Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/886f03-dc91-4a74-b034-b06228fcf2c1/1/r_EtzemP5qS9owVy3amV1QVxd6M.roa
File:                     r_EtzemP5qS9owVy3amV1QVxd6M.roa (raw, json)
Hash identifier:          4ypXA4zqyl2FqWR9d1DoEhKj1KllDHJdbQvxad1aSJg=
Subject key identifier:   AF:F1:2D:CD:E9:8F:E6:A4:BD:A3:05:72:DD:A9:95:D5:05:71:77:A3
Certificate issuer:       /CN=2526c138afa42a7d65cc7761ac4f1868366fa7e3
Certificate serial:       0194258F34A1A2F28A98419B73DD781D266E
Authority key identifier: 25:26:C1:38:AF:A4:2A:7D:65:CC:77:61:AC:4F:18:68:36:6F:A7:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSbBOK-kKn1lzHdhrE8YaDZvp-M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/886f03-dc91-4a74-b034-b06228fcf2c1/1/r_EtzemP5qS9owVy3amV1QVxd6M.roa
Signing time:             Thu 02 Jan 2025 05:48:49 +0000
ROA not before:           Thu 02 Jan 2025 05:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        193.111.24.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/886f03-dc91-4a74-b034-b06228fcf2c1/1/JSbBOK-kKn1lzHdhrE8YaDZvp-M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/886f03-dc91-4a74-b034-b06228fcf2c1/1/JSbBOK-kKn1lzHdhrE8YaDZvp-M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSbBOK-kKn1lzHdhrE8YaDZvp-M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:34:a1:a2:f2:8a:98:41:9b:73:dd:78:1d:26:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2526c138afa42a7d65cc7761ac4f1868366fa7e3
        Validity
            Not Before: Jan  2 05:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aff12dcde98fe6a4bda30572dda995d5057177a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c2:b3:7e:bf:23:b7:8a:31:08:9c:de:e3:61:
                    26:b7:35:bf:42:f7:80:5f:50:bc:e4:74:08:92:23:
                    c5:89:d1:f5:d2:22:99:52:e7:62:0b:e5:e3:91:db:
                    f7:dd:aa:46:34:dd:f7:e8:49:a4:d1:3f:33:e0:e2:
                    a5:0d:e5:ce:f7:92:41:dd:b6:2c:c4:54:64:a7:62:
                    83:7f:ce:66:ab:6e:f3:22:56:f3:7e:7f:65:77:7c:
                    03:14:f8:14:30:17:eb:f2:58:8b:fe:c7:fc:ab:f6:
                    a3:7f:06:d9:8b:12:3e:51:fc:59:11:3a:de:f5:ad:
                    5c:f3:bd:69:ff:06:d1:bf:96:76:68:65:f7:35:25:
                    87:80:02:86:31:c6:4d:81:5d:b6:9a:17:33:7c:9f:
                    28:2b:b9:40:dd:88:d2:90:de:af:54:35:90:1c:bb:
                    e7:9c:4b:33:40:0a:35:c3:ea:3f:34:46:ce:fb:64:
                    fe:83:b5:b6:a2:bc:a9:d9:a1:7f:27:12:86:3b:5e:
                    ae:21:f2:0a:88:15:78:aa:77:63:c0:b9:d0:44:97:
                    f6:0f:63:dc:11:fa:81:3e:b2:0a:90:64:58:22:f3:
                    6d:22:27:ab:86:ef:fd:ca:9f:a0:d0:a9:85:67:5a:
                    91:17:5d:eb:56:3e:dd:0d:86:61:e0:cf:a9:06:b1:
                    70:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F1:2D:CD:E9:8F:E6:A4:BD:A3:05:72:DD:A9:95:D5:05:71:77:A3
            X509v3 Authority Key Identifier:
                keyid:25:26:C1:38:AF:A4:2A:7D:65:CC:77:61:AC:4F:18:68:36:6F:A7:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSbBOK-kKn1lzHdhrE8YaDZvp-M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/886f03-dc91-4a74-b034-b06228fcf2c1/1/r_EtzemP5qS9owVy3amV1QVxd6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/886f03-dc91-4a74-b034-b06228fcf2c1/1/JSbBOK-kKn1lzHdhrE8YaDZvp-M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:9c:74:a3:b2:80:14:22:e9:68:18:22:93:16:b1:47:b8:ed:
         c0:9c:a3:5a:ca:36:26:ce:f2:89:4a:96:90:01:57:b3:c6:49:
         f8:0a:73:7a:b5:80:1d:fe:b0:ca:14:60:11:b9:23:e0:19:70:
         b2:1b:63:73:a4:48:fa:0a:01:27:f2:76:f0:88:11:e5:93:f2:
         fb:08:50:ab:fe:d2:b5:2b:a9:ff:a5:ed:8e:0a:16:9e:83:cf:
         63:1e:10:18:8e:c4:a2:d9:5a:74:07:66:d9:be:0f:85:64:ad:
         71:fc:23:84:02:53:85:27:4e:05:fe:34:ca:a3:c8:24:7d:a2:
         db:d3:d8:d8:b0:ae:a5:fc:2b:9e:85:24:b8:ce:2c:bd:03:6a:
         20:1a:b6:60:c3:8a:23:d8:36:c8:45:95:e1:66:6d:30:aa:5d:
         ab:37:a9:f4:a1:77:0f:fd:72:67:02:76:ae:a0:6a:86:b3:0b:
         76:58:f5:48:a5:e1:fa:e9:15:11:da:27:f5:7d:32:f3:82:2b:
         5d:57:38:5a:4d:ff:c1:c6:31:d6:16:df:3e:b5:da:af:4b:65:
         bb:03:b1:a6:d7:d6:94:1f:78:ed:8e:aa:69:29:ed:3f:c8:46:
         9f:12:c9:03:c7:15:d7:41:fe:d8:79:87:12:17:4e:19:c5:ff:
         fa:d8:f2:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzShovKKmEGbc914HSZuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MjZjMTM4YWZhNDJhN2Q2NWNjNzc2MWFjNGYxODY4MzY2
ZmE3ZTMwHhcNMjUwMTAyMDU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmYxMmRjZGU5OGZlNmE0YmRhMzA1NzJkZGE5OTVkNTA1NzE3N2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsKzfr8jt4oxCJze42EmtzW/QveA
X1C85HQIkiPFidH10iKZUudiC+Xjkdv33apGNN336Emk0T8z4OKlDeXO95JB3bYs
xFRkp2KDf85mq27zIlbzfn9ld3wDFPgUMBfr8liL/sf8q/ajfwbZixI+UfxZETre
9a1c871p/wbRv5Z2aGX3NSWHgAKGMcZNgV22mhczfJ8oK7lA3YjSkN6vVDWQHLvn
nEszQAo1w+o/NEbO+2T+g7W2oryp2aF/JxKGO16uIfIKiBV4qndjwLnQRJf2D2Pc
EfqBPrIKkGRYIvNtIierhu/9yp+g0KmFZ1qRF13rVj7dDYZh4M+pBrFw/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/xLc3pj+akvaMFct2pldUFcXejMB8GA1UdIwQY
MBaAFCUmwTivpCp9Zcx3YaxPGGg2b6fjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlNiQk9LLWtLbjFsekhkaHJFOFlhRFp2cC1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84ODZmMDMtZGM5MS00YTc0LWIwMzQt
YjA2MjI4ZmNmMmMxLzEvcl9FdHplbVA1cVM5b3dWeTNhbVYxUVZ4ZDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC84ODZmMDMtZGM5MS00YTc0LWIwMzQtYjA2MjI4ZmNmMmMx
LzEvSlNiQk9LLWtLbjFsekhkaHJFOFlhRFp2cC1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwW8YMA0G
CSqGSIb3DQEBCwUAA4IBAQCUnHSjsoAUIuloGCKTFrFHuO3AnKNayjYmzvKJSpaQ
AVezxkn4CnN6tYAd/rDKFGARuSPgGXCyG2NzpEj6CgEn8nbwiBHlk/L7CFCr/tK1
K6n/pe2OChaeg89jHhAYjsSi2Vp0B2bZvg+FZK1x/COEAlOFJ04F/jTKo8gkfaLb
09jYsK6l/CuehSS4ziy9A2ogGrZgw4oj2DbIRZXhZm0wql2rN6n0oXcP/XJnAnau
oGqGswt2WPVIpeH66RUR2if1fTLzgitdVzhaTf/BxjHWFt8+tdqvS2W7A7Gm19aU
H3jtjqppKe0/yEafEskDxxXXQf7YeYcSF04Zxf/62PIY
-----END CERTIFICATE-----