Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/ec5842-6559-48af-80e0-e0a045075984/1/z-jEZ2GeDlqh8l0l3lIAlNgwWk4.roa
File:                     z-jEZ2GeDlqh8l0l3lIAlNgwWk4.roa (raw, json)
Hash identifier:          J1d9uUMaCClXsN8LZbNyKK5FGLxWIxUYNiRDjBx501g=
Subject key identifier:   CF:E8:C4:67:61:9E:0E:5A:A1:F2:5D:25:DE:52:00:94:D8:30:5A:4E
Certificate issuer:       /CN=59280be9b34d9c669b8020e54dd6a485e317d72f
Certificate serial:       0194899180C929B1065484954AE937FCD197
Authority key identifier: 59:28:0B:E9:B3:4D:9C:66:9B:80:20:E5:4D:D6:A4:85:E3:17:D7:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WSgL6bNNnGabgCDlTdakheMX1y8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/ec5842-6559-48af-80e0-e0a045075984/1/z-jEZ2GeDlqh8l0l3lIAlNgwWk4.roa
Signing time:             Tue 21 Jan 2025 15:53:21 +0000
ROA not before:           Tue 21 Jan 2025 15:53:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214342
IP address blocks:        193.200.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/ec5842-6559-48af-80e0-e0a045075984/1/WSgL6bNNnGabgCDlTdakheMX1y8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/ec5842-6559-48af-80e0-e0a045075984/1/WSgL6bNNnGabgCDlTdakheMX1y8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WSgL6bNNnGabgCDlTdakheMX1y8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:89:91:80:c9:29:b1:06:54:84:95:4a:e9:37:fc:d1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59280be9b34d9c669b8020e54dd6a485e317d72f
        Validity
            Not Before: Jan 21 15:53:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfe8c467619e0e5aa1f25d25de520094d8305a4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ab:0c:1f:6f:97:aa:20:25:e8:8e:28:46:d7:
                    37:0b:c0:0d:e9:dc:b1:4d:bc:1f:ee:0d:e1:4b:74:
                    05:b8:5d:88:0e:a1:a1:98:bd:a7:fd:12:c1:54:6d:
                    96:b7:91:f1:51:19:71:35:42:16:77:84:23:b5:9c:
                    64:dc:bc:2c:b5:c1:c3:a2:5c:26:39:9c:c1:13:ac:
                    79:33:c2:ca:d5:fa:bd:ee:4c:db:88:6b:aa:e7:f8:
                    bc:fe:1a:c9:14:c3:d5:8e:45:d2:75:46:4a:ae:b8:
                    bc:aa:b0:98:78:54:40:09:d5:0a:08:dc:f0:32:60:
                    5c:1b:b0:4c:a2:82:bc:af:27:33:b6:78:e6:e5:2b:
                    12:57:55:06:5e:a2:08:25:88:2b:97:28:58:02:43:
                    6e:db:b9:dd:5a:b6:37:0b:04:7f:11:4c:19:a5:25:
                    57:44:6f:bc:9c:ac:e6:6e:5e:1a:7d:a4:d4:6f:62:
                    c6:a2:b9:44:b8:ee:40:c1:fc:4d:13:55:a9:7c:78:
                    46:01:c2:c5:ef:27:86:bb:b5:ca:49:26:8a:96:77:
                    9b:31:1e:50:42:f7:4d:d2:20:a6:42:83:f2:84:34:
                    27:23:a3:72:c9:55:18:0d:03:5d:ad:c2:12:39:a5:
                    44:d8:52:1e:c3:53:3e:36:15:68:e1:2d:c2:02:4d:
                    9a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:E8:C4:67:61:9E:0E:5A:A1:F2:5D:25:DE:52:00:94:D8:30:5A:4E
            X509v3 Authority Key Identifier:
                keyid:59:28:0B:E9:B3:4D:9C:66:9B:80:20:E5:4D:D6:A4:85:E3:17:D7:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WSgL6bNNnGabgCDlTdakheMX1y8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ec5842-6559-48af-80e0-e0a045075984/1/z-jEZ2GeDlqh8l0l3lIAlNgwWk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/ec5842-6559-48af-80e0-e0a045075984/1/WSgL6bNNnGabgCDlTdakheMX1y8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:4b:c0:f5:da:60:6c:19:0c:6c:ca:20:fb:64:af:d5:35:ed:
         cf:8e:b2:83:b4:d5:8f:3d:9e:bb:43:87:17:92:77:24:cf:3c:
         da:00:b8:12:c1:8f:c7:51:b8:37:2a:c1:1b:a5:ae:1d:c1:da:
         dd:57:3f:b1:e0:2e:06:fc:f1:09:05:99:ce:c7:63:eb:d0:70:
         2c:73:78:17:ba:7d:54:9e:9b:e9:44:00:80:a7:89:54:47:65:
         81:63:d0:3b:67:37:80:80:2b:7a:46:d1:0e:68:d8:e6:4b:0f:
         36:f5:fa:5f:27:cd:b4:50:a1:42:f2:d5:fc:8b:11:6d:da:57:
         29:42:56:ea:4a:5d:ab:3e:ef:eb:e3:dc:e1:a7:27:e0:e1:02:
         58:eb:4c:34:77:92:1f:76:a2:a7:07:b3:1d:81:1a:81:7b:83:
         99:75:55:bf:36:e3:77:94:26:21:70:90:8f:49:22:6a:dd:00:
         5a:45:6b:d0:8c:ed:e2:1b:c1:49:86:75:93:85:48:81:fe:f0:
         89:b5:10:10:62:8c:c0:a4:60:10:5a:c6:27:69:11:84:79:4f:
         cf:0c:4a:d4:54:e4:f5:b2:a5:6b:ed:af:55:a9:96:6f:35:a9:
         48:34:3b:22:31:14:3f:ad:48:65:f3:1c:96:95:7d:a2:2d:71:
         56:ce:7c:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSJkYDJKbEGVISVSuk3/NGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MjgwYmU5YjM0ZDljNjY5YjgwMjBlNTRkZDZhNDg1ZTMx
N2Q3MmYwHhcNMjUwMTIxMTU1MzIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmU4YzQ2NzYxOWUwZTVhYTFmMjVkMjVkZTUyMDA5NGQ4MzA1YTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6sMH2+XqiAl6I4oRtc3C8AN6dyx
Tbwf7g3hS3QFuF2IDqGhmL2n/RLBVG2Wt5HxURlxNUIWd4QjtZxk3LwstcHDolwm
OZzBE6x5M8LK1fq97kzbiGuq5/i8/hrJFMPVjkXSdUZKrri8qrCYeFRACdUKCNzw
MmBcG7BMooK8rycztnjm5SsSV1UGXqIIJYgrlyhYAkNu27ndWrY3CwR/EUwZpSVX
RG+8nKzmbl4afaTUb2LGorlEuO5AwfxNE1WpfHhGAcLF7yeGu7XKSSaKlnebMR5Q
QvdN0iCmQoPyhDQnI6NyyVUYDQNdrcISOaVE2FIew1M+NhVo4S3CAk2aXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/oxGdhng5aofJdJd5SAJTYMFpOMB8GA1UdIwQY
MBaAFFkoC+mzTZxmm4Ag5U3WpIXjF9cvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1NnTDZiTk5uR2FiZ0NEbFRkYWtoZU1YMXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9lYzU4NDItNjU1OS00OGFmLTgwZTAt
ZTBhMDQ1MDc1OTg0LzEvei1qRVoyR2VEbHFoOGwwbDNsSUFsTmd3V2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9lYzU4NDItNjU1OS00OGFmLTgwZTAtZTBhMDQ1MDc1OTg0
LzEvV1NnTDZiTk5uR2FiZ0NEbFRkYWtoZU1YMXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcgcMA0G
CSqGSIb3DQEBCwUAA4IBAQCCS8D12mBsGQxsyiD7ZK/VNe3PjrKDtNWPPZ67Q4cX
knckzzzaALgSwY/HUbg3KsEbpa4dwdrdVz+x4C4G/PEJBZnOx2Pr0HAsc3gXun1U
npvpRACAp4lUR2WBY9A7ZzeAgCt6RtEOaNjmSw829fpfJ820UKFC8tX8ixFt2lcp
QlbqSl2rPu/r49zhpyfg4QJY60w0d5IfdqKnB7MdgRqBe4OZdVW/NuN3lCYhcJCP
SSJq3QBaRWvQjO3iG8FJhnWThUiB/vCJtRAQYozApGAQWsYnaRGEeU/PDErUVOT1
sqVr7a9VqZZvNalINDsiMRQ/rUhl8xyWlX2iLXFWznxv
-----END CERTIFICATE-----