Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/5czF8Od9k1lGzWbwlN6JD9EQv3o.roa
File:                     5czF8Od9k1lGzWbwlN6JD9EQv3o.roa (raw, json)
Hash identifier:          xQiXSp/PKEr54Bt774G49z92F24A1eFshYT3vR6Fw2c=
Subject key identifier:   E5:CC:C5:F0:E7:7D:93:59:46:CD:66:F0:94:DE:89:0F:D1:10:BF:7A
Certificate issuer:       /CN=b692454c16696486cf071ed18e7976e3404909fb
Certificate serial:       019424B324D277275667C02686264E7F0F62
Authority key identifier: B6:92:45:4C:16:69:64:86:CF:07:1E:D1:8E:79:76:E3:40:49:09:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tpJFTBZpZIbPBx7Rjnl240BJCfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/5czF8Od9k1lGzWbwlN6JD9EQv3o.roa
Signing time:             Thu 02 Jan 2025 01:48:27 +0000
ROA not before:           Thu 02 Jan 2025 01:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12350
IP address blocks:        193.41.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/tpJFTBZpZIbPBx7Rjnl240BJCfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/tpJFTBZpZIbPBx7Rjnl240BJCfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tpJFTBZpZIbPBx7Rjnl240BJCfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:24:d2:77:27:56:67:c0:26:86:26:4e:7f:0f:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b692454c16696486cf071ed18e7976e3404909fb
        Validity
            Not Before: Jan  2 01:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5ccc5f0e77d935946cd66f094de890fd110bf7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a8:cc:36:64:6c:26:0c:c8:2b:dd:92:72:1d:
                    5f:8a:21:3e:f5:32:0b:c1:ad:37:02:78:4f:5c:12:
                    9c:1e:d5:da:99:60:f6:aa:bc:ed:7a:7f:96:f0:a2:
                    22:71:c8:a8:b1:55:25:27:7b:35:5d:71:6a:5d:5d:
                    e6:b1:29:b7:b8:7c:f0:04:2d:11:27:07:c7:21:d2:
                    d9:aa:c3:24:b1:ea:3b:31:52:f2:66:05:78:db:27:
                    b6:bc:3c:96:43:e0:91:c2:91:4e:9a:51:b1:8e:47:
                    df:fa:c9:ac:dd:36:8b:c6:3e:e1:d7:82:e4:76:b0:
                    52:3e:e3:72:d3:f3:ce:22:45:5a:e7:a8:72:6f:73:
                    f8:7c:61:d4:e0:b3:81:61:1b:5b:0c:05:cf:08:0f:
                    e4:76:4b:b0:0f:5e:41:23:d1:9d:cb:fd:3c:c0:bb:
                    1d:44:83:f7:e2:f1:38:fa:7e:a7:6e:2b:47:97:34:
                    4b:65:4a:5a:78:85:88:66:85:31:6c:66:1d:10:e7:
                    8b:4d:49:9b:fe:28:ee:43:fb:c4:1a:d9:8e:e2:7b:
                    0a:52:ba:3f:31:ec:89:31:27:61:c6:be:9a:fd:06:
                    a5:1a:de:6c:e0:3e:05:f5:8a:3c:45:94:a7:3a:48:
                    ba:83:53:e5:f1:01:a7:b2:4d:c9:e1:93:aa:46:c0:
                    10:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:CC:C5:F0:E7:7D:93:59:46:CD:66:F0:94:DE:89:0F:D1:10:BF:7A
            X509v3 Authority Key Identifier:
                keyid:B6:92:45:4C:16:69:64:86:CF:07:1E:D1:8E:79:76:E3:40:49:09:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tpJFTBZpZIbPBx7Rjnl240BJCfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/5czF8Od9k1lGzWbwlN6JD9EQv3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/bd173d-6cf5-4250-aa26-4a6f717c7564/1/tpJFTBZpZIbPBx7Rjnl240BJCfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e5:d2:0f:31:26:35:4d:8f:5f:89:08:03:73:d1:d3:29:e4:
         68:9d:b6:15:dc:ea:5e:f3:a8:d1:ef:7a:db:20:1c:37:b0:02:
         6b:c7:81:35:fa:6e:19:1f:65:8d:48:05:79:48:29:e3:e8:41:
         6e:c6:24:e2:30:bf:77:53:df:01:a7:a0:ec:cd:8e:b3:3b:b0:
         5d:0d:4e:a1:25:c8:90:89:9b:9b:12:b1:ba:66:0b:b6:e5:5f:
         ff:72:89:23:72:89:45:62:dc:78:76:6c:b8:b3:94:55:0b:fb:
         48:d9:5d:2a:ef:a2:23:9c:b8:99:42:7e:98:83:90:3b:7a:12:
         f1:21:a3:76:4a:d0:99:3b:93:06:75:1f:95:70:bf:40:a7:de:
         7d:43:0d:b4:66:b6:97:95:94:3a:0c:e4:11:46:f1:39:b9:7d:
         9b:42:60:b0:b8:ee:18:b3:c5:9f:ac:32:3b:b2:46:80:e8:38:
         ef:ff:df:ac:cf:dd:ac:5a:bf:46:fb:13:4b:59:b8:bc:9d:0a:
         34:79:44:28:3c:45:f9:5e:6b:2c:81:d5:40:1d:c2:42:a2:35:
         aa:0d:b3:90:f1:1b:17:ae:df:b4:07:be:02:b6:6d:49:1d:d6:
         be:c1:a4:a4:87:87:0b:a5:70:f5:7b:34:0b:8d:32:fb:08:01:
         cd:93:ff:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksyTSdydWZ8AmhiZOfw9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OTI0NTRjMTY2OTY0ODZjZjA3MWVkMThlNzk3NmUzNDA0
OTA5ZmIwHhcNMjUwMTAyMDE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNjYzVmMGU3N2Q5MzU5NDZjZDY2ZjA5NGRlODkwZmQxMTBiZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKjMNmRsJgzIK92Sch1fiiE+9TIL
wa03AnhPXBKcHtXamWD2qrzten+W8KIicciosVUlJ3s1XXFqXV3msSm3uHzwBC0R
JwfHIdLZqsMkseo7MVLyZgV42ye2vDyWQ+CRwpFOmlGxjkff+sms3TaLxj7h14Lk
drBSPuNy0/POIkVa56hyb3P4fGHU4LOBYRtbDAXPCA/kdkuwD15BI9Gdy/08wLsd
RIP34vE4+n6nbitHlzRLZUpaeIWIZoUxbGYdEOeLTUmb/ijuQ/vEGtmO4nsKUro/
MeyJMSdhxr6a/QalGt5s4D4F9Yo8RZSnOki6g1Pl8QGnsk3J4ZOqRsAQ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXMxfDnfZNZRs1m8JTeiQ/REL96MB8GA1UdIwQY
MBaAFLaSRUwWaWSGzwce0Y55duNASQn7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHBKRlRCWnBaSWJQQng3UmpubDI0MEJKQ2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9iZDE3M2QtNmNmNS00MjUwLWFhMjYt
NGE2ZjcxN2M3NTY0LzEvNWN6RjhPZDlrMWxHeldid2xONkpEOUVRdjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9iZDE3M2QtNmNmNS00MjUwLWFhMjYtNGE2ZjcxN2M3NTY0
LzEvdHBKRlRCWnBaSWJQQng3UmpubDI0MEJKQ2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSnBMA0G
CSqGSIb3DQEBCwUAA4IBAQAn5dIPMSY1TY9fiQgDc9HTKeRonbYV3Ope86jR73rb
IBw3sAJrx4E1+m4ZH2WNSAV5SCnj6EFuxiTiML93U98Bp6DszY6zO7BdDU6hJciQ
iZubErG6Zgu25V//cokjcolFYtx4dmy4s5RVC/tI2V0q76IjnLiZQn6Yg5A7ehLx
IaN2StCZO5MGdR+VcL9Ap959Qw20ZraXlZQ6DOQRRvE5uX2bQmCwuO4Ys8WfrDI7
skaA6Djv/9+sz92sWr9G+xNLWbi8nQo0eUQoPEX5XmssgdVAHcJCojWqDbOQ8RsX
rt+0B74Ctm1JHda+waSkh4cLpXD1ezQLjTL7CAHNk/+I
-----END CERTIFICATE-----