Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/sZvwZMkTNt-iUTiQmQ2RW61JCrY.roa
File:                     sZvwZMkTNt-iUTiQmQ2RW61JCrY.roa (raw, json)
Hash identifier:          ILtUTNlj+OmXDu1giFXN+JTJafdCM0FAh4hCT6vGfZc=
Subject key identifier:   B1:9B:F0:64:C9:13:36:DF:A2:51:38:90:99:0D:91:5B:AD:49:0A:B6
Certificate issuer:       /CN=bb82b8d3c1b0f78c3a19f6164eb2821e230cfe4e
Certificate serial:       0194266BB87CEF8020F10A86421B11EF7247
Authority key identifier: BB:82:B8:D3:C1:B0:F7:8C:3A:19:F6:16:4E:B2:82:1E:23:0C:FE:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4K408Gw94w6GfYWTrKCHiMM_k4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/sZvwZMkTNt-iUTiQmQ2RW61JCrY.roa
Signing time:             Thu 02 Jan 2025 09:49:41 +0000
ROA not before:           Thu 02 Jan 2025 09:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25149
IP address blocks:        193.178.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/u4K408Gw94w6GfYWTrKCHiMM_k4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/u4K408Gw94w6GfYWTrKCHiMM_k4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4K408Gw94w6GfYWTrKCHiMM_k4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b8:7c:ef:80:20:f1:0a:86:42:1b:11:ef:72:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb82b8d3c1b0f78c3a19f6164eb2821e230cfe4e
        Validity
            Not Before: Jan  2 09:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b19bf064c91336dfa2513890990d915bad490ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:43:82:14:d2:80:4d:12:e9:26:ff:00:1d:2f:
                    9c:6b:b4:f0:c1:1b:03:02:a4:81:1d:86:53:d6:e1:
                    59:e8:26:66:18:a6:54:ea:95:f3:4e:16:87:a8:70:
                    9e:9c:97:f8:05:cf:5b:7b:1d:c5:e0:47:34:8c:89:
                    3f:a0:b5:f1:82:ef:32:4a:0f:00:19:27:7c:94:ec:
                    c8:ea:73:a3:a1:c5:77:2d:33:6c:1d:89:0a:6c:ce:
                    be:e4:b7:b1:9f:da:e4:2c:6e:c3:43:74:16:95:1e:
                    e5:f1:b9:a1:57:97:39:a0:cc:90:12:cd:a8:ce:de:
                    21:38:6d:1d:f7:cb:f4:cf:21:42:c8:80:1e:54:12:
                    d2:56:2f:cd:3c:d9:8a:b7:03:0c:ce:c7:fa:1e:1e:
                    7c:37:cd:cf:e4:fe:2e:30:86:23:59:a7:a3:71:33:
                    07:15:5b:42:ad:ae:23:3f:27:ff:12:b5:17:36:f0:
                    fb:3a:5d:c2:e9:13:9c:0c:93:76:02:64:42:a1:fd:
                    8b:75:f8:34:6b:29:b2:dd:5c:b1:3e:55:d6:a3:97:
                    01:80:fa:aa:1a:3d:b5:b9:65:2e:c2:45:d4:cb:56:
                    d9:45:b9:9f:61:e7:67:85:0a:fd:63:a3:e5:9f:56:
                    1e:6c:6d:c6:8e:da:8a:87:0b:54:b4:e0:ef:4c:c3:
                    b8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:9B:F0:64:C9:13:36:DF:A2:51:38:90:99:0D:91:5B:AD:49:0A:B6
            X509v3 Authority Key Identifier:
                keyid:BB:82:B8:D3:C1:B0:F7:8C:3A:19:F6:16:4E:B2:82:1E:23:0C:FE:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4K408Gw94w6GfYWTrKCHiMM_k4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/sZvwZMkTNt-iUTiQmQ2RW61JCrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/280ca9-f7d8-4ffa-ba34-a13f4481bc6c/1/u4K408Gw94w6GfYWTrKCHiMM_k4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:c8:7a:75:ab:29:82:c7:56:06:b6:36:55:fe:18:6b:2f:a0:
         e0:7d:99:ca:86:89:43:11:68:4e:37:c4:6d:d8:5d:51:81:3f:
         ef:e2:b7:6e:5a:b5:c4:07:47:c5:6b:03:41:8e:24:72:64:b1:
         7c:67:34:2f:3e:85:77:f8:dd:aa:a6:b7:a8:27:9b:e9:55:e4:
         cf:c0:39:45:9f:fb:c5:fd:a0:f9:cc:92:58:bb:5b:0c:4a:d8:
         16:5c:4d:f0:2f:59:ae:00:a4:2f:14:94:a9:cd:63:85:fa:79:
         f5:70:98:0d:e0:00:32:a5:9e:5b:fc:ba:bc:21:f9:c7:68:d5:
         d1:78:b0:8e:68:91:28:f5:9b:d3:e7:b5:34:71:8a:11:ea:ef:
         47:aa:ea:d7:a5:8c:6e:94:6b:0c:a0:40:1c:00:62:84:4a:3b:
         8b:13:8e:ed:03:12:28:9b:35:61:56:22:35:cb:ff:6a:d2:05:
         86:7d:58:12:1b:aa:b3:b6:8c:d9:4e:6d:f4:68:1d:d6:a0:eb:
         d8:00:ce:70:96:53:33:35:78:70:92:4b:c3:ea:35:60:2b:ca:
         c8:b4:2f:a6:0d:3b:91:0e:84:39:17:72:e8:ef:be:e6:a5:3b:
         1e:2c:78:05:bd:7e:ec:ec:d0:dc:bc:4a:5c:00:eb:42:a1:9a:
         0a:a0:ac:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma7h874Ag8QqGQhsR73JHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODJiOGQzYzFiMGY3OGMzYTE5ZjYxNjRlYjI4MjFlMjMw
Y2ZlNGUwHhcNMjUwMTAyMDk0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTliZjA2NGM5MTMzNmRmYTI1MTM4OTA5OTBkOTE1YmFkNDkwYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkOCFNKATRLpJv8AHS+ca7TwwRsD
AqSBHYZT1uFZ6CZmGKZU6pXzThaHqHCenJf4Bc9bex3F4Ec0jIk/oLXxgu8ySg8A
GSd8lOzI6nOjocV3LTNsHYkKbM6+5Lexn9rkLG7DQ3QWlR7l8bmhV5c5oMyQEs2o
zt4hOG0d98v0zyFCyIAeVBLSVi/NPNmKtwMMzsf6Hh58N83P5P4uMIYjWaejcTMH
FVtCra4jPyf/ErUXNvD7Ol3C6ROcDJN2AmRCof2Ldfg0aymy3VyxPlXWo5cBgPqq
Gj21uWUuwkXUy1bZRbmfYednhQr9Y6Pln1YebG3GjtqKhwtUtODvTMO4jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGb8GTJEzbfolE4kJkNkVutSQq2MB8GA1UdIwQY
MBaAFLuCuNPBsPeMOhn2Fk6ygh4jDP5OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRLNDA4R3c5NHc2R2ZZV1RyS0NIaU1NX2s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yODBjYTktZjdkOC00ZmZhLWJhMzQt
YTEzZjQ0ODFiYzZjLzEvc1p2d1pNa1ROdC1pVVRpUW1RMlJXNjFKQ3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yODBjYTktZjdkOC00ZmZhLWJhMzQtYTEzZjQ0ODFiYzZj
LzEvdTRLNDA4R3c5NHc2R2ZZV1RyS0NIaU1NX2s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbK8MA0G
CSqGSIb3DQEBCwUAA4IBAQALyHp1qymCx1YGtjZV/hhrL6DgfZnKholDEWhON8Rt
2F1RgT/v4rduWrXEB0fFawNBjiRyZLF8ZzQvPoV3+N2qpreoJ5vpVeTPwDlFn/vF
/aD5zJJYu1sMStgWXE3wL1muAKQvFJSpzWOF+nn1cJgN4AAypZ5b/Lq8IfnHaNXR
eLCOaJEo9ZvT57U0cYoR6u9HqurXpYxulGsMoEAcAGKESjuLE47tAxIomzVhViI1
y/9q0gWGfVgSG6qztozZTm30aB3WoOvYAM5wllMzNXhwkkvD6jVgK8rItC+mDTuR
DoQ5F3Lo777mpTseLHgFvX7s7NDcvEpcAOtCoZoKoKyo
-----END CERTIFICATE-----