Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/08cbr85HkKL256WKPSBbjEBkUog.roa
File:                     08cbr85HkKL256WKPSBbjEBkUog.roa (raw, json)
Hash identifier:          5K7bdmLXsunQxf6ydRqaBdSla8m7yjvCwX6GQr2FyeQ=
Subject key identifier:   D3:C7:1B:AF:CE:47:90:A2:F6:E7:A5:8A:3D:20:5B:8C:40:64:52:88
Certificate issuer:       /CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
Certificate serial:       0194222038A56B5ED50ABD068B943B3976CA
Authority key identifier: 65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/08cbr85HkKL256WKPSBbjEBkUog.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35575
IP address blocks:        193.117.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 16:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:38:a5:6b:5e:d5:0a:bd:06:8b:94:3b:39:76:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3c71bafce4790a2f6e7a58a3d205b8c40645288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b2:83:d5:85:5c:ba:46:3f:a0:48:10:78:94:
                    d1:36:7e:5a:b2:1b:3b:cf:d4:50:e0:93:ea:9e:ce:
                    b9:27:35:78:0f:c5:37:f2:66:da:9f:96:34:34:4f:
                    d9:56:fc:38:10:1c:3e:ac:c5:11:65:c4:71:ec:9f:
                    b1:00:ed:34:04:d3:20:9b:e8:36:2c:5b:5e:4f:27:
                    02:fc:d5:32:86:ec:02:05:6a:8b:90:e9:67:74:78:
                    90:06:61:33:bd:3f:58:34:ae:ce:8a:de:76:e7:9a:
                    60:8e:6d:57:6e:27:31:82:00:ed:46:7e:d7:46:57:
                    23:6a:ea:78:96:f4:75:2f:36:6b:a1:97:dc:7a:57:
                    42:3b:71:2f:5c:ed:7c:86:70:10:d4:a2:8c:ca:9a:
                    3a:1b:9a:62:ec:4c:86:e9:bd:0a:9c:a9:3e:90:1d:
                    cd:0a:b3:9f:4f:6f:a7:0c:24:2c:e0:6a:0b:41:a1:
                    d0:c6:58:25:86:5a:7d:75:2e:8d:9f:b8:dc:95:00:
                    d5:8d:c3:bd:6e:f0:65:c0:f2:3c:2e:a4:e1:d8:1c:
                    20:6e:0e:2e:27:a3:64:92:85:2c:b2:68:6e:43:d3:
                    f3:02:e1:12:b2:9b:d2:0f:51:6b:f5:9a:12:7a:76:
                    c4:35:01:ee:08:71:bd:37:3b:63:37:58:3e:34:a2:
                    bf:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C7:1B:AF:CE:47:90:A2:F6:E7:A5:8A:3D:20:5B:8C:40:64:52:88
            X509v3 Authority Key Identifier:
                keyid:65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/08cbr85HkKL256WKPSBbjEBkUog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.117.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:e6:11:09:5d:c7:04:46:5f:32:ee:93:ac:b5:31:61:6c:da:
         5b:23:cf:64:1b:df:29:21:af:16:73:2b:58:a8:74:69:d3:0a:
         99:ca:c8:d0:1d:93:69:47:80:fd:5a:e9:43:ca:c9:bb:98:e7:
         f8:0d:ed:e3:9f:c7:ac:83:b1:9f:d6:1b:4c:15:f5:2c:c3:ba:
         06:4a:23:17:31:93:8a:19:25:6d:0c:47:fa:03:15:ef:67:2c:
         ad:12:8a:32:15:27:30:a3:74:7d:1b:45:4c:c4:aa:d2:b5:af:
         7c:a5:4b:5a:06:51:58:6b:e6:ad:80:13:c9:b7:b3:47:b1:85:
         a3:c9:4e:5b:92:70:67:16:f3:c5:ca:ce:e5:df:05:3f:80:fe:
         04:31:df:16:1c:0b:26:80:29:ef:84:12:36:51:76:cb:1a:b5:
         54:be:9c:45:8a:3b:fd:03:d0:8b:50:61:7c:a2:43:9b:93:4b:
         4a:56:c3:81:3c:9b:8b:e8:21:66:98:e8:30:f1:cb:17:1f:b7:
         b4:1f:e8:06:29:4d:93:49:fe:61:3e:54:49:b5:e1:ae:df:66:
         56:39:bc:58:48:84:23:50:ce:a2:af:cb:2a:16:22:a7:e0:f7:
         89:93:ab:21:27:68:1a:cb:7d:65:19:0e:bb:4c:08:cc:59:74:
         d9:d7:66:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDila17VCr0Gi5Q7OXbKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1M2Y1NTYyOTEyMWI2MGZiMTljOTdmOTljNzVkZDZmMDE1
ZGQ2ZTgwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2M3MWJhZmNlNDc5MGEyZjZlN2E1OGEzZDIwNWI4YzQwNjQ1Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrKD1YVcukY/oEgQeJTRNn5ashs7
z9RQ4JPqns65JzV4D8U38mban5Y0NE/ZVvw4EBw+rMURZcRx7J+xAO00BNMgm+g2
LFteTycC/NUyhuwCBWqLkOlndHiQBmEzvT9YNK7Oit5255pgjm1XbicxggDtRn7X
Rlcjaup4lvR1LzZroZfceldCO3EvXO18hnAQ1KKMypo6G5pi7EyG6b0KnKk+kB3N
CrOfT2+nDCQs4GoLQaHQxlglhlp9dS6Nn7jclQDVjcO9bvBlwPI8LqTh2Bwgbg4u
J6NkkoUssmhuQ9PzAuESspvSD1Fr9ZoSenbENQHuCHG9NztjN1g+NKK/0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPHG6/OR5Ci9uelij0gW4xAZFKIMB8GA1UdIwQY
MBaAFGU/VWKRIbYPsZyX+Zx13W8BXdboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQt
MjkyNmQyODFiNTE0LzEvMDhjYnI4NUhrS0wyNTZXS1BTQmJqRUJrVW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQtMjkyNmQyODFiNTE0
LzEvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXU4MA0G
CSqGSIb3DQEBCwUAA4IBAQBA5hEJXccERl8y7pOstTFhbNpbI89kG98pIa8WcytY
qHRp0wqZysjQHZNpR4D9WulDysm7mOf4De3jn8esg7Gf1htMFfUsw7oGSiMXMZOK
GSVtDEf6AxXvZyytEooyFScwo3R9G0VMxKrSta98pUtaBlFYa+atgBPJt7NHsYWj
yU5bknBnFvPFys7l3wU/gP4EMd8WHAsmgCnvhBI2UXbLGrVUvpxFijv9A9CLUGF8
okObk0tKVsOBPJuL6CFmmOgw8csXH7e0H+gGKU2TSf5hPlRJteGu32ZWObxYSIQj
UM6ir8sqFiKn4PeJk6shJ2gay31lGQ67TAjMWXTZ12ai
-----END CERTIFICATE-----