Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/agxYPLnYdjCRAQfydoFhcZumCgg.roa
File:                     agxYPLnYdjCRAQfydoFhcZumCgg.roa (raw, json)
Hash identifier:          NCy7EyPm/0lV8RywpILyDqtiIlQ48M258Jt/bjYI+0I=
Subject key identifier:   6A:0C:58:3C:B9:D8:76:30:91:01:07:F2:76:81:61:71:9B:A6:0A:08
Certificate issuer:       /CN=dd5f72f0facf52705727c039bdc1fbb7cc97d428
Certificate serial:       01941F8C6226837AD508DEE5FE1BF3AA2F9D
Authority key identifier: DD:5F:72:F0:FA:CF:52:70:57:27:C0:39:BD:C1:FB:B7:CC:97:D4:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/agxYPLnYdjCRAQfydoFhcZumCgg.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8937
IP address blocks:        193.141.183.0/24 maxlen: 24
                          193.141.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:62:26:83:7a:d5:08:de:e5:fe:1b:f3:aa:2f:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd5f72f0facf52705727c039bdc1fbb7cc97d428
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a0c583cb9d87630910107f2768161719ba60a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d7:15:2a:88:c3:7b:10:f4:ca:54:b4:4f:fe:
                    de:ab:ea:7d:e7:09:56:bc:46:b4:ed:e5:b8:dd:a4:
                    64:69:35:a4:f6:f2:34:d0:41:fc:16:83:c9:e8:bc:
                    e0:af:69:af:a3:13:90:04:14:8d:4d:b3:52:7c:d8:
                    66:e0:ce:84:5e:92:f4:d0:5d:80:d8:c3:72:a0:7b:
                    fb:af:d4:c6:d7:bd:7d:72:e5:0a:25:82:28:fd:4c:
                    ff:82:41:70:39:91:39:2b:0a:ca:52:69:f7:ad:e3:
                    8c:ef:44:c5:6a:9a:17:85:07:65:95:df:1c:88:82:
                    97:68:f1:cc:93:f0:1a:08:07:c5:c1:60:28:d9:2d:
                    67:06:10:da:ff:8b:75:0f:84:87:a7:98:1b:06:d4:
                    62:02:28:ae:ec:48:72:c3:b1:bd:75:53:3e:0b:f4:
                    01:a1:a2:78:a0:3a:9e:da:4a:f3:02:70:24:7a:63:
                    60:c5:17:c0:65:a8:f0:7e:36:17:23:11:02:1e:c6:
                    33:c4:6f:2f:38:30:a7:c1:f7:29:4e:48:b7:0d:65:
                    1a:bc:33:e0:b8:19:77:80:6e:03:37:7a:a7:3b:41:
                    50:55:07:86:81:c2:66:e5:b5:4b:13:6c:db:0a:04:
                    96:87:20:41:98:38:8b:04:fb:09:bd:48:f6:d6:4c:
                    95:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:0C:58:3C:B9:D8:76:30:91:01:07:F2:76:81:61:71:9B:A6:0A:08
            X509v3 Authority Key Identifier:
                keyid:DD:5F:72:F0:FA:CF:52:70:57:27:C0:39:BD:C1:FB:B7:CC:97:D4:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/agxYPLnYdjCRAQfydoFhcZumCgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/2f33ee-5590-4a22-b8e2-2880612705ee/1/3V9y8PrPUnBXJ8A5vcH7t8yX1Cg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.141.183.0/24
                  193.141.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:6c:25:5d:e5:21:81:31:e4:7b:bc:03:2d:69:63:23:ee:1d:
         fd:0b:2e:18:11:8a:83:9e:6d:b5:27:1a:2d:8a:12:2e:94:e0:
         cb:92:48:52:78:b1:e4:7e:0f:4c:42:8f:0a:af:40:2e:b0:40:
         45:f3:ca:d1:9f:7c:77:c7:c1:ce:9d:6c:5d:e6:18:5a:51:ff:
         7a:79:1f:f3:f4:58:3b:13:94:9f:0c:d4:97:9f:a3:19:cd:82:
         ce:f4:9e:67:bd:44:51:44:aa:9c:20:f6:c9:71:09:48:11:86:
         f6:08:43:98:ba:e7:9b:5d:c7:04:d9:de:bb:30:18:20:0f:64:
         c7:8f:45:33:99:40:70:e8:ec:30:cf:0f:32:94:cd:c4:79:f8:
         3c:cf:3b:be:25:72:d3:05:49:ec:c2:25:c0:8a:3d:7c:c8:1a:
         b0:39:6a:8a:0c:ce:35:7f:9e:07:e5:16:c3:80:2a:a3:85:72:
         ea:ca:cc:87:89:58:c9:47:79:36:87:76:53:9e:83:d6:3c:4f:
         57:48:84:a8:d2:f7:bb:57:07:71:b8:2c:2c:ae:8d:aa:de:f1:
         87:73:0d:65:b3:a9:b8:38:f9:7d:8e:3f:1e:05:66:c9:fd:26:
         9d:05:14:cb:8a:26:9e:9d:20:89:44:e7:64:e6:cc:c8:39:80:
         5b:cf:d7:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjGImg3rVCN7l/hvzqi+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNWY3MmYwZmFjZjUyNzA1NzI3YzAzOWJkYzFmYmI3Y2M5
N2Q0MjgwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTBjNTgzY2I5ZDg3NjMwOTEwMTA3ZjI3NjgxNjE3MTliYTYwYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstcVKojDexD0ylS0T/7eq+p95wlW
vEa07eW43aRkaTWk9vI00EH8FoPJ6Lzgr2mvoxOQBBSNTbNSfNhm4M6EXpL00F2A
2MNyoHv7r9TG1719cuUKJYIo/Uz/gkFwOZE5KwrKUmn3reOM70TFapoXhQdlld8c
iIKXaPHMk/AaCAfFwWAo2S1nBhDa/4t1D4SHp5gbBtRiAiiu7Ehyw7G9dVM+C/QB
oaJ4oDqe2krzAnAkemNgxRfAZajwfjYXIxECHsYzxG8vODCnwfcpTki3DWUavDPg
uBl3gG4DN3qnO0FQVQeGgcJm5bVLE2zbCgSWhyBBmDiLBPsJvUj21kyVtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGoMWDy52HYwkQEH8naBYXGbpgoIMB8GA1UdIwQY
MBaAFN1fcvD6z1JwVyfAOb3B+7fMl9QoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1Y5eThQclBVbkJYSjhBNXZjSDd0OHlYMUNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yZjMzZWUtNTU5MC00YTIyLWI4ZTIt
Mjg4MDYxMjcwNWVlLzEvYWd4WVBMbllkakNSQVFmeWRvRmhjWnVtQ2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yZjMzZWUtNTU5MC00YTIyLWI4ZTItMjg4MDYxMjcwNWVl
LzEvM1Y5eThQclBVbkJYSjhBNXZjSDd0OHlYMUNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwY23AwQA
wY28MA0GCSqGSIb3DQEBCwUAA4IBAQCXbCVd5SGBMeR7vAMtaWMj7h39Cy4YEYqD
nm21JxotihIulODLkkhSeLHkfg9MQo8Kr0AusEBF88rRn3x3x8HOnWxd5hhaUf96
eR/z9Fg7E5SfDNSXn6MZzYLO9J5nvURRRKqcIPbJcQlIEYb2CEOYuuebXccE2d67
MBggD2THj0UzmUBw6Owwzw8ylM3Eefg8zzu+JXLTBUnswiXAij18yBqwOWqKDM41
f54H5RbDgCqjhXLqysyHiVjJR3k2h3ZTnoPWPE9XSISo0ve7VwdxuCwsro2q3vGH
cw1ls6m4OPl9jj8eBWbJ/SadBRTLiiaenSCJROdk5szIOYBbz9du
-----END CERTIFICATE-----