Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/bff758-4b83-473d-b072-a2ce1cc8b87f/1/s4w35wVjXE8sREZK7Oyh4IavL0g.roa
File:                     s4w35wVjXE8sREZK7Oyh4IavL0g.roa (raw, json)
Hash identifier:          TceK26zqEtmgDQ2uUNpaKfjQftmmHU4UqyAVULIuK4A=
Subject key identifier:   B3:8C:37:E7:05:63:5C:4F:2C:44:46:4A:EC:EC:A1:E0:86:AF:2F:48
Certificate issuer:       /CN=5bcd40d10b56f3b532fa0dfd01d817ef93da1a34
Certificate serial:       0194FD8AD8D064EA259BD2F26BDE2682129D
Authority key identifier: 5B:CD:40:D1:0B:56:F3:B5:32:FA:0D:FD:01:D8:17:EF:93:DA:1A:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W81A0QtW87Uy-g39AdgX75PaGjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/bff758-4b83-473d-b072-a2ce1cc8b87f/1/s4w35wVjXE8sREZK7Oyh4IavL0g.roa
Signing time:             Thu 13 Feb 2025 04:22:02 +0000
ROA not before:           Thu 13 Feb 2025 04:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64241
IP address blocks:        193.57.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/bff758-4b83-473d-b072-a2ce1cc8b87f/1/W81A0QtW87Uy-g39AdgX75PaGjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/bff758-4b83-473d-b072-a2ce1cc8b87f/1/W81A0QtW87Uy-g39AdgX75PaGjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W81A0QtW87Uy-g39AdgX75PaGjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fd:8a:d8:d0:64:ea:25:9b:d2:f2:6b:de:26:82:12:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bcd40d10b56f3b532fa0dfd01d817ef93da1a34
        Validity
            Not Before: Feb 13 04:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b38c37e705635c4f2c44464aececa1e086af2f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:13:e4:16:2e:11:c4:a5:ac:68:a7:9e:d2:b8:
                    df:06:d9:00:ff:a1:b3:78:35:98:fb:bb:28:89:20:
                    43:c6:c6:60:13:38:1e:f2:43:ce:dc:5d:e9:11:4d:
                    0c:4a:6e:35:8d:82:ee:83:af:40:4c:bf:ff:cc:51:
                    26:b4:85:08:09:7e:ae:dd:bc:e1:dd:9b:62:8e:84:
                    5c:4e:73:81:1e:06:f9:bc:60:dc:6d:56:a6:4b:f7:
                    62:03:4f:20:74:ed:a5:67:75:f9:59:f5:4c:d5:1f:
                    36:64:2c:98:bf:a4:17:e5:35:c0:1b:c2:9a:ba:76:
                    60:b6:c6:55:49:1b:68:40:5b:80:08:1f:e4:6c:fd:
                    4f:33:9c:42:e9:05:26:6b:fe:e5:f4:e9:4a:f3:47:
                    40:ed:7d:9f:7b:65:bc:3e:d4:a4:79:26:3b:70:d0:
                    1e:c0:12:35:1a:e3:6b:69:13:00:ff:5c:32:b2:79:
                    aa:e5:4e:5a:0a:11:7b:84:62:c8:23:9e:b9:b9:3e:
                    00:dc:51:b3:d2:9c:b5:be:c1:0c:5f:60:7c:1f:fe:
                    52:9d:e7:e1:d8:39:be:7e:0c:70:99:99:0e:09:49:
                    93:24:b9:48:7c:ea:cf:40:ef:14:f3:5d:75:8b:7f:
                    f0:7b:22:b0:ab:8c:63:37:d0:7a:4e:c6:91:62:9b:
                    fb:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:8C:37:E7:05:63:5C:4F:2C:44:46:4A:EC:EC:A1:E0:86:AF:2F:48
            X509v3 Authority Key Identifier:
                keyid:5B:CD:40:D1:0B:56:F3:B5:32:FA:0D:FD:01:D8:17:EF:93:DA:1A:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W81A0QtW87Uy-g39AdgX75PaGjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/bff758-4b83-473d-b072-a2ce1cc8b87f/1/s4w35wVjXE8sREZK7Oyh4IavL0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/bff758-4b83-473d-b072-a2ce1cc8b87f/1/W81A0QtW87Uy-g39AdgX75PaGjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:d1:87:ae:94:1b:45:2f:39:79:9d:44:7d:40:50:31:d4:d5:
         a8:1b:10:18:4b:c3:1b:f6:54:64:92:61:04:b0:86:2b:d8:50:
         31:c6:5e:20:65:7b:d2:84:03:4c:ae:2f:c4:c1:e7:b5:b0:1c:
         d8:be:42:1e:7a:b4:48:59:62:52:59:27:27:3c:28:9b:3c:ad:
         34:07:b6:a0:94:d7:82:bc:cb:cd:53:aa:2e:97:ae:f5:21:f7:
         ce:30:9e:df:4e:42:c6:fc:9c:75:ca:5b:3c:67:b8:00:a0:24:
         37:ce:b0:57:c1:64:99:69:8c:d9:65:c7:48:20:04:33:bd:4e:
         89:bf:a4:06:56:2e:a8:25:08:48:06:69:19:07:88:44:98:8a:
         ac:54:3c:19:f9:cc:d3:e6:5d:b3:6d:f4:78:fa:6d:97:27:d5:
         01:d2:fc:cc:86:ff:b6:96:3e:ab:62:45:a4:ae:da:d6:bf:60:
         fb:ef:58:61:44:e7:21:02:54:cd:d2:a7:a3:8b:d2:fb:90:e9:
         5e:ee:18:c9:6d:bf:e5:01:b1:c6:3f:77:57:67:85:57:82:a1:
         28:7b:8c:d7:2b:b0:ce:e7:99:80:f5:c4:78:c8:ba:d5:b4:0b:
         84:57:8d:f7:09:9e:ac:9a:d1:e4:f2:06:c0:c3:ee:22:81:a2:
         68:c7:da:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT9itjQZOolm9Lya94mghKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViY2Q0MGQxMGI1NmYzYjUzMmZhMGRmZDAxZDgxN2VmOTNk
YTFhMzQwHhcNMjUwMjEzMDQyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzhjMzdlNzA1NjM1YzRmMmM0NDQ2NGFlY2VjYTFlMDg2YWYyZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphPkFi4RxKWsaKee0rjfBtkA/6Gz
eDWY+7soiSBDxsZgEzge8kPO3F3pEU0MSm41jYLug69ATL//zFEmtIUICX6u3bzh
3ZtijoRcTnOBHgb5vGDcbVamS/diA08gdO2lZ3X5WfVM1R82ZCyYv6QX5TXAG8Ka
unZgtsZVSRtoQFuACB/kbP1PM5xC6QUma/7l9OlK80dA7X2fe2W8PtSkeSY7cNAe
wBI1GuNraRMA/1wysnmq5U5aChF7hGLII565uT4A3FGz0py1vsEMX2B8H/5Snefh
2Dm+fgxwmZkOCUmTJLlIfOrPQO8U8111i3/weyKwq4xjN9B6TsaRYpv7kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOMN+cFY1xPLERGSuzsoeCGry9IMB8GA1UdIwQY
MBaAFFvNQNELVvO1MvoN/QHYF++T2ho0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzgxQTBRdFc4N1V5LWczOUFkZ1g3NVBhR2pRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iZmY3NTgtNGI4My00NzNkLWIwNzIt
YTJjZTFjYzhiODdmLzEvczR3MzV3VmpYRThzUkVaSzdPeWg0SWF2TDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iZmY3NTgtNGI4My00NzNkLWIwNzItYTJjZTFjYzhiODdm
LzEvVzgxQTBRdFc4N1V5LWczOUFkZ1g3NVBhR2pRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTmtMA0G
CSqGSIb3DQEBCwUAA4IBAQBA0YeulBtFLzl5nUR9QFAx1NWoGxAYS8Mb9lRkkmEE
sIYr2FAxxl4gZXvShANMri/Ewee1sBzYvkIeerRIWWJSWScnPCibPK00B7aglNeC
vMvNU6oul671IffOMJ7fTkLG/Jx1yls8Z7gAoCQ3zrBXwWSZaYzZZcdIIAQzvU6J
v6QGVi6oJQhIBmkZB4hEmIqsVDwZ+czT5l2zbfR4+m2XJ9UB0vzMhv+2lj6rYkWk
rtrWv2D771hhROchAlTN0qeji9L7kOle7hjJbb/lAbHGP3dXZ4VXgqEoe4zXK7DO
55mA9cR4yLrVtAuEV433CZ6smtHk8gbAw+4igaJox9pS
-----END CERTIFICATE-----