Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/S0sJgeFKsSQM_Y24-bMbEEazWOE.roa
File:                     S0sJgeFKsSQM_Y24-bMbEEazWOE.roa (raw, json)
Hash identifier:          y7ujKOOyPaVjZL4Z2dl77e4qeqFzdcjNTXADyZzs44w=
Subject key identifier:   4B:4B:09:81:E1:4A:B1:24:0C:FD:8D:B8:F9:B3:1B:10:46:B3:58:E1
Certificate issuer:       /CN=abc45b658b1ec0fdeb459e6ff2577db8ca6a9330
Certificate serial:       019420D5BC945932ED1ED0BFE97BC6010DF8
Authority key identifier: AB:C4:5B:65:8B:1E:C0:FD:EB:45:9E:6F:F2:57:7D:B8:CA:6A:93:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8RbZYsewP3rRZ5v8ld9uMpqkzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/S0sJgeFKsSQM_Y24-bMbEEazWOE.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12303
IP address blocks:        193.41.47.0/24 maxlen: 24
                          2a0f:7ec0:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/q8RbZYsewP3rRZ5v8ld9uMpqkzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/q8RbZYsewP3rRZ5v8ld9uMpqkzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8RbZYsewP3rRZ5v8ld9uMpqkzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:bc:94:59:32:ed:1e:d0:bf:e9:7b:c6:01:0d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc45b658b1ec0fdeb459e6ff2577db8ca6a9330
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b4b0981e14ab1240cfd8db8f9b31b1046b358e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4c:fd:a2:24:e5:c2:4d:12:04:d2:3c:7a:74:
                    3c:3f:c4:88:eb:2d:23:47:f7:f0:3a:9f:7b:67:29:
                    a5:75:1d:25:c0:1a:21:96:3f:ca:eb:07:ab:ca:2e:
                    ba:0c:62:47:8f:7c:b6:41:0f:74:46:a1:45:7c:74:
                    89:e8:22:98:53:00:d6:27:00:11:98:f0:6b:07:31:
                    95:e4:0b:bf:e3:8f:4f:3f:16:94:90:5f:4f:39:2d:
                    94:24:34:44:d8:a1:dc:71:1a:40:59:dd:95:94:0a:
                    0e:13:fc:43:3e:eb:47:e7:48:2d:cd:e4:57:28:77:
                    6f:ba:21:4e:54:d5:9b:95:04:fc:ab:4f:e7:33:e5:
                    2d:c9:d8:4d:7f:e1:e3:30:9f:ad:36:fe:b1:33:35:
                    b1:86:6d:67:f5:f7:ac:80:c1:95:91:ae:bf:da:a7:
                    2a:60:09:4c:91:42:d9:66:d4:0a:13:8d:96:c4:10:
                    d7:e0:1a:91:37:f6:49:b9:d9:f5:28:58:44:bd:22:
                    b5:84:1c:94:9e:c3:c9:d1:e9:3b:9b:7c:b9:81:70:
                    b4:36:87:b7:83:49:0a:73:9f:c5:ad:0d:98:08:eb:
                    c5:ca:ae:c9:f4:2f:d3:1a:da:de:c9:da:52:71:3c:
                    2f:e7:e0:1e:c3:6e:0b:a5:1e:0a:6f:ab:69:0a:68:
                    9b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4B:09:81:E1:4A:B1:24:0C:FD:8D:B8:F9:B3:1B:10:46:B3:58:E1
            X509v3 Authority Key Identifier:
                keyid:AB:C4:5B:65:8B:1E:C0:FD:EB:45:9E:6F:F2:57:7D:B8:CA:6A:93:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8RbZYsewP3rRZ5v8ld9uMpqkzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/S0sJgeFKsSQM_Y24-bMbEEazWOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/c5c1b3-e5ca-4a83-8390-917933b1502e/1/q8RbZYsewP3rRZ5v8ld9uMpqkzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.47.0/24
                IPv6:
                  2a0f:7ec0:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:b1:32:d9:f2:ad:96:31:aa:be:77:0f:95:c1:37:5e:96:e8:
         35:58:03:60:c6:f1:eb:43:f6:ad:36:67:97:93:79:55:0c:5e:
         32:b8:96:23:d2:68:0e:52:05:b9:58:d0:32:fa:3b:5a:24:c2:
         6c:2c:c5:06:7d:9a:ac:d5:2a:95:4a:fd:1b:f7:8c:0a:6a:bb:
         35:65:a5:ea:c3:91:6e:72:75:74:c4:86:0d:fd:9b:f9:bd:34:
         7f:47:f6:fa:e2:49:68:a7:7b:89:3c:81:12:05:91:3e:5f:9d:
         1c:34:59:78:e0:9d:e2:0b:d3:93:ce:0d:da:6d:be:f7:a2:b5:
         06:8b:33:df:66:ae:e5:2d:0f:64:05:49:a1:ab:ed:e1:50:a8:
         56:5d:0b:d7:ea:84:ac:08:3c:3e:e3:76:e9:5e:aa:53:f3:42:
         da:d5:45:9b:60:73:5a:30:a4:b1:29:cf:f4:31:cd:4a:62:de:
         6c:eb:ec:23:28:cc:1f:c2:8f:91:7e:e4:90:87:68:fa:3c:c1:
         7e:43:67:14:a6:7a:42:87:7f:6d:aa:df:1e:1d:39:a1:a1:7e:
         44:fd:5c:60:a9:2a:7d:52:fe:93:c5:75:1b:ac:ce:f5:95:87:
         23:90:43:3d:d4:68:7f:9b:67:e3:25:b9:d1:1b:3d:dd:15:91:
         ff:47:97:81
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1byUWTLtHtC/6XvGAQ34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzQ1YjY1OGIxZWMwZmRlYjQ1OWU2ZmYyNTc3ZGI4Y2E2
YTkzMzAwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjRiMDk4MWUxNGFiMTI0MGNmZDhkYjhmOWIzMWIxMDQ2YjM1OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEz9oiTlwk0SBNI8enQ8P8SI6y0j
R/fwOp97ZymldR0lwBohlj/K6weryi66DGJHj3y2QQ90RqFFfHSJ6CKYUwDWJwAR
mPBrBzGV5Au/449PPxaUkF9POS2UJDRE2KHccRpAWd2VlAoOE/xDPutH50gtzeRX
KHdvuiFOVNWblQT8q0/nM+UtydhNf+HjMJ+tNv6xMzWxhm1n9fesgMGVka6/2qcq
YAlMkULZZtQKE42WxBDX4BqRN/ZJudn1KFhEvSK1hByUnsPJ0ek7m3y5gXC0Noe3
g0kKc5/FrQ2YCOvFyq7J9C/TGtreydpScTwv5+Aew24LpR4Kb6tpCmibEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEtLCYHhSrEkDP2NuPmzGxBGs1jhMB8GA1UdIwQY
MBaAFKvEW2WLHsD960Web/JXfbjKapMwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThSYlpZc2V3UDNyUlo1djhsZDl1TXBxa3pBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9jNWMxYjMtZTVjYS00YTgzLTgzOTAt
OTE3OTMzYjE1MDJlLzEvUzBzSmdlRktzU1FNX1kyNC1iTWJFRWF6V09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9jNWMxYjMtZTVjYS00YTgzLTgzOTAtOTE3OTMzYjE1MDJl
LzEvcThSYlpZc2V3UDNyUlo1djhsZDl1TXBxa3pBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwSkvMA8E
AgACMAkDBwAqD37AAQAwDQYJKoZIhvcNAQELBQADggEBAK+xMtnyrZYxqr53D5XB
N16W6DVYA2DG8etD9q02Z5eTeVUMXjK4liPSaA5SBblY0DL6O1okwmwsxQZ9mqzV
KpVK/Rv3jApquzVlperDkW5ydXTEhg39m/m9NH9H9vriSWine4k8gRIFkT5fnRw0
WXjgneIL05PODdptvveitQaLM99mruUtD2QFSaGr7eFQqFZdC9fqhKwIPD7jdule
qlPzQtrVRZtgc1owpLEpz/QxzUpi3mzr7CMozB/Cj5F+5JCHaPo8wX5DZxSmekKH
f22q3x4dOaGhfkT9XGCpKn1S/pPFdRuszvWVhyOQQz3UaH+bZ+MludEbPd0Vkf9H
l4E=
-----END CERTIFICATE-----