Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/pWUlKkjJcf8YPkywjzsONZYLRjc.roa
File:                     pWUlKkjJcf8YPkywjzsONZYLRjc.roa (raw, json)
Hash identifier:          nrxgyQSKsDcAk5iABnfxRBKcenXuVlksuYszZKdmLYQ=
Subject key identifier:   A5:65:25:2A:48:C9:71:FF:18:3E:4C:B0:8F:3B:0E:35:96:0B:46:37
Certificate issuer:       /CN=57494670e956e3fb1511948c5956e2a426793388
Certificate serial:       0192FBA0A1F0B795203EE86E2DD97996917C
Authority key identifier: 57:49:46:70:E9:56:E3:FB:15:11:94:8C:59:56:E2:A4:26:79:33:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V0lGcOlW4_sVEZSMWVbipCZ5M4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/pWUlKkjJcf8YPkywjzsONZYLRjc.roa
Signing time:             Tue 05 Nov 2024 09:21:01 +0000
ROA not before:           Tue 05 Nov 2024 09:21:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209336
IP address blocks:        193.42.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/V0lGcOlW4_sVEZSMWVbipCZ5M4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/V0lGcOlW4_sVEZSMWVbipCZ5M4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V0lGcOlW4_sVEZSMWVbipCZ5M4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fb:a0:a1:f0:b7:95:20:3e:e8:6e:2d:d9:79:96:91:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57494670e956e3fb1511948c5956e2a426793388
        Validity
            Not Before: Nov  5 09:21:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a565252a48c971ff183e4cb08f3b0e35960b4637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4b:ca:58:b1:41:b0:85:3d:5a:0b:2d:cb:f3:
                    6c:2b:72:3c:73:b7:49:ff:f8:5a:fc:b3:17:02:04:
                    51:88:b7:0b:18:a5:60:82:59:35:53:04:0b:e6:08:
                    4b:78:05:7b:4a:3e:8d:33:b2:4c:8c:40:1f:04:b4:
                    70:ce:72:ff:2d:9e:bc:38:1d:55:c2:24:da:e2:2d:
                    e7:5d:c1:e5:68:c2:37:72:f8:67:e9:b1:4b:3b:a5:
                    f6:bb:9d:ef:08:d0:5e:d2:9b:f3:97:36:45:22:aa:
                    27:35:48:be:3b:5a:04:68:97:67:b8:42:57:f4:8e:
                    85:0a:50:92:fc:31:3a:a1:33:33:19:c5:32:2d:48:
                    67:35:a9:a4:62:10:aa:01:5e:8d:ea:af:d1:8d:73:
                    f8:a3:84:9f:5a:49:4a:c2:b5:8e:da:43:24:85:fe:
                    27:f5:1a:56:97:14:18:6a:8c:6f:25:cd:52:24:05:
                    3a:02:07:91:ef:ce:3e:97:8d:66:32:13:1f:3e:72:
                    0c:af:71:59:35:f2:bc:df:f3:54:80:f8:89:1a:41:
                    67:87:3a:4c:db:42:33:11:3e:f0:7a:e1:aa:55:5b:
                    dc:46:7b:c6:1c:45:71:a5:94:00:1b:d4:5d:54:24:
                    24:ff:d3:23:57:2d:8b:1f:cd:f2:91:5f:80:9a:eb:
                    7c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:65:25:2A:48:C9:71:FF:18:3E:4C:B0:8F:3B:0E:35:96:0B:46:37
            X509v3 Authority Key Identifier:
                keyid:57:49:46:70:E9:56:E3:FB:15:11:94:8C:59:56:E2:A4:26:79:33:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V0lGcOlW4_sVEZSMWVbipCZ5M4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/pWUlKkjJcf8YPkywjzsONZYLRjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/49881e-b0a9-4d5f-b072-a53772b01cb2/1/V0lGcOlW4_sVEZSMWVbipCZ5M4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d8:28:90:b5:99:ae:50:58:ed:00:b3:fe:7c:4e:83:a1:1d:7b:
         a2:ff:4c:ce:64:45:8b:e9:32:3c:cb:73:cc:c3:ea:78:64:dd:
         7b:c5:9d:1b:c1:10:00:aa:d0:21:b6:90:e6:ba:68:1b:5d:9e:
         d1:db:13:37:0d:aa:eb:c8:36:bd:a5:45:c5:ac:7a:1b:71:88:
         1a:84:7c:d9:61:8a:73:20:51:ff:46:60:dc:8b:d7:a6:19:55:
         43:35:45:11:4f:9d:bb:be:55:1b:49:c3:28:19:c4:25:ab:48:
         47:4d:86:98:00:30:81:02:56:43:fe:f4:1c:f0:aa:1e:ce:c9:
         03:b0:4f:5b:19:c6:99:2e:81:42:39:0a:85:bb:1b:ee:ba:56:
         e8:a5:17:23:ab:3c:a4:fe:cb:60:1e:14:df:af:b4:08:cd:be:
         60:54:cc:9d:d5:90:e9:61:96:5b:82:40:c2:3c:93:ea:84:f1:
         75:dd:95:8c:7d:9c:c6:24:6d:f6:79:b2:9a:3c:5e:8f:cd:bf:
         27:23:b2:14:b6:e6:1b:cd:4f:6e:3b:c7:b3:cf:9f:53:94:da:
         87:ed:b1:34:ea:03:c6:2e:7d:25:b3:87:1f:05:4e:77:f2:90:
         0d:77:fb:65:8d:ac:56:11:68:f3:7b:6a:8c:75:94:a1:8d:27:
         4b:9d:9c:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL7oKHwt5UgPuhuLdl5lpF8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NDk0NjcwZTk1NmUzZmIxNTExOTQ4YzU5NTZlMmE0MjY3
OTMzODgwHhcNMjQxMTA1MDkyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTY1MjUyYTQ4Yzk3MWZmMTgzZTRjYjA4ZjNiMGUzNTk2MGI0NjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkvKWLFBsIU9Wgsty/NsK3I8c7dJ
//ha/LMXAgRRiLcLGKVgglk1UwQL5ghLeAV7Sj6NM7JMjEAfBLRwznL/LZ68OB1V
wiTa4i3nXcHlaMI3cvhn6bFLO6X2u53vCNBe0pvzlzZFIqonNUi+O1oEaJdnuEJX
9I6FClCS/DE6oTMzGcUyLUhnNamkYhCqAV6N6q/RjXP4o4SfWklKwrWO2kMkhf4n
9RpWlxQYaoxvJc1SJAU6AgeR784+l41mMhMfPnIMr3FZNfK83/NUgPiJGkFnhzpM
20IzET7weuGqVVvcRnvGHEVxpZQAG9RdVCQk/9MjVy2LH83ykV+Amut8FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVlJSpIyXH/GD5MsI87DjWWC0Y3MB8GA1UdIwQY
MBaAFFdJRnDpVuP7FRGUjFlW4qQmeTOIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjBsR2NPbFc0X3NWRVpTTVdWYmlwQ1o1TTRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80OTg4MWUtYjBhOS00ZDVmLWIwNzIt
YTUzNzcyYjAxY2IyLzEvcFdVbEtrakpjZjhZUGt5d2p6c09OWllMUmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80OTg4MWUtYjBhOS00ZDVmLWIwNzItYTUzNzcyYjAxY2Iy
LzEvVjBsR2NPbFc0X3NWRVpTTVdWYmlwQ1o1TTRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSosMA0G
CSqGSIb3DQEBCwUAA4IBAQDYKJC1ma5QWO0As/58ToOhHXui/0zOZEWL6TI8y3PM
w+p4ZN17xZ0bwRAAqtAhtpDmumgbXZ7R2xM3DarryDa9pUXFrHobcYgahHzZYYpz
IFH/RmDci9emGVVDNUURT527vlUbScMoGcQlq0hHTYaYADCBAlZD/vQc8KoezskD
sE9bGcaZLoFCOQqFuxvuulbopRcjqzyk/stgHhTfr7QIzb5gVMyd1ZDpYZZbgkDC
PJPqhPF13ZWMfZzGJG32ebKaPF6Pzb8nI7IUtuYbzU9uO8ezz59TlNqH7bE06gPG
Ln0ls4cfBU538pANd/tljaxWEWjze2qMdZShjSdLnZyc
-----END CERTIFICATE-----