Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/C3xZoR3LtseXs9YgZ15-hhPr18E.roa
File:                     C3xZoR3LtseXs9YgZ15-hhPr18E.roa (raw, json)
Hash identifier:          1WbsEFbzKO5s8iSa/8CXV3aiHCeUKDOXCmds/8JgsxY=
Subject key identifier:   0B:7C:59:A1:1D:CB:B6:C7:97:B3:D6:20:67:5E:7E:86:13:EB:D7:C1
Certificate issuer:       /CN=c625afb9ce335eed3e53128b4a9eb25fc495d6e0
Certificate serial:       0194228E370304D930DBDFEB7E0CEC0340F8
Authority key identifier: C6:25:AF:B9:CE:33:5E:ED:3E:53:12:8B:4A:9E:B2:5F:C4:95:D6:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/C3xZoR3LtseXs9YgZ15-hhPr18E.roa
Signing time:             Wed 01 Jan 2025 15:48:53 +0000
ROA not before:           Wed 01 Jan 2025 15:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        193.138.212.0/22 maxlen: 22
                          2001:67c:18c4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:37:03:04:d9:30:db:df:eb:7e:0c:ec:03:40:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c625afb9ce335eed3e53128b4a9eb25fc495d6e0
        Validity
            Not Before: Jan  1 15:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b7c59a11dcbb6c797b3d620675e7e8613ebd7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:43:5f:ca:08:ac:dc:7f:9e:d9:8b:02:9a:af:
                    83:89:ba:a9:e7:19:55:a2:42:36:6f:97:68:da:7f:
                    11:a3:fe:94:d3:cb:8b:fe:95:ea:55:9e:c3:27:a6:
                    f7:d8:fa:b0:b9:e7:bc:5c:ec:00:ff:c5:d6:bd:21:
                    92:7b:42:89:a0:3e:fe:25:68:16:fe:36:3e:c6:ba:
                    75:c6:b6:d3:13:e3:40:47:57:d3:20:3b:15:09:6a:
                    e2:a0:bb:3f:0b:43:77:af:ce:e1:64:8f:9f:e2:64:
                    40:fc:b7:72:21:74:76:28:9d:e3:d2:13:84:f1:65:
                    a0:86:13:96:ec:f7:8b:b4:ba:c1:e5:07:bd:f9:06:
                    11:89:72:30:59:68:24:0e:a9:3d:88:46:64:4e:53:
                    b1:81:e0:6d:00:af:92:bc:06:d8:cd:86:c2:0d:80:
                    bb:85:24:52:bf:51:cd:63:ed:04:ea:16:00:31:2b:
                    60:bc:96:25:dc:48:4b:86:17:39:a4:68:7e:01:60:
                    e2:df:94:fc:d4:3b:5d:cf:07:2f:fe:f0:13:08:bc:
                    f7:0d:2f:36:08:86:a9:01:de:3a:4a:57:14:14:6d:
                    a7:cb:b0:1f:65:cc:ca:b0:ec:fd:62:92:e5:73:ea:
                    13:15:ff:88:cb:4e:aa:0c:f3:12:7c:32:ee:6d:3c:
                    b8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7C:59:A1:1D:CB:B6:C7:97:B3:D6:20:67:5E:7E:86:13:EB:D7:C1
            X509v3 Authority Key Identifier:
                keyid:C6:25:AF:B9:CE:33:5E:ED:3E:53:12:8B:4A:9E:B2:5F:C4:95:D6:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xiWvuc4zXu0-UxKLSp6yX8SV1uA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/C3xZoR3LtseXs9YgZ15-hhPr18E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0f9b50-4689-4cd8-ae6d-100c3e1be3a2/1/xiWvuc4zXu0-UxKLSp6yX8SV1uA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.212.0/22
                IPv6:
                  2001:67c:18c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:c3:ae:a9:c3:71:a2:bd:e7:5e:9b:60:0d:52:b9:c3:06:eb:
         11:86:8a:5b:e4:d8:2f:5e:52:9e:0c:a5:3d:f0:d7:f5:00:1e:
         73:64:af:85:8f:16:65:68:bc:df:10:91:50:f6:e5:02:7e:13:
         a4:04:f7:b8:93:f8:a4:da:e1:9b:e8:13:62:ac:ac:40:b6:10:
         87:68:18:13:04:e1:be:e9:4e:e9:d8:89:25:8d:a7:8b:ff:c1:
         19:fe:d8:2e:fa:f5:8a:9a:07:a2:46:da:eb:b6:75:21:41:65:
         b0:3e:bf:ab:70:fa:e0:33:a6:09:3c:85:9e:29:fd:ee:83:c3:
         fe:c7:10:2e:73:bd:fb:05:9b:1b:62:68:0a:04:13:10:2b:44:
         47:f2:45:e9:e0:bd:5a:7a:be:aa:6d:25:75:0e:1c:f9:0f:17:
         17:a3:73:59:2f:3f:18:fc:77:c4:63:21:f2:c6:1e:64:0c:d1:
         d8:fc:3d:51:e3:7b:51:19:39:eb:9d:09:7f:bd:48:d9:42:68:
         8b:3d:38:c4:76:ff:f8:6d:94:f2:2a:3b:88:65:64:fb:42:76:
         f8:2c:ec:be:36:26:55:7b:7f:15:08:5f:dc:3c:cc:b0:8c:52:
         c5:37:75:09:2f:30:7b:fd:c3:34:32:f1:5e:d9:4c:27:57:6b:
         64:1f:d5:9d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijjcDBNkw29/rfgzsA0D4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MjVhZmI5Y2UzMzVlZWQzZTUzMTI4YjRhOWViMjVmYzQ5
NWQ2ZTAwHhcNMjUwMTAxMTU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjdjNTlhMTFkY2JiNmM3OTdiM2Q2MjA2NzVlN2U4NjEzZWJkN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UNfygis3H+e2YsCmq+Dibqp5xlV
okI2b5do2n8Ro/6U08uL/pXqVZ7DJ6b32Pqwuee8XOwA/8XWvSGSe0KJoD7+JWgW
/jY+xrp1xrbTE+NAR1fTIDsVCWrioLs/C0N3r87hZI+f4mRA/LdyIXR2KJ3j0hOE
8WWghhOW7PeLtLrB5Qe9+QYRiXIwWWgkDqk9iEZkTlOxgeBtAK+SvAbYzYbCDYC7
hSRSv1HNY+0E6hYAMStgvJYl3EhLhhc5pGh+AWDi35T81Dtdzwcv/vATCLz3DS82
CIapAd46SlcUFG2ny7AfZczKsOz9YpLlc+oTFf+Iy06qDPMSfDLubTy4SQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAt8WaEdy7bHl7PWIGdefoYT69fBMB8GA1UdIwQY
MBaAFMYlr7nOM17tPlMSi0qesl/EldbgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGlXdnVjNHpYdTAtVXhLTFNwNnlYOFNWMXVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8wZjliNTAtNDY4OS00Y2Q4LWFlNmQt
MTAwYzNlMWJlM2EyLzEvQzN4Wm9SM0x0c2VYczlZZ1oxNS1oaFByMThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8wZjliNTAtNDY4OS00Y2Q4LWFlNmQtMTAwYzNlMWJlM2Ey
LzEveGlXdnVjNHpYdTAtVXhLTFNwNnlYOFNWMXVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwYrUMA8E
AgACMAkDBwAgAQZ8GMQwDQYJKoZIhvcNAQELBQADggEBAKrDrqnDcaK9516bYA1S
ucMG6xGGilvk2C9eUp4MpT3w1/UAHnNkr4WPFmVovN8QkVD25QJ+E6QE97iT+KTa
4ZvoE2KsrEC2EIdoGBME4b7pTunYiSWNp4v/wRn+2C769YqaB6JG2uu2dSFBZbA+
v6tw+uAzpgk8hZ4p/e6Dw/7HEC5zvfsFmxtiaAoEExArREfyRengvVp6vqptJXUO
HPkPFxejc1kvPxj8d8RjIfLGHmQM0dj8PVHje1EZOeudCX+9SNlCaIs9OMR2//ht
lPIqO4hlZPtCdvgs7L42JlV7fxUIX9w8zLCMUsU3dQkvMHv9wzQy8V7ZTCdXa2Qf
1Z0=
-----END CERTIFICATE-----