Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/W4XahjIUcn2mEvtXXAsHwpbRivY.roa
File:                     W4XahjIUcn2mEvtXXAsHwpbRivY.roa (raw, json)
Hash identifier:          2OOpdjz9UpDKv+dUsZMaEoPO0IiMCjqOpoDoPFdecug=
Subject key identifier:   5B:85:DA:86:32:14:72:7D:A6:12:FB:57:5C:0B:07:C2:96:D1:8A:F6
Certificate issuer:       /CN=11184fb6503a760657f90270e276a3fcb50b8e8f
Certificate serial:       019427B49CB760BF27B938EDD315998699A2
Authority key identifier: 11:18:4F:B6:50:3A:76:06:57:F9:02:70:E2:76:A3:FC:B5:0B:8E:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERhPtlA6dgZX-QJw4naj_LULjo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/W4XahjIUcn2mEvtXXAsHwpbRivY.roa
Signing time:             Thu 02 Jan 2025 15:48:55 +0000
ROA not before:           Thu 02 Jan 2025 15:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        193.110.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/ERhPtlA6dgZX-QJw4naj_LULjo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/ERhPtlA6dgZX-QJw4naj_LULjo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERhPtlA6dgZX-QJw4naj_LULjo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:9c:b7:60:bf:27:b9:38:ed:d3:15:99:86:99:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11184fb6503a760657f90270e276a3fcb50b8e8f
        Validity
            Not Before: Jan  2 15:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b85da863214727da612fb575c0b07c296d18af6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9a:e4:b3:3c:3d:8d:70:a5:9f:29:37:4c:30:
                    b4:4f:46:bb:6f:d4:b8:bf:46:7a:5c:01:6e:3d:07:
                    da:6e:fd:cc:ef:65:78:c3:40:58:1e:22:71:67:84:
                    ef:04:6d:80:1e:28:22:ce:03:a8:7d:eb:8a:35:71:
                    86:b8:51:20:24:4f:58:fc:c1:e4:c0:ce:b6:7e:46:
                    9d:89:35:45:fb:d2:4a:f0:8b:93:a2:c8:87:ca:0d:
                    d4:60:63:19:94:12:bc:aa:c3:44:19:b9:44:e7:4a:
                    a1:45:00:69:ca:08:b9:da:1f:cc:a7:da:5b:6e:e8:
                    a9:68:3a:7e:0b:48:ca:be:25:d7:51:c6:03:68:79:
                    d8:6a:b2:63:95:1b:97:5d:5d:3f:ac:e0:32:c3:74:
                    ac:ff:dc:9e:a4:a5:32:47:c1:0d:f6:7e:44:8d:9b:
                    69:dc:60:28:d4:08:1e:d8:44:a5:d2:3f:bf:ba:31:
                    3e:20:04:b3:5f:96:08:5d:48:5e:a7:78:09:1e:e5:
                    54:5b:45:0f:93:b9:90:91:6b:41:de:2e:30:e9:cd:
                    3c:1b:96:c0:f6:4d:88:2d:42:6f:52:1a:28:ac:9b:
                    1e:38:05:9e:d5:7c:48:f3:5d:a7:c3:0d:d9:82:64:
                    e2:91:b4:6f:d8:22:c4:25:92:04:17:94:c7:4c:cd:
                    dc:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:85:DA:86:32:14:72:7D:A6:12:FB:57:5C:0B:07:C2:96:D1:8A:F6
            X509v3 Authority Key Identifier:
                keyid:11:18:4F:B6:50:3A:76:06:57:F9:02:70:E2:76:A3:FC:B5:0B:8E:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERhPtlA6dgZX-QJw4naj_LULjo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/W4XahjIUcn2mEvtXXAsHwpbRivY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/33a733-ef05-4af0-8535-196d666d2b2b/1/ERhPtlA6dgZX-QJw4naj_LULjo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:ad:f9:81:e2:fc:a5:e7:01:70:49:9b:1f:d0:71:a6:3b:31:
         c1:61:1b:16:da:da:7b:57:dc:74:14:8d:cf:b0:9f:f1:ab:a1:
         fa:21:72:84:26:ee:9d:9a:63:ef:be:b3:f0:17:54:3f:d2:8a:
         b0:47:da:a4:c0:cc:8e:53:ce:5a:97:e3:e5:63:b9:4f:02:8f:
         76:26:4f:6d:f0:e1:3c:04:b2:68:39:c4:a3:8d:70:b8:d8:90:
         12:c1:35:ba:c2:c8:5e:7a:a2:a1:19:5b:11:2f:5f:25:09:f2:
         cd:20:14:48:fe:cd:aa:e1:02:6f:28:1c:e5:7c:98:8a:2b:60:
         49:eb:aa:b9:f1:fb:a9:22:00:85:7b:9d:9a:7e:38:ea:38:90:
         f1:f2:8b:6f:a8:f9:bf:e0:30:b3:a1:46:09:20:3d:09:7b:b7:
         6e:9a:8b:af:91:be:65:c7:6f:d1:5d:9b:12:cd:e2:06:c3:6a:
         d2:e9:9b:fe:a4:1e:80:34:c5:0a:a4:36:5f:6a:c9:45:de:50:
         85:8a:cb:71:b6:a1:36:ec:37:b4:82:4f:fc:fa:fe:28:76:3f:
         8f:eb:a2:78:ac:63:72:df:ac:8a:19:a8:77:ff:4a:9f:57:e7:
         09:25:77:28:3d:91:21:bf:2e:c3:cd:83:aa:d1:e5:b8:98:1b:
         2f:29:52:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntJy3YL8nuTjt0xWZhpmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTg0ZmI2NTAzYTc2MDY1N2Y5MDI3MGUyNzZhM2ZjYjUw
YjhlOGYwHhcNMjUwMTAyMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjg1ZGE4NjMyMTQ3MjdkYTYxMmZiNTc1YzBiMDdjMjk2ZDE4YWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqprkszw9jXClnyk3TDC0T0a7b9S4
v0Z6XAFuPQfabv3M72V4w0BYHiJxZ4TvBG2AHigizgOofeuKNXGGuFEgJE9Y/MHk
wM62fkadiTVF+9JK8IuTosiHyg3UYGMZlBK8qsNEGblE50qhRQBpygi52h/Mp9pb
buipaDp+C0jKviXXUcYDaHnYarJjlRuXXV0/rOAyw3Ss/9yepKUyR8EN9n5EjZtp
3GAo1Age2ESl0j+/ujE+IASzX5YIXUhep3gJHuVUW0UPk7mQkWtB3i4w6c08G5bA
9k2ILUJvUhoorJseOAWe1XxI812nww3ZgmTikbRv2CLEJZIEF5THTM3cpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuF2oYyFHJ9phL7V1wLB8KW0Yr2MB8GA1UdIwQY
MBaAFBEYT7ZQOnYGV/kCcOJ2o/y1C46PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJoUHRsQTZkZ1pYLVFKdzRuYWpfTFVMam84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zM2E3MzMtZWYwNS00YWYwLTg1MzUt
MTk2ZDY2NmQyYjJiLzEvVzRYYWhqSVVjbjJtRXZ0WFhBc0h3cGJSaXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zM2E3MzMtZWYwNS00YWYwLTg1MzUtMTk2ZDY2NmQyYjJi
LzEvRVJoUHRsQTZkZ1pYLVFKdzRuYWpfTFVMam84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW7RMA0G
CSqGSIb3DQEBCwUAA4IBAQDPrfmB4vyl5wFwSZsf0HGmOzHBYRsW2tp7V9x0FI3P
sJ/xq6H6IXKEJu6dmmPvvrPwF1Q/0oqwR9qkwMyOU85al+PlY7lPAo92Jk9t8OE8
BLJoOcSjjXC42JASwTW6wsheeqKhGVsRL18lCfLNIBRI/s2q4QJvKBzlfJiKK2BJ
66q58fupIgCFe52afjjqOJDx8otvqPm/4DCzoUYJID0Je7dumouvkb5lx2/RXZsS
zeIGw2rS6Zv+pB6ANMUKpDZfaslF3lCFistxtqE27De0gk/8+v4odj+P66J4rGNy
36yKGah3/0qfV+cJJXcoPZEhvy7DzYOq0eW4mBsvKVJw
-----END CERTIFICATE-----