Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/290fec-28f3-44b0-9cff-331d4a0d1427/1/sXBgVFkVLsDSLFu0VPEzayMbTVY.roa
File:                     sXBgVFkVLsDSLFu0VPEzayMbTVY.roa (raw, json)
Hash identifier:          9PH3zbHvy0n97ISInagYoPKrYxbqwVNlm+VRnpV8hJg=
Subject key identifier:   B1:70:60:54:59:15:2E:C0:D2:2C:5B:B4:54:F1:33:6B:23:1B:4D:56
Certificate issuer:       /CN=1719aad5d4b22f4873e0947bc7f42fa1dd5c1f41
Certificate serial:       0194221F66BC73CACFA881BB8D95F522B91D
Authority key identifier: 17:19:AA:D5:D4:B2:2F:48:73:E0:94:7B:C7:F4:2F:A1:DD:5C:1F:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fxmq1dSyL0hz4JR7x_Qvod1cH0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/290fec-28f3-44b0-9cff-331d4a0d1427/1/sXBgVFkVLsDSLFu0VPEzayMbTVY.roa
Signing time:             Wed 01 Jan 2025 13:47:50 +0000
ROA not before:           Wed 01 Jan 2025 13:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199819
IP address blocks:        193.8.197.0/24 maxlen: 24
                          2001:678:75c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/290fec-28f3-44b0-9cff-331d4a0d1427/1/Fxmq1dSyL0hz4JR7x_Qvod1cH0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/290fec-28f3-44b0-9cff-331d4a0d1427/1/Fxmq1dSyL0hz4JR7x_Qvod1cH0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fxmq1dSyL0hz4JR7x_Qvod1cH0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:66:bc:73:ca:cf:a8:81:bb:8d:95:f5:22:b9:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1719aad5d4b22f4873e0947bc7f42fa1dd5c1f41
        Validity
            Not Before: Jan  1 13:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b170605459152ec0d22c5bb454f1336b231b4d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:01:18:de:b0:7e:d6:90:d7:a0:f4:a6:4f:22:
                    2e:9f:ed:db:25:ce:bc:86:4b:58:16:4c:0d:48:96:
                    c7:98:5c:bc:45:2d:7b:48:19:fa:49:99:3e:c2:43:
                    38:a0:f1:75:5a:0d:f3:cd:03:6e:77:80:4f:29:9d:
                    bb:3b:d6:1e:c4:1b:b2:db:a5:f4:b3:02:16:aa:16:
                    04:26:7a:62:ce:bc:1e:a3:45:7e:29:be:6a:af:6c:
                    24:c9:c1:6f:51:b1:ef:2b:2f:23:54:d0:f0:59:37:
                    ec:35:44:5c:67:2b:e8:ed:41:fb:70:29:38:3f:cc:
                    9f:ae:12:88:63:34:6e:10:8a:ad:63:be:7a:1e:f6:
                    f9:e2:58:12:d2:38:f8:70:71:d3:fa:24:64:d4:b3:
                    e8:59:2e:1e:8c:17:e7:88:16:a9:ce:c0:f0:a6:21:
                    aa:8b:79:14:5b:78:f0:85:9e:c6:f3:82:b8:8a:c2:
                    67:57:63:a2:11:db:a9:d1:8d:77:48:1a:9c:6d:c0:
                    bb:45:2e:67:2c:e5:4c:44:db:e2:64:08:bb:bd:b7:
                    bb:63:d5:ce:d5:85:4d:b7:6c:e9:da:aa:85:ca:61:
                    1e:6f:f7:45:6f:6c:62:36:62:76:8c:f0:79:66:d7:
                    48:48:69:fb:fd:d7:b7:5c:a6:60:79:4c:29:b0:3a:
                    12:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:70:60:54:59:15:2E:C0:D2:2C:5B:B4:54:F1:33:6B:23:1B:4D:56
            X509v3 Authority Key Identifier:
                keyid:17:19:AA:D5:D4:B2:2F:48:73:E0:94:7B:C7:F4:2F:A1:DD:5C:1F:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fxmq1dSyL0hz4JR7x_Qvod1cH0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/290fec-28f3-44b0-9cff-331d4a0d1427/1/sXBgVFkVLsDSLFu0VPEzayMbTVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/290fec-28f3-44b0-9cff-331d4a0d1427/1/Fxmq1dSyL0hz4JR7x_Qvod1cH0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.197.0/24
                IPv6:
                  2001:678:75c::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:2b:ce:33:49:41:74:e3:86:40:64:27:0e:29:58:c7:1b:57:
         3f:4f:2e:88:58:ba:4f:57:58:77:c1:12:b2:0d:28:5d:f3:c1:
         63:f6:8c:5e:b7:21:fc:a1:e3:f2:29:8e:47:e1:c5:ab:57:72:
         b3:8c:c4:5d:b0:35:c2:fa:20:19:3e:dd:0f:2c:98:92:10:09:
         5a:e3:0f:fa:9d:30:fe:e1:5f:7a:63:26:b9:ed:80:4a:1e:e7:
         3d:aa:8a:18:b5:8c:b4:51:5d:07:a9:bb:9e:b0:e1:c5:ee:11:
         15:a0:51:9f:ad:00:81:b7:e3:c7:63:6e:17:6d:13:24:61:4a:
         78:b5:d6:e6:e9:2e:b6:95:e1:c0:81:a2:bb:f2:df:61:c4:69:
         9b:99:fa:88:47:ed:16:73:83:53:d5:a0:7c:30:f5:70:5b:ca:
         b7:84:a1:43:93:35:db:d2:8f:21:cf:86:e3:e1:1a:20:4c:b3:
         52:7f:91:71:7d:46:25:77:6e:21:d9:64:47:3b:1e:bf:31:11:
         ef:5a:61:d9:61:64:fa:48:e9:0e:80:fc:ec:48:e9:36:98:f3:
         a8:88:ab:07:9a:d9:b8:41:fc:5c:cf:4d:b6:34:9a:fc:9e:57:
         fd:6f:19:61:e3:9c:80:b8:e8:f3:d2:f9:95:98:98:de:5b:6b:
         96:8e:8d:28
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH2a8c8rPqIG7jZX1IrkdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MTlhYWQ1ZDRiMjJmNDg3M2UwOTQ3YmM3ZjQyZmExZGQ1
YzFmNDEwHhcNMjUwMTAxMTM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTcwNjA1NDU5MTUyZWMwZDIyYzViYjQ1NGYxMzM2YjIzMWI0ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswEY3rB+1pDXoPSmTyIun+3bJc68
hktYFkwNSJbHmFy8RS17SBn6SZk+wkM4oPF1Wg3zzQNud4BPKZ27O9YexBuy26X0
swIWqhYEJnpizrweo0V+Kb5qr2wkycFvUbHvKy8jVNDwWTfsNURcZyvo7UH7cCk4
P8yfrhKIYzRuEIqtY756Hvb54lgS0jj4cHHT+iRk1LPoWS4ejBfniBapzsDwpiGq
i3kUW3jwhZ7G84K4isJnV2OiEdup0Y13SBqcbcC7RS5nLOVMRNviZAi7vbe7Y9XO
1YVNt2zp2qqFymEeb/dFb2xiNmJ2jPB5ZtdISGn7/de3XKZgeUwpsDoSHwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLFwYFRZFS7A0ixbtFTxM2sjG01WMB8GA1UdIwQY
MBaAFBcZqtXUsi9Ic+CUe8f0L6HdXB9BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnhtcTFkU3lMMGh6NEpSN3hfUXZvZDFjSDBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yOTBmZWMtMjhmMy00NGIwLTljZmYt
MzMxZDRhMGQxNDI3LzEvc1hCZ1ZGa1ZMc0RTTEZ1MFZQRXpheU1iVFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yOTBmZWMtMjhmMy00NGIwLTljZmYtMzMxZDRhMGQxNDI3
LzEvRnhtcTFkU3lMMGh6NEpSN3hfUXZvZDFjSDBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQjFMA8E
AgACMAkDBwAgAQZ4B1wwDQYJKoZIhvcNAQELBQADggEBAGgrzjNJQXTjhkBkJw4p
WMcbVz9PLohYuk9XWHfBErINKF3zwWP2jF63Ifyh4/IpjkfhxatXcrOMxF2wNcL6
IBk+3Q8smJIQCVrjD/qdMP7hX3pjJrntgEoe5z2qihi1jLRRXQepu56w4cXuERWg
UZ+tAIG348djbhdtEyRhSni11ubpLraV4cCBorvy32HEaZuZ+ohH7RZzg1PVoHww
9XBbyreEoUOTNdvSjyHPhuPhGiBMs1J/kXF9RiV3biHZZEc7Hr8xEe9aYdlhZPpI
6Q6A/OxI6TaY86iIqwea2bhB/FzPTbY0mvyeV/1vGWHjnIC46PPS+ZWYmN5ba5aO
jSg=
-----END CERTIFICATE-----