Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/rgPd-lPBT_KjoGNurNCPr8-tYLM.roa
File:                     rgPd-lPBT_KjoGNurNCPr8-tYLM.roa (raw, json)
Hash identifier:          7UFfmlghHed6gv5YUhlj2bi7/Km6EbVr9jqYqXUYH8o=
Subject key identifier:   AE:03:DD:FA:53:C1:4F:F2:A3:A0:63:6E:AC:D0:8F:AF:CF:AD:60:B3
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       0194252144B50E9D6722913DFD7D0CA225C0
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/rgPd-lPBT_KjoGNurNCPr8-tYLM.roa
Signing time:             Thu 02 Jan 2025 03:48:44 +0000
ROA not before:           Thu 02 Jan 2025 03:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205463
IP address blocks:        193.164.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:44:b5:0e:9d:67:22:91:3d:fd:7d:0c:a2:25:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Jan  2 03:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae03ddfa53c14ff2a3a0636eacd08fafcfad60b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:eb:bd:eb:54:75:91:57:3b:66:19:ba:c7:7f:
                    03:e0:dd:97:5f:07:39:e1:3d:18:aa:58:0f:03:c1:
                    bb:ed:90:5c:bc:e4:53:a8:62:16:4e:d1:7d:ee:75:
                    3d:3c:90:f7:4f:10:de:a5:7d:3d:7a:dd:c6:fd:74:
                    12:f4:32:aa:52:ef:74:9c:f2:d4:70:a0:99:90:a6:
                    68:c2:f2:25:1c:60:b8:a9:49:a8:6f:8f:ac:05:1d:
                    58:89:da:3a:60:10:88:1b:00:ba:d7:53:15:ad:96:
                    2c:29:d9:44:61:82:bc:3a:73:fa:94:31:3a:c1:46:
                    17:cd:22:17:91:9e:ee:88:dc:96:94:38:f3:40:b0:
                    db:79:21:8a:82:59:ba:da:a5:f7:4b:fa:6b:00:92:
                    7b:8f:69:5a:cc:40:f6:be:68:27:5b:4b:84:00:4b:
                    5b:9e:83:3f:f6:1a:09:1e:bc:70:e7:5f:12:8e:93:
                    4b:4f:e3:35:28:a4:0f:44:88:cb:3b:9a:47:bb:d9:
                    ad:e1:9c:d4:5f:ca:54:31:0a:df:5a:4f:0a:a2:96:
                    83:78:63:f7:7b:52:74:06:5c:15:c5:93:8f:c5:9e:
                    2c:70:bd:2d:e3:14:5e:8f:7f:69:b7:40:f2:18:2a:
                    1b:35:04:1a:ec:4c:ab:b8:45:ce:3c:16:32:78:f6:
                    fd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:03:DD:FA:53:C1:4F:F2:A3:A0:63:6E:AC:D0:8F:AF:CF:AD:60:B3
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/rgPd-lPBT_KjoGNurNCPr8-tYLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.164.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:f9:ce:4f:d9:76:7b:c9:ba:55:40:ae:28:ac:c8:6c:15:49:
         5e:ec:e7:d9:cb:f4:e9:f9:02:70:6a:a7:e2:81:fa:73:33:cf:
         14:66:08:74:10:d1:1f:08:e8:01:81:c9:16:23:e5:1c:d8:57:
         da:fc:8d:1f:86:52:a1:e2:11:24:aa:6c:31:61:b7:04:c8:5d:
         0f:1a:b2:59:87:a6:17:1f:60:ab:32:f7:7f:c7:0b:d6:a4:78:
         5d:50:9f:d6:e3:fa:38:7f:89:9e:ad:05:71:07:fe:21:c9:82:
         e9:a1:8d:4b:27:13:8f:8f:8d:7a:da:76:51:7f:7d:0f:59:68:
         b9:73:b0:4e:e7:66:b8:7a:a7:8c:08:cc:81:7c:d1:98:cf:45:
         62:e0:49:b3:2b:92:67:3d:37:c4:5b:6c:73:4a:00:25:52:de:
         34:9a:09:a2:9f:65:e8:bd:70:a3:83:b2:9a:34:31:78:94:33:
         b6:64:b3:12:65:c9:cd:4b:d7:ff:01:af:93:7f:c9:0a:5b:34:
         f4:ec:bc:6c:7d:6d:e8:31:c5:76:ea:eb:49:06:35:fa:86:b0:
         b8:f5:30:e7:d4:cb:f7:b4:fb:ea:42:25:21:34:c9:bf:3b:ea:
         9f:e5:1d:67:0a:cf:b9:15:55:92:90:38:9c:9c:47:ff:a7:53:
         4e:61:36:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIUS1Dp1nIpE9/X0MoiXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjUwMTAyMDM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTAzZGRmYTUzYzE0ZmYyYTNhMDYzNmVhY2QwOGZhZmNmYWQ2MGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuu961R1kVc7Zhm6x38D4N2XXwc5
4T0YqlgPA8G77ZBcvORTqGIWTtF97nU9PJD3TxDepX09et3G/XQS9DKqUu90nPLU
cKCZkKZowvIlHGC4qUmob4+sBR1Yido6YBCIGwC611MVrZYsKdlEYYK8OnP6lDE6
wUYXzSIXkZ7uiNyWlDjzQLDbeSGKglm62qX3S/prAJJ7j2lazED2vmgnW0uEAEtb
noM/9hoJHrxw518SjpNLT+M1KKQPRIjLO5pHu9mt4ZzUX8pUMQrfWk8KopaDeGP3
e1J0BlwVxZOPxZ4scL0t4xRej39pt0DyGCobNQQa7EyruEXOPBYyePb9DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4D3fpTwU/yo6BjbqzQj6/PrWCzMB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvcmdQZC1sUEJUX0tqb0dOdXJOQ1ByOC10WUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaQFMA0G
CSqGSIb3DQEBCwUAA4IBAQAS+c5P2XZ7ybpVQK4orMhsFUle7OfZy/Tp+QJwaqfi
gfpzM88UZgh0ENEfCOgBgckWI+Uc2Ffa/I0fhlKh4hEkqmwxYbcEyF0PGrJZh6YX
H2CrMvd/xwvWpHhdUJ/W4/o4f4merQVxB/4hyYLpoY1LJxOPj4162nZRf30PWWi5
c7BO52a4eqeMCMyBfNGYz0Vi4EmzK5JnPTfEW2xzSgAlUt40mgmin2XovXCjg7Ka
NDF4lDO2ZLMSZcnNS9f/Aa+Tf8kKWzT07LxsfW3oMcV26utJBjX6hrC49TDn1Mv3
tPvqQiUhNMm/O+qf5R1nCs+5FVWSkDicnEf/p1NOYTYA
-----END CERTIFICATE-----