Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/AyxM3qUSp4vgIaJ1AQtSeDaW3v8.roa
File:                     AyxM3qUSp4vgIaJ1AQtSeDaW3v8.roa (raw, json)
Hash identifier:          DID4wPyNJmFDb+hLJYcp8aWza0ytEMMJn7voP8pdhw0=
Subject key identifier:   03:2C:4C:DE:A5:12:A7:8B:E0:21:A2:75:01:0B:52:78:36:96:DE:FF
Certificate issuer:       /CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
Certificate serial:       01942220388344DCD2F19D7481810DEA6B2E
Authority key identifier: 65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/AyxM3qUSp4vgIaJ1AQtSeDaW3v8.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34282
IP address blocks:        193.117.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:38:83:44:dc:d2:f1:9d:74:81:81:0d:ea:6b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=032c4cdea512a78be021a275010b52783696deff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ee:6d:f3:26:30:f5:d4:75:73:2b:3f:93:4e:
                    ff:62:43:9a:2a:fe:97:39:76:c3:48:a3:33:65:68:
                    6d:29:4e:5d:da:57:1c:b2:90:48:41:f8:b6:0e:fa:
                    6c:03:3a:9a:b3:63:01:81:b4:82:09:a4:c4:65:fb:
                    2b:03:71:42:8b:8e:96:56:e2:82:e5:14:4f:4d:21:
                    08:a2:02:b8:ba:12:cb:52:55:84:d5:9f:b0:27:3f:
                    e4:e5:a5:97:69:2d:21:82:c4:22:97:07:88:f8:94:
                    a5:d4:ba:c8:88:51:bf:3b:08:0b:81:93:89:5b:6e:
                    75:b0:71:e4:9b:dc:c4:70:36:60:02:2f:2d:13:d9:
                    92:55:30:5e:c4:d1:e1:a6:53:4e:37:89:fe:d6:bf:
                    cc:3f:01:97:99:ca:4f:6e:66:46:24:65:98:dc:3e:
                    d3:33:ff:d1:55:e8:59:c1:3e:ed:73:f1:a3:fb:81:
                    a4:b3:5e:d0:77:77:c6:2a:79:a7:65:ef:a8:40:10:
                    58:7c:6d:7a:45:f7:dd:b2:9f:1a:d5:6c:16:ad:46:
                    ec:1b:39:cf:6e:03:1b:e0:97:39:34:ef:ff:f4:e4:
                    d6:47:b5:0b:7e:0d:4e:f8:95:20:82:a8:70:4d:c1:
                    95:53:78:82:df:3c:4c:e6:91:7c:4d:06:1e:b5:39:
                    b6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:2C:4C:DE:A5:12:A7:8B:E0:21:A2:75:01:0B:52:78:36:96:DE:FF
            X509v3 Authority Key Identifier:
                keyid:65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/AyxM3qUSp4vgIaJ1AQtSeDaW3v8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.117.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7d:fa:bd:00:01:b3:d4:92:50:7f:88:28:f0:3e:fb:56:99:
         ad:cf:1a:f9:13:b2:e8:19:e9:0d:22:b3:8a:18:f7:92:95:51:
         f6:47:a7:be:0e:dd:6b:1a:fe:a4:94:f9:4b:15:8a:dd:64:4e:
         f1:8b:5d:c3:8c:f5:4f:9a:11:a6:00:ab:cc:66:f2:0c:32:dc:
         ec:76:a1:42:d7:9f:59:c7:51:70:3b:cd:0e:e4:7c:fe:0f:53:
         0b:23:28:d5:5f:79:20:fe:41:4b:da:bd:1b:c6:cb:1a:6e:0d:
         1c:75:5a:2b:c7:6b:00:14:c7:62:07:60:95:a9:ec:21:cd:60:
         15:f3:41:7e:69:19:32:c9:23:8d:de:32:48:d8:04:15:11:6c:
         78:a7:ba:13:3e:62:e8:bd:6e:a9:60:9e:d8:d3:cb:70:16:08:
         1b:c3:34:3e:73:0e:a9:fe:1b:0e:e8:31:82:9c:4a:35:25:a4:
         0c:fc:b5:30:e6:99:36:4b:d1:b6:e9:aa:3b:28:ba:79:15:e8:
         44:5d:20:44:dc:56:94:e4:4f:48:8d:43:3d:35:ac:3a:ce:fe:
         75:c2:88:11:e2:c6:d8:85:be:d2:fb:24:3c:c2:0e:cb:f9:8e:
         9c:1a:94:d3:69:d6:dc:5a:8e:d6:d5:ef:cd:3b:3a:7b:20:11:
         19:2b:90:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDiDRNzS8Z10gYEN6msuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1M2Y1NTYyOTEyMWI2MGZiMTljOTdmOTljNzVkZDZmMDE1
ZGQ2ZTgwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzJjNGNkZWE1MTJhNzhiZTAyMWEyNzUwMTBiNTI3ODM2OTZkZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO5t8yYw9dR1cys/k07/YkOaKv6X
OXbDSKMzZWhtKU5d2lccspBIQfi2DvpsAzqas2MBgbSCCaTEZfsrA3FCi46WVuKC
5RRPTSEIogK4uhLLUlWE1Z+wJz/k5aWXaS0hgsQilweI+JSl1LrIiFG/OwgLgZOJ
W251sHHkm9zEcDZgAi8tE9mSVTBexNHhplNON4n+1r/MPwGXmcpPbmZGJGWY3D7T
M//RVehZwT7tc/Gj+4Gks17Qd3fGKnmnZe+oQBBYfG16Rffdsp8a1WwWrUbsGznP
bgMb4Jc5NO//9OTWR7ULfg1O+JUggqhwTcGVU3iC3zxM5pF8TQYetTm2QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAMsTN6lEqeL4CGidQELUng2lt7/MB8GA1UdIwQY
MBaAFGU/VWKRIbYPsZyX+Zx13W8BXdboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQt
MjkyNmQyODFiNTE0LzEvQXl4TTNxVVNwNHZnSWFKMUFRdFNlRGFXM3Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQtMjkyNmQyODFiNTE0
LzEvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXU5MA0G
CSqGSIb3DQEBCwUAA4IBAQBrffq9AAGz1JJQf4go8D77Vpmtzxr5E7LoGekNIrOK
GPeSlVH2R6e+Dt1rGv6klPlLFYrdZE7xi13DjPVPmhGmAKvMZvIMMtzsdqFC159Z
x1FwO80O5Hz+D1MLIyjVX3kg/kFL2r0bxssabg0cdVorx2sAFMdiB2CVqewhzWAV
80F+aRkyySON3jJI2AQVEWx4p7oTPmLovW6pYJ7Y08twFggbwzQ+cw6p/hsO6DGC
nEo1JaQM/LUw5pk2S9G26ao7KLp5FehEXSBE3FaU5E9IjUM9Naw6zv51wogR4sbY
hb7S+yQ8wg7L+Y6cGpTTadbcWo7W1e/NOzp7IBEZK5Bh
-----END CERTIFICATE-----