Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bdfd70-3067-473d-8f65-b55322028bb8/1/P26izWnWykundEbYZ5JEBhpU0uU.roa
File:                     P26izWnWykundEbYZ5JEBhpU0uU.roa (raw, json)
Hash identifier:          cWV+pN/zcAshvYcQxK5v+o4IGsyjFJQg91I3ipirKBI=
Subject key identifier:   3F:6E:A2:CD:69:D6:CA:4B:A7:74:46:D8:67:92:44:06:1A:54:D2:E5
Certificate issuer:       /CN=475a06cad7bd0c3db9f8a381f1eb9cd6c75aab28
Certificate serial:       0194F5A647A35E2098530862F284D982F7FE
Authority key identifier: 47:5A:06:CA:D7:BD:0C:3D:B9:F8:A3:81:F1:EB:9C:D6:C7:5A:AB:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R1oGyte9DD25-KOB8euc1sdaqyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bdfd70-3067-473d-8f65-b55322028bb8/1/P26izWnWykundEbYZ5JEBhpU0uU.roa
Signing time:             Tue 11 Feb 2025 15:35:02 +0000
ROA not before:           Tue 11 Feb 2025 15:35:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8270
IP address blocks:        193.34.142.0/23 maxlen: 23
                          193.34.142.0/24 maxlen: 24
                          193.34.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bdfd70-3067-473d-8f65-b55322028bb8/1/R1oGyte9DD25-KOB8euc1sdaqyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bdfd70-3067-473d-8f65-b55322028bb8/1/R1oGyte9DD25-KOB8euc1sdaqyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R1oGyte9DD25-KOB8euc1sdaqyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:a6:47:a3:5e:20:98:53:08:62:f2:84:d9:82:f7:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=475a06cad7bd0c3db9f8a381f1eb9cd6c75aab28
        Validity
            Not Before: Feb 11 15:35:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f6ea2cd69d6ca4ba77446d8679244061a54d2e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:45:0b:67:23:a5:27:58:ec:28:b8:07:26:aa:
                    ab:d3:e0:7f:4c:be:2d:6a:37:41:59:f4:d9:f8:cc:
                    17:50:a4:b8:ab:ee:d0:9f:f6:e5:1d:56:f3:01:96:
                    bb:93:af:78:70:1a:0f:03:f9:6b:10:11:ef:25:5f:
                    98:81:50:f5:79:b7:0f:48:37:64:bd:08:7b:fc:b4:
                    a5:7d:b8:4f:13:b1:ce:55:0c:fd:fb:97:c0:a4:07:
                    15:15:b5:bf:c4:47:12:6f:62:34:73:21:14:6f:38:
                    c5:13:82:9a:c5:13:00:a6:ce:1e:d1:cf:39:b0:e3:
                    a5:dd:44:fd:40:c3:11:39:6c:df:1e:4e:39:c0:59:
                    e7:e8:11:ba:ec:bb:9b:54:85:f3:ce:68:c9:44:01:
                    6c:1d:74:49:a1:9e:a2:80:a4:5e:7c:76:f9:b4:05:
                    98:80:a2:03:d4:29:a9:6d:77:ee:fc:12:72:8f:38:
                    c6:74:fa:5d:65:6c:17:20:0b:48:fd:2b:97:a1:2c:
                    63:98:84:25:35:59:72:e0:46:d3:3a:63:43:7a:3f:
                    20:65:45:c8:42:85:e6:b1:c4:8c:62:73:49:72:59:
                    aa:66:8b:4e:c5:cd:1a:c0:ab:4b:b6:cc:35:a6:48:
                    b6:c8:e5:59:d1:34:60:49:f8:8e:31:b0:90:64:f8:
                    5c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6E:A2:CD:69:D6:CA:4B:A7:74:46:D8:67:92:44:06:1A:54:D2:E5
            X509v3 Authority Key Identifier:
                keyid:47:5A:06:CA:D7:BD:0C:3D:B9:F8:A3:81:F1:EB:9C:D6:C7:5A:AB:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R1oGyte9DD25-KOB8euc1sdaqyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bdfd70-3067-473d-8f65-b55322028bb8/1/P26izWnWykundEbYZ5JEBhpU0uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bdfd70-3067-473d-8f65-b55322028bb8/1/R1oGyte9DD25-KOB8euc1sdaqyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:22:2f:18:8f:fe:00:ff:06:f1:24:d2:10:5d:72:35:35:30:
         6d:1d:a2:d1:10:b4:47:36:d0:53:83:d3:98:92:6f:da:9a:21:
         15:ce:59:c3:cf:4b:3f:57:66:96:0b:0d:24:f1:d3:1d:39:27:
         63:bf:a9:79:eb:dd:7d:6c:79:8f:ca:f7:e6:c4:ce:9f:b2:7b:
         ce:b5:46:f3:c0:23:b5:37:0c:d4:2f:94:69:39:59:e2:cc:a6:
         42:e2:31:bc:a8:1d:69:c9:dd:35:c5:74:06:73:25:3a:da:16:
         61:8a:74:aa:0b:a8:fc:2d:4d:35:20:23:82:0d:bb:46:7a:a2:
         08:97:c7:0c:40:e5:61:37:34:7b:0b:20:50:ae:f8:b7:ce:de:
         43:a0:4d:41:db:d1:19:52:7e:24:40:ef:8c:a9:14:bf:ba:32:
         8e:23:74:9c:40:84:e9:d5:a9:5b:34:7f:4b:ba:ee:9c:18:a9:
         e3:35:87:43:a0:d7:0b:b9:8c:38:64:20:d5:93:e9:20:0f:ea:
         87:bc:eb:19:61:57:d7:73:ac:c2:8c:3d:8b:41:f4:f4:81:c7:
         ef:66:83:09:eb:cd:d9:7b:38:90:bf:c2:87:75:98:f3:81:f8:
         3e:28:42:54:5c:de:c1:8d:ec:46:6c:38:ca:30:c1:61:7d:e0:
         e5:53:f3:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT1pkejXiCYUwhi8oTZgvf+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NWEwNmNhZDdiZDBjM2RiOWY4YTM4MWYxZWI5Y2Q2Yzc1
YWFiMjgwHhcNMjUwMjExMTUzNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZlYTJjZDY5ZDZjYTRiYTc3NDQ2ZDg2NzkyNDQwNjFhNTRkMmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40ULZyOlJ1jsKLgHJqqr0+B/TL4t
ajdBWfTZ+MwXUKS4q+7Qn/blHVbzAZa7k694cBoPA/lrEBHvJV+YgVD1ebcPSDdk
vQh7/LSlfbhPE7HOVQz9+5fApAcVFbW/xEcSb2I0cyEUbzjFE4KaxRMAps4e0c85
sOOl3UT9QMMROWzfHk45wFnn6BG67LubVIXzzmjJRAFsHXRJoZ6igKRefHb5tAWY
gKID1CmpbXfu/BJyjzjGdPpdZWwXIAtI/SuXoSxjmIQlNVly4EbTOmNDej8gZUXI
QoXmscSMYnNJclmqZotOxc0awKtLtsw1pki2yOVZ0TRgSfiOMbCQZPhc6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9uos1p1spLp3RG2GeSRAYaVNLlMB8GA1UdIwQY
MBaAFEdaBsrXvQw9ufijgfHrnNbHWqsoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjFvR3l0ZTlERDI1LUtPQjhldWMxc2RhcXlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZGZkNzAtMzA2Ny00NzNkLThmNjUt
YjU1MzIyMDI4YmI4LzEvUDI2aXpXbld5a3VuZEViWVo1SkVCaHBVMHVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZGZkNzAtMzA2Ny00NzNkLThmNjUtYjU1MzIyMDI4YmI4
LzEvUjFvR3l0ZTlERDI1LUtPQjhldWMxc2RhcXlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSKOMA0G
CSqGSIb3DQEBCwUAA4IBAQCDIi8Yj/4A/wbxJNIQXXI1NTBtHaLRELRHNtBTg9OY
km/amiEVzlnDz0s/V2aWCw0k8dMdOSdjv6l56919bHmPyvfmxM6fsnvOtUbzwCO1
NwzUL5RpOVnizKZC4jG8qB1pyd01xXQGcyU62hZhinSqC6j8LU01ICOCDbtGeqII
l8cMQOVhNzR7CyBQrvi3zt5DoE1B29EZUn4kQO+MqRS/ujKOI3ScQITp1albNH9L
uu6cGKnjNYdDoNcLuYw4ZCDVk+kgD+qHvOsZYVfXc6zCjD2LQfT0gcfvZoMJ683Z
eziQv8KHdZjzgfg+KEJUXN7BjexGbDjKMMFhfeDlU/Me
-----END CERTIFICATE-----