Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/v1vDCS3zEydWpnAi830GA_yQEHw.roa
File:                     v1vDCS3zEydWpnAi830GA_yQEHw.roa (raw, json)
Hash identifier:          3xFB/pduxsTBOKVMWYRZZ5LgXgY+cAqxpBeMHy8oimw=
Subject key identifier:   BF:5B:C3:09:2D:F3:13:27:56:A6:70:22:F3:7D:06:03:FC:90:10:7C
Certificate issuer:       /CN=c1eb2c601fa6d07507973081faa1325fe190b276
Certificate serial:       01942444DEC9BEAA0C813EDEA6F79945A60D
Authority key identifier: C1:EB:2C:60:1F:A6:D0:75:07:97:30:81:FA:A1:32:5F:E1:90:B2:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wessYB-m0HUHlzCB-qEyX-GQsnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/v1vDCS3zEydWpnAi830GA_yQEHw.roa
Signing time:             Wed 01 Jan 2025 23:48:00 +0000
ROA not before:           Wed 01 Jan 2025 23:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        193.169.70.0/24 maxlen: 24
                          193.169.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/wessYB-m0HUHlzCB-qEyX-GQsnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/wessYB-m0HUHlzCB-qEyX-GQsnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wessYB-m0HUHlzCB-qEyX-GQsnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:de:c9:be:aa:0c:81:3e:de:a6:f7:99:45:a6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eb2c601fa6d07507973081faa1325fe190b276
        Validity
            Not Before: Jan  1 23:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf5bc3092df3132756a67022f37d0603fc90107c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:16:01:30:7e:46:17:a0:c8:ab:bd:a0:a5:ee:
                    54:fb:fa:34:68:ea:a5:36:06:b9:3a:e1:ef:4b:95:
                    8a:ed:ae:94:09:36:6a:93:98:7e:e0:f7:44:be:da:
                    5d:52:17:4c:a5:8c:2f:1e:dd:c8:94:01:ea:b1:31:
                    0c:43:72:5a:6c:bb:46:c1:85:5a:d0:29:75:ee:f3:
                    3b:2e:81:8b:18:ea:ff:73:10:87:cc:17:21:07:c8:
                    a5:d5:f5:bc:a9:a9:6e:3b:06:a2:f1:55:e6:93:04:
                    fc:08:0d:9b:6c:4a:92:9f:19:08:29:ff:38:99:c0:
                    33:42:9a:74:14:87:2f:e5:f3:ef:d1:e3:4b:76:7a:
                    27:92:d8:5b:89:00:1d:b7:cc:56:3a:05:8a:5d:89:
                    13:68:54:8d:58:ad:0a:ca:47:5f:01:bc:e0:9d:33:
                    57:a3:07:75:ad:b9:0f:b1:f5:ec:58:c3:32:1a:f5:
                    33:41:3a:74:e0:9b:e3:37:2a:85:d0:e3:8a:a7:fa:
                    e3:bf:6a:67:38:3c:7c:c2:18:ab:e7:e7:c5:18:bc:
                    31:c4:7b:31:03:90:6f:04:6f:14:0e:3c:74:70:d7:
                    a6:84:86:b0:dd:b4:f3:59:aa:ed:46:6d:94:f3:07:
                    69:55:e4:b3:7f:07:ad:30:1d:8c:b1:d8:a8:18:ae:
                    2f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:5B:C3:09:2D:F3:13:27:56:A6:70:22:F3:7D:06:03:FC:90:10:7C
            X509v3 Authority Key Identifier:
                keyid:C1:EB:2C:60:1F:A6:D0:75:07:97:30:81:FA:A1:32:5F:E1:90:B2:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wessYB-m0HUHlzCB-qEyX-GQsnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/v1vDCS3zEydWpnAi830GA_yQEHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/5cf431-4d57-4503-b28a-90ef7bda1dc3/1/wessYB-m0HUHlzCB-qEyX-GQsnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:b4:b6:c1:8e:09:26:4b:94:cd:48:c5:c1:8a:59:77:55:12:
         24:98:dd:e0:df:b4:6b:8a:53:37:e0:31:e8:4f:92:5f:63:c4:
         f1:6e:61:1b:07:91:40:86:88:b0:94:0f:8b:b3:02:6b:7a:e0:
         7c:c8:79:46:6a:99:f3:1c:ef:b9:36:48:75:a1:bc:59:35:f5:
         15:cb:09:b1:5e:60:e9:bf:f3:5e:84:2c:05:f2:62:34:5f:77:
         16:f5:20:d5:ea:00:cf:0f:5e:92:fa:ec:33:51:1d:c9:27:fb:
         24:1f:cb:62:90:6d:26:b6:96:f3:ea:b5:e8:96:5a:57:b1:f4:
         f5:67:fa:fa:14:8f:1b:33:02:1b:e4:f6:a3:b4:fb:d4:a2:46:
         ef:33:62:20:f6:78:f6:de:07:e7:4b:23:43:4e:1c:c5:c6:91:
         f4:07:4d:59:2f:30:37:dc:2f:09:eb:4c:0c:ca:af:9d:59:ad:
         9a:cc:e3:40:48:02:0c:f9:45:28:3b:51:3f:bd:00:b5:a1:94:
         8b:b2:90:e8:a7:57:fb:f7:63:a0:1e:54:a9:b7:cd:3c:02:a5:
         90:43:0e:52:b6:0c:b7:83:e9:dd:6d:4a:f0:58:e3:be:40:c4:
         90:60:9b:da:45:ca:31:f6:95:67:3d:ef:e4:38:ea:65:07:8d:
         01:27:83:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRN7JvqoMgT7epveZRaYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWIyYzYwMWZhNmQwNzUwNzk3MzA4MWZhYTEzMjVmZTE5
MGIyNzYwHhcNMjUwMTAxMjM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjViYzMwOTJkZjMxMzI3NTZhNjcwMjJmMzdkMDYwM2ZjOTAxMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3xYBMH5GF6DIq72gpe5U+/o0aOql
Nga5OuHvS5WK7a6UCTZqk5h+4PdEvtpdUhdMpYwvHt3IlAHqsTEMQ3JabLtGwYVa
0Cl17vM7LoGLGOr/cxCHzBchB8il1fW8qaluOwai8VXmkwT8CA2bbEqSnxkIKf84
mcAzQpp0FIcv5fPv0eNLdnonkthbiQAdt8xWOgWKXYkTaFSNWK0KykdfAbzgnTNX
owd1rbkPsfXsWMMyGvUzQTp04JvjNyqF0OOKp/rjv2pnODx8whir5+fFGLwxxHsx
A5BvBG8UDjx0cNemhIaw3bTzWartRm2U8wdpVeSzfwetMB2MsdioGK4v2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9bwwkt8xMnVqZwIvN9BgP8kBB8MB8GA1UdIwQY
MBaAFMHrLGAfptB1B5cwgfqhMl/hkLJ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Vzc1lCLW0wSFVIbHpDQi1xRXlYLUdRc25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81Y2Y0MzEtNGQ1Ny00NTAzLWIyOGEt
OTBlZjdiZGExZGMzLzEvdjF2RENTM3pFeWRXcG5BaTgzMEdBX3lRRUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81Y2Y0MzEtNGQ1Ny00NTAzLWIyOGEtOTBlZjdiZGExZGMz
LzEvd2Vzc1lCLW0wSFVIbHpDQi1xRXlYLUdRc25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwalGMA0G
CSqGSIb3DQEBCwUAA4IBAQBxtLbBjgkmS5TNSMXBill3VRIkmN3g37RrilM34DHo
T5JfY8TxbmEbB5FAhoiwlA+LswJreuB8yHlGapnzHO+5Nkh1obxZNfUVywmxXmDp
v/NehCwF8mI0X3cW9SDV6gDPD16S+uwzUR3JJ/skH8tikG0mtpbz6rXollpXsfT1
Z/r6FI8bMwIb5PajtPvUokbvM2Ig9nj23gfnSyNDThzFxpH0B01ZLzA33C8J60wM
yq+dWa2azONASAIM+UUoO1E/vQC1oZSLspDop1f792OgHlSpt808AqWQQw5Stgy3
g+ndbUrwWOO+QMSQYJvaRcox9pVnPe/kOOplB40BJ4NA
-----END CERTIFICATE-----