Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/5489e6-3e33-4df2-90b8-116909e43824/1/DwD4MRqZCp-c4uFsMsWnYL0-SzA.roa
File:                     DwD4MRqZCp-c4uFsMsWnYL0-SzA.roa (raw, json)
Hash identifier:          2tkEE6WjjJq4tK+YMGxG4bkpbYxQV0qlFZ5Ps3gC3Vo=
Subject key identifier:   0F:00:F8:31:1A:99:0A:9F:9C:E2:E1:6C:32:C5:A7:60:BD:3E:4B:30
Certificate issuer:       /CN=9c209157bf789e6bba34e0dbd3efecd9b20dd06b
Certificate serial:       01941F8C36011F2A310506845EFE10F9181B
Authority key identifier: 9C:20:91:57:BF:78:9E:6B:BA:34:E0:DB:D3:EF:EC:D9:B2:0D:D0:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nCCRV794nmu6NODb0-_s2bIN0Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/5489e6-3e33-4df2-90b8-116909e43824/1/DwD4MRqZCp-c4uFsMsWnYL0-SzA.roa
Signing time:             Wed 01 Jan 2025 01:47:50 +0000
ROA not before:           Wed 01 Jan 2025 01:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        193.106.248.0/24 maxlen: 24
                          193.106.249.0/24 maxlen: 24
                          193.106.250.0/24 maxlen: 24
                          193.106.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/5489e6-3e33-4df2-90b8-116909e43824/1/nCCRV794nmu6NODb0-_s2bIN0Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/5489e6-3e33-4df2-90b8-116909e43824/1/nCCRV794nmu6NODb0-_s2bIN0Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nCCRV794nmu6NODb0-_s2bIN0Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 06:58:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:36:01:1f:2a:31:05:06:84:5e:fe:10:f9:18:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c209157bf789e6bba34e0dbd3efecd9b20dd06b
        Validity
            Not Before: Jan  1 01:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f00f8311a990a9f9ce2e16c32c5a760bd3e4b30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fa:55:06:e5:42:9d:31:c0:9e:6a:89:6c:51:
                    97:1f:72:1b:21:a7:7e:ea:3b:7a:3c:cd:28:d7:c1:
                    0c:5c:fa:98:d1:18:29:8e:d5:66:7b:73:d4:cf:eb:
                    b2:13:3c:94:0a:2c:d6:28:18:c4:32:21:71:b9:c1:
                    31:78:75:b4:6b:28:c3:bc:38:25:9d:4e:d5:a7:fb:
                    c1:68:96:63:88:81:fd:0c:0a:1d:05:12:5b:23:9f:
                    af:35:99:0b:b5:fe:fa:3e:2c:5a:1b:6e:29:22:0f:
                    8f:43:a1:f5:07:45:3c:9c:01:23:3e:14:ca:63:c5:
                    08:ef:2a:65:a6:ea:a8:09:98:35:85:ed:2d:37:87:
                    3a:33:5f:54:64:4c:ab:4c:bb:68:24:7c:d7:1a:7d:
                    cc:03:1b:10:83:30:38:e7:e2:e7:16:0b:9a:57:a0:
                    ff:58:98:5b:74:aa:4e:eb:39:fa:87:63:ee:cf:26:
                    2b:f8:b8:ff:8e:d7:2c:b4:d2:d2:4c:98:6a:61:56:
                    40:21:2a:8f:83:10:7f:2a:7a:70:db:59:e6:7c:1f:
                    f0:08:a5:43:5d:51:bb:7e:97:60:e4:32:6e:bc:82:
                    8f:96:52:ca:c9:2c:04:be:9e:4b:2c:99:c6:8f:fa:
                    c1:4f:ff:2c:0d:25:45:ad:50:99:7c:ce:93:7d:f2:
                    23:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:00:F8:31:1A:99:0A:9F:9C:E2:E1:6C:32:C5:A7:60:BD:3E:4B:30
            X509v3 Authority Key Identifier:
                keyid:9C:20:91:57:BF:78:9E:6B:BA:34:E0:DB:D3:EF:EC:D9:B2:0D:D0:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nCCRV794nmu6NODb0-_s2bIN0Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5489e6-3e33-4df2-90b8-116909e43824/1/DwD4MRqZCp-c4uFsMsWnYL0-SzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/5489e6-3e33-4df2-90b8-116909e43824/1/nCCRV794nmu6NODb0-_s2bIN0Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:51:bd:ff:cd:22:e7:2b:a5:e5:38:7a:19:69:b3:b7:06:46:
         de:ed:8b:43:ca:5f:fa:65:42:61:4f:77:aa:3f:25:aa:15:a0:
         86:72:53:b5:a3:88:15:35:9a:94:f2:e6:60:43:1d:1b:76:80:
         49:be:37:c0:8b:44:64:ec:62:79:25:19:b6:0d:19:52:14:a5:
         6b:41:30:db:6c:3a:cc:0f:e5:3a:a3:a5:d2:e5:f0:16:0e:49:
         32:05:22:cc:88:84:19:0b:32:32:1f:c6:b8:22:d0:01:8b:ad:
         77:ea:6c:e4:0d:4f:6d:5b:52:05:0b:94:fd:39:84:89:1d:f3:
         9b:ca:ab:47:fe:b9:06:f8:31:98:d9:79:b5:8b:64:6a:bd:79:
         d5:25:13:99:55:ea:cd:62:98:72:3f:94:21:49:a4:56:13:fd:
         f1:ae:96:f6:52:49:a6:45:6f:23:b3:4d:9c:ce:53:26:ea:9f:
         ac:be:81:86:d1:56:88:e6:d4:e0:3f:34:b4:f6:e4:c2:3e:db:
         7c:86:27:d5:74:20:d7:ae:57:90:96:6e:9b:cc:e8:04:2c:75:
         2f:1b:50:9c:36:c3:7d:21:21:63:90:99:74:0e:9d:56:ad:85:
         31:f0:43:a8:b8:d9:bd:31:ca:e8:15:9a:10:fe:e3:ff:24:a6:
         46:10:a0:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDYBHyoxBQaEXv4Q+RgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMjA5MTU3YmY3ODllNmJiYTM0ZTBkYmQzZWZlY2Q5YjIw
ZGQwNmIwHhcNMjUwMTAxMDE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjAwZjgzMTFhOTkwYTlmOWNlMmUxNmMzMmM1YTc2MGJkM2U0YjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/pVBuVCnTHAnmqJbFGXH3IbIad+
6jt6PM0o18EMXPqY0RgpjtVme3PUz+uyEzyUCizWKBjEMiFxucExeHW0ayjDvDgl
nU7Vp/vBaJZjiIH9DAodBRJbI5+vNZkLtf76PixaG24pIg+PQ6H1B0U8nAEjPhTK
Y8UI7yplpuqoCZg1he0tN4c6M19UZEyrTLtoJHzXGn3MAxsQgzA45+LnFguaV6D/
WJhbdKpO6zn6h2PuzyYr+Lj/jtcstNLSTJhqYVZAISqPgxB/Knpw21nmfB/wCKVD
XVG7fpdg5DJuvIKPllLKySwEvp5LLJnGj/rBT/8sDSVFrVCZfM6TffIjLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8A+DEamQqfnOLhbDLFp2C9PkswMB8GA1UdIwQY
MBaAFJwgkVe/eJ5rujTg29Pv7NmyDdBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkNDUlY3OTRubXU2Tk9EYjAtX3MyYklOMEdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi81NDg5ZTYtM2UzMy00ZGYyLTkwYjgt
MTE2OTA5ZTQzODI0LzEvRHdENE1ScVpDcC1jNHVGc01zV25ZTDAtU3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi81NDg5ZTYtM2UzMy00ZGYyLTkwYjgtMTE2OTA5ZTQzODI0
LzEvbkNDUlY3OTRubXU2Tk9EYjAtX3MyYklOMEdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWr4MA0G
CSqGSIb3DQEBCwUAA4IBAQCFUb3/zSLnK6XlOHoZabO3Bkbe7YtDyl/6ZUJhT3eq
PyWqFaCGclO1o4gVNZqU8uZgQx0bdoBJvjfAi0Rk7GJ5JRm2DRlSFKVrQTDbbDrM
D+U6o6XS5fAWDkkyBSLMiIQZCzIyH8a4ItABi6136mzkDU9tW1IFC5T9OYSJHfOb
yqtH/rkG+DGY2Xm1i2RqvXnVJROZVerNYphyP5QhSaRWE/3xrpb2UkmmRW8js02c
zlMm6p+svoGG0VaI5tTgPzS09uTCPtt8hifVdCDXrleQlm6bzOgELHUvG1CcNsN9
ISFjkJl0Dp1WrYUx8EOouNm9McroFZoQ/uP/JKZGEKB6
-----END CERTIFICATE-----