Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/yA5B5VXhOCm628j2BmlmI-fci1Y.roa
File:                     yA5B5VXhOCm628j2BmlmI-fci1Y.roa (raw, json)
Hash identifier:          QTSh8buWKlIWj0giqvjbzYLkHrxbOtA9phJCik8JbFI=
Subject key identifier:   C8:0E:41:E5:55:E1:38:29:BA:DB:C8:F6:06:69:66:23:E7:DC:8B:56
Certificate issuer:       /CN=5be5f1953e031d279864f3c3beff0bc675a00ee4
Certificate serial:       019427B64192CD211681204AE013AB01D47D
Authority key identifier: 5B:E5:F1:95:3E:03:1D:27:98:64:F3:C3:BE:FF:0B:C6:75:A0:0E:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/yA5B5VXhOCm628j2BmlmI-fci1Y.roa
Signing time:             Thu 02 Jan 2025 15:50:43 +0000
ROA not before:           Thu 02 Jan 2025 15:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212640
IP address blocks:        193.163.54.0/24 maxlen: 24
                          2a10:6b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:41:92:cd:21:16:81:20:4a:e0:13:ab:01:d4:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5be5f1953e031d279864f3c3beff0bc675a00ee4
        Validity
            Not Before: Jan  2 15:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c80e41e555e13829badbc8f606696623e7dc8b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:24:63:3f:e2:87:3f:d7:a6:70:18:5d:b3:36:
                    01:72:ca:a6:c2:89:8e:a2:38:14:4a:9f:e1:44:14:
                    93:37:cf:7a:4d:50:6e:6d:d6:b5:eb:6e:6d:7d:de:
                    af:59:69:4a:82:6b:b8:24:64:9a:a8:41:f7:96:c7:
                    30:b3:c2:df:a9:ee:e2:48:27:cb:f6:a9:c1:f7:ff:
                    55:bd:e6:00:d4:26:fb:81:ff:cd:94:4c:c1:00:3a:
                    5e:4a:2a:81:16:55:05:44:3d:43:f3:5a:fe:24:26:
                    c4:78:d9:6c:ac:91:d0:d5:8f:ef:c8:4a:d5:2c:23:
                    5c:9a:3f:88:62:e6:07:b2:1e:04:64:5e:84:10:4f:
                    2a:d4:96:17:fd:7e:8e:69:a1:b2:53:37:3f:19:a8:
                    0a:3d:eb:89:12:9e:bf:49:b8:f0:40:be:68:5e:42:
                    d1:cc:fd:ec:9c:6e:7b:d7:d8:7f:c4:96:f7:9b:c7:
                    d0:f3:fc:70:cb:b6:8d:c4:64:c8:b1:36:4e:35:6c:
                    ad:d7:d8:fc:88:d3:5d:94:fa:65:9f:31:44:e8:51:
                    c8:27:d5:1f:5c:01:a4:8b:e2:3f:11:5c:84:01:c3:
                    65:6f:de:b9:6f:96:5f:83:a4:fb:f6:ff:7e:2c:32:
                    c6:78:60:4b:ce:db:b1:b4:69:cc:93:1f:44:54:c4:
                    52:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:0E:41:E5:55:E1:38:29:BA:DB:C8:F6:06:69:66:23:E7:DC:8B:56
            X509v3 Authority Key Identifier:
                keyid:5B:E5:F1:95:3E:03:1D:27:98:64:F3:C3:BE:FF:0B:C6:75:A0:0E:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/yA5B5VXhOCm628j2BmlmI-fci1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ce12ca-ab7e-4854-bc67-8c600eae7d80/1/W-XxlT4DHSeYZPPDvv8LxnWgDuQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.54.0/24
                IPv6:
                  2a10:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:6b:44:04:e2:36:cb:76:0f:a5:e5:0f:fa:3d:6b:de:30:4f:
         db:ed:ab:20:ff:e7:71:b2:ae:4b:05:d7:f6:43:a5:6f:79:49:
         ab:c7:6b:33:c7:29:8a:75:fe:54:b8:74:a2:ea:c3:67:33:e5:
         b5:42:bc:0b:4f:63:f0:63:16:8d:52:52:de:e4:76:c8:48:25:
         6e:6a:20:ab:62:04:63:b6:cf:eb:2a:be:67:3f:88:57:69:1c:
         b0:c0:e0:6a:3f:9c:15:8a:2a:b5:0d:76:6c:b5:cf:2e:ad:c7:
         5c:5a:5a:06:75:64:07:44:b6:31:6e:6c:ef:1b:43:bb:a9:50:
         59:08:97:e1:55:4d:7f:ce:12:eb:dc:e5:b4:e2:93:29:2a:6e:
         05:10:2d:e4:e8:ba:65:b4:60:3b:9d:b6:c5:13:ba:a0:46:2a:
         9a:08:08:b9:18:14:8c:4e:c8:71:87:14:61:3f:5b:d3:da:bd:
         39:0b:b8:bf:b1:4e:4b:a3:3e:dd:c3:c1:03:8c:8f:29:41:20:
         fe:d5:76:d0:e1:28:53:59:fc:fa:36:f1:94:4c:07:3c:8f:7e:
         b2:e3:01:88:98:d5:4b:97:02:2b:56:ed:6d:3e:76:38:8c:86:
         63:f4:2b:38:8a:ab:f3:80:d9:34:ab:92:79:31:55:45:6f:5e:
         ff:db:ac:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntkGSzSEWgSBK4BOrAdR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZTVmMTk1M2UwMzFkMjc5ODY0ZjNjM2JlZmYwYmM2NzVh
MDBlZTQwHhcNMjUwMTAyMTU1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODBlNDFlNTU1ZTEzODI5YmFkYmM4ZjYwNjY5NjYyM2U3ZGM4YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyRjP+KHP9emcBhdszYBcsqmwomO
ojgUSp/hRBSTN896TVBubda1625tfd6vWWlKgmu4JGSaqEH3lscws8Lfqe7iSCfL
9qnB9/9VveYA1Cb7gf/NlEzBADpeSiqBFlUFRD1D81r+JCbEeNlsrJHQ1Y/vyErV
LCNcmj+IYuYHsh4EZF6EEE8q1JYX/X6OaaGyUzc/GagKPeuJEp6/SbjwQL5oXkLR
zP3snG5719h/xJb3m8fQ8/xwy7aNxGTIsTZONWyt19j8iNNdlPplnzFE6FHIJ9Uf
XAGki+I/EVyEAcNlb965b5Zfg6T79v9+LDLGeGBLztuxtGnMkx9EVMRS7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMgOQeVV4TgputvI9gZpZiPn3ItWMB8GA1UdIwQY
MBaAFFvl8ZU+Ax0nmGTzw77/C8Z1oA7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1YeGxUNERIU2VZWlBQRHZ2OEx4bldnRHVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9jZTEyY2EtYWI3ZS00ODU0LWJjNjct
OGM2MDBlYWU3ZDgwLzEveUE1QjVWWGhPQ202MjhqMkJtbG1JLWZjaTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9jZTEyY2EtYWI3ZS00ODU0LWJjNjctOGM2MDBlYWU3ZDgw
LzEvVy1YeGxUNERIU2VZWlBQRHZ2OEx4bldnRHVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaM2MA0E
AgACMAcDBQMqEGtAMA0GCSqGSIb3DQEBCwUAA4IBAQBXa0QE4jbLdg+l5Q/6PWve
ME/b7asg/+dxsq5LBdf2Q6VveUmrx2szxymKdf5UuHSi6sNnM+W1QrwLT2PwYxaN
UlLe5HbISCVuaiCrYgRjts/rKr5nP4hXaRywwOBqP5wViiq1DXZstc8urcdcWloG
dWQHRLYxbmzvG0O7qVBZCJfhVU1/zhLr3OW04pMpKm4FEC3k6LpltGA7nbbFE7qg
RiqaCAi5GBSMTshxhxRhP1vT2r05C7i/sU5Loz7dw8EDjI8pQSD+1XbQ4ShTWfz6
NvGUTAc8j36y4wGImNVLlwIrVu1tPnY4jIZj9Cs4iqvzgNk0q5J5MVVFb17/26zA
-----END CERTIFICATE-----