Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/37253d-02a1-46df-9413-580068df0fd1/1/XmG_f-d3gNbPjbSDpmMbIo-fVYM.roa
File:                     XmG_f-d3gNbPjbSDpmMbIo-fVYM.roa (raw, json)
Hash identifier:          Fqg1Y9uWeIH+04MjOxb6IraF8tekNjl9/R9LcKgfLEw=
Subject key identifier:   5E:61:BF:7F:E7:77:80:D6:CF:8D:B4:83:A6:63:1B:22:8F:9F:55:83
Certificate issuer:       /CN=98ccb184d128384e4f767d85258e0dea73f18e43
Certificate serial:       01941F8C3A2BEA9575316EFC0CB9473F464C
Authority key identifier: 98:CC:B1:84:D1:28:38:4E:4F:76:7D:85:25:8E:0D:EA:73:F1:8E:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMyxhNEoOE5Pdn2FJY4N6nPxjkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/37253d-02a1-46df-9413-580068df0fd1/1/XmG_f-d3gNbPjbSDpmMbIo-fVYM.roa
Signing time:             Wed 01 Jan 2025 01:47:51 +0000
ROA not before:           Wed 01 Jan 2025 01:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49580
IP address blocks:        193.33.22.0/24 maxlen: 24
                          193.33.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/37253d-02a1-46df-9413-580068df0fd1/1/mMyxhNEoOE5Pdn2FJY4N6nPxjkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/37253d-02a1-46df-9413-580068df0fd1/1/mMyxhNEoOE5Pdn2FJY4N6nPxjkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mMyxhNEoOE5Pdn2FJY4N6nPxjkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:3a:2b:ea:95:75:31:6e:fc:0c:b9:47:3f:46:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98ccb184d128384e4f767d85258e0dea73f18e43
        Validity
            Not Before: Jan  1 01:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e61bf7fe77780d6cf8db483a6631b228f9f5583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:06:f9:83:45:eb:65:33:61:6d:74:4f:5b:cf:
                    51:42:d6:30:e5:5c:fa:ab:8d:00:91:eb:6e:89:19:
                    df:3a:39:a1:be:03:d3:85:ff:db:7f:d4:9b:b2:f2:
                    0b:d4:86:79:f5:99:3d:2e:f5:f1:99:4c:7f:3d:88:
                    2d:11:fb:44:dd:58:e9:96:30:32:be:23:4b:7c:4f:
                    3f:bc:a6:ac:bf:f7:1c:49:46:2d:5d:a2:6c:3a:ba:
                    a2:d4:80:7d:e3:fd:2e:fb:74:b6:0b:f2:24:75:58:
                    7e:29:9c:8e:dd:60:1c:6f:97:ea:06:bf:8c:e0:fb:
                    9b:d1:58:c5:3d:90:8e:4d:8a:b6:c8:8d:37:77:05:
                    3d:e6:34:63:f9:9a:ae:ad:bb:95:12:ff:42:2f:ac:
                    f7:b6:5d:12:74:9a:07:2d:e0:de:f9:84:f3:21:9d:
                    82:71:4f:62:4f:e6:99:51:24:e1:de:f2:72:80:cc:
                    f4:f9:fa:17:0c:f4:17:f4:f2:43:b6:a4:bf:51:12:
                    2e:32:b7:03:79:5d:36:6e:f1:10:85:6d:28:96:3e:
                    46:77:93:78:97:ff:92:ad:69:47:fe:aa:90:88:07:
                    69:55:b0:6a:e6:85:fa:23:d7:42:a1:f6:1e:39:fa:
                    9f:c1:85:f4:65:d5:9f:fc:78:fe:4a:29:52:c2:e8:
                    1b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:61:BF:7F:E7:77:80:D6:CF:8D:B4:83:A6:63:1B:22:8F:9F:55:83
            X509v3 Authority Key Identifier:
                keyid:98:CC:B1:84:D1:28:38:4E:4F:76:7D:85:25:8E:0D:EA:73:F1:8E:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMyxhNEoOE5Pdn2FJY4N6nPxjkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/37253d-02a1-46df-9413-580068df0fd1/1/XmG_f-d3gNbPjbSDpmMbIo-fVYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/37253d-02a1-46df-9413-580068df0fd1/1/mMyxhNEoOE5Pdn2FJY4N6nPxjkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:c1:9a:89:df:22:22:5b:4b:7c:86:d9:71:44:d3:67:41:74:
         22:b2:ea:68:3b:dc:8e:f4:c7:6a:8c:ed:ed:77:f1:db:c3:c4:
         62:32:a4:96:46:2a:98:36:39:d8:17:37:a9:6c:c7:c0:2b:8f:
         ed:f8:35:f4:21:2a:2a:df:0a:98:b2:80:f2:d9:47:0b:49:3d:
         26:b8:28:18:14:78:bb:a6:3a:e4:e8:63:b3:36:8f:ae:33:2f:
         8d:d6:e0:c2:c7:40:38:7b:e0:1d:f9:e3:25:bc:a0:a0:d7:0e:
         ba:df:09:61:73:9e:a4:f3:bd:fd:52:6b:36:7a:2c:69:ac:6d:
         85:a8:ec:6e:7a:c7:6a:6a:6a:1e:11:cd:31:40:12:de:28:6b:
         e9:d5:f7:ba:86:73:be:23:4f:36:1a:a9:27:f1:d8:3c:7c:f1:
         5f:9c:83:6f:61:31:6a:c5:b6:48:5c:ca:77:42:17:49:29:57:
         af:e5:52:a9:75:bc:7b:6a:c1:80:39:ae:9b:2a:05:fa:fe:ba:
         13:58:5b:40:a7:bd:31:e7:78:b4:60:32:92:15:fb:41:f3:03:
         da:d0:ad:50:55:e0:2d:11:93:aa:13:d7:cd:2e:0d:c3:e4:98:
         f6:5b:bd:5d:b1:95:c8:20:80:02:cb:09:f4:a4:4f:eb:da:9e:
         f9:b1:4b:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjDor6pV1MW78DLlHP0ZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4Y2NiMTg0ZDEyODM4NGU0Zjc2N2Q4NTI1OGUwZGVhNzNm
MThlNDMwHhcNMjUwMTAxMDE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYxYmY3ZmU3Nzc4MGQ2Y2Y4ZGI0ODNhNjYzMWIyMjhmOWY1NTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngb5g0XrZTNhbXRPW89RQtYw5Vz6
q40AketuiRnfOjmhvgPThf/bf9SbsvIL1IZ59Zk9LvXxmUx/PYgtEftE3VjpljAy
viNLfE8/vKasv/ccSUYtXaJsOrqi1IB94/0u+3S2C/IkdVh+KZyO3WAcb5fqBr+M
4Pub0VjFPZCOTYq2yI03dwU95jRj+ZqurbuVEv9CL6z3tl0SdJoHLeDe+YTzIZ2C
cU9iT+aZUSTh3vJygMz0+foXDPQX9PJDtqS/URIuMrcDeV02bvEQhW0olj5Gd5N4
l/+SrWlH/qqQiAdpVbBq5oX6I9dCofYeOfqfwYX0ZdWf/Hj+SilSwugbdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5hv3/nd4DWz420g6ZjGyKPn1WDMB8GA1UdIwQY
MBaAFJjMsYTRKDhOT3Z9hSWODepz8Y5DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU15eGhORW9PRTVQZG4yRkpZNE42blB4amtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8zNzI1M2QtMDJhMS00NmRmLTk0MTMt
NTgwMDY4ZGYwZmQxLzEvWG1HX2YtZDNnTmJQamJTRHBtTWJJby1mVllNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8zNzI1M2QtMDJhMS00NmRmLTk0MTMtNTgwMDY4ZGYwZmQx
LzEvbU15eGhORW9PRTVQZG4yRkpZNE42blB4amtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSEWMA0G
CSqGSIb3DQEBCwUAA4IBAQApwZqJ3yIiW0t8htlxRNNnQXQisupoO9yO9MdqjO3t
d/Hbw8RiMqSWRiqYNjnYFzepbMfAK4/t+DX0ISoq3wqYsoDy2UcLST0muCgYFHi7
pjrk6GOzNo+uMy+N1uDCx0A4e+Ad+eMlvKCg1w663wlhc56k8739Ums2eixprG2F
qOxuesdqamoeEc0xQBLeKGvp1fe6hnO+I082Gqkn8dg8fPFfnINvYTFqxbZIXMp3
QhdJKVev5VKpdbx7asGAOa6bKgX6/roTWFtAp70x53i0YDKSFftB8wPa0K1QVeAt
EZOqE9fNLg3D5Jj2W71dsZXIIIACywn0pE/r2p75sUuH
-----END CERTIFICATE-----