Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/M1t61zFriLUhV6w-rpKhVc5pbtI.roa
File:                     M1t61zFriLUhV6w-rpKhVc5pbtI.roa (raw, json)
Hash identifier:          SMrR4aeWQHwd+VhRNHme2dIKoEpbr73IPaO3PrfJOhI=
Subject key identifier:   33:5B:7A:D7:31:6B:88:B5:21:57:AC:3E:AE:92:A1:55:CE:69:6E:D2
Certificate issuer:       /CN=294a1cdb68f154cf95418a308c82d8da50775109
Certificate serial:       019423D7C6A8107187E4458F5BE99E077129
Authority key identifier: 29:4A:1C:DB:68:F1:54:CF:95:41:8A:30:8C:82:D8:DA:50:77:51:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUoc22jxVM-VQYowjILY2lB3UQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/M1t61zFriLUhV6w-rpKhVc5pbtI.roa
Signing time:             Wed 01 Jan 2025 21:48:51 +0000
ROA not before:           Wed 01 Jan 2025 21:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        193.16.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/KUoc22jxVM-VQYowjILY2lB3UQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/KUoc22jxVM-VQYowjILY2lB3UQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUoc22jxVM-VQYowjILY2lB3UQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:c6:a8:10:71:87:e4:45:8f:5b:e9:9e:07:71:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=294a1cdb68f154cf95418a308c82d8da50775109
        Validity
            Not Before: Jan  1 21:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=335b7ad7316b88b52157ac3eae92a155ce696ed2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4e:6a:dc:0f:56:7a:b3:89:23:a2:2f:b4:4d:
                    de:4c:48:23:9d:22:35:59:ac:ef:15:8b:a7:a1:0d:
                    ae:37:23:03:eb:af:07:10:aa:73:9c:11:74:d3:87:
                    21:03:ba:d7:63:ca:19:4c:1a:28:9d:02:d5:70:43:
                    37:09:04:8d:f5:a3:aa:92:04:a2:42:e6:d4:a8:78:
                    ea:f3:8c:ba:76:13:d9:98:af:50:d3:43:ae:4f:0d:
                    8a:e1:76:20:96:72:46:e4:4e:78:91:dd:62:4d:7b:
                    7b:3e:1a:91:1e:04:6f:5e:45:56:26:58:1e:91:7a:
                    ee:44:49:1d:c5:1e:82:f9:1b:c2:3a:ce:69:3b:55:
                    06:08:b4:80:47:a4:ad:c6:9f:0b:0a:9b:ce:bd:84:
                    bd:97:43:91:27:d5:ab:d6:04:fb:cf:0a:b9:d7:16:
                    d7:46:07:29:96:a3:14:04:3a:2d:19:a5:b7:31:79:
                    e2:09:e2:6e:ba:a0:8f:51:5c:e0:05:60:37:7b:63:
                    1f:e7:1f:3f:78:16:2d:e3:f7:5d:c5:81:fa:44:95:
                    53:ef:de:31:73:f4:e0:c1:97:f7:68:d8:b6:c2:c0:
                    66:e3:df:77:f3:25:95:14:78:0c:b5:81:bb:3d:7a:
                    79:b7:02:87:c8:83:5b:19:84:2a:85:9b:84:87:64:
                    11:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5B:7A:D7:31:6B:88:B5:21:57:AC:3E:AE:92:A1:55:CE:69:6E:D2
            X509v3 Authority Key Identifier:
                keyid:29:4A:1C:DB:68:F1:54:CF:95:41:8A:30:8C:82:D8:DA:50:77:51:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUoc22jxVM-VQYowjILY2lB3UQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/M1t61zFriLUhV6w-rpKhVc5pbtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/04f474-e3b5-4595-a044-657e41c63ca9/1/KUoc22jxVM-VQYowjILY2lB3UQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a2:2e:95:ed:d6:83:9e:2b:b3:47:48:27:bc:20:8b:02:b3:
         ef:0d:b4:4a:ce:b3:8d:6f:59:55:81:72:44:60:6b:d7:cf:24:
         71:3b:47:23:e0:a3:8a:e1:a2:a5:72:7b:d1:d6:ca:1b:7d:d0:
         c5:cc:b6:d8:04:b6:63:4e:e0:63:ba:48:7d:ca:76:f6:4e:b3:
         b8:ba:17:19:b4:88:68:dd:1f:0d:aa:79:02:19:69:ff:be:72:
         41:d4:12:a7:a5:ef:d2:f5:dc:02:4b:f6:7e:a3:90:fa:18:35:
         a1:1d:5d:f1:b6:00:71:80:c5:5a:f7:5b:bc:28:35:d5:fe:5a:
         53:d3:9b:73:5f:a7:a2:27:d3:31:ea:4d:d5:16:6a:62:0f:5c:
         ae:26:95:97:f2:c2:e3:ee:3c:fe:78:0a:0e:d3:7f:27:ad:2d:
         07:27:8d:69:9f:47:e3:49:e4:16:ab:65:99:73:79:b7:c2:d3:
         fb:59:ba:d0:52:97:48:ac:1a:4c:e1:12:e6:91:a3:9e:8a:e2:
         d9:fd:26:2c:17:fa:cb:48:f3:ea:01:65:03:96:17:0c:f1:d3:
         80:45:d7:2f:04:2f:5c:27:f9:ff:1f:fc:0d:5c:37:9d:d1:6c:
         b9:78:38:38:72:61:12:53:72:6f:26:d4:c5:b6:86:77:cb:56:
         9c:c8:40:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj18aoEHGH5EWPW+meB3EpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NGExY2RiNjhmMTU0Y2Y5NTQxOGEzMDhjODJkOGRhNTA3
NzUxMDkwHhcNMjUwMTAxMjE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzViN2FkNzMxNmI4OGI1MjE1N2FjM2VhZTkyYTE1NWNlNjk2ZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk5q3A9WerOJI6IvtE3eTEgjnSI1
WazvFYunoQ2uNyMD668HEKpznBF004chA7rXY8oZTBoonQLVcEM3CQSN9aOqkgSi
QubUqHjq84y6dhPZmK9Q00OuTw2K4XYglnJG5E54kd1iTXt7PhqRHgRvXkVWJlge
kXruREkdxR6C+RvCOs5pO1UGCLSAR6Stxp8LCpvOvYS9l0ORJ9Wr1gT7zwq51xbX
RgcplqMUBDotGaW3MXniCeJuuqCPUVzgBWA3e2Mf5x8/eBYt4/ddxYH6RJVT794x
c/TgwZf3aNi2wsBm49938yWVFHgMtYG7PXp5twKHyINbGYQqhZuEh2QRbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNbetcxa4i1IVesPq6SoVXOaW7SMB8GA1UdIwQY
MBaAFClKHNto8VTPlUGKMIyC2NpQd1EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VvYzIyanhWTS1WUVlvd2pJTFkybEIzVVFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wNGY0NzQtZTNiNS00NTk1LWEwNDQt
NjU3ZTQxYzYzY2E5LzEvTTF0NjF6RnJpTFVoVjZ3LXJwS2hWYzVwYnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wNGY0NzQtZTNiNS00NTk1LWEwNDQtNjU3ZTQxYzYzY2E5
LzEvS1VvYzIyanhWTS1WUVlvd2pJTFkybEIzVVFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRD1MA0G
CSqGSIb3DQEBCwUAA4IBAQB9oi6V7daDniuzR0gnvCCLArPvDbRKzrONb1lVgXJE
YGvXzyRxO0cj4KOK4aKlcnvR1sobfdDFzLbYBLZjTuBjukh9ynb2TrO4uhcZtIho
3R8NqnkCGWn/vnJB1BKnpe/S9dwCS/Z+o5D6GDWhHV3xtgBxgMVa91u8KDXV/lpT
05tzX6eiJ9Mx6k3VFmpiD1yuJpWX8sLj7jz+eAoO038nrS0HJ41pn0fjSeQWq2WZ
c3m3wtP7WbrQUpdIrBpM4RLmkaOeiuLZ/SYsF/rLSPPqAWUDlhcM8dOARdcvBC9c
J/n/H/wNXDed0Wy5eDg4cmESU3JvJtTFtoZ3y1acyECe
-----END CERTIFICATE-----