26:5e:36:83:74:
                    c8:80:ea:16:03:d7:e8:87:4f:db:42:95:d9:c5:c4:
                    27:09:1a:2d:2f:92:e2:d3:fd:b6:f4:cd:38:75:6d:
                    91:f9:e5:20:13:57:bc:24:96:ed:9c:89:5c:d6:4f:
                    78:b9:9b:19:81:b5:18:c6:14:d6:c8:94:63:9c:cd:
                    0e:13:af:ad:44:2d:27:32:a3:dc:38:01:e5:b3:56:
                    bb:f8:a6:49:d9:9e:f0:fe:d6:35:4f:68:db:c2:a7:
                    48:7b:20:6a:3f:d8:d6:89:d4:4b:ab:3c:c1:4e:f9:
                    d1:f5:72:a6:b8:46:5c:5f:d7:6f:16:52:4a:59:27:
                    50:22:51:ab:04:3e:67:f7:eb:43:96:ff:b9:cc:bd:
                    2e:3e:70:7e:9b:d0:47:95:db:6b:9a:e4:29:4d:7b:
                    82:ba:06:b3:a5:67:11:e0:9a:a5:a0:c8:50:3b:d0:
                    e2:fb:c7:dc:a2:5c:41:4f:7d:39:e7:cf:4e:c0:b3:
                    4c:f6:f2:80:ae:2a:52:ec:26:a1:bb:72:87:e2:2c:
                    61:c6:85:86:9e:df:8d:f6:01:8d:61:07:98:95:71:
                    05:09:ac:95:28:99:9e:9e:9f:d6:18:8b:95:9f:fc:
                    63:58:a5:23:6f:aa:f0:8d:ec:1c:9b:4c:be:89:47:
                    ad:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:0B:B7:AE:85:DA:FA:9A:43:E5:5A:1C:EF:00:FE:03:71:49:62:C0
            X509v3 Authority Key Identifier:
                keyid:9E:35:33:D6:62:C3:F0:D6:BB:1E:69:2F:3F:AB:6D:7B:A3:82:4C:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/njUz1mLD8Na7HmkvP6tte6OCTCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/jgu3roXa-ppD5Voc7wD-A3FJYsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/bebe6d-16b3-4b02-b205-a783413099d3/1/njUz1mLD8Na7HmkvP6tte6OCTCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.48.0/22
                  195.13.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:b0:26:15:c0:73:03:f1:0e:d6:d8:6c:e6:ff:3c:f3:bb:2a:
         c2:db:3d:ea:56:bf:f2:f4:d4:d6:59:e4:7b:69:a0:3d:ee:62:
         b7:33:22:2f:d6:74:5c:b4:45:30:29:d6:f6:a3:b4:7c:c3:b1:
         6c:8c:14:f8:54:ff:53:26:74:92:96:97:ea:29:f8:1a:f6:56:
         68:ff:c1:c5:ec:6d:04:6a:45:5f:af:4b:69:59:8b:64:34:49:
         c6:ab:76:db:cf:5a:94:1a:da:c7:2c:0a:10:3f:29:0f:1d:1a:
         75:e6:18:5a:e1:73:7f:50:4f:71:b8:99:dd:5a:99:35:36:59:
         33:a7:90:2a:1c:e7:d7:17:45:05:ed:bb:51:e7:3f:d8:86:0a:
         5c:fe:17:3a:57:e1:85:73:84:5f:c9:3e:1c:f6:84:c1:d9:17:
         99:e4:01:a9:a2:2a:ce:d4:fa:d8:00:2f:8c:bb:f7:02:96:f7:
         a8:85:a4:5e:e4:87:a0:c2:6f:5c:a3:fa:ce:1a:f3:d5:5b:3c:
         4d:36:11:7d:10:bd:c9:40:25:3a:44:dd:80:86:4d:91:d8:1c:
         84:15:33:a3:35:ee:04:72:4b:c7:da:83:7a:0b:27:4b:d7:61:
         61:a1:13:b8:e3:68:b1:f3:0a:1c:48:99:8d:d7:e5:de:91:f4:
         1d:da:1f:b9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2eDwBKJCmOzROJ1uXDcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMzUzM2Q2NjJjM2YwZDZiYjFlNjkyZjNmYWI2ZDdiYTM4
MjRjMjgwHhcNMjUwMTAyMTE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTBiYjdhZTg1ZGFmYTlhNDNlNTVhMWNlZjAwZmUwMzcxNDk2MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaXoO9xUaBExJl42g3TIgOoWA9fo
h0/bQpXZxcQnCRotL5Li0/229M04dW2R+eUgE1e8JJbtnIlc1k94uZsZgbUYxhTW
yJRjnM0OE6+tRC0nMqPcOAHls1a7+KZJ2Z7w/tY1T2jbwqdIeyBqP9jWidRLqzzB
TvnR9XKmuEZcX9dvFlJKWSdQIlGrBD5n9+tDlv+5zL0uPnB+m9BHldtrmuQpTXuC
ugazpWcR4JqloMhQO9Di+8fcolxBT305589OwLNM9vKAripS7Cahu3KH4ixhxoWG
nt+N9gGNYQeYlXEFCayVKJmenp/WGIuVn/xjWKUjb6rwjewcm0y+iUetywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI4Lt66F2vqaQ+VaHO8A/gNxSWLAMB8GA1UdIwQY
MBaAFJ41M9Ziw/DWux5pLz+rbXujgkwoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUt
YTc4MzQxMzA5OWQzLzEvamd1M3JvWGEtcHBENVZvYzd3RC1BM0ZKWXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9iZWJlNmQtMTZiMy00YjAyLWIyMDUtYTc4MzQxMzA5OWQz
LzEvbmpVejFtTEQ4TmE3SG1rdlA2dHRlNk9DVENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwSIwAwQC
ww08MA0GCSqGSIb3DQEBCwUAA4IBAQAusCYVwHMD8Q7W2Gzm/zzzuyrC2z3qVr/y
9NTWWeR7aaA97mK3MyIv1nRctEUwKdb2o7R8w7FsjBT4VP9TJnSSlpfqKfga9lZo
/8HF7G0EakVfr0tpWYtkNEnGq3bbz1qUGtrHLAoQPykPHRp15hha4XN/UE9xuJnd
Wpk1Nlkzp5AqHOfXF0UF7btR5z/Yhgpc/hc6V+GFc4RfyT4c9oTB2ReZ5AGpoirO
1PrYAC+Mu/cClveohaRe5Iegwm9co/rOGvPVWzxNNhF9EL3JQCU6RN2Ahk2R2ByE
FTOjNe4EckvH2oN6CydL12FhoRO442ix8wocSJmN1+XekfQd2h+5
-----END CERTIFICATE-----