Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/375522-b695-431b-8d49-66b434fdf9ae/1/CgAYwcYqjGUwI5cuY-inYF9ViL4.roa
File:                     CgAYwcYqjGUwI5cuY-inYF9ViL4.roa (raw, json)
Hash identifier:          DG9lxho2Qdp+1bj1jPdlMwaM6onKyvGHv7zkZeOCV70=
Subject key identifier:   0A:00:18:C1:C6:2A:8C:65:30:23:97:2E:63:E8:A7:60:5F:55:88:BE
Certificate issuer:       /CN=2802b5b025cf4ea13395fc57b5a4d6898e7332cf
Certificate serial:       0194206814882A159D7C2FFF963DEB0479E8
Authority key identifier: 28:02:B5:B0:25:CF:4E:A1:33:95:FC:57:B5:A4:D6:89:8E:73:32:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KAK1sCXPTqEzlfxXtaTWiY5zMs8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/375522-b695-431b-8d49-66b434fdf9ae/1/CgAYwcYqjGUwI5cuY-inYF9ViL4.roa
Signing time:             Wed 01 Jan 2025 05:47:59 +0000
ROA not before:           Wed 01 Jan 2025 05:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48152
IP address blocks:        193.200.218.0/24 maxlen: 24
                          2001:678:878::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/375522-b695-431b-8d49-66b434fdf9ae/1/KAK1sCXPTqEzlfxXtaTWiY5zMs8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/375522-b695-431b-8d49-66b434fdf9ae/1/KAK1sCXPTqEzlfxXtaTWiY5zMs8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KAK1sCXPTqEzlfxXtaTWiY5zMs8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:14:88:2a:15:9d:7c:2f:ff:96:3d:eb:04:79:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2802b5b025cf4ea13395fc57b5a4d6898e7332cf
        Validity
            Not Before: Jan  1 05:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a0018c1c62a8c653023972e63e8a7605f5588be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0b:ac:39:6d:85:e2:b0:4b:97:47:29:c7:ea:
                    36:ee:f7:4e:7e:87:d3:42:b0:07:86:dc:b3:f4:5e:
                    70:63:4b:db:70:56:52:5b:4b:82:37:8d:09:6d:63:
                    ee:24:19:ad:67:ae:26:ee:d6:eb:be:b2:1f:c5:21:
                    3b:a8:1e:b5:a3:5a:5b:a3:ca:9d:f1:8d:62:95:23:
                    60:a0:ba:84:4b:95:a6:fc:22:be:f5:ea:19:0b:9b:
                    5d:f9:49:fd:49:f8:b4:c1:d1:88:66:1a:bb:cf:be:
                    7b:e7:8a:99:f9:43:a8:dc:74:bd:db:c1:f7:cf:80:
                    91:39:eb:4a:df:ba:8a:f6:cd:dc:22:65:66:7a:be:
                    f5:7c:68:20:ff:72:5c:b7:ba:02:da:6e:56:01:ac:
                    07:4b:55:ee:40:a4:dd:d7:63:9e:f1:58:6d:42:8a:
                    cb:0d:43:a9:b3:69:bd:99:9b:0d:3a:28:ce:c0:0a:
                    6e:2f:0e:97:ef:ea:10:b7:19:0b:8b:d6:37:e3:15:
                    25:b3:72:3b:dd:75:fb:7e:ab:02:92:a0:62:a8:b9:
                    2f:ea:f8:cf:76:b7:15:f3:ae:a8:01:55:95:e9:9a:
                    ca:bd:bd:2a:9f:9d:fc:46:41:00:d3:45:90:e5:37:
                    a4:2a:33:d8:ba:52:cb:c1:ea:dd:39:21:66:2f:c2:
                    48:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:00:18:C1:C6:2A:8C:65:30:23:97:2E:63:E8:A7:60:5F:55:88:BE
            X509v3 Authority Key Identifier:
                keyid:28:02:B5:B0:25:CF:4E:A1:33:95:FC:57:B5:A4:D6:89:8E:73:32:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KAK1sCXPTqEzlfxXtaTWiY5zMs8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/375522-b695-431b-8d49-66b434fdf9ae/1/CgAYwcYqjGUwI5cuY-inYF9ViL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/375522-b695-431b-8d49-66b434fdf9ae/1/KAK1sCXPTqEzlfxXtaTWiY5zMs8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.218.0/24
                IPv6:
                  2001:678:878::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:49:52:9b:55:d5:3d:27:b9:ea:ec:7d:5f:41:1c:c6:ff:b3:
         b1:10:25:61:0d:d6:78:14:35:bb:10:62:fc:75:cb:cb:64:ff:
         eb:e8:7f:de:61:aa:ae:df:fe:9a:5b:9c:13:9f:f1:55:5d:1f:
         d2:71:fa:d6:36:d3:d3:e6:be:15:25:10:47:94:66:8e:aa:66:
         5b:40:6c:2c:a3:b0:f3:7f:45:a2:09:da:d8:72:7d:8a:b3:78:
         c5:6e:d6:ee:61:0c:18:b5:5a:e1:da:6b:08:8b:f2:c9:f3:43:
         e1:0b:89:68:a9:e5:a3:75:f6:a7:0f:c2:0f:c2:af:e1:d3:d0:
         f5:e6:c3:e6:10:dc:9e:07:4e:12:38:5e:0c:f3:bd:36:f7:a5:
         c6:1f:21:f9:cf:27:1a:34:dc:95:9e:cb:80:dc:03:5f:8d:79:
         cf:d1:3a:3b:d9:6d:9d:b5:c0:8c:6c:7a:44:e6:6a:e6:96:73:
         42:ac:0a:cf:62:a4:50:67:5e:e3:fd:8f:5d:cc:42:26:d2:e0:
         31:98:5d:19:e7:19:d7:5c:ad:bb:95:8c:75:5f:04:b3:f0:6c:
         0d:fb:18:3b:ac:a0:7d:18:06:75:d7:ca:c3:5b:d5:68:66:0c:
         15:84:a9:5f:03:44:b1:10:a6:5b:09:58:d5:63:ba:a8:9c:c0:
         c9:c6:58:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQgaBSIKhWdfC//lj3rBHnoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MDJiNWIwMjVjZjRlYTEzMzk1ZmM1N2I1YTRkNjg5OGU3
MzMyY2YwHhcNMjUwMTAxMDU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTAwMThjMWM2MmE4YzY1MzAyMzk3MmU2M2U4YTc2MDVmNTU4OGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwusOW2F4rBLl0cpx+o27vdOfofT
QrAHhtyz9F5wY0vbcFZSW0uCN40JbWPuJBmtZ64m7tbrvrIfxSE7qB61o1pbo8qd
8Y1ilSNgoLqES5Wm/CK+9eoZC5td+Un9Sfi0wdGIZhq7z75754qZ+UOo3HS928H3
z4CROetK37qK9s3cImVmer71fGgg/3Jct7oC2m5WAawHS1XuQKTd12Oe8VhtQorL
DUOps2m9mZsNOijOwApuLw6X7+oQtxkLi9Y34xUls3I73XX7fqsCkqBiqLkv6vjP
drcV866oAVWV6ZrKvb0qn538RkEA00WQ5TekKjPYulLLwerdOSFmL8JIhQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAoAGMHGKoxlMCOXLmPop2BfVYi+MB8GA1UdIwQY
MBaAFCgCtbAlz06hM5X8V7Wk1omOczLPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0FLMXNDWFBUcUV6bGZ4WHRhVFdpWTV6TXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8zNzU1MjItYjY5NS00MzFiLThkNDkt
NjZiNDM0ZmRmOWFlLzEvQ2dBWXdjWXFqR1V3STVjdVktaW5ZRjlWaUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8zNzU1MjItYjY5NS00MzFiLThkNDktNjZiNDM0ZmRmOWFl
LzEvS0FLMXNDWFBUcUV6bGZ4WHRhVFdpWTV6TXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwcjaMA8E
AgACMAkDBwAgAQZ4CHgwDQYJKoZIhvcNAQELBQADggEBAGFJUptV1T0nuersfV9B
HMb/s7EQJWEN1ngUNbsQYvx1y8tk/+vof95hqq7f/ppbnBOf8VVdH9Jx+tY209Pm
vhUlEEeUZo6qZltAbCyjsPN/RaIJ2thyfYqzeMVu1u5hDBi1WuHaawiL8snzQ+EL
iWip5aN19qcPwg/Cr+HT0PXmw+YQ3J4HThI4XgzzvTb3pcYfIfnPJxo03JWey4Dc
A1+Nec/ROjvZbZ21wIxsekTmauaWc0KsCs9ipFBnXuP9j13MQibS4DGYXRnnGddc
rbuVjHVfBLPwbA37GDusoH0YBnXXysNb1WhmDBWEqV8DRLEQplsJWNVjuqicwMnG
WHU=
-----END CERTIFICATE-----