Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/db4d38-a514-427e-8d76-cc64d13a612c/1/X1JkS3uwHtAkqyPH5ViWJPHV9Uc.roa
File:                     X1JkS3uwHtAkqyPH5ViWJPHV9Uc.roa (raw, json)
Hash identifier:          txiqMZuBc/HjQ/EutSSi10aRPrL/flvGPy+EKHQ4msY=
Subject key identifier:   5F:52:64:4B:7B:B0:1E:D0:24:AB:23:C7:E5:58:96:24:F1:D5:F5:47
Certificate issuer:       /CN=ee8b27904d11bcf536774d541542082cfafe8eaa
Certificate serial:       0194266BE31308C92EADD50DBBA612FBFC8A
Authority key identifier: EE:8B:27:90:4D:11:BC:F5:36:77:4D:54:15:42:08:2C:FA:FE:8E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7osnkE0RvPU2d01UFUIILPr-jqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/db4d38-a514-427e-8d76-cc64d13a612c/1/X1JkS3uwHtAkqyPH5ViWJPHV9Uc.roa
Signing time:             Thu 02 Jan 2025 09:49:52 +0000
ROA not before:           Thu 02 Jan 2025 09:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16085
IP address blocks:        193.109.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/db4d38-a514-427e-8d76-cc64d13a612c/1/7osnkE0RvPU2d01UFUIILPr-jqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/db4d38-a514-427e-8d76-cc64d13a612c/1/7osnkE0RvPU2d01UFUIILPr-jqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7osnkE0RvPU2d01UFUIILPr-jqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e3:13:08:c9:2e:ad:d5:0d:bb:a6:12:fb:fc:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee8b27904d11bcf536774d541542082cfafe8eaa
        Validity
            Not Before: Jan  2 09:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f52644b7bb01ed024ab23c7e5589624f1d5f547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d1:7a:da:3f:61:88:07:72:41:10:4c:66:d7:
                    97:36:82:74:9b:44:aa:7f:23:67:32:56:47:c8:35:
                    6c:2b:f8:a6:73:45:5c:b1:7b:b4:cf:4c:0c:14:32:
                    91:48:e9:fd:e9:f5:15:49:ce:53:41:5a:98:ab:36:
                    40:e8:50:de:7d:c9:b6:dd:3f:5e:f3:86:f7:14:54:
                    3d:31:67:0e:23:19:fd:ac:33:65:11:f0:f0:28:7e:
                    89:34:22:ef:e5:fc:47:8b:0d:52:5e:91:2a:26:3b:
                    c2:39:cb:5a:54:c4:c6:5f:84:3c:78:3e:15:1b:04:
                    82:28:b2:22:ea:bb:a4:5e:fe:f4:d3:8a:4b:4e:54:
                    3f:98:72:3c:dd:9b:8d:c2:01:5d:97:ae:4f:7f:0e:
                    42:23:80:d5:d7:21:93:d0:16:5a:c9:79:90:d9:13:
                    c1:5b:ea:93:5d:66:37:2c:c7:71:95:26:55:ca:57:
                    27:15:cb:30:f0:53:c8:61:e3:27:10:22:b7:2f:70:
                    d1:98:b1:1a:33:69:6c:0b:3b:50:60:0a:dc:0f:7c:
                    18:63:9a:b0:0d:a6:08:2f:07:99:53:9d:1b:e7:8a:
                    c6:cc:a1:4e:af:f1:7a:bb:0b:f6:c5:8e:ca:af:ca:
                    ba:00:71:66:e8:08:c1:f8:37:67:38:dc:65:52:b8:
                    22:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:52:64:4B:7B:B0:1E:D0:24:AB:23:C7:E5:58:96:24:F1:D5:F5:47
            X509v3 Authority Key Identifier:
                keyid:EE:8B:27:90:4D:11:BC:F5:36:77:4D:54:15:42:08:2C:FA:FE:8E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7osnkE0RvPU2d01UFUIILPr-jqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/db4d38-a514-427e-8d76-cc64d13a612c/1/X1JkS3uwHtAkqyPH5ViWJPHV9Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/db4d38-a514-427e-8d76-cc64d13a612c/1/7osnkE0RvPU2d01UFUIILPr-jqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:fb:14:4e:ea:e0:dc:83:32:d8:16:46:3f:55:8c:6f:ac:9e:
         15:a4:f7:a7:16:d7:ee:b6:ed:0f:a0:42:6d:a6:c1:42:e3:36:
         27:67:15:a8:96:bc:18:09:52:35:a5:2d:27:ee:4d:9a:96:28:
         88:15:af:f3:2e:8c:5c:6f:7e:4e:35:7a:0c:e8:41:9c:b2:c2:
         2c:1d:ca:c9:6d:90:2a:9d:14:df:8e:73:3b:ac:77:8f:4a:e2:
         1d:8f:e1:08:f1:6b:2a:cb:62:3d:8a:7e:eb:ad:82:4d:28:32:
         b1:fd:9b:8e:bf:af:bd:e8:64:7a:7e:3c:fd:ec:60:28:0a:90:
         f1:de:b5:44:35:d5:f2:ec:c2:05:be:6e:a0:eb:45:2c:60:84:
         b3:f0:ee:c5:21:87:8f:11:55:e2:b2:28:dc:98:19:de:e9:d2:
         95:38:ba:96:6d:39:03:3d:44:6d:ca:73:3c:f0:49:8a:13:d7:
         4d:29:10:bf:47:75:42:60:60:83:38:15:49:c1:ab:45:b7:7a:
         12:53:f9:1a:d2:c0:a6:ba:06:b8:20:75:10:01:f0:2a:0b:3b:
         21:64:8c:74:89:17:85:55:19:61:1c:9e:8f:71:c0:49:64:40:
         d7:43:b5:8e:53:65:26:e5:2b:f3:49:a5:a5:c7:ca:37:38:b4:
         3f:b3:44:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+MTCMkurdUNu6YS+/yKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOGIyNzkwNGQxMWJjZjUzNjc3NGQ1NDE1NDIwODJjZmFm
ZThlYWEwHhcNMjUwMTAyMDk0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjUyNjQ0YjdiYjAxZWQwMjRhYjIzYzdlNTU4OTYyNGYxZDVmNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39F62j9hiAdyQRBMZteXNoJ0m0Sq
fyNnMlZHyDVsK/imc0VcsXu0z0wMFDKRSOn96fUVSc5TQVqYqzZA6FDefcm23T9e
84b3FFQ9MWcOIxn9rDNlEfDwKH6JNCLv5fxHiw1SXpEqJjvCOctaVMTGX4Q8eD4V
GwSCKLIi6rukXv7004pLTlQ/mHI83ZuNwgFdl65Pfw5CI4DV1yGT0BZayXmQ2RPB
W+qTXWY3LMdxlSZVylcnFcsw8FPIYeMnECK3L3DRmLEaM2lsCztQYArcD3wYY5qw
DaYILweZU50b54rGzKFOr/F6uwv2xY7Kr8q6AHFm6AjB+DdnONxlUrgitwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9SZEt7sB7QJKsjx+VYliTx1fVHMB8GA1UdIwQY
MBaAFO6LJ5BNEbz1NndNVBVCCCz6/o6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN29zbmtFMFJ2UFUyZDAxVUZVSUlMUHItanFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9kYjRkMzgtYTUxNC00MjdlLThkNzYt
Y2M2NGQxM2E2MTJjLzEvWDFKa1MzdXdIdEFrcXlQSDVWaVdKUEhWOVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9kYjRkMzgtYTUxNC00MjdlLThkNzYtY2M2NGQxM2E2MTJj
LzEvN29zbmtFMFJ2UFUyZDAxVUZVSUlMUHItanFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW3lMA0G
CSqGSIb3DQEBCwUAA4IBAQA++xRO6uDcgzLYFkY/VYxvrJ4VpPenFtfutu0PoEJt
psFC4zYnZxWolrwYCVI1pS0n7k2aliiIFa/zLoxcb35ONXoM6EGcssIsHcrJbZAq
nRTfjnM7rHePSuIdj+EI8Wsqy2I9in7rrYJNKDKx/ZuOv6+96GR6fjz97GAoCpDx
3rVENdXy7MIFvm6g60UsYISz8O7FIYePEVXisijcmBne6dKVOLqWbTkDPURtynM8
8EmKE9dNKRC/R3VCYGCDOBVJwatFt3oSU/ka0sCmuga4IHUQAfAqCzshZIx0iReF
VRlhHJ6PccBJZEDXQ7WOU2Um5SvzSaWlx8o3OLQ/s0R4
-----END CERTIFICATE-----