Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/25be2f-92eb-4cde-a247-d8dc34036ce7/1/aRmXLbWgvqCrB_ieixDwg5bWHH4.roa
File:                     aRmXLbWgvqCrB_ieixDwg5bWHH4.roa (raw, json)
Hash identifier:          NkuU0nUuwUULqqtGwJsRiK14f6VjdQm0HvAAtBo3GJQ=
Subject key identifier:   69:19:97:2D:B5:A0:BE:A0:AB:07:F8:9E:8B:10:F0:83:96:D6:1C:7E
Certificate issuer:       /CN=9d0e2b9e69f562df14cf772bde05f7dacde25961
Certificate serial:       019420D5DB5E001E530072043256A2EB0BCB
Authority key identifier: 9D:0E:2B:9E:69:F5:62:DF:14:CF:77:2B:DE:05:F7:DA:CD:E2:59:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nQ4rnmn1Yt8Uz3cr3gX32s3iWWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/25be2f-92eb-4cde-a247-d8dc34036ce7/1/aRmXLbWgvqCrB_ieixDwg5bWHH4.roa
Signing time:             Wed 01 Jan 2025 07:47:53 +0000
ROA not before:           Wed 01 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31606
IP address blocks:        193.22.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/25be2f-92eb-4cde-a247-d8dc34036ce7/1/nQ4rnmn1Yt8Uz3cr3gX32s3iWWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/25be2f-92eb-4cde-a247-d8dc34036ce7/1/nQ4rnmn1Yt8Uz3cr3gX32s3iWWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nQ4rnmn1Yt8Uz3cr3gX32s3iWWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:db:5e:00:1e:53:00:72:04:32:56:a2:eb:0b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d0e2b9e69f562df14cf772bde05f7dacde25961
        Validity
            Not Before: Jan  1 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6919972db5a0bea0ab07f89e8b10f08396d61c7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:59:20:61:4e:b8:70:2e:48:77:4c:6b:19:f8:
                    2b:d1:19:e8:5f:62:58:99:ed:02:d0:86:8e:ad:66:
                    ad:1a:16:e8:13:4d:e8:7b:0f:af:c5:57:55:0e:4c:
                    ff:78:fc:7a:08:33:f2:97:eb:0b:5a:e3:b6:bc:03:
                    0f:b3:c5:d3:9d:2f:d4:39:cd:fc:c4:47:99:5f:eb:
                    37:11:cd:5a:d1:be:2b:c0:06:5b:83:6d:86:0e:64:
                    a0:97:0d:1c:81:69:62:d8:4d:1d:f1:cb:1a:2a:f5:
                    2e:f2:75:56:4b:c2:c2:57:93:a9:ae:89:6c:f3:1d:
                    81:a7:a6:cf:6e:12:2b:33:06:68:21:e9:70:5b:da:
                    55:71:1d:3b:f3:ea:d6:d7:36:ef:cb:13:cf:d7:95:
                    66:8f:ab:d4:07:09:dc:a7:af:9d:49:09:1c:ed:a3:
                    cb:07:11:b2:5b:10:da:7c:c4:a3:d9:5e:33:9b:41:
                    05:74:a3:3b:59:2f:16:a9:7a:ab:f5:a2:95:4a:a8:
                    66:9b:16:14:96:cb:bd:21:82:06:99:06:b5:9f:2b:
                    84:d1:a0:00:a3:f2:2d:c2:04:ca:a2:58:11:61:84:
                    b9:9c:dd:7f:c5:cf:c4:ce:5b:4f:cd:d1:0b:4a:cb:
                    85:f0:3f:c5:ef:01:09:cb:2b:e2:be:79:38:76:8d:
                    2d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:19:97:2D:B5:A0:BE:A0:AB:07:F8:9E:8B:10:F0:83:96:D6:1C:7E
            X509v3 Authority Key Identifier:
                keyid:9D:0E:2B:9E:69:F5:62:DF:14:CF:77:2B:DE:05:F7:DA:CD:E2:59:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nQ4rnmn1Yt8Uz3cr3gX32s3iWWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/25be2f-92eb-4cde-a247-d8dc34036ce7/1/aRmXLbWgvqCrB_ieixDwg5bWHH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/25be2f-92eb-4cde-a247-d8dc34036ce7/1/nQ4rnmn1Yt8Uz3cr3gX32s3iWWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:db:d4:8a:0c:b7:2a:95:fa:2c:3b:48:91:4c:e6:49:cd:c8:
         60:59:bb:8a:84:92:aa:92:6f:34:2e:a1:9e:75:81:39:42:f7:
         22:87:1b:34:7e:69:b9:78:a2:69:d6:f2:32:c4:d4:cc:f2:fa:
         62:f2:30:05:ff:8c:3f:db:1f:b4:16:e3:ee:85:33:01:55:d8:
         e0:09:2b:5a:56:1a:e0:54:c3:9a:26:d9:45:60:aa:1d:24:d8:
         2d:6a:86:f5:be:30:29:6c:0d:92:1a:4c:30:62:17:66:5d:8b:
         07:85:56:6c:fa:56:ef:1b:89:96:c8:ae:8b:b0:ad:50:84:89:
         bb:d6:3a:de:90:66:4f:fa:d5:f4:ae:a1:13:5a:9b:6e:17:21:
         46:c1:42:e0:99:b8:86:bd:f6:5c:06:df:71:f2:c8:7f:f3:28:
         b0:6e:a1:79:ee:e4:0b:79:0b:5e:3a:20:5c:3f:b5:59:99:1d:
         24:de:a0:0d:63:61:c0:e3:74:25:f1:70:25:d1:30:e9:1e:23:
         b7:e4:d3:b9:26:1f:7a:21:fb:a8:7f:fa:1a:0c:1d:2e:f3:d0:
         38:01:aa:e0:c7:f7:06:98:eb:29:6f:47:d5:18:b5:af:eb:8b:
         d8:82:90:6f:8c:96:ad:4b:41:35:52:a2:aa:7f:ca:76:35:10:
         f8:58:e3:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dteAB5TAHIEMlai6wvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMGUyYjllNjlmNTYyZGYxNGNmNzcyYmRlMDVmN2RhY2Rl
MjU5NjEwHhcNMjUwMTAxMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTE5OTcyZGI1YTBiZWEwYWIwN2Y4OWU4YjEwZjA4Mzk2ZDYxYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1kgYU64cC5Id0xrGfgr0RnoX2JY
me0C0IaOrWatGhboE03oew+vxVdVDkz/ePx6CDPyl+sLWuO2vAMPs8XTnS/UOc38
xEeZX+s3Ec1a0b4rwAZbg22GDmSglw0cgWli2E0d8csaKvUu8nVWS8LCV5Oprols
8x2Bp6bPbhIrMwZoIelwW9pVcR078+rW1zbvyxPP15Vmj6vUBwncp6+dSQkc7aPL
BxGyWxDafMSj2V4zm0EFdKM7WS8WqXqr9aKVSqhmmxYUlsu9IYIGmQa1nyuE0aAA
o/ItwgTKolgRYYS5nN1/xc/EzltPzdELSsuF8D/F7wEJyyvivnk4do0tBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkZly21oL6gqwf4nosQ8IOW1hx+MB8GA1UdIwQY
MBaAFJ0OK55p9WLfFM93K94F99rN4llhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblE0cm5tbjFZdDhVejNjcjNnWDMyczNpV1dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yNWJlMmYtOTJlYi00Y2RlLWEyNDct
ZDhkYzM0MDM2Y2U3LzEvYVJtWExiV2d2cUNyQl9pZWl4RHdnNWJXSEg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yNWJlMmYtOTJlYi00Y2RlLWEyNDctZDhkYzM0MDM2Y2U3
LzEvblE0cm5tbjFZdDhVejNjcjNnWDMyczNpV1dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRZdMA0G
CSqGSIb3DQEBCwUAA4IBAQA929SKDLcqlfosO0iRTOZJzchgWbuKhJKqkm80LqGe
dYE5Qvcihxs0fmm5eKJp1vIyxNTM8vpi8jAF/4w/2x+0FuPuhTMBVdjgCStaVhrg
VMOaJtlFYKodJNgtaob1vjApbA2SGkwwYhdmXYsHhVZs+lbvG4mWyK6LsK1QhIm7
1jrekGZP+tX0rqETWptuFyFGwULgmbiGvfZcBt9x8sh/8yiwbqF57uQLeQteOiBc
P7VZmR0k3qANY2HA43Ql8XAl0TDpHiO35NO5Jh96Ifuof/oaDB0u89A4Aargx/cG
mOspb0fVGLWv64vYgpBvjJatS0E1UqKqf8p2NRD4WOM0
-----END CERTIFICATE-----