Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/avz1C0F6AMtca4Jk8pkbgzEJLN8.roa
File:                     avz1C0F6AMtca4Jk8pkbgzEJLN8.roa (raw, json)
Hash identifier:          ADspRghw06xkDcKSrVQ1jSLJvsNT1skZ/kqfKOoRUM4=
Subject key identifier:   6A:FC:F5:0B:41:7A:00:CB:5C:6B:82:64:F2:99:1B:83:31:09:2C:DF
Certificate issuer:       /CN=1e08a59ed98f59a0ea0e6c4379c30f5bd5f20821
Certificate serial:       0194221FB8E2CDD3935D682F890137BF2E39
Authority key identifier: 1E:08:A5:9E:D9:8F:59:A0:EA:0E:6C:43:79:C3:0F:5B:D5:F2:08:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HgilntmPWaDqDmxDecMPW9XyCCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/avz1C0F6AMtca4Jk8pkbgzEJLN8.roa
Signing time:             Wed 01 Jan 2025 13:48:11 +0000
ROA not before:           Wed 01 Jan 2025 13:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34968
IP address blocks:        193.169.26.0/23 maxlen: 23
                          193.169.92.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/HgilntmPWaDqDmxDecMPW9XyCCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/HgilntmPWaDqDmxDecMPW9XyCCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HgilntmPWaDqDmxDecMPW9XyCCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b8:e2:cd:d3:93:5d:68:2f:89:01:37:bf:2e:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e08a59ed98f59a0ea0e6c4379c30f5bd5f20821
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6afcf50b417a00cb5c6b8264f2991b8331092cdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a3:72:d9:63:16:75:51:3a:b0:2d:d8:77:81:
                    49:6e:fd:23:57:ba:37:13:08:b4:6a:34:b5:fe:5b:
                    74:13:b0:8a:ed:83:31:fb:c8:e2:86:63:8a:19:3d:
                    98:02:39:5a:cc:15:c9:a1:87:ad:21:e1:7d:2d:cb:
                    83:a6:fb:af:00:f8:fc:3b:fd:1c:f1:43:98:af:2e:
                    37:91:26:52:54:a9:c2:29:ba:eb:35:16:b1:0e:36:
                    9f:e3:77:65:be:ec:84:9c:f4:d8:1b:3e:43:bc:15:
                    7e:6d:d1:7a:71:e4:21:3a:b4:b3:72:d7:8e:e1:55:
                    22:6d:8a:a2:61:8a:25:5d:26:3a:f5:60:f2:c7:a7:
                    54:fd:f0:5d:a6:88:da:17:45:b6:27:1d:3b:7f:11:
                    02:d8:0b:56:bb:d6:89:f8:b1:05:5f:64:cc:5a:45:
                    70:5a:19:ce:95:e4:5c:00:27:9a:82:a2:b7:af:c8:
                    63:3a:88:a8:3f:97:b7:ac:40:6c:a4:35:e5:37:35:
                    b4:03:d3:4e:90:08:db:28:db:2a:4b:49:bf:2b:43:
                    ec:58:0e:f5:87:ff:8c:06:33:31:b6:6c:1c:c7:f4:
                    42:2e:a9:99:0b:f1:75:29:b3:49:45:1c:95:e6:2b:
                    1e:fd:34:d1:ae:0c:d2:88:f4:41:83:55:9b:ae:c2:
                    42:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FC:F5:0B:41:7A:00:CB:5C:6B:82:64:F2:99:1B:83:31:09:2C:DF
            X509v3 Authority Key Identifier:
                keyid:1E:08:A5:9E:D9:8F:59:A0:EA:0E:6C:43:79:C3:0F:5B:D5:F2:08:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HgilntmPWaDqDmxDecMPW9XyCCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/avz1C0F6AMtca4Jk8pkbgzEJLN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5e2f4b-429f-4327-b747-1f4073ba436f/1/HgilntmPWaDqDmxDecMPW9XyCCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.26.0/23
                  193.169.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:c0:45:4a:54:3f:d7:6f:b7:90:85:bf:f7:5e:03:de:e7:5c:
         df:c6:78:f2:ed:a6:2a:96:53:ef:d3:3e:d0:b0:1a:3e:1f:22:
         c0:c9:0b:71:7d:48:3f:1d:76:a2:de:f4:c8:96:c0:61:12:26:
         2b:78:73:34:d2:d7:91:73:a4:44:11:e5:c2:ff:52:da:a0:6b:
         4e:3b:78:e5:88:03:0b:71:48:d0:48:ab:9a:02:e9:20:83:16:
         e0:86:ab:c8:c2:04:bb:4e:9f:1d:5b:fb:6d:9b:a4:4d:7e:89:
         db:b8:61:67:7e:f9:8f:58:8e:e5:7a:c2:be:55:e5:e2:62:69:
         e4:8d:8f:7b:83:66:dd:ce:e5:fa:21:74:42:f9:49:a3:a7:28:
         ce:0d:15:a9:2b:7a:f3:7f:41:c8:68:0e:d2:60:f5:4e:52:f9:
         6d:c1:6e:e4:26:6e:61:54:28:ab:c4:5a:7d:58:a2:91:38:a6:
         2e:a3:98:34:ca:c3:6d:51:6d:0f:c3:e9:41:43:6b:7a:c7:02:
         3e:b5:b2:26:b3:24:ca:7b:b7:d6:9b:23:00:51:84:01:ed:7d:
         a6:6d:12:9a:cc:0a:98:88:55:8b:1f:11:04:8c:e6:5e:64:b6:
         01:35:ff:06:7f:70:60:be:db:3b:93:b8:c6:e7:5a:1e:26:c5:
         1c:7c:49:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH7jizdOTXWgviQE3vy45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMDhhNTllZDk4ZjU5YTBlYTBlNmM0Mzc5YzMwZjViZDVm
MjA4MjEwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWZjZjUwYjQxN2EwMGNiNWM2YjgyNjRmMjk5MWI4MzMxMDkyY2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaNy2WMWdVE6sC3Yd4FJbv0jV7o3
Ewi0ajS1/lt0E7CK7YMx+8jihmOKGT2YAjlazBXJoYetIeF9LcuDpvuvAPj8O/0c
8UOYry43kSZSVKnCKbrrNRaxDjaf43dlvuyEnPTYGz5DvBV+bdF6ceQhOrSzcteO
4VUibYqiYYolXSY69WDyx6dU/fBdpojaF0W2Jx07fxEC2AtWu9aJ+LEFX2TMWkVw
WhnOleRcACeagqK3r8hjOoioP5e3rEBspDXlNzW0A9NOkAjbKNsqS0m/K0PsWA71
h/+MBjMxtmwcx/RCLqmZC/F1KbNJRRyV5ise/TTRrgzSiPRBg1WbrsJC+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGr89QtBegDLXGuCZPKZG4MxCSzfMB8GA1UdIwQY
MBaAFB4IpZ7Zj1mg6g5sQ3nDD1vV8gghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGdpbG50bVBXYURxRG14RGVjTVBXOVh5Q0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81ZTJmNGItNDI5Zi00MzI3LWI3NDct
MWY0MDczYmE0MzZmLzEvYXZ6MUMwRjZBTXRjYTRKazhwa2JnekVKTE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81ZTJmNGItNDI5Zi00MzI3LWI3NDctMWY0MDczYmE0MzZm
LzEvSGdpbG50bVBXYURxRG14RGVjTVBXOVh5Q0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwakaAwQB
walcMA0GCSqGSIb3DQEBCwUAA4IBAQAewEVKVD/Xb7eQhb/3XgPe51zfxnjy7aYq
llPv0z7QsBo+HyLAyQtxfUg/HXai3vTIlsBhEiYreHM00teRc6REEeXC/1LaoGtO
O3jliAMLcUjQSKuaAukggxbghqvIwgS7Tp8dW/ttm6RNfonbuGFnfvmPWI7lesK+
VeXiYmnkjY97g2bdzuX6IXRC+UmjpyjODRWpK3rzf0HIaA7SYPVOUvltwW7kJm5h
VCirxFp9WKKROKYuo5g0ysNtUW0Pw+lBQ2t6xwI+tbImsyTKe7fWmyMAUYQB7X2m
bRKazAqYiFWLHxEEjOZeZLYBNf8Gf3Bgvts7k7jG51oeJsUcfEm1
-----END CERTIFICATE-----