Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/0c954a-ac3f-4860-8cf4-d99ba44db595/1/z1aTRBewSJhzUfWWJD41OIsIBo0.roa
File:                     z1aTRBewSJhzUfWWJD41OIsIBo0.roa (raw, json)
Hash identifier:          qD0OIe2RSaDdKkAmPZcT/wnJhlY0jqIIohwD44CcvP0=
Subject key identifier:   CF:56:93:44:17:B0:48:98:73:51:F5:96:24:3E:35:38:8B:08:06:8D
Certificate issuer:       /CN=33063bd95b891bf3311557c84dfe87ecf42b1906
Certificate serial:       01946A353B1BFC5B08CA0A90DB9A799E5B8C
Authority key identifier: 33:06:3B:D9:5B:89:1B:F3:31:15:57:C8:4D:FE:87:EC:F4:2B:19:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MwY72VuJG_MxFVfITf6H7PQrGQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/0c954a-ac3f-4860-8cf4-d99ba44db595/1/z1aTRBewSJhzUfWWJD41OIsIBo0.roa
Signing time:             Wed 15 Jan 2025 13:44:20 +0000
ROA not before:           Wed 15 Jan 2025 13:44:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43416
IP address blocks:        193.46.66.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/0c954a-ac3f-4860-8cf4-d99ba44db595/1/MwY72VuJG_MxFVfITf6H7PQrGQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/0c954a-ac3f-4860-8cf4-d99ba44db595/1/MwY72VuJG_MxFVfITf6H7PQrGQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MwY72VuJG_MxFVfITf6H7PQrGQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6a:35:3b:1b:fc:5b:08:ca:0a:90:db:9a:79:9e:5b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33063bd95b891bf3311557c84dfe87ecf42b1906
        Validity
            Not Before: Jan 15 13:44:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf56934417b048987351f596243e35388b08068d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:4a:fd:ad:fe:59:e8:1b:79:d8:dc:33:6c:36:
                    ba:41:22:90:29:ef:b1:ac:25:76:f6:4e:f3:b8:b1:
                    ff:1e:f1:ab:2e:90:6b:8c:12:05:ea:c5:5c:69:8c:
                    34:f2:c1:01:e3:a8:47:d7:2e:c8:ec:4f:6a:53:69:
                    0b:f6:d4:eb:c8:2d:25:4b:1b:76:9c:71:e2:57:33:
                    d9:56:f8:a9:b4:01:7c:13:c3:63:aa:20:4a:67:dd:
                    86:ee:f7:18:42:bb:14:01:30:7e:e3:7c:c5:94:0e:
                    90:f3:fc:03:94:2d:97:27:e5:f6:40:ef:1b:2d:e1:
                    fb:15:65:0a:4a:81:14:4a:1d:e6:43:e3:10:03:08:
                    76:23:f5:cf:77:5e:28:60:42:27:32:f2:1d:72:cb:
                    14:4d:79:66:fc:f9:f8:8d:65:af:91:90:a0:15:16:
                    1a:fb:d3:ae:d9:65:88:5a:15:84:d5:59:4e:91:fd:
                    61:32:18:1a:7a:e0:aa:5f:f2:31:bd:2c:c9:74:7e:
                    b4:a7:a1:71:fe:73:73:93:36:e2:03:22:78:d5:49:
                    c6:7c:60:d1:b0:65:f6:37:2c:48:b3:43:0c:bf:40:
                    d8:7f:74:26:92:43:f4:98:27:5a:e8:2a:6c:f4:b4:
                    d3:c0:05:33:6a:83:fc:d3:a3:7c:2a:35:53:f5:fb:
                    c7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:56:93:44:17:B0:48:98:73:51:F5:96:24:3E:35:38:8B:08:06:8D
            X509v3 Authority Key Identifier:
                keyid:33:06:3B:D9:5B:89:1B:F3:31:15:57:C8:4D:FE:87:EC:F4:2B:19:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MwY72VuJG_MxFVfITf6H7PQrGQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0c954a-ac3f-4860-8cf4-d99ba44db595/1/z1aTRBewSJhzUfWWJD41OIsIBo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/0c954a-ac3f-4860-8cf4-d99ba44db595/1/MwY72VuJG_MxFVfITf6H7PQrGQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:3a:6a:24:87:40:02:af:cc:be:ce:60:e2:bb:9d:fb:fa:d5:
         3a:07:62:a8:cd:d8:d0:45:04:62:b0:69:2e:7e:07:46:17:cb:
         96:0e:5b:20:05:28:96:5e:90:46:5c:89:4e:e4:12:29:5c:2b:
         42:fc:95:28:d2:af:91:ef:13:19:b5:83:a9:23:99:bb:da:23:
         9f:dc:9b:5e:ac:6d:4c:a8:ed:4c:f8:c9:82:bc:23:7d:4f:86:
         0f:84:d6:f6:ed:d2:25:59:a1:2d:72:a6:f1:7a:e8:29:e0:5a:
         98:5d:2c:99:d1:c9:7b:9f:1c:ba:d9:78:0c:58:c9:86:48:09:
         87:07:05:9f:9c:7f:74:a6:d8:79:9f:4f:24:ea:9c:73:b7:a4:
         28:5a:35:bf:3c:c4:3a:c4:61:54:30:f5:d6:98:92:b9:c9:d8:
         47:7b:1c:b3:2b:c3:99:31:e3:12:a8:25:1d:2a:e4:b3:0b:df:
         e9:aa:de:13:0f:9f:06:f1:2e:7e:24:56:40:a4:ea:26:38:43:
         9b:e4:00:e4:0b:e3:79:a2:ec:ff:74:bf:c6:40:46:d9:71:0d:
         94:9e:56:ee:75:17:c9:91:f9:42:ad:b0:b3:82:97:31:48:d3:
         32:c2:3b:dd:e2:a2:ea:11:47:c4:2e:6a:66:d3:4e:bf:1e:96:
         bf:23:88:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRqNTsb/FsIygqQ25p5nluMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMDYzYmQ5NWI4OTFiZjMzMTE1NTdjODRkZmU4N2VjZjQy
YjE5MDYwHhcNMjUwMTE1MTM0NDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjU2OTM0NDE3YjA0ODk4NzM1MWY1OTYyNDNlMzUzODhiMDgwNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkr9rf5Z6Bt52NwzbDa6QSKQKe+x
rCV29k7zuLH/HvGrLpBrjBIF6sVcaYw08sEB46hH1y7I7E9qU2kL9tTryC0lSxt2
nHHiVzPZVviptAF8E8NjqiBKZ92G7vcYQrsUATB+43zFlA6Q8/wDlC2XJ+X2QO8b
LeH7FWUKSoEUSh3mQ+MQAwh2I/XPd14oYEInMvIdcssUTXlm/Pn4jWWvkZCgFRYa
+9Ou2WWIWhWE1VlOkf1hMhgaeuCqX/IxvSzJdH60p6Fx/nNzkzbiAyJ41UnGfGDR
sGX2NyxIs0MMv0DYf3QmkkP0mCda6Cps9LTTwAUzaoP806N8KjVT9fvHkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9Wk0QXsEiYc1H1liQ+NTiLCAaNMB8GA1UdIwQY
MBaAFDMGO9lbiRvzMRVXyE3+h+z0KxkGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXdZNzJWdUpHX014RlZmSVRmNkg3UFFyR1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wYzk1NGEtYWMzZi00ODYwLThjZjQt
ZDk5YmE0NGRiNTk1LzEvejFhVFJCZXdTSmh6VWZXV0pENDFPSXNJQm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wYzk1NGEtYWMzZi00ODYwLThjZjQtZDk5YmE0NGRiNTk1
LzEvTXdZNzJWdUpHX014RlZmSVRmNkg3UFFyR1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5CMA0G
CSqGSIb3DQEBCwUAA4IBAQA+Omokh0ACr8y+zmDiu537+tU6B2KozdjQRQRisGku
fgdGF8uWDlsgBSiWXpBGXIlO5BIpXCtC/JUo0q+R7xMZtYOpI5m72iOf3JterG1M
qO1M+MmCvCN9T4YPhNb27dIlWaEtcqbxeugp4FqYXSyZ0cl7nxy62XgMWMmGSAmH
BwWfnH90pth5n08k6pxzt6QoWjW/PMQ6xGFUMPXWmJK5ydhHexyzK8OZMeMSqCUd
KuSzC9/pqt4TD58G8S5+JFZApOomOEOb5ADkC+N5ouz/dL/GQEbZcQ2UnlbudRfJ
kflCrbCzgpcxSNMywjvd4qLqEUfELmpm006/Hpa/I4js
-----END CERTIFICATE-----