Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5b78f4-771d-4756-a389-b42fa00f57de/1/D2QGXtZvmL4KeLGdXQs__twf4cc.roa
File:                     D2QGXtZvmL4KeLGdXQs__twf4cc.roa (raw, json)
Hash identifier:          yx8HKD3i4ZtDorjPhtWxamWyQ9PcoYYTYwiIZAy3Cf4=
Subject key identifier:   0F:64:06:5E:D6:6F:98:BE:0A:78:B1:9D:5D:0B:3F:FE:DC:1F:E1:C7
Certificate issuer:       /CN=19d199c3d20f434d8c0a0a2ef5e52346665ca864
Certificate serial:       01942823BC7A312D6A5023D18CC197BF4843
Authority key identifier: 19:D1:99:C3:D2:0F:43:4D:8C:0A:0A:2E:F5:E5:23:46:66:5C:A8:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GdGZw9IPQ02MCgou9eUjRmZcqGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5b78f4-771d-4756-a389-b42fa00f57de/1/D2QGXtZvmL4KeLGdXQs__twf4cc.roa
Signing time:             Thu 02 Jan 2025 17:50:18 +0000
ROA not before:           Thu 02 Jan 2025 17:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63268
IP address blocks:        193.201.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5b78f4-771d-4756-a389-b42fa00f57de/1/GdGZw9IPQ02MCgou9eUjRmZcqGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5b78f4-771d-4756-a389-b42fa00f57de/1/GdGZw9IPQ02MCgou9eUjRmZcqGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GdGZw9IPQ02MCgou9eUjRmZcqGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:bc:7a:31:2d:6a:50:23:d1:8c:c1:97:bf:48:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19d199c3d20f434d8c0a0a2ef5e52346665ca864
        Validity
            Not Before: Jan  2 17:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f64065ed66f98be0a78b19d5d0b3ffedc1fe1c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:56:39:49:3b:28:05:58:73:42:70:70:fd:8e:
                    91:fa:fe:87:d7:14:81:13:aa:20:d0:ea:01:f6:c3:
                    ae:cd:d5:71:f2:09:71:48:4d:aa:10:02:06:6e:5a:
                    1b:8c:43:cf:6f:2a:ad:a4:05:90:51:98:41:06:9a:
                    37:e2:13:27:a6:ea:10:27:0c:3a:37:24:06:24:a7:
                    b3:e3:c7:5c:cc:62:3e:37:2f:40:e7:fe:26:b5:61:
                    d4:74:25:f4:81:52:83:8c:83:69:2b:8a:01:86:b3:
                    5a:2a:5b:2b:c9:56:6c:ec:64:24:a9:95:29:09:c7:
                    41:32:28:74:95:8a:93:c5:d2:05:b0:76:1e:8a:36:
                    65:8b:bf:fe:f5:d2:ab:7a:01:7b:84:86:96:5f:ba:
                    f3:58:1e:e8:b8:e4:18:db:f9:30:fa:58:9b:f6:25:
                    7a:d0:05:e9:b1:c0:48:0b:52:38:74:3e:b1:bd:bd:
                    79:2e:d6:75:0f:23:77:5f:51:88:75:22:41:37:aa:
                    db:40:2b:fe:e4:ca:c0:03:ff:1a:af:da:d4:f5:5c:
                    5d:56:d6:53:42:f6:69:2e:f5:fd:80:ee:c5:59:d4:
                    cc:7b:ff:32:78:dc:6e:54:6a:70:e2:21:57:7f:71:
                    6f:12:c0:31:2c:f0:79:e8:43:22:e2:19:f0:7b:9a:
                    ba:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:64:06:5E:D6:6F:98:BE:0A:78:B1:9D:5D:0B:3F:FE:DC:1F:E1:C7
            X509v3 Authority Key Identifier:
                keyid:19:D1:99:C3:D2:0F:43:4D:8C:0A:0A:2E:F5:E5:23:46:66:5C:A8:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GdGZw9IPQ02MCgou9eUjRmZcqGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5b78f4-771d-4756-a389-b42fa00f57de/1/D2QGXtZvmL4KeLGdXQs__twf4cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5b78f4-771d-4756-a389-b42fa00f57de/1/GdGZw9IPQ02MCgou9eUjRmZcqGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:59:b0:5a:df:7c:d5:63:71:df:b8:ea:7f:7d:b4:21:e8:2c:
         b0:fc:6b:49:ff:69:55:8b:6a:b4:bf:10:c7:49:aa:4c:5c:9d:
         83:dc:7c:f3:0b:f8:da:88:d4:d5:f5:b0:0e:f0:40:61:5e:86:
         a8:79:b6:3a:26:6c:7b:51:87:49:24:35:ef:4e:74:4b:91:bf:
         13:76:b9:c0:8d:2b:09:0b:d4:be:57:89:2e:c2:85:9a:f9:48:
         1d:98:0c:41:77:4e:b9:bb:48:93:8b:af:23:c4:42:68:f2:23:
         4a:20:fd:53:30:f3:8b:c3:c0:de:c9:9b:0d:58:74:52:04:9f:
         05:db:22:53:ab:b8:dc:34:f0:55:4c:b5:b5:20:12:bc:43:a7:
         64:97:b3:a2:ac:1b:a4:e2:b8:0c:a7:c7:ff:ab:da:73:f9:0e:
         19:a2:0d:53:fb:5f:77:06:0b:a2:e1:6d:2c:ec:c0:c1:7c:e8:
         fe:6d:dd:1b:15:d3:cb:85:c1:ed:94:61:61:f6:da:b6:40:3d:
         75:4c:0c:6f:f9:50:c1:78:d1:71:d4:40:44:17:22:f4:b4:38:
         d7:7c:ab:f7:4a:ca:a5:fe:50:c4:4b:aa:25:4b:c2:af:ed:c4:
         f0:ef:5f:ed:0f:c6:cc:85:1b:2f:18:0b:ee:4a:f8:0d:0d:9c:
         9c:91:4c:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI7x6MS1qUCPRjMGXv0hDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZDE5OWMzZDIwZjQzNGQ4YzBhMGEyZWY1ZTUyMzQ2NjY1
Y2E4NjQwHhcNMjUwMTAyMTc1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjY0MDY1ZWQ2NmY5OGJlMGE3OGIxOWQ1ZDBiM2ZmZWRjMWZlMWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVY5STsoBVhzQnBw/Y6R+v6H1xSB
E6og0OoB9sOuzdVx8glxSE2qEAIGblobjEPPbyqtpAWQUZhBBpo34hMnpuoQJww6
NyQGJKez48dczGI+Ny9A5/4mtWHUdCX0gVKDjINpK4oBhrNaKlsryVZs7GQkqZUp
CcdBMih0lYqTxdIFsHYeijZli7/+9dKregF7hIaWX7rzWB7ouOQY2/kw+lib9iV6
0AXpscBIC1I4dD6xvb15LtZ1DyN3X1GIdSJBN6rbQCv+5MrAA/8ar9rU9VxdVtZT
QvZpLvX9gO7FWdTMe/8yeNxuVGpw4iFXf3FvEsAxLPB56EMi4hnwe5q6YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9kBl7Wb5i+CnixnV0LP/7cH+HHMB8GA1UdIwQY
MBaAFBnRmcPSD0NNjAoKLvXlI0ZmXKhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2RHWnc5SVBRMDJNQ2dvdTllVWpSbVpjcUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81Yjc4ZjQtNzcxZC00NzU2LWEzODkt
YjQyZmEwMGY1N2RlLzEvRDJRR1h0WnZtTDRLZUxHZFhRc19fdHdmNGNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81Yjc4ZjQtNzcxZC00NzU2LWEzODktYjQyZmEwMGY1N2Rl
LzEvR2RHWnc5SVBRMDJNQ2dvdTllVWpSbVpjcUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwck4MA0G
CSqGSIb3DQEBCwUAA4IBAQAuWbBa33zVY3HfuOp/fbQh6Cyw/GtJ/2lVi2q0vxDH
SapMXJ2D3HzzC/jaiNTV9bAO8EBhXoaoebY6Jmx7UYdJJDXvTnRLkb8TdrnAjSsJ
C9S+V4kuwoWa+UgdmAxBd065u0iTi68jxEJo8iNKIP1TMPOLw8DeyZsNWHRSBJ8F
2yJTq7jcNPBVTLW1IBK8Q6dkl7OirBuk4rgMp8f/q9pz+Q4Zog1T+193Bgui4W0s
7MDBfOj+bd0bFdPLhcHtlGFh9tq2QD11TAxv+VDBeNFx1EBEFyL0tDjXfKv3Ssql
/lDES6olS8Kv7cTw71/tD8bMhRsvGAvuSvgNDZyckUzN
-----END CERTIFICATE-----