Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/VWz0dchWUkZQVyP3JtuInNAFbyA.roa
File:                     VWz0dchWUkZQVyP3JtuInNAFbyA.roa (raw, json)
Hash identifier:          SqCoHwQT1RKZsrh/slkYf8DtZsXR49Lw8MbGV9Z0lJQ=
Subject key identifier:   55:6C:F4:75:C8:56:52:46:50:57:23:F7:26:DB:88:9C:D0:05:6F:20
Certificate issuer:       /CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
Certificate serial:       019421B226408F573C8DA74FACD3FCB91711
Authority key identifier: AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/VWz0dchWUkZQVyP3JtuInNAFbyA.roa
Signing time:             Wed 01 Jan 2025 11:48:30 +0000
ROA not before:           Wed 01 Jan 2025 11:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14576
IP address blocks:        193.200.12.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:26:40:8f:57:3c:8d:a7:4f:ac:d3:fc:b9:17:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ada25aafe3a9870e9524afa0265987ed5a5a4da3
        Validity
            Not Before: Jan  1 11:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=556cf475c8565246505723f726db889cd0056f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:90:ed:fa:0b:de:10:21:27:ae:83:2e:40:53:
                    10:95:46:99:a1:55:b6:33:bb:a7:c5:76:a4:fa:f3:
                    4d:b1:bb:5f:4a:31:1f:13:c0:fe:35:6e:91:f9:59:
                    34:22:f8:fd:93:fe:5c:33:d7:82:a2:3b:0c:56:64:
                    49:87:9b:45:63:a8:82:7d:26:03:66:9f:c0:e9:41:
                    aa:70:07:7a:01:89:49:11:52:f3:8a:12:fa:62:f2:
                    0d:9e:ac:10:ac:01:76:d0:32:08:06:f8:bf:6c:cc:
                    81:52:fa:b3:1a:5d:e3:c4:6b:df:20:94:0a:bd:93:
                    79:5f:66:61:0c:ef:3c:f2:31:a1:29:90:c6:be:33:
                    ab:80:1f:26:0e:e4:a7:01:19:97:77:61:f6:eb:c2:
                    e9:e2:7f:9e:46:77:b9:57:84:cf:4f:e0:e6:6b:a9:
                    0d:ed:94:9d:09:b9:2f:71:6a:91:6d:49:78:fd:76:
                    f6:45:ba:cd:81:42:17:65:c9:68:b4:7e:45:fb:b6:
                    94:e9:19:f6:f6:55:81:d6:cf:f1:51:61:c2:ed:50:
                    fb:63:67:02:ee:9e:77:4e:78:37:91:c4:f5:63:67:
                    a9:fe:1d:4a:52:91:46:2d:e3:5d:e5:20:6f:4f:c1:
                    07:c5:49:11:9d:6c:23:a5:8b:71:13:38:f6:f6:d0:
                    00:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:6C:F4:75:C8:56:52:46:50:57:23:F7:26:DB:88:9C:D0:05:6F:20
            X509v3 Authority Key Identifier:
                keyid:AD:A2:5A:AF:E3:A9:87:0E:95:24:AF:A0:26:59:87:ED:5A:5A:4D:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/raJar-Ophw6VJK-gJlmH7VpaTaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/VWz0dchWUkZQVyP3JtuInNAFbyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/810d24-acbe-4cb2-9ac5-9d5875d86373/1/raJar-Ophw6VJK-gJlmH7VpaTaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:3e:e4:08:2e:1e:9e:01:2c:c1:df:b8:cb:ad:fa:72:c0:a2:
         3c:76:6d:a8:7e:35:6f:c8:61:a5:7e:5f:23:90:00:73:04:a6:
         b7:f7:ab:e8:78:5a:a5:2f:04:41:9a:53:44:c9:57:84:a8:60:
         0a:b3:6b:51:f7:d0:33:8a:fe:38:fb:a1:49:78:c2:b6:f3:63:
         4a:4f:63:70:17:37:6d:e9:c0:f5:f9:cf:fe:fc:12:6c:75:61:
         48:d4:57:63:14:66:a2:20:93:f6:27:d9:ff:f5:95:ee:d6:20:
         ab:2d:8e:19:1f:62:f0:c0:cd:d3:da:fc:3f:01:36:23:d0:e9:
         97:f1:46:ac:70:d1:1c:9a:7a:83:d2:2c:ff:ac:23:e8:19:d4:
         be:7c:eb:a7:4c:94:c6:9b:d5:47:78:da:6b:1d:51:18:0c:9b:
         06:ae:8a:47:84:80:69:94:56:10:75:03:aa:74:c3:22:cd:28:
         69:a4:f4:f0:1e:ff:a3:97:65:91:26:50:89:fb:50:f4:17:a6:
         69:54:87:76:69:d7:21:70:28:2a:30:e2:ce:06:ce:cc:e5:0b:
         a1:b5:19:db:4d:98:e9:ed:f1:81:9c:fb:14:5b:1d:b9:fd:6c:
         c6:10:a0:e0:dc:9e:bb:83:95:03:db:ba:90:4e:95:d1:0f:29:
         ce:e0:cc:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsiZAj1c8jadPrNP8uRcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYTI1YWFmZTNhOTg3MGU5NTI0YWZhMDI2NTk4N2VkNWE1
YTRkYTMwHhcNMjUwMTAxMTE0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTZjZjQ3NWM4NTY1MjQ2NTA1NzIzZjcyNmRiODg5Y2QwMDU2ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZDt+gveECEnroMuQFMQlUaZoVW2
M7unxXak+vNNsbtfSjEfE8D+NW6R+Vk0Ivj9k/5cM9eCojsMVmRJh5tFY6iCfSYD
Zp/A6UGqcAd6AYlJEVLzihL6YvINnqwQrAF20DIIBvi/bMyBUvqzGl3jxGvfIJQK
vZN5X2ZhDO888jGhKZDGvjOrgB8mDuSnARmXd2H268Lp4n+eRne5V4TPT+Dma6kN
7ZSdCbkvcWqRbUl4/Xb2RbrNgUIXZclotH5F+7aU6Rn29lWB1s/xUWHC7VD7Y2cC
7p53Tng3kcT1Y2ep/h1KUpFGLeNd5SBvT8EHxUkRnWwjpYtxEzj29tAAqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVs9HXIVlJGUFcj9ybbiJzQBW8gMB8GA1UdIwQY
MBaAFK2iWq/jqYcOlSSvoCZZh+1aWk2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUt
OWQ1ODc1ZDg2MzczLzEvVld6MGRjaFdVa1pRVnlQM0p0dUluTkFGYnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MTBkMjQtYWNiZS00Y2IyLTlhYzUtOWQ1ODc1ZDg2Mzcz
LzEvcmFKYXItT3BodzZWSkstZ0psbUg3VnBhVGFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcgMMA0G
CSqGSIb3DQEBCwUAA4IBAQBrPuQILh6eASzB37jLrfpywKI8dm2ofjVvyGGlfl8j
kABzBKa396voeFqlLwRBmlNEyVeEqGAKs2tR99Aziv44+6FJeMK282NKT2NwFzdt
6cD1+c/+/BJsdWFI1FdjFGaiIJP2J9n/9ZXu1iCrLY4ZH2LwwM3T2vw/ATYj0OmX
8UascNEcmnqD0iz/rCPoGdS+fOunTJTGm9VHeNprHVEYDJsGropHhIBplFYQdQOq
dMMizShppPTwHv+jl2WRJlCJ+1D0F6ZpVId2adchcCgqMOLOBs7M5QuhtRnbTZjp
7fGBnPsUWx25/WzGEKDg3J67g5UD27qQTpXRDynO4Myt
-----END CERTIFICATE-----