Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/4cac6b-8e05-448a-83f7-6835852158d8/1/5stymyV2VXExRNfPDRHs0SsKv84.roa
File:                     5stymyV2VXExRNfPDRHs0SsKv84.roa (raw, json)
Hash identifier:          LAJy81D8Y1W3Al27GIYu76cE8aqvZvfTwIjGsrUN8O8=
Subject key identifier:   E6:CB:72:9B:25:76:55:71:31:44:D7:CF:0D:11:EC:D1:2B:0A:BF:CE
Certificate issuer:       /CN=c6d11b64ffe18efa42f43a6c765639dee38d027e
Certificate serial:       0194221FCDA4316E474E3A51E6A4ADD43212
Authority key identifier: C6:D1:1B:64:FF:E1:8E:FA:42:F4:3A:6C:76:56:39:DE:E3:8D:02:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xtEbZP_hjvpC9DpsdlY53uONAn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/4cac6b-8e05-448a-83f7-6835852158d8/1/5stymyV2VXExRNfPDRHs0SsKv84.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        193.73.113.0/24 maxlen: 24
                          193.135.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/4cac6b-8e05-448a-83f7-6835852158d8/1/xtEbZP_hjvpC9DpsdlY53uONAn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/4cac6b-8e05-448a-83f7-6835852158d8/1/xtEbZP_hjvpC9DpsdlY53uONAn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xtEbZP_hjvpC9DpsdlY53uONAn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cd:a4:31:6e:47:4e:3a:51:e6:a4:ad:d4:32:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6d11b64ffe18efa42f43a6c765639dee38d027e
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6cb729b257655713144d7cf0d11ecd12b0abfce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:99:df:8d:7a:ab:0d:18:c7:a0:ad:78:94:b7:
                    47:ae:6d:26:c5:a3:87:ed:93:9e:ec:34:ed:36:15:
                    83:1d:9c:2a:d4:13:2e:b5:fa:f6:8d:a9:3e:f1:1d:
                    7a:93:4b:69:16:7b:7a:d9:5f:69:68:b5:ab:8a:29:
                    76:a6:68:bb:31:23:25:30:c3:d5:27:fc:6a:5a:6a:
                    ed:c4:80:b6:cc:ed:f3:d1:ce:d9:d2:b9:88:d1:81:
                    42:06:23:82:06:18:ac:8a:99:e5:be:a5:62:f0:c8:
                    59:84:11:b5:19:be:a2:c8:50:ca:00:ed:7c:32:71:
                    46:b5:96:87:2e:5a:ea:ca:0f:6d:52:fb:da:70:87:
                    15:f1:f2:1c:ff:ff:d1:ba:f4:f5:08:1e:c4:73:39:
                    d1:3a:c3:ba:72:67:b0:bd:7a:51:6e:27:9f:6a:fd:
                    7a:ad:05:99:af:01:1b:c6:ee:f2:90:b7:f4:dd:82:
                    9c:ec:2b:b6:0b:80:1d:80:bd:0d:5c:8f:5a:dc:be:
                    d1:b5:cb:64:0c:36:7a:91:c9:cc:41:d1:93:fe:5e:
                    93:8b:c8:10:ed:0f:ba:5d:be:7c:5c:45:1b:49:ba:
                    6f:3f:0c:0c:a9:21:74:15:00:78:4a:44:3e:b0:5b:
                    f2:19:14:30:8c:85:75:aa:8b:32:88:a2:c7:46:5a:
                    db:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CB:72:9B:25:76:55:71:31:44:D7:CF:0D:11:EC:D1:2B:0A:BF:CE
            X509v3 Authority Key Identifier:
                keyid:C6:D1:1B:64:FF:E1:8E:FA:42:F4:3A:6C:76:56:39:DE:E3:8D:02:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xtEbZP_hjvpC9DpsdlY53uONAn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4cac6b-8e05-448a-83f7-6835852158d8/1/5stymyV2VXExRNfPDRHs0SsKv84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/4cac6b-8e05-448a-83f7-6835852158d8/1/xtEbZP_hjvpC9DpsdlY53uONAn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.73.113.0/24
                  193.135.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:cc:07:c7:08:f0:f4:18:05:b2:24:d1:38:42:f1:61:de:ca:
         ee:34:f2:71:08:61:83:67:a3:d3:a8:11:c7:2d:49:43:ae:ea:
         c7:3a:ce:2d:29:b5:8a:c6:9b:18:f4:61:5e:ae:52:b4:9c:23:
         e7:e5:8a:bd:0b:5b:df:07:33:db:32:c1:d9:b5:93:fc:58:50:
         e4:24:05:68:c0:1b:3c:f6:52:0d:eb:5a:fb:fd:39:32:ae:92:
         f4:fc:23:54:19:af:cf:43:37:3e:f7:79:e6:4b:17:f0:5c:c3:
         46:77:af:ad:12:f8:84:f2:34:15:6f:b2:ac:bb:78:5e:36:e0:
         c0:36:a5:47:d3:82:5b:57:75:41:f9:bf:47:2b:dc:fe:b8:47:
         6a:86:88:2b:4c:38:d5:f9:6a:0f:53:4e:16:eb:aa:1a:4a:f3:
         9f:aa:b4:34:23:e9:a9:71:1d:4c:1f:5e:c3:86:4c:b6:a1:dd:
         d6:41:10:77:88:25:2c:05:70:1d:6b:f0:c2:a5:88:b8:d1:a2:
         17:d2:13:d2:3d:7d:a7:d2:40:9e:0c:f9:6e:8b:b1:3c:3e:99:
         44:fd:e7:34:1f:e4:45:de:2f:62:0b:3f:ef:46:fb:46:cc:ea:
         b3:9f:0c:ba:56:9a:b5:16:77:35:8f:c4:4c:3d:f5:1b:1b:f0:
         30:4f:48:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH82kMW5HTjpR5qSt1DISMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZDExYjY0ZmZlMThlZmE0MmY0M2E2Yzc2NTYzOWRlZTM4
ZDAyN2UwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNiNzI5YjI1NzY1NTcxMzE0NGQ3Y2YwZDExZWNkMTJiMGFiZmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5nfjXqrDRjHoK14lLdHrm0mxaOH
7ZOe7DTtNhWDHZwq1BMutfr2jak+8R16k0tpFnt62V9paLWriil2pmi7MSMlMMPV
J/xqWmrtxIC2zO3z0c7Z0rmI0YFCBiOCBhisipnlvqVi8MhZhBG1Gb6iyFDKAO18
MnFGtZaHLlrqyg9tUvvacIcV8fIc///RuvT1CB7EcznROsO6cmewvXpRbiefav16
rQWZrwEbxu7ykLf03YKc7Cu2C4AdgL0NXI9a3L7RtctkDDZ6kcnMQdGT/l6Ti8gQ
7Q+6Xb58XEUbSbpvPwwMqSF0FQB4SkQ+sFvyGRQwjIV1qosyiKLHRlrb4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFObLcpsldlVxMUTXzw0R7NErCr/OMB8GA1UdIwQY
MBaAFMbRG2T/4Y76QvQ6bHZWOd7jjQJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHRFYlpQX2hqdnBDOURwc2RsWTUzdU9OQW40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80Y2FjNmItOGUwNS00NDhhLTgzZjct
NjgzNTg1MjE1OGQ4LzEvNXN0eW15VjJWWEV4Uk5mUERSSHMwU3NLdjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80Y2FjNmItOGUwNS00NDhhLTgzZjctNjgzNTg1MjE1OGQ4
LzEveHRFYlpQX2hqdnBDOURwc2RsWTUzdU9OQW40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwUlxAwQA
wYf+MA0GCSqGSIb3DQEBCwUAA4IBAQCDzAfHCPD0GAWyJNE4QvFh3sruNPJxCGGD
Z6PTqBHHLUlDrurHOs4tKbWKxpsY9GFerlK0nCPn5Yq9C1vfBzPbMsHZtZP8WFDk
JAVowBs89lIN61r7/TkyrpL0/CNUGa/PQzc+93nmSxfwXMNGd6+tEviE8jQVb7Ks
u3heNuDANqVH04JbV3VB+b9HK9z+uEdqhogrTDjV+WoPU04W66oaSvOfqrQ0I+mp
cR1MH17Dhky2od3WQRB3iCUsBXAda/DCpYi40aIX0hPSPX2n0kCeDPlui7E8PplE
/ec0H+RF3i9iCz/vRvtGzOqznwy6Vpq1Fnc1j8RMPfUbG/AwT0io
-----END CERTIFICATE-----