Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/lEEZzzybqBVZbE52j1UTaBha8S8.roa
File:                     lEEZzzybqBVZbE52j1UTaBha8S8.roa (raw, json)
Hash identifier:          M0ghNe8I1TZs4KtvQ8xKIi7A+x2ciHjaRyld8EsOpko=
Subject key identifier:   94:41:19:CF:3C:9B:A8:15:59:6C:4E:76:8F:55:13:68:18:5A:F1:2F
Certificate issuer:       /CN=b40c95867c3084c4c16a2febb46651090f3247e4
Certificate serial:       019420D5E7A5A89030CFB73C72F0254E977F
Authority key identifier: B4:0C:95:86:7C:30:84:C4:C1:6A:2F:EB:B4:66:51:09:0F:32:47:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/lEEZzzybqBVZbE52j1UTaBha8S8.roa
Signing time:             Wed 01 Jan 2025 07:47:56 +0000
ROA not before:           Wed 01 Jan 2025 07:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50501
IP address blocks:        193.105.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e7:a5:a8:90:30:cf:b7:3c:72:f0:25:4e:97:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b40c95867c3084c4c16a2febb46651090f3247e4
        Validity
            Not Before: Jan  1 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=944119cf3c9ba815596c4e768f551368185af12f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:90:c1:1f:31:a8:87:fc:ae:2f:04:3b:3c:31:
                    fc:3a:59:5a:0c:db:b4:9c:55:db:2d:01:d6:4f:a6:
                    2a:dc:06:e2:bb:32:9c:f7:f9:57:19:f6:05:5d:5e:
                    56:df:ea:ce:06:68:84:48:c3:eb:6b:39:a2:a1:36:
                    82:74:a4:c3:5c:e2:3d:ac:e2:6e:30:03:2d:53:7e:
                    c4:26:a0:7b:42:66:7f:35:86:3a:3b:29:f5:b7:8a:
                    30:91:da:a6:40:c8:c4:3f:4c:54:cb:de:52:97:13:
                    a1:2e:e0:e0:95:b4:cf:50:eb:44:e5:ef:2a:bc:ae:
                    a3:c7:05:d8:46:b2:b3:fc:eb:01:de:fe:7d:4c:63:
                    78:c4:f5:9c:b0:a7:82:b0:5a:1d:88:dd:03:53:f0:
                    35:f8:96:6b:0e:0c:5f:a2:9b:c8:7d:f5:a8:77:92:
                    a2:7a:45:d6:54:1e:bf:34:83:f7:ab:65:e0:fe:f3:
                    c4:8b:57:e1:9e:c6:2a:d7:65:29:ca:d6:ef:5f:f5:
                    2b:d3:5f:bc:85:f6:11:a6:3e:36:2f:f4:a7:bf:98:
                    53:9b:57:e4:76:94:1b:18:1a:f2:87:20:4a:15:d4:
                    49:10:15:7a:ab:76:85:2b:5d:c9:8e:78:18:4f:81:
                    14:52:4b:8e:fe:4b:ec:fb:2b:c8:a9:aa:d1:95:45:
                    b6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:41:19:CF:3C:9B:A8:15:59:6C:4E:76:8F:55:13:68:18:5A:F1:2F
            X509v3 Authority Key Identifier:
                keyid:B4:0C:95:86:7C:30:84:C4:C1:6A:2F:EB:B4:66:51:09:0F:32:47:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/lEEZzzybqBVZbE52j1UTaBha8S8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/3182ce-9d2f-4b22-abcd-acd9a2eca33f/1/tAyVhnwwhMTBai_rtGZRCQ8yR-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:fb:e8:0b:80:1e:f9:36:80:9c:71:d8:df:28:31:a6:f4:44:
         8b:69:05:3f:67:6f:73:6e:03:5c:b1:1d:a3:fd:b9:3f:eb:22:
         29:b5:1c:f3:82:02:2e:b7:9a:2a:b1:8e:3f:03:80:ec:db:ff:
         f9:6a:64:69:94:65:52:8c:c2:b9:24:e7:78:13:c5:3c:2d:0d:
         d7:02:72:29:77:4e:b4:e7:9e:ca:dd:47:05:05:a7:1a:e5:09:
         2b:f0:83:4f:98:ea:d6:17:f3:cd:06:86:53:5a:41:67:9d:f6:
         71:db:e5:51:64:6f:3f:2a:77:89:49:39:33:18:30:69:67:f1:
         2b:65:f2:a5:dd:4f:0a:d5:6f:95:8c:4a:fc:13:2c:37:07:9d:
         df:b4:88:be:30:2c:24:c2:ee:cd:eb:b6:df:49:be:e8:c2:d6:
         c2:17:5f:7c:d1:60:f2:08:d8:05:a2:9e:1c:71:b4:b5:75:29:
         f4:68:82:72:b6:c8:f3:74:40:45:49:a1:47:15:8b:a0:fe:c0:
         40:31:ef:1d:16:d7:98:a6:35:cc:41:02:11:df:2a:e4:7c:b1:
         8c:33:f7:77:ba:f9:31:ca:30:ae:ff:41:19:49:ac:58:a1:69:
         f8:ce:a3:94:cb:c4:1c:8b:3e:5e:07:c1:70:68:a9:7e:c7:ab:
         52:8e:80:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1eelqJAwz7c8cvAlTpd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MGM5NTg2N2MzMDg0YzRjMTZhMmZlYmI0NjY1MTA5MGYz
MjQ3ZTQwHhcNMjUwMTAxMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDQxMTljZjNjOWJhODE1NTk2YzRlNzY4ZjU1MTM2ODE4NWFmMTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspDBHzGoh/yuLwQ7PDH8OllaDNu0
nFXbLQHWT6Yq3AbiuzKc9/lXGfYFXV5W3+rOBmiESMPrazmioTaCdKTDXOI9rOJu
MAMtU37EJqB7QmZ/NYY6Oyn1t4owkdqmQMjEP0xUy95SlxOhLuDglbTPUOtE5e8q
vK6jxwXYRrKz/OsB3v59TGN4xPWcsKeCsFodiN0DU/A1+JZrDgxfopvIffWod5Ki
ekXWVB6/NIP3q2Xg/vPEi1fhnsYq12UpytbvX/Ur01+8hfYRpj42L/Snv5hTm1fk
dpQbGBryhyBKFdRJEBV6q3aFK13JjngYT4EUUkuO/kvs+yvIqarRlUW2GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRBGc88m6gVWWxOdo9VE2gYWvEvMB8GA1UdIwQY
MBaAFLQMlYZ8MITEwWov67RmUQkPMkfkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEF5Vmhud3doTVRCYWlfcnRHWlJDUTh5Ui1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8zMTgyY2UtOWQyZi00YjIyLWFiY2Qt
YWNkOWEyZWNhMzNmLzEvbEVFWnp6eWJxQlZaYkU1MmoxVVRhQmhhOFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8zMTgyY2UtOWQyZi00YjIyLWFiY2QtYWNkOWEyZWNhMzNm
LzEvdEF5Vmhud3doTVRCYWlfcnRHWlJDUTh5Ui1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlVMA0G
CSqGSIb3DQEBCwUAA4IBAQBq++gLgB75NoCccdjfKDGm9ESLaQU/Z29zbgNcsR2j
/bk/6yIptRzzggIut5oqsY4/A4Ds2//5amRplGVSjMK5JOd4E8U8LQ3XAnIpd060
557K3UcFBaca5Qkr8INPmOrWF/PNBoZTWkFnnfZx2+VRZG8/KneJSTkzGDBpZ/Er
ZfKl3U8K1W+VjEr8Eyw3B53ftIi+MCwkwu7N67bfSb7owtbCF1980WDyCNgFop4c
cbS1dSn0aIJytsjzdEBFSaFHFYug/sBAMe8dFteYpjXMQQIR3yrkfLGMM/d3uvkx
yjCu/0EZSaxYoWn4zqOUy8Qciz5eB8FwaKl+x6tSjoDE
-----END CERTIFICATE-----