Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/kEq9Sa-aYq3KR4A40M5VyPd54wg.roa
File:                     kEq9Sa-aYq3KR4A40M5VyPd54wg.roa (raw, json)
Hash identifier:          UxvV1YF4/u8pr981HOY28yhkvm5jpeElKKL/ei/Iusw=
Subject key identifier:   90:4A:BD:49:AF:9A:62:AD:CA:47:80:38:D0:CE:55:C8:F7:79:E3:08
Certificate issuer:       /CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
Certificate serial:       01943C4BA8C57EF109B4D2175CB6096BE559
Authority key identifier: 2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/kEq9Sa-aYq3KR4A40M5VyPd54wg.roa
Signing time:             Mon 06 Jan 2025 15:46:18 +0000
ROA not before:           Mon 06 Jan 2025 15:46:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17943
IP address blocks:        193.19.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3c:4b:a8:c5:7e:f1:09:b4:d2:17:5c:b6:09:6b:e5:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e4bd4edca29d4e72be86ced0b7ad652c7d261c9
        Validity
            Not Before: Jan  6 15:46:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=904abd49af9a62adca478038d0ce55c8f779e308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4a:11:c3:a2:18:97:39:8e:96:c3:26:19:90:
                    39:f5:69:2d:58:04:51:26:ce:4d:bc:20:a0:e0:8a:
                    5b:9d:9d:80:83:f9:ea:06:44:46:53:87:ae:1d:3e:
                    65:8d:91:68:c9:9c:36:c9:de:ba:51:f7:50:fd:2f:
                    39:bb:00:86:ca:b4:16:ca:ab:91:c3:ee:00:b4:d2:
                    76:4a:37:54:3c:1b:70:9c:58:69:49:fd:94:cc:60:
                    24:42:0b:fa:23:a3:18:37:72:28:8f:2b:27:79:e3:
                    da:6a:f8:18:1c:c4:3e:aa:3b:af:83:83:4d:0b:70:
                    dc:61:2e:25:56:24:9a:10:19:0f:5a:0b:ac:e7:8e:
                    95:6d:2e:64:1e:59:8c:ad:9a:56:eb:37:81:4b:41:
                    c4:11:cd:6f:c1:b4:4f:1f:98:19:ba:b1:d2:03:17:
                    63:62:b1:8b:67:70:0a:37:8b:e0:7e:34:aa:eb:b8:
                    68:84:cc:eb:f1:4d:3a:1d:b8:28:7b:43:dc:e6:0b:
                    28:64:30:f3:1e:c3:f3:05:72:6e:6f:9d:34:9e:4f:
                    2f:d1:2a:37:62:c5:3d:5c:19:78:b9:be:e9:8d:9f:
                    32:4c:5f:a2:35:26:72:2b:36:ab:0b:35:ac:6a:1c:
                    69:af:37:3c:b2:8f:db:8a:36:32:f8:76:51:32:9a:
                    1e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4A:BD:49:AF:9A:62:AD:CA:47:80:38:D0:CE:55:C8:F7:79:E3:08
            X509v3 Authority Key Identifier:
                keyid:2E:4B:D4:ED:CA:29:D4:E7:2B:E8:6C:ED:0B:7A:D6:52:C7:D2:61:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkvU7cop1Ocr6GztC3rWUsfSYck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/kEq9Sa-aYq3KR4A40M5VyPd54wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a53bb6-66c0-4861-b288-2a6372e054d2/1/LkvU7cop1Ocr6GztC3rWUsfSYck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:13:ef:a9:fe:1f:c0:fb:a4:c1:49:c5:ae:0a:78:ea:cb:1c:
         0d:22:f1:dd:9d:94:db:5c:7b:56:39:14:62:9a:bb:00:fa:e2:
         1c:20:28:29:22:be:19:25:b0:15:ec:65:45:fa:44:70:73:73:
         2c:4c:fa:04:83:53:dc:fe:ec:4c:c8:55:ea:91:38:78:d6:1c:
         a3:7c:91:18:36:c7:d1:c1:92:3a:d7:a2:e8:33:16:1f:52:69:
         a3:b0:85:f4:1e:18:aa:6e:15:5c:49:82:85:78:0d:10:2d:ee:
         a5:3f:8d:3d:59:48:29:23:b3:d5:66:f5:75:62:9d:40:85:f2:
         dc:b3:7c:42:33:fa:6f:ca:54:ec:df:d4:b6:67:e7:9a:08:c5:
         6b:b9:2c:85:d6:4e:79:07:54:f4:a4:65:ff:30:db:b6:92:12:
         dd:58:d0:e0:6b:20:e3:89:af:88:77:20:db:98:fc:84:aa:83:
         64:da:62:8d:4e:96:da:78:12:c8:cc:c3:74:13:e3:e9:e1:52:
         87:e0:25:2d:be:d0:96:9d:78:87:a3:ef:e1:83:a8:1c:d8:1a:
         b5:bf:52:4b:b1:5c:b1:30:49:01:ae:98:3f:2d:82:96:5e:7b:
         ae:52:ee:5f:30:32:cb:5a:bd:e2:e2:a4:3d:ca:c7:b2:2b:86:
         1d:00:12:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ8S6jFfvEJtNIXXLYJa+VZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNGJkNGVkY2EyOWQ0ZTcyYmU4NmNlZDBiN2FkNjUyYzdk
MjYxYzkwHhcNMjUwMTA2MTU0NjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRhYmQ0OWFmOWE2MmFkY2E0NzgwMzhkMGNlNTVjOGY3NzllMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkoRw6IYlzmOlsMmGZA59WktWARR
Js5NvCCg4IpbnZ2Ag/nqBkRGU4euHT5ljZFoyZw2yd66UfdQ/S85uwCGyrQWyquR
w+4AtNJ2SjdUPBtwnFhpSf2UzGAkQgv6I6MYN3IojysneePaavgYHMQ+qjuvg4NN
C3DcYS4lViSaEBkPWgus546VbS5kHlmMrZpW6zeBS0HEEc1vwbRPH5gZurHSAxdj
YrGLZ3AKN4vgfjSq67hohMzr8U06Hbgoe0Pc5gsoZDDzHsPzBXJub500nk8v0So3
YsU9XBl4ub7pjZ8yTF+iNSZyKzarCzWsahxprzc8so/bijYy+HZRMpoemQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBKvUmvmmKtykeAONDOVcj3eeMIMB8GA1UdIwQY
MBaAFC5L1O3KKdTnK+hs7Qt61lLH0mHJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgt
MmE2MzcyZTA1NGQyLzEva0VxOVNhLWFZcTNLUjRBNDBNNVZ5UGQ1NHdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hNTNiYjYtNjZjMC00ODYxLWIyODgtMmE2MzcyZTA1NGQy
LzEvTGt2VTdjb3AxT2NyNkd6dEMzcldVc2ZTWWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRPgMA0G
CSqGSIb3DQEBCwUAA4IBAQADE++p/h/A+6TBScWuCnjqyxwNIvHdnZTbXHtWORRi
mrsA+uIcICgpIr4ZJbAV7GVF+kRwc3MsTPoEg1Pc/uxMyFXqkTh41hyjfJEYNsfR
wZI616LoMxYfUmmjsIX0HhiqbhVcSYKFeA0QLe6lP409WUgpI7PVZvV1Yp1AhfLc
s3xCM/pvylTs39S2Z+eaCMVruSyF1k55B1T0pGX/MNu2khLdWNDgayDjia+IdyDb
mPyEqoNk2mKNTpbaeBLIzMN0E+Pp4VKH4CUtvtCWnXiHo+/hg6gc2Bq1v1JLsVyx
MEkBrpg/LYKWXnuuUu5fMDLLWr3i4qQ9yseyK4YdABJZ
-----END CERTIFICATE-----