Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/qeWWXC4RViFAz8xriJzqrFh0600.roa
File:                     qeWWXC4RViFAz8xriJzqrFh0600.roa (raw, json)
Hash identifier:          cK7UCY1T1SSLWCGmJ3HLNSyWPP//KFWSZClOxdVEO+Q=
Subject key identifier:   A9:E5:96:5C:2E:11:56:21:40:CF:CC:6B:88:9C:EA:AC:58:74:EB:4D
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D59FABA7B20036C863901DCCFC1DE8
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/qeWWXC4RViFAz8xriJzqrFh0600.roa
Signing time:             Wed 01 Jan 2025 07:47:38 +0000
ROA not before:           Wed 01 Jan 2025 07:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8723
IP address blocks:        193.251.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9f:ab:a7:b2:00:36:c8:63:90:1d:cc:fc:1d:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9e5965c2e11562140cfcc6b889ceaac5874eb4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:71:01:7b:8b:ac:24:7e:7d:e2:08:9f:db:6f:
                    0d:d0:27:58:77:01:c1:bd:79:05:6a:98:d3:da:09:
                    bb:7d:4d:f4:0a:6f:bb:77:56:66:b9:41:37:5f:af:
                    44:37:f4:e8:64:50:02:2f:97:ad:23:98:b5:aa:38:
                    ca:10:d7:71:7d:ea:b0:4f:85:e7:13:ab:c5:10:6f:
                    a3:82:f6:b3:ce:0e:62:2c:23:48:7f:e9:94:45:be:
                    7b:2a:3d:6e:7b:d4:3e:8a:c4:14:83:c4:83:b1:eb:
                    52:a1:e3:f7:e5:15:b6:29:e5:e1:b3:12:a0:c4:33:
                    5f:4f:6e:37:e0:66:0f:44:dc:ee:14:53:82:63:0a:
                    1d:10:93:2b:a0:01:91:9f:ba:c8:64:5b:aa:eb:4c:
                    6d:3a:4c:e6:bf:9d:77:d2:d0:ec:2b:4f:f9:d4:1d:
                    35:31:4e:a9:c8:ac:ef:52:9d:3a:cb:42:76:b2:22:
                    69:65:0a:f2:31:12:1e:40:9d:de:62:5c:1c:8b:7f:
                    ee:f5:78:5d:5e:c3:ef:4a:07:9d:34:6b:c1:e1:11:
                    6b:18:a0:17:b3:8f:d0:85:64:cc:fc:51:78:59:39:
                    1b:2b:34:27:30:68:e1:21:83:f0:11:0c:af:d6:3c:
                    ac:7e:34:55:b7:9c:e6:74:cc:04:c3:35:b3:c0:86:
                    af:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E5:96:5C:2E:11:56:21:40:CF:CC:6B:88:9C:EA:AC:58:74:EB:4D
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/qeWWXC4RViFAz8xriJzqrFh0600.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.251.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:0b:44:10:a0:5b:07:05:88:41:6a:25:f1:e4:16:a5:b3:dc:
         5e:94:a3:14:b5:42:fa:0b:4d:5e:8a:c3:01:07:ce:f1:9c:a2:
         d2:c7:8f:10:ef:b4:28:6f:11:1b:44:67:9e:d3:b1:6a:83:14:
         91:b3:8e:55:44:23:e7:f8:24:1f:5c:2b:95:ee:35:14:02:55:
         23:04:df:4d:4f:8d:34:01:aa:e7:0b:8e:ca:91:25:94:38:d5:
         f1:f6:e3:fd:06:85:4a:ef:f7:18:c7:f0:3b:e1:70:2c:9f:61:
         54:43:14:f7:c1:5a:7a:c2:5d:25:4a:47:f9:be:36:b0:a9:e0:
         d0:0c:66:35:53:94:94:c0:dc:d1:b9:53:1e:c0:9f:0d:e3:04:
         a2:0d:c7:59:df:11:20:68:c3:b1:19:7f:2c:33:da:c7:27:8b:
         3c:c0:0a:32:7c:08:c0:33:8a:e0:21:59:06:e7:0e:10:0a:ad:
         66:a1:85:ba:cf:c9:4a:19:07:e9:14:82:f9:4d:25:54:43:21:
         33:9f:f2:b1:39:1e:6d:6e:3b:05:ae:70:e5:ad:cc:db:48:26:
         9c:40:b2:51:93:d0:63:24:1e:aa:ff:4e:1b:2f:6a:7e:74:bd:
         60:3b:f3:f0:b0:b9:1c:5e:2b:5e:a5:8c:14:39:a2:e1:a0:1f:
         d1:9e:77:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1Z+rp7IANshjkB3M/B3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU1OTY1YzJlMTE1NjIxNDBjZmNjNmI4ODljZWFhYzU4NzRlYjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHEBe4usJH594gif228N0CdYdwHB
vXkFapjT2gm7fU30Cm+7d1ZmuUE3X69EN/ToZFACL5etI5i1qjjKENdxfeqwT4Xn
E6vFEG+jgvazzg5iLCNIf+mURb57Kj1ue9Q+isQUg8SDsetSoeP35RW2KeXhsxKg
xDNfT2434GYPRNzuFFOCYwodEJMroAGRn7rIZFuq60xtOkzmv5130tDsK0/51B01
MU6pyKzvUp06y0J2siJpZQryMRIeQJ3eYlwci3/u9XhdXsPvSgedNGvB4RFrGKAX
s4/QhWTM/FF4WTkbKzQnMGjhIYPwEQyv1jysfjRVt5zmdMwEwzWzwIavIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKnlllwuEVYhQM/Ma4ic6qxYdOtNMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvcWVXV1hDNFJWaUZBejh4cmlKenFyRmgwNjAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfvZMA0G
CSqGSIb3DQEBCwUAA4IBAQCpC0QQoFsHBYhBaiXx5Bals9xelKMUtUL6C01eisMB
B87xnKLSx48Q77QobxEbRGee07FqgxSRs45VRCPn+CQfXCuV7jUUAlUjBN9NT400
AarnC47KkSWUONXx9uP9BoVK7/cYx/A74XAsn2FUQxT3wVp6wl0lSkf5vjawqeDQ
DGY1U5SUwNzRuVMewJ8N4wSiDcdZ3xEgaMOxGX8sM9rHJ4s8wAoyfAjAM4rgIVkG
5w4QCq1moYW6z8lKGQfpFIL5TSVUQyEzn/KxOR5tbjsFrnDlrczbSCacQLJRk9Bj
JB6q/04bL2p+dL1gO/PwsLkcXitepYwUOaLhoB/Rnnfo
-----END CERTIFICATE-----