Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/XI2V1xAOtuCnHnEsCZ4HB4sk5c0.roa
File:                     XI2V1xAOtuCnHnEsCZ4HB4sk5c0.roa (raw, json)
Hash identifier:          NGuYGkHyS6sZ+OmDpCbd7Xg31/u7/ppig2sfjfcm+Ik=
Subject key identifier:   5C:8D:95:D7:10:0E:B6:E0:A7:1E:71:2C:09:9E:07:07:8B:24:E5:CD
Certificate issuer:       /CN=f4dc26c626c51c5def6f2466f38f55b25029642f
Certificate serial:       01941F8C605EE21A635EAA9FA63AFA34FA04
Authority key identifier: F4:DC:26:C6:26:C5:1C:5D:EF:6F:24:66:F3:8F:55:B2:50:29:64:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NwmxibFHF3vbyRm849VslApZC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/XI2V1xAOtuCnHnEsCZ4HB4sk5c0.roa
Signing time:             Wed 01 Jan 2025 01:48:00 +0000
ROA not before:           Wed 01 Jan 2025 01:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210364
IP address blocks:        193.200.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/9NwmxibFHF3vbyRm849VslApZC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/9NwmxibFHF3vbyRm849VslApZC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NwmxibFHF3vbyRm849VslApZC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:60:5e:e2:1a:63:5e:aa:9f:a6:3a:fa:34:fa:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4dc26c626c51c5def6f2466f38f55b25029642f
        Validity
            Not Before: Jan  1 01:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c8d95d7100eb6e0a71e712c099e07078b24e5cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:88:f7:37:50:23:15:3c:f5:d0:d7:39:ac:9e:
                    27:dd:90:28:3a:7c:35:98:a2:4a:24:ce:8d:56:cc:
                    a0:2e:a6:e7:94:f0:1f:4e:1f:b2:ff:e2:04:d5:02:
                    3b:39:16:aa:7f:02:b4:23:5d:71:a8:88:f4:60:e5:
                    c5:7a:db:e4:17:e5:44:9d:45:4d:47:a1:68:09:80:
                    57:6b:7e:f1:7d:3d:f6:58:e0:5d:5f:de:6d:73:80:
                    f0:b9:11:b1:26:6c:8c:db:e0:24:a4:33:e3:f6:98:
                    fc:27:eb:72:3e:5b:83:e5:f9:de:47:cf:3a:01:19:
                    87:26:02:93:f2:cc:08:d2:d5:f1:45:8e:36:a2:36:
                    47:76:eb:ca:a9:c7:21:e9:26:0f:7e:83:58:86:69:
                    b1:e6:1d:11:64:79:a6:cb:2e:e2:32:4a:0d:7f:39:
                    f6:45:e5:23:3a:f2:dc:46:92:e4:36:aa:89:09:2c:
                    f2:d6:9c:95:fe:08:c8:df:71:02:c7:7e:f7:ad:b8:
                    9b:90:20:3f:7c:f5:a9:b1:78:57:0b:97:15:e7:7b:
                    d1:74:d1:29:a0:1a:79:a4:8a:fd:66:50:de:c8:e2:
                    fb:07:b0:22:3b:24:7a:80:9e:c3:33:98:04:ee:4c:
                    f4:9a:81:f9:7f:7a:11:58:37:d5:0b:44:22:fa:61:
                    19:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8D:95:D7:10:0E:B6:E0:A7:1E:71:2C:09:9E:07:07:8B:24:E5:CD
            X509v3 Authority Key Identifier:
                keyid:F4:DC:26:C6:26:C5:1C:5D:EF:6F:24:66:F3:8F:55:B2:50:29:64:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NwmxibFHF3vbyRm849VslApZC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/XI2V1xAOtuCnHnEsCZ4HB4sk5c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/0879d8-f216-45ab-bf87-23e1dadf106c/1/9NwmxibFHF3vbyRm849VslApZC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:a0:1f:4b:03:5d:72:04:98:43:58:8f:ae:d5:76:66:10:9c:
         0b:32:d4:b8:c8:87:c6:c5:6c:71:c0:c6:03:c8:a9:72:87:95:
         f5:3e:6b:a5:f1:c1:b4:d5:92:04:0d:42:c8:ac:5f:2a:df:e4:
         bb:3b:78:c8:3a:94:f0:c6:a2:99:25:1d:39:8e:57:55:e9:95:
         81:bf:38:c2:21:b1:2c:be:2b:44:74:94:b2:6a:e7:62:4a:37:
         dc:7b:f0:59:3a:81:97:c4:b5:ba:8a:e7:2f:88:1a:ad:fe:5f:
         c9:3a:7a:3e:55:f6:a6:4e:83:e0:08:d8:b9:85:18:5f:f0:72:
         73:ac:15:30:c3:c4:eb:e5:0c:a2:fb:71:2e:23:2a:1e:7a:cc:
         62:af:ac:6a:15:5d:6c:ec:23:2b:5b:dd:79:02:55:05:1a:1f:
         2e:85:13:03:0b:a4:ab:90:3c:71:b6:fc:fe:f8:71:bc:73:95:
         f4:7b:47:00:71:8b:d6:37:35:e6:79:f3:9d:c9:fc:71:d7:82:
         60:76:c0:ad:4b:77:8b:7f:2a:3e:61:9c:b5:04:4f:61:6b:17:
         42:f4:ef:87:b2:7e:31:fc:4c:29:38:64:7b:6c:63:00:78:4d:
         89:2f:70:90:82:7c:75:9d:55:4b:4d:59:7f:32:02:77:87:af:
         30:d2:a4:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGBe4hpjXqqfpjr6NPoEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZGMyNmM2MjZjNTFjNWRlZjZmMjQ2NmYzOGY1NWIyNTAy
OTY0MmYwHhcNMjUwMTAxMDE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzhkOTVkNzEwMGViNmUwYTcxZTcxMmMwOTllMDcwNzhiMjRlNWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4j3N1AjFTz10Nc5rJ4n3ZAoOnw1
mKJKJM6NVsygLqbnlPAfTh+y/+IE1QI7ORaqfwK0I11xqIj0YOXFetvkF+VEnUVN
R6FoCYBXa37xfT32WOBdX95tc4DwuRGxJmyM2+AkpDPj9pj8J+tyPluD5fneR886
ARmHJgKT8swI0tXxRY42ojZHduvKqcch6SYPfoNYhmmx5h0RZHmmyy7iMkoNfzn2
ReUjOvLcRpLkNqqJCSzy1pyV/gjI33ECx373rbibkCA/fPWpsXhXC5cV53vRdNEp
oBp5pIr9ZlDeyOL7B7AiOyR6gJ7DM5gE7kz0moH5f3oRWDfVC0Qi+mEZbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyNldcQDrbgpx5xLAmeBweLJOXNMB8GA1UdIwQY
MBaAFPTcJsYmxRxd728kZvOPVbJQKWQvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU53bXhpYkZIRjN2YnlSbTg0OVZzbEFwWkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wODc5ZDgtZjIxNi00NWFiLWJmODct
MjNlMWRhZGYxMDZjLzEvWEkyVjF4QU90dUNuSG5Fc0NaNEhCNHNrNWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wODc5ZDgtZjIxNi00NWFiLWJmODctMjNlMWRhZGYxMDZj
LzEvOU53bXhpYkZIRjN2YnlSbTg0OVZzbEFwWkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcghMA0G
CSqGSIb3DQEBCwUAA4IBAQBeoB9LA11yBJhDWI+u1XZmEJwLMtS4yIfGxWxxwMYD
yKlyh5X1Pmul8cG01ZIEDULIrF8q3+S7O3jIOpTwxqKZJR05jldV6ZWBvzjCIbEs
vitEdJSyaudiSjfce/BZOoGXxLW6iucviBqt/l/JOno+VfamToPgCNi5hRhf8HJz
rBUww8Tr5Qyi+3EuIyoeesxir6xqFV1s7CMrW915AlUFGh8uhRMDC6SrkDxxtvz+
+HG8c5X0e0cAcYvWNzXmefOdyfxx14JgdsCtS3eLfyo+YZy1BE9haxdC9O+Hsn4x
/EwpOGR7bGMAeE2JL3CQgnx1nVVLTVl/MgJ3h68w0qRv
-----END CERTIFICATE-----