Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/Cg0yCK2kQVd5LZZHHCdBRelfy-8.roa
File:                     Cg0yCK2kQVd5LZZHHCdBRelfy-8.roa (raw, json)
Hash identifier:          EJ5qFjEdSIaKu0rEkfVQQqMjYA83tlJGweW9Y6wELDM=
Subject key identifier:   0A:0D:32:08:AD:A4:41:57:79:2D:96:47:1C:27:41:45:E9:5F:CB:EF
Certificate issuer:       /CN=24350aa8a94af666099fd073ec621cd15d04b316
Certificate serial:       01942444BB40C39810C113395062681D4EF8
Authority key identifier: 24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/Cg0yCK2kQVd5LZZHHCdBRelfy-8.roa
Signing time:             Wed 01 Jan 2025 23:47:51 +0000
ROA not before:           Wed 01 Jan 2025 23:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42681
IP address blocks:        193.142.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:bb:40:c3:98:10:c1:13:39:50:62:68:1d:4e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24350aa8a94af666099fd073ec621cd15d04b316
        Validity
            Not Before: Jan  1 23:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a0d3208ada44157792d96471c274145e95fcbef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fa:98:c3:00:84:ff:e5:80:2c:63:e7:ca:a6:
                    a3:82:e6:b7:8d:f5:85:a4:72:1f:7a:9b:76:59:a7:
                    a9:90:f0:03:21:06:c1:39:95:2f:d2:ee:34:27:77:
                    b8:34:48:33:61:2b:63:6b:3c:29:55:a6:a5:15:f9:
                    b3:cc:9a:22:b5:c9:5d:d5:81:60:14:24:ec:92:c2:
                    49:c8:86:79:c1:17:74:ae:0d:17:fc:f0:c4:14:e5:
                    ce:1b:a9:92:1b:0d:8a:7b:96:5b:04:9f:14:7c:0a:
                    44:de:3a:bf:7e:b0:b9:69:09:be:0a:5c:c7:5e:ab:
                    f3:41:40:ba:fa:58:43:04:c6:74:aa:18:e4:6d:11:
                    11:af:32:10:49:5f:a2:c8:a6:cd:93:7d:96:2d:db:
                    c8:50:25:5d:3f:81:58:ac:9d:05:dc:0b:4b:96:db:
                    39:93:2f:e9:c1:1b:58:18:99:c8:19:66:d2:d2:b8:
                    f4:62:36:29:e3:02:9e:c4:5a:5c:e6:d5:0a:28:66:
                    13:ca:d9:39:f3:4a:0e:7f:68:4a:df:8a:0f:e8:94:
                    a4:78:a1:93:99:1d:13:10:6b:87:fc:ce:d1:2a:08:
                    36:5a:5b:cc:bf:26:b7:d1:e0:cd:21:ae:b0:9d:36:
                    47:e3:2d:82:f6:23:52:f1:e7:a9:1b:cd:a5:99:ab:
                    68:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:0D:32:08:AD:A4:41:57:79:2D:96:47:1C:27:41:45:E9:5F:CB:EF
            X509v3 Authority Key Identifier:
                keyid:24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/Cg0yCK2kQVd5LZZHHCdBRelfy-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:fa:18:95:85:c8:7f:37:fb:48:07:c3:4e:38:5d:cb:17:ab:
         be:00:a2:25:e1:ea:df:c8:8a:bc:f1:1e:67:39:cf:e5:34:69:
         4b:3e:c5:fd:72:6e:c9:47:cb:64:64:b4:9b:61:cc:d8:bf:33:
         a0:67:c1:d0:af:de:36:96:d4:8d:20:24:79:03:0e:e0:4f:6b:
         4c:60:60:ac:1e:d5:a7:00:05:5c:fb:7a:46:94:44:a4:ef:b3:
         8f:22:21:b2:11:83:50:b5:d8:28:5b:ce:19:be:b7:dd:a8:7e:
         23:7b:2d:43:95:4c:f3:ab:98:fd:3e:cd:6d:e4:14:5d:69:6e:
         63:9c:fd:84:66:73:49:b1:d4:4a:34:b6:3b:18:2b:d3:b1:e0:
         d1:1c:4a:42:23:6e:05:41:74:da:4a:35:11:0c:8a:cd:5c:b2:
         7b:ce:42:1d:85:a6:3c:75:a0:fe:fc:95:ce:3e:81:5e:e4:78:
         1d:df:99:33:15:00:45:da:eb:5c:0f:b8:b4:6c:39:e0:00:3a:
         6d:95:a1:19:4d:5a:74:18:b5:d7:01:e2:3c:3f:07:93:e1:f8:
         15:49:d0:b3:35:8f:44:07:f5:b8:2e:f1:2f:29:e6:0a:87:98:
         a1:86:28:ae:c8:3e:19:ed:ff:8e:29:b4:16:a9:81:b6:ba:c9:
         15:12:c9:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRLtAw5gQwRM5UGJoHU74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MzUwYWE4YTk0YWY2NjYwOTlmZDA3M2VjNjIxY2QxNWQw
NGIzMTYwHhcNMjUwMTAxMjM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTBkMzIwOGFkYTQ0MTU3NzkyZDk2NDcxYzI3NDE0NWU5NWZjYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/qYwwCE/+WALGPnyqajgua3jfWF
pHIfept2WaepkPADIQbBOZUv0u40J3e4NEgzYStjazwpVaalFfmzzJoitcld1YFg
FCTsksJJyIZ5wRd0rg0X/PDEFOXOG6mSGw2Ke5ZbBJ8UfApE3jq/frC5aQm+ClzH
XqvzQUC6+lhDBMZ0qhjkbRERrzIQSV+iyKbNk32WLdvIUCVdP4FYrJ0F3AtLlts5
ky/pwRtYGJnIGWbS0rj0YjYp4wKexFpc5tUKKGYTytk580oOf2hK34oP6JSkeKGT
mR0TEGuH/M7RKgg2WlvMvya30eDNIa6wnTZH4y2C9iNS8eepG82lmatobQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAoNMgitpEFXeS2WRxwnQUXpX8vvMB8GA1UdIwQY
MBaAFCQ1CqipSvZmCZ/Qc+xiHNFdBLMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEt
YjQyNTIyZDA1ODk1LzEvQ2cweUNLMmtRVmQ1TFpaSEhDZEJSZWxmeS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEtYjQyNTIyZDA1ODk1
LzEvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY50MA0G
CSqGSIb3DQEBCwUAA4IBAQAz+hiVhch/N/tIB8NOOF3LF6u+AKIl4erfyIq88R5n
Oc/lNGlLPsX9cm7JR8tkZLSbYczYvzOgZ8HQr942ltSNICR5Aw7gT2tMYGCsHtWn
AAVc+3pGlESk77OPIiGyEYNQtdgoW84ZvrfdqH4jey1DlUzzq5j9Ps1t5BRdaW5j
nP2EZnNJsdRKNLY7GCvTseDRHEpCI24FQXTaSjURDIrNXLJ7zkIdhaY8daD+/JXO
PoFe5Hgd35kzFQBF2utcD7i0bDngADptlaEZTVp0GLXXAeI8PweT4fgVSdCzNY9E
B/W4LvEvKeYKh5ihhiiuyD4Z7f+OKbQWqYG2uskVEsnM
-----END CERTIFICATE-----