Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/dSK-93-WLyaDQuBO7u17opJXxWo.roa
File:                     dSK-93-WLyaDQuBO7u17opJXxWo.roa (raw, json)
Hash identifier:          RuyjgNqJJjjgMNL3Y8FPmQey/oZcSD6yyDRCtPRrlOs=
Subject key identifier:   75:22:BE:F7:7F:96:2F:26:83:42:E0:4E:EE:ED:7B:A2:92:57:C5:6A
Certificate issuer:       /CN=b68f940f1cc577f370f28428850dc7bf7418f121
Certificate serial:       01942368D70F79416EBF649DC5A4718416CF
Authority key identifier: B6:8F:94:0F:1C:C5:77:F3:70:F2:84:28:85:0D:C7:BF:74:18:F1:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/dSK-93-WLyaDQuBO7u17opJXxWo.roa
Signing time:             Wed 01 Jan 2025 19:47:40 +0000
ROA not before:           Wed 01 Jan 2025 19:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16024
IP address blocks:        193.26.125.0/24 maxlen: 24
                          2001:67c:cd8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:d7:0f:79:41:6e:bf:64:9d:c5:a4:71:84:16:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b68f940f1cc577f370f28428850dc7bf7418f121
        Validity
            Not Before: Jan  1 19:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7522bef77f962f268342e04eeeed7ba29257c56a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6d:f2:15:e1:9c:29:c8:2c:11:a5:ed:af:35:
                    e0:6b:68:17:a9:f6:ec:eb:6a:2f:81:f1:a4:a1:67:
                    33:f6:cb:ef:eb:8d:ce:e5:e8:7e:31:e0:ce:dd:26:
                    82:e1:d9:ab:a1:09:c0:af:27:83:ba:6d:9e:6f:1b:
                    4a:33:0c:0b:10:5a:20:e7:ef:91:fd:59:b1:ab:72:
                    15:1f:fc:31:69:7b:cc:81:54:6a:23:1a:2c:6f:d1:
                    c5:1a:54:87:54:42:b5:c6:09:0f:11:ad:c1:0e:4c:
                    64:9b:dc:2c:96:88:8c:e2:90:84:6b:82:ef:26:bf:
                    10:6d:3a:c4:92:87:e3:9c:d7:a2:36:07:80:6b:f8:
                    c5:9a:ee:68:b1:55:b4:ff:96:6a:7f:83:e6:8d:f9:
                    96:13:45:e4:e6:bb:84:a9:5b:87:90:a0:91:37:d7:
                    47:63:e6:99:83:c7:5e:4b:a5:cf:5a:58:09:93:3c:
                    fd:5f:b4:c2:ad:81:31:b9:c8:14:26:70:13:d2:b8:
                    bf:3c:f0:14:c8:3a:36:46:b6:1f:eb:21:26:cf:e5:
                    e9:7d:7c:ed:0c:68:ba:24:ce:fb:ec:70:2c:b4:6a:
                    13:00:ca:7f:3f:b4:68:67:45:fd:3d:67:d3:6c:12:
                    8b:5f:ad:40:52:60:64:cc:d3:34:c4:0b:a5:8a:43:
                    12:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:22:BE:F7:7F:96:2F:26:83:42:E0:4E:EE:ED:7B:A2:92:57:C5:6A
            X509v3 Authority Key Identifier:
                keyid:B6:8F:94:0F:1C:C5:77:F3:70:F2:84:28:85:0D:C7:BF:74:18:F1:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/dSK-93-WLyaDQuBO7u17opJXxWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4b2c23-f535-4b6d-a445-e04dac61ce9d/1/to-UDxzFd_Nw8oQohQ3Hv3QY8SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.125.0/24
                IPv6:
                  2001:67c:cd8::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:ce:c5:41:14:33:51:df:c8:c9:8f:57:95:4d:69:ed:d8:25:
         bb:8a:57:94:e7:c6:cf:e3:64:29:ab:11:0a:46:1f:ee:3e:3c:
         69:27:a6:de:ba:bc:f5:2f:b5:07:c8:6c:a7:93:51:49:d2:24:
         60:44:17:34:bb:af:ef:b2:1f:f4:70:38:3a:23:16:8e:86:8a:
         9d:77:36:7f:27:91:63:26:dc:29:5b:f9:87:7d:77:53:09:5c:
         a5:49:15:71:5d:3d:8f:18:20:7c:24:6c:c4:ae:24:57:83:bb:
         cd:7c:cd:32:a2:d2:ba:c5:ab:ff:98:d7:07:e1:43:01:0f:3c:
         44:34:8a:8b:27:52:22:fb:ef:1e:fd:71:70:5f:33:f7:23:58:
         98:11:10:bc:94:b1:10:a1:a9:a2:68:42:66:37:3b:5a:64:75:
         1a:54:34:b5:61:df:67:d5:32:a3:a1:fd:6f:d6:83:40:32:f6:
         ed:dc:e4:5e:58:07:de:b7:78:58:c2:d6:df:71:2c:8c:73:9e:
         86:26:b7:8f:ce:c4:a6:92:68:ee:a3:8b:54:f2:7c:a9:2d:ff:
         20:35:6f:1f:0d:a5:ad:ab:10:56:54:11:ac:95:ac:29:06:67:
         13:70:82:c0:80:e3:96:68:06:6a:5d:29:df:eb:69:23:de:f3:
         b7:88:b7:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjaNcPeUFuv2SdxaRxhBbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2OGY5NDBmMWNjNTc3ZjM3MGYyODQyODg1MGRjN2JmNzQx
OGYxMjEwHhcNMjUwMTAxMTk0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTIyYmVmNzdmOTYyZjI2ODM0MmUwNGVlZWVkN2JhMjkyNTdjNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvG3yFeGcKcgsEaXtrzXga2gXqfbs
62ovgfGkoWcz9svv643O5eh+MeDO3SaC4dmroQnAryeDum2ebxtKMwwLEFog5++R
/Vmxq3IVH/wxaXvMgVRqIxosb9HFGlSHVEK1xgkPEa3BDkxkm9wsloiM4pCEa4Lv
Jr8QbTrEkofjnNeiNgeAa/jFmu5osVW0/5Zqf4PmjfmWE0Xk5ruEqVuHkKCRN9dH
Y+aZg8deS6XPWlgJkzz9X7TCrYExucgUJnAT0ri/PPAUyDo2RrYf6yEmz+XpfXzt
DGi6JM777HAstGoTAMp/P7RoZ0X9PWfTbBKLX61AUmBkzNM0xAulikMS2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHUivvd/li8mg0LgTu7te6KSV8VqMB8GA1UdIwQY
MBaAFLaPlA8cxXfzcPKEKIUNx790GPEhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdG8tVUR4ekZkX053OG9Rb2hRM0h2M1FZOFNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC80YjJjMjMtZjUzNS00YjZkLWE0NDUt
ZTA0ZGFjNjFjZTlkLzEvZFNLLTkzLVdMeWFEUXVCTzd1MTdvcEpYeFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC80YjJjMjMtZjUzNS00YjZkLWE0NDUtZTA0ZGFjNjFjZTlk
LzEvdG8tVUR4ekZkX053OG9Rb2hRM0h2M1FZOFNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwRp9MA8E
AgACMAkDBwAgAQZ8DNgwDQYJKoZIhvcNAQELBQADggEBAErOxUEUM1HfyMmPV5VN
ae3YJbuKV5Tnxs/jZCmrEQpGH+4+PGknpt66vPUvtQfIbKeTUUnSJGBEFzS7r++y
H/RwODojFo6Gip13Nn8nkWMm3Clb+Yd9d1MJXKVJFXFdPY8YIHwkbMSuJFeDu818
zTKi0rrFq/+Y1wfhQwEPPEQ0iosnUiL77x79cXBfM/cjWJgRELyUsRChqaJoQmY3
O1pkdRpUNLVh32fVMqOh/W/Wg0Ay9u3c5F5YB963eFjC1t9xLIxznoYmt4/OxKaS
aO6ji1TyfKkt/yA1bx8Npa2rEFZUEayVrCkGZxNwgsCA45ZoBmpdKd/raSPe87eI
tzo=
-----END CERTIFICATE-----