Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a9f2b9-6e7d-4eea-a474-1f67d945b8b9/1/rpXzzQqo1NF3dX9pFS61JkDNiNY.roa
File:                     rpXzzQqo1NF3dX9pFS61JkDNiNY.roa (raw, json)
Hash identifier:          pLgHmlwb9frHbbUK6rzU2+3pnLWqMCgVCa6x+QGE99Q=
Subject key identifier:   AE:95:F3:CD:0A:A8:D4:D1:77:75:7F:69:15:2E:B5:26:40:CD:88:D6
Certificate issuer:       /CN=6798580bb843519c104420e59c0b5c2403414607
Certificate serial:       018CC5DC1F88D12F9392870F8C2BACC3F1B5
Authority key identifier: 67:98:58:0B:B8:43:51:9C:10:44:20:E5:9C:0B:5C:24:03:41:46:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5hYC7hDUZwQRCDlnAtcJANBRgc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/a9f2b9-6e7d-4eea-a474-1f67d945b8b9/1/rpXzzQqo1NF3dX9pFS61JkDNiNY.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24839
IP address blocks:        193.0.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/a9f2b9-6e7d-4eea-a474-1f67d945b8b9/1/Z5hYC7hDUZwQRCDlnAtcJANBRgc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/a9f2b9-6e7d-4eea-a474-1f67d945b8b9/1/Z5hYC7hDUZwQRCDlnAtcJANBRgc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5hYC7hDUZwQRCDlnAtcJANBRgc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1f:88:d1:2f:93:92:87:0f:8c:2b:ac:c3:f1:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6798580bb843519c104420e59c0b5c2403414607
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae95f3cd0aa8d4d177757f69152eb52640cd88d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:16:a2:47:13:17:37:b5:fd:f2:97:a5:50:69:
                    5c:c7:3b:7e:c0:79:e2:0d:d3:b8:de:36:21:3f:c2:
                    56:e7:24:74:64:5d:3f:87:af:79:90:13:25:46:49:
                    73:2e:3d:54:54:57:87:94:c2:c7:12:5e:07:3e:1b:
                    46:d9:60:40:40:95:cc:2f:02:07:78:99:02:aa:ec:
                    ce:99:46:96:c2:7f:b6:0f:61:e5:5a:d1:0d:05:57:
                    a7:2d:6b:68:f0:0d:a8:51:75:07:b9:1f:a3:ec:8a:
                    f8:13:28:59:d1:50:ca:29:b3:f8:0d:15:4c:fb:08:
                    76:a1:84:23:74:7b:5a:eb:83:6d:a5:15:9a:fb:19:
                    cd:3c:13:07:a8:7e:c1:0d:6a:39:47:a3:f2:94:9c:
                    ca:98:eb:fb:59:39:a3:0a:56:5e:50:58:0b:cb:bb:
                    54:ab:66:39:84:9a:3e:7d:69:9f:d3:b2:27:90:2c:
                    e2:3a:8f:15:d0:fb:1a:e2:dc:52:8f:4f:f1:59:b0:
                    7f:39:db:34:66:36:38:3a:18:03:ea:8e:37:a7:11:
                    d1:39:d2:26:6e:4a:73:56:70:d5:d1:d1:08:84:6b:
                    30:29:65:c1:85:fc:59:09:f6:cb:c9:33:58:a2:ba:
                    ed:6f:e4:8b:49:3f:e8:54:5e:44:f1:92:04:a8:fa:
                    48:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:95:F3:CD:0A:A8:D4:D1:77:75:7F:69:15:2E:B5:26:40:CD:88:D6
            X509v3 Authority Key Identifier:
                keyid:67:98:58:0B:B8:43:51:9C:10:44:20:E5:9C:0B:5C:24:03:41:46:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5hYC7hDUZwQRCDlnAtcJANBRgc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a9f2b9-6e7d-4eea-a474-1f67d945b8b9/1/rpXzzQqo1NF3dX9pFS61JkDNiNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a9f2b9-6e7d-4eea-a474-1f67d945b8b9/1/Z5hYC7hDUZwQRCDlnAtcJANBRgc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d0:6b:a1:f7:9e:48:c3:c4:5c:ad:ca:ff:2c:e9:82:dd:d0:
         a0:07:ab:d5:83:19:6d:ac:28:3c:52:e0:e3:23:0e:13:9c:47:
         c9:f6:e9:d6:9c:a6:f7:3e:97:2b:50:80:2e:19:9b:fc:95:07:
         d5:03:32:29:05:ff:ab:21:14:99:0d:37:d2:11:98:66:7e:ed:
         ba:39:76:82:52:91:33:26:c4:c1:36:df:81:da:f7:ca:05:4e:
         47:77:5d:ab:49:44:60:64:67:54:50:5e:02:38:17:62:1a:95:
         5a:39:20:0a:84:f0:4b:26:30:de:4f:bf:09:bc:46:66:35:82:
         3e:79:f9:d6:01:ff:ab:06:1b:98:6e:1d:ca:e3:29:08:4d:68:
         ac:c0:60:b9:ec:df:8d:99:fd:7c:ab:f8:d7:65:a5:55:1e:cf:
         55:53:ed:69:45:3b:14:75:e0:8c:26:ba:66:a4:e7:36:2d:63:
         ac:fe:04:af:2a:0e:9c:15:10:4f:91:8c:a6:58:6a:c6:98:5a:
         5a:f9:7f:15:b6:f9:2b:72:6c:ac:0a:32:35:da:b5:2d:a6:70:
         fb:33:d3:8a:46:04:01:f7:35:0c:f5:f8:dc:77:d6:a6:1c:a1:
         1e:68:de:eb:72:90:18:26:39:41:60:d2:34:15:18:e2:e8:ae:
         ae:9a:03:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3B+I0S+TkocPjCusw/G1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTg1ODBiYjg0MzUxOWMxMDQ0MjBlNTljMGI1YzI0MDM0
MTQ2MDcwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTk1ZjNjZDBhYThkNGQxNzc3NTdmNjkxNTJlYjUyNjQwY2Q4OGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBaiRxMXN7X98pelUGlcxzt+wHni
DdO43jYhP8JW5yR0ZF0/h695kBMlRklzLj1UVFeHlMLHEl4HPhtG2WBAQJXMLwIH
eJkCquzOmUaWwn+2D2HlWtENBVenLWto8A2oUXUHuR+j7Ir4EyhZ0VDKKbP4DRVM
+wh2oYQjdHta64NtpRWa+xnNPBMHqH7BDWo5R6PylJzKmOv7WTmjClZeUFgLy7tU
q2Y5hJo+fWmf07InkCziOo8V0Psa4txSj0/xWbB/Ods0ZjY4OhgD6o43pxHROdIm
bkpzVnDV0dEIhGswKWXBhfxZCfbLyTNYorrtb+SLST/oVF5E8ZIEqPpIDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6V880KqNTRd3V/aRUutSZAzYjWMB8GA1UdIwQY
MBaAFGeYWAu4Q1GcEEQg5ZwLXCQDQUYHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVoWUM3aERVWndRUkNEbG5BdGNKQU5CUmdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hOWYyYjktNmU3ZC00ZWVhLWE0NzQt
MWY2N2Q5NDViOGI5LzEvcnBYenpRcW8xTkYzZFg5cEZTNjFKa0ROaU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hOWYyYjktNmU3ZC00ZWVhLWE0NzQtMWY2N2Q5NDViOGI5
LzEvWjVoWUM3aERVWndRUkNEbG5BdGNKQU5CUmdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQDhMA0G
CSqGSIb3DQEBCwUAA4IBAQBx0Guh955Iw8Rcrcr/LOmC3dCgB6vVgxltrCg8UuDj
Iw4TnEfJ9unWnKb3PpcrUIAuGZv8lQfVAzIpBf+rIRSZDTfSEZhmfu26OXaCUpEz
JsTBNt+B2vfKBU5Hd12rSURgZGdUUF4COBdiGpVaOSAKhPBLJjDeT78JvEZmNYI+
efnWAf+rBhuYbh3K4ykITWiswGC57N+Nmf18q/jXZaVVHs9VU+1pRTsUdeCMJrpm
pOc2LWOs/gSvKg6cFRBPkYymWGrGmFpa+X8VtvkrcmysCjI12rUtpnD7M9OKRgQB
9zUM9fjcd9amHKEeaN7rcpAYJjlBYNI0FRji6K6umgM6
-----END CERTIFICATE-----