Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/FQAhyrS0gBW9SqtuZi6NPEvhgvs.roa
File:                     FQAhyrS0gBW9SqtuZi6NPEvhgvs.roa (raw, json)
Hash identifier:          b2xzO3i1ZOAXGwMPX7/Wy40sppb1tn8N9pURrf2iaI0=
Subject key identifier:   15:00:21:CA:B4:B4:80:15:BD:4A:AB:6E:66:2E:8D:3C:4B:E1:82:FB
Certificate issuer:       /CN=e801f23ce821c264d67727536ec183537594c5f2
Certificate serial:       0194228D758C12AF027948AA18562992F0A3
Authority key identifier: E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/FQAhyrS0gBW9SqtuZi6NPEvhgvs.roa
Signing time:             Wed 01 Jan 2025 15:48:03 +0000
ROA not before:           Wed 01 Jan 2025 15:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25176
IP address blocks:        193.10.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:75:8c:12:af:02:79:48:aa:18:56:29:92:f0:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e801f23ce821c264d67727536ec183537594c5f2
        Validity
            Not Before: Jan  1 15:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=150021cab4b48015bd4aab6e662e8d3c4be182fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:70:81:75:5a:39:8c:35:89:03:23:e1:5c:f9:
                    68:6d:98:90:78:76:dc:3f:e2:a1:93:76:12:d5:df:
                    0d:a3:e8:3c:38:08:e7:89:6d:30:e1:c3:9c:93:fe:
                    d8:91:8b:74:56:03:e1:c2:0a:3b:77:33:79:b8:fc:
                    a6:9e:70:3c:d6:e0:b0:c7:5a:8a:0f:66:6f:15:ba:
                    44:81:90:7a:14:72:47:72:d5:51:96:b5:ef:32:8c:
                    7d:6a:f6:ee:c6:f9:e0:d8:29:87:cd:73:56:88:00:
                    66:96:a8:93:c2:e7:85:70:81:e6:88:e6:16:ec:84:
                    eb:17:1a:7b:a0:29:7b:5e:f2:c3:80:8a:d3:a6:8a:
                    d7:83:2f:2f:5f:4b:ee:fe:a1:52:eb:2e:8d:e6:6b:
                    f6:63:58:58:bb:82:50:82:f2:0c:39:4d:0b:59:ea:
                    87:1e:ca:f4:bd:7b:14:1f:99:b7:c0:0b:9f:1b:10:
                    48:93:6a:bf:b9:76:2c:47:15:80:45:6f:8b:ac:aa:
                    30:14:b3:8a:98:41:42:9a:f4:9b:4f:08:74:98:e4:
                    62:8c:26:98:8d:45:d6:18:5b:4c:b5:6f:ba:88:e2:
                    6f:48:ef:ec:97:e2:b1:49:a9:fd:66:39:7a:ed:7b:
                    e4:1b:f4:e3:f1:1b:8d:f3:9d:34:e3:ef:7d:c5:c1:
                    44:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:00:21:CA:B4:B4:80:15:BD:4A:AB:6E:66:2E:8D:3C:4B:E1:82:FB
            X509v3 Authority Key Identifier:
                keyid:E8:01:F2:3C:E8:21:C2:64:D6:77:27:53:6E:C1:83:53:75:94:C5:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6AHyPOghwmTWdydTbsGDU3WUxfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/FQAhyrS0gBW9SqtuZi6NPEvhgvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/eab4d8-6afd-4f81-ab10-464eb183b568/1/6AHyPOghwmTWdydTbsGDU3WUxfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.10.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:cf:2e:8e:cb:38:8e:d2:38:cf:d9:ba:3d:9f:6c:83:93:d1:
         ae:97:34:c2:87:d2:d3:95:12:50:ad:5e:fc:2e:dd:1d:ba:9c:
         ac:c1:84:2d:fa:6a:b6:f1:06:23:5d:12:d7:e0:3d:eb:97:56:
         cd:3f:50:5c:6c:23:04:60:d1:54:69:ca:d6:b2:9d:48:43:be:
         cd:e4:45:77:55:fd:77:28:6f:e4:bb:1f:93:e6:41:45:fc:08:
         c8:00:94:e7:4c:c9:bf:bb:90:6b:27:28:65:44:f4:b3:90:21:
         b8:8e:44:0e:29:6f:bc:a7:02:b2:80:40:ec:44:ac:43:5e:26:
         f1:c6:e6:6e:21:ef:33:0e:05:91:71:41:8b:ea:40:ae:b3:a5:
         04:2a:4b:e2:03:48:c5:7a:a8:00:b4:92:13:1c:4e:fe:08:fa:
         2f:7c:88:0d:65:b7:21:04:2f:be:5a:29:43:23:17:39:65:01:
         74:28:63:6e:47:4a:75:96:62:a2:16:d6:f2:3d:c1:e1:ac:7f:
         98:f2:ae:fa:06:d6:a3:3e:a3:95:3d:08:39:4c:b1:21:a9:1d:
         64:1a:c0:ed:ec:1f:41:61:c0:26:b4:8f:f8:b3:e3:f4:31:9b:
         05:ed:ec:ae:fa:fc:6c:d1:43:c5:fb:b1:ca:0d:0e:66:87:6f:
         bf:f7:8c:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijXWMEq8CeUiqGFYpkvCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4MDFmMjNjZTgyMWMyNjRkNjc3Mjc1MzZlYzE4MzUzNzU5
NGM1ZjIwHhcNMjUwMTAxMTU0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTAwMjFjYWI0YjQ4MDE1YmQ0YWFiNmU2NjJlOGQzYzRiZTE4MmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3CBdVo5jDWJAyPhXPlobZiQeHbc
P+Khk3YS1d8No+g8OAjniW0w4cOck/7YkYt0VgPhwgo7dzN5uPymnnA81uCwx1qK
D2ZvFbpEgZB6FHJHctVRlrXvMox9avbuxvng2CmHzXNWiABmlqiTwueFcIHmiOYW
7ITrFxp7oCl7XvLDgIrTporXgy8vX0vu/qFS6y6N5mv2Y1hYu4JQgvIMOU0LWeqH
Hsr0vXsUH5m3wAufGxBIk2q/uXYsRxWARW+LrKowFLOKmEFCmvSbTwh0mORijCaY
jUXWGFtMtW+6iOJvSO/sl+KxSan9Zjl67XvkG/Tj8RuN85004+99xcFE2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUAIcq0tIAVvUqrbmYujTxL4YL7MB8GA1UdIwQY
MBaAFOgB8jzoIcJk1ncnU27Bg1N1lMXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAt
NDY0ZWIxODNiNTY4LzEvRlFBaHlyUzBnQlc5U3F0dVppNk5QRXZoZ3ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9lYWI0ZDgtNmFmZC00ZjgxLWFiMTAtNDY0ZWIxODNiNTY4
LzEvNkFIeVBPZ2h3bVRXZHlkVGJzR0RVM1dVeGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQogMA0G
CSqGSIb3DQEBCwUAA4IBAQC1zy6OyziO0jjP2bo9n2yDk9GulzTCh9LTlRJQrV78
Lt0dupyswYQt+mq28QYjXRLX4D3rl1bNP1BcbCMEYNFUacrWsp1IQ77N5EV3Vf13
KG/kux+T5kFF/AjIAJTnTMm/u5BrJyhlRPSzkCG4jkQOKW+8pwKygEDsRKxDXibx
xuZuIe8zDgWRcUGL6kCus6UEKkviA0jFeqgAtJITHE7+CPovfIgNZbchBC++WilD
Ixc5ZQF0KGNuR0p1lmKiFtbyPcHhrH+Y8q76BtajPqOVPQg5TLEhqR1kGsDt7B9B
YcAmtI/4s+P0MZsF7eyu+vxs0UPF+7HKDQ5mh2+/94xq
-----END CERTIFICATE-----