Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/cpaYv-AQ-t9zhgKKXsvKBzFcSaQ.roa
File:                     cpaYv-AQ-t9zhgKKXsvKBzFcSaQ.roa (raw, json)
Hash identifier:          QH8X2hDISDdQVFPt9W1N705nATkeCHCrQhlKJMRWx8A=
Subject key identifier:   72:96:98:BF:E0:10:FA:DF:73:86:02:8A:5E:CB:CA:07:31:5C:49:A4
Certificate issuer:       /CN=9588fb4b0fb07b2b52e30d9219898f28cfbc9a2d
Certificate serial:       019425FDCDD693C66C4F30407DE4CDE941B2
Authority key identifier: 95:88:FB:4B:0F:B0:7B:2B:52:E3:0D:92:19:89:8F:28:CF:BC:9A:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lYj7Sw-weytS4w2SGYmPKM-8mi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/cpaYv-AQ-t9zhgKKXsvKBzFcSaQ.roa
Signing time:             Thu 02 Jan 2025 07:49:37 +0000
ROA not before:           Thu 02 Jan 2025 07:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57443
IP address blocks:        193.57.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/lYj7Sw-weytS4w2SGYmPKM-8mi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/lYj7Sw-weytS4w2SGYmPKM-8mi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lYj7Sw-weytS4w2SGYmPKM-8mi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:cd:d6:93:c6:6c:4f:30:40:7d:e4:cd:e9:41:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9588fb4b0fb07b2b52e30d9219898f28cfbc9a2d
        Validity
            Not Before: Jan  2 07:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=729698bfe010fadf7386028a5ecbca07315c49a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:27:8d:c2:43:f3:5d:b2:24:52:f9:39:6f:2f:
                    74:24:7a:15:03:a5:81:90:be:fb:7f:ed:9f:b6:e0:
                    9d:00:fc:b7:d6:e0:9d:98:f8:6f:ba:54:59:3a:c1:
                    7e:b4:9c:1c:91:cf:a3:a2:36:1b:54:5a:7b:f0:01:
                    ab:31:1a:35:43:e4:f0:72:55:c6:e1:4c:5f:ed:f6:
                    b2:3f:bb:ad:11:02:66:ef:c3:4d:34:3d:c0:8c:17:
                    d8:40:11:f4:fe:66:d8:12:1b:72:71:cf:98:b4:e4:
                    04:ec:34:79:ec:dd:69:7e:2a:e7:a3:61:85:56:0f:
                    7d:b9:2e:c6:14:44:10:a2:1e:09:75:da:21:76:51:
                    5d:62:13:ec:10:1b:e9:71:f2:c9:14:11:00:5c:d8:
                    f2:e5:83:5e:45:08:95:fe:e4:60:b8:21:7e:b2:ea:
                    03:de:76:c1:e4:8a:f5:2b:08:06:09:f7:26:05:da:
                    6d:26:7e:5d:13:f3:1c:ef:60:3e:b1:75:3c:b6:64:
                    d4:ff:58:f7:fa:a2:99:ed:73:6c:57:7c:65:25:7c:
                    7e:e5:13:c7:42:8d:89:80:18:7c:70:8a:35:01:54:
                    a0:e2:0b:ed:4c:45:4e:5c:0d:13:26:ef:d3:cf:04:
                    f8:c1:bf:e2:c0:71:cd:c2:b7:ab:c5:d1:72:ba:68:
                    26:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:96:98:BF:E0:10:FA:DF:73:86:02:8A:5E:CB:CA:07:31:5C:49:A4
            X509v3 Authority Key Identifier:
                keyid:95:88:FB:4B:0F:B0:7B:2B:52:E3:0D:92:19:89:8F:28:CF:BC:9A:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lYj7Sw-weytS4w2SGYmPKM-8mi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/cpaYv-AQ-t9zhgKKXsvKBzFcSaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fb85d3-6660-430e-9ac7-86d2c311db17/1/lYj7Sw-weytS4w2SGYmPKM-8mi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:52:49:3d:c2:ff:85:98:e6:2a:d3:54:9e:69:16:4a:62:67:
         fd:19:f8:f3:81:34:29:3c:35:24:65:48:83:f1:3d:47:e5:51:
         d6:bc:59:f0:b8:b9:f9:51:fd:a7:fa:9d:fb:f6:6b:0b:9d:90:
         38:71:89:35:18:3e:94:8f:3d:a3:a6:74:ce:0d:69:69:c4:fe:
         58:d5:47:3f:ba:e9:81:ff:dd:de:68:0d:9c:39:41:04:2c:2b:
         0a:58:e9:38:ab:e9:a4:5c:88:3f:c5:d7:dc:ec:71:70:c1:81:
         2b:e7:4c:9d:d3:2e:fc:ce:aa:84:71:c8:5d:7f:ea:66:a9:a4:
         8a:e0:7d:40:fe:12:6e:99:48:82:66:a5:a7:70:ba:36:c5:43:
         2e:00:50:63:ea:7d:d2:e8:4b:13:17:b8:0a:4b:82:76:cb:43:
         82:b8:b3:74:c4:8b:83:ce:9f:5c:a9:5f:29:29:d6:fb:14:b8:
         87:18:9e:70:d8:3c:1d:50:eb:21:a4:b9:40:a0:6a:d6:fd:8a:
         21:9f:e4:b4:b8:7a:9d:bd:5c:4e:41:03:ee:40:4f:d0:65:37:
         75:e9:6c:dc:a0:7e:6d:af:a7:e5:9b:de:34:a2:58:38:46:a3:
         2d:11:9a:fc:98:98:7e:45:9e:c4:64:c2:c3:65:a5:25:ee:74:
         13:3d:87:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/c3Wk8ZsTzBAfeTN6UGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ODhmYjRiMGZiMDdiMmI1MmUzMGQ5MjE5ODk4ZjI4Y2Zi
YzlhMmQwHhcNMjUwMTAyMDc0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk2OThiZmUwMTBmYWRmNzM4NjAyOGE1ZWNiY2EwNzMxNWM0OWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8SeNwkPzXbIkUvk5by90JHoVA6WB
kL77f+2ftuCdAPy31uCdmPhvulRZOsF+tJwckc+jojYbVFp78AGrMRo1Q+TwclXG
4Uxf7fayP7utEQJm78NNND3AjBfYQBH0/mbYEhtycc+YtOQE7DR57N1pfirno2GF
Vg99uS7GFEQQoh4JddohdlFdYhPsEBvpcfLJFBEAXNjy5YNeRQiV/uRguCF+suoD
3nbB5Ir1KwgGCfcmBdptJn5dE/Mc72A+sXU8tmTU/1j3+qKZ7XNsV3xlJXx+5RPH
Qo2JgBh8cIo1AVSg4gvtTEVOXA0TJu/TzwT4wb/iwHHNwrerxdFyumgm8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKWmL/gEPrfc4YCil7LygcxXEmkMB8GA1UdIwQY
MBaAFJWI+0sPsHsrUuMNkhmJjyjPvJotMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFlqN1N3LXdleXRTNHcyU0dZbVBLTS04bWkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mYjg1ZDMtNjY2MC00MzBlLTlhYzct
ODZkMmMzMTFkYjE3LzEvY3BhWXYtQVEtdDl6aGdLS1hzdktCekZjU2FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mYjg1ZDMtNjY2MC00MzBlLTlhYzctODZkMmMzMTFkYjE3
LzEvbFlqN1N3LXdleXRTNHcyU0dZbVBLTS04bWkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTnQMA0G
CSqGSIb3DQEBCwUAA4IBAQAVUkk9wv+FmOYq01SeaRZKYmf9GfjzgTQpPDUkZUiD
8T1H5VHWvFnwuLn5Uf2n+p379msLnZA4cYk1GD6Ujz2jpnTODWlpxP5Y1Uc/uumB
/93eaA2cOUEELCsKWOk4q+mkXIg/xdfc7HFwwYEr50yd0y78zqqEcchdf+pmqaSK
4H1A/hJumUiCZqWncLo2xUMuAFBj6n3S6EsTF7gKS4J2y0OCuLN0xIuDzp9cqV8p
Kdb7FLiHGJ5w2DwdUOshpLlAoGrW/Yohn+S0uHqdvVxOQQPuQE/QZTd16WzcoH5t
r6flm940olg4RqMtEZr8mJh+RZ7EZMLDZaUl7nQTPYcX
-----END CERTIFICATE-----