Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/C33BZCX_X-mzpFdxsMcXGwD_-ks.roa
File:                     C33BZCX_X-mzpFdxsMcXGwD_-ks.roa (raw, json)
Hash identifier:          nqs+WqN2Bv6LbuITmyRTtZQmI/Kyd3p+GZvTyBfFYQQ=
Subject key identifier:   0B:7D:C1:64:25:FF:5F:E9:B3:A4:57:71:B0:C7:17:1B:00:FF:FA:4B
Certificate issuer:       /CN=71f5e9ea88305f7d316a12a1d49db0e9fb896ce1
Certificate serial:       01900D207CAC168D2D89D0CC459C398B325D
Authority key identifier: 71:F5:E9:EA:88:30:5F:7D:31:6A:12:A1:D4:9D:B0:E9:FB:89:6C:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cfXp6ogwX30xahKh1J2w6fuJbOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/C33BZCX_X-mzpFdxsMcXGwD_-ks.roa
Signing time:             Wed 12 Jun 2024 15:45:51 +0000
ROA not before:           Wed 12 Jun 2024 15:45:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201647
IP address blocks:        193.57.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/cfXp6ogwX30xahKh1J2w6fuJbOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/cfXp6ogwX30xahKh1J2w6fuJbOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cfXp6ogwX30xahKh1J2w6fuJbOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0d:20:7c:ac:16:8d:2d:89:d0:cc:45:9c:39:8b:32:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71f5e9ea88305f7d316a12a1d49db0e9fb896ce1
        Validity
            Not Before: Jun 12 15:45:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b7dc16425ff5fe9b3a45771b0c7171b00fffa4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:51:43:d4:79:a1:52:47:5c:c7:43:50:cb:34:
                    c4:9d:7c:6b:cf:af:d0:0b:ae:2f:77:02:11:58:cb:
                    be:4c:5d:d6:61:4b:40:9c:38:4b:33:8c:10:53:91:
                    7e:d7:db:9a:fb:c0:48:14:8b:0b:60:8a:ce:ba:60:
                    3e:c3:9c:61:e3:64:2e:27:be:84:2c:63:a4:8c:51:
                    79:a2:8f:44:97:19:d7:cb:12:49:8b:d0:74:f7:e7:
                    c5:a4:5c:15:f7:25:18:3f:2c:85:06:a4:21:4d:4e:
                    8c:ea:c9:82:93:92:60:00:5b:35:71:82:22:46:ed:
                    7c:5d:62:02:4b:fd:99:ce:a3:dc:2c:29:99:af:01:
                    ca:74:53:d6:56:5c:b1:56:13:02:d9:9a:3b:9f:4d:
                    80:f3:85:7e:e3:17:ec:d9:47:4f:01:a0:86:af:ca:
                    37:3d:ba:bd:8b:76:22:8f:60:9d:ed:2c:f2:60:4f:
                    ee:03:42:0d:85:0b:8b:31:63:8b:ee:95:9c:28:79:
                    84:ea:e5:17:1d:02:ff:07:46:cb:8f:a3:6f:c4:94:
                    33:90:b2:52:d2:53:90:59:80:b1:8f:02:3e:47:32:
                    bc:c2:46:a3:08:e5:2c:7d:47:e6:28:95:19:27:a6:
                    28:46:c4:f5:b9:fa:82:55:69:86:de:39:62:76:61:
                    39:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7D:C1:64:25:FF:5F:E9:B3:A4:57:71:B0:C7:17:1B:00:FF:FA:4B
            X509v3 Authority Key Identifier:
                keyid:71:F5:E9:EA:88:30:5F:7D:31:6A:12:A1:D4:9D:B0:E9:FB:89:6C:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cfXp6ogwX30xahKh1J2w6fuJbOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/C33BZCX_X-mzpFdxsMcXGwD_-ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/749346-b08f-4931-8d4a-0538a3a14dfd/1/cfXp6ogwX30xahKh1J2w6fuJbOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ef:9f:2b:a9:e1:13:18:d0:c7:c5:0c:9b:3e:c5:d7:05:53:
         2b:01:c3:3c:a3:d0:00:c0:1d:98:7a:00:61:41:9e:95:98:42:
         c9:ed:ef:52:c7:2d:17:cc:60:48:63:f1:43:19:8b:8f:72:33:
         c7:b4:28:1b:b1:76:15:a3:1d:4b:dd:7a:63:2a:25:c0:cb:9e:
         cf:f0:dd:33:ec:98:0d:bc:e7:5a:42:59:09:5f:18:ae:44:cd:
         13:2a:ca:d3:0b:9b:77:11:da:3f:87:34:0f:fb:83:c8:ce:b9:
         99:a1:b1:37:9d:0d:41:eb:3c:41:4f:3b:77:c1:0c:5e:26:b8:
         f5:d0:1d:4b:4b:9b:bb:80:ab:00:d1:22:ec:6b:ca:9e:8a:a6:
         2c:e8:90:af:78:0d:3d:a1:70:99:2b:7b:08:a4:b0:88:73:62:
         ce:98:40:5f:21:0e:4b:d8:68:9d:23:36:1a:d6:bd:65:6b:d1:
         2e:af:ea:88:93:aa:15:76:c3:e2:39:6e:ce:bb:8f:a3:e8:46:
         16:79:01:8c:dd:95:46:26:ac:d3:ed:67:66:5d:f7:15:25:65:
         41:08:6e:fd:ed:a6:24:61:83:32:63:3d:95:3b:8b:1d:99:6c:
         0f:be:57:e4:96:65:e6:d7:26:ed:f0:a0:66:71:bb:c4:45:54:
         ca:a7:fc:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZANIHysFo0tidDMRZw5izJdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxZjVlOWVhODgzMDVmN2QzMTZhMTJhMWQ0OWRiMGU5ZmI4
OTZjZTEwHhcNMjQwNjEyMTU0NTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjdkYzE2NDI1ZmY1ZmU5YjNhNDU3NzFiMGM3MTcxYjAwZmZmYTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFFD1HmhUkdcx0NQyzTEnXxrz6/Q
C64vdwIRWMu+TF3WYUtAnDhLM4wQU5F+19ua+8BIFIsLYIrOumA+w5xh42QuJ76E
LGOkjFF5oo9ElxnXyxJJi9B09+fFpFwV9yUYPyyFBqQhTU6M6smCk5JgAFs1cYIi
Ru18XWICS/2ZzqPcLCmZrwHKdFPWVlyxVhMC2Zo7n02A84V+4xfs2UdPAaCGr8o3
Pbq9i3Yij2Cd7SzyYE/uA0INhQuLMWOL7pWcKHmE6uUXHQL/B0bLj6NvxJQzkLJS
0lOQWYCxjwI+RzK8wkajCOUsfUfmKJUZJ6YoRsT1ufqCVWmG3jlidmE51wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAt9wWQl/1/ps6RXcbDHFxsA//pLMB8GA1UdIwQY
MBaAFHH16eqIMF99MWoSodSdsOn7iWzhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2ZYcDZvZ3dYMzB4YWhLaDFKMnc2ZnVKYk9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83NDkzNDYtYjA4Zi00OTMxLThkNGEt
MDUzOGEzYTE0ZGZkLzEvQzMzQlpDWF9YLW16cEZkeHNNY1hHd0RfLWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83NDkzNDYtYjA4Zi00OTMxLThkNGEtMDUzOGEzYTE0ZGZk
LzEvY2ZYcDZvZ3dYMzB4YWhLaDFKMnc2ZnVKYk9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTlCMA0G
CSqGSIb3DQEBCwUAA4IBAQCK758rqeETGNDHxQybPsXXBVMrAcM8o9AAwB2YegBh
QZ6VmELJ7e9Sxy0XzGBIY/FDGYuPcjPHtCgbsXYVox1L3XpjKiXAy57P8N0z7JgN
vOdaQlkJXxiuRM0TKsrTC5t3Edo/hzQP+4PIzrmZobE3nQ1B6zxBTzt3wQxeJrj1
0B1LS5u7gKsA0SLsa8qeiqYs6JCveA09oXCZK3sIpLCIc2LOmEBfIQ5L2GidIzYa
1r1la9Eur+qIk6oVdsPiOW7Ou4+j6EYWeQGM3ZVGJqzT7WdmXfcVJWVBCG797aYk
YYMyYz2VO4sdmWwPvlfklmXm1ybt8KBmcbvERVTKp/wL
-----END CERTIFICATE-----