Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/W44szkVz920V6-JywE9vsVlLyvY.roa
File:                     W44szkVz920V6-JywE9vsVlLyvY.roa (raw, json)
Hash identifier:          CydWhda8ET4rgRmemVZtuScSzfI/qh7Sm6ASW7UNUoE=
Subject key identifier:   5B:8E:2C:CE:45:73:F7:6D:15:EB:E2:72:C0:4F:6F:B1:59:4B:CA:F6
Certificate issuer:       /CN=4fd6646c93c2974789ecef7b444656ee64161729
Certificate serial:       019426D96EF53EFAB21B9813CB162A7AB505
Authority key identifier: 4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/W44szkVz920V6-JywE9vsVlLyvY.roa
Signing time:             Thu 02 Jan 2025 11:49:31 +0000
ROA not before:           Thu 02 Jan 2025 11:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        193.19.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6e:f5:3e:fa:b2:1b:98:13:cb:16:2a:7a:b5:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd6646c93c2974789ecef7b444656ee64161729
        Validity
            Not Before: Jan  2 11:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b8e2cce4573f76d15ebe272c04f6fb1594bcaf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:85:22:19:85:81:40:eb:f8:6f:3a:ec:12:0d:
                    6c:13:9b:30:7d:e2:36:7d:49:fa:89:1e:da:46:dd:
                    e9:ac:25:d3:d8:5f:54:8b:85:44:72:2a:42:58:5f:
                    be:9e:34:e1:df:07:9c:09:68:19:f8:ad:8e:53:c1:
                    10:f6:fc:2d:8d:58:2d:6b:3a:72:82:c8:c1:da:ed:
                    ca:d4:35:8f:f1:ee:55:1b:81:c5:3e:fd:c1:62:55:
                    de:3c:fe:55:1d:b4:ad:8c:75:dc:0b:1b:83:bd:65:
                    c1:9b:a4:2f:db:cc:a4:64:eb:f0:42:be:7b:d6:24:
                    f0:bb:2a:d7:ba:1c:6e:70:a4:94:a5:1c:eb:b0:ab:
                    bd:44:9c:5d:d2:24:3e:eb:fb:a2:e7:5d:64:8b:39:
                    10:8d:56:79:d6:f7:4c:a5:2d:2a:5c:a7:ae:7b:ee:
                    c7:de:50:e9:b3:86:61:fd:0d:65:6b:47:fb:d6:a7:
                    76:71:f7:d5:08:8d:97:82:f0:04:8e:23:00:45:bd:
                    b9:f7:40:a6:29:ef:3f:61:83:fc:7e:bb:58:ec:29:
                    6a:e6:d8:bc:62:79:ab:31:da:e7:3f:7c:04:cd:0b:
                    cb:f3:7c:1c:90:89:7e:64:db:99:e3:53:32:0c:9e:
                    fe:84:d3:c6:fe:09:49:40:2c:2a:0e:90:90:47:78:
                    15:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:8E:2C:CE:45:73:F7:6D:15:EB:E2:72:C0:4F:6F:B1:59:4B:CA:F6
            X509v3 Authority Key Identifier:
                keyid:4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/W44szkVz920V6-JywE9vsVlLyvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:d4:c6:f9:7c:29:8d:28:c4:aa:a6:a7:9d:ba:56:18:94:13:
         e6:d1:c1:71:3d:ca:84:3f:41:15:cc:03:c9:12:b6:6d:3d:e4:
         91:ef:1d:90:7a:0c:14:90:6e:c2:a2:8a:9d:df:11:e1:e2:95:
         80:e1:3e:4a:d7:7b:4c:fe:8b:e1:34:be:7f:80:4f:a7:e0:6e:
         6c:89:e6:4c:3f:e0:05:8d:55:52:24:37:e4:94:d5:0f:e4:92:
         46:a5:9e:ce:ef:87:bd:91:c2:49:a6:53:9c:09:b3:1f:29:00:
         33:f9:03:32:8d:b2:a6:2e:2f:29:5e:de:83:47:f5:f9:7c:48:
         04:3f:aa:71:f6:06:b8:a1:e2:f4:2c:e1:38:70:44:6e:4a:6e:
         45:b8:9f:d7:dd:51:e7:17:2c:ab:f9:36:08:c2:62:1e:bc:e2:
         35:cc:11:65:f9:df:ac:57:e4:e7:6b:c4:c3:b0:b2:42:12:99:
         9a:57:b7:1b:38:5a:5d:14:1e:0d:f9:f3:ac:8c:66:9c:b9:80:
         99:b9:0a:5b:13:24:79:21:f8:f8:da:77:8f:80:2e:cb:60:17:
         d0:69:89:1a:e6:3f:93:48:63:e7:7c:2b:40:92:6d:f3:40:e7:
         d2:58:ac:0b:b6:dc:3c:4f:ec:74:85:c2:23:cd:86:d3:43:21:
         f2:fc:64:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2W71PvqyG5gTyxYqerUFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY2NDZjOTNjMjk3NDc4OWVjZWY3YjQ0NDY1NmVlNjQx
NjE3MjkwHhcNMjUwMTAyMTE0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjhlMmNjZTQ1NzNmNzZkMTVlYmUyNzJjMDRmNmZiMTU5NGJjYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1oUiGYWBQOv4bzrsEg1sE5swfeI2
fUn6iR7aRt3prCXT2F9Ui4VEcipCWF++njTh3wecCWgZ+K2OU8EQ9vwtjVgtazpy
gsjB2u3K1DWP8e5VG4HFPv3BYlXePP5VHbStjHXcCxuDvWXBm6Qv28ykZOvwQr57
1iTwuyrXuhxucKSUpRzrsKu9RJxd0iQ+6/ui511kizkQjVZ51vdMpS0qXKeue+7H
3lDps4Zh/Q1la0f71qd2cffVCI2XgvAEjiMARb2590CmKe8/YYP8frtY7Clq5ti8
YnmrMdrnP3wEzQvL83wckIl+ZNuZ41MyDJ7+hNPG/glJQCwqDpCQR3gVxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFuOLM5Fc/dtFevicsBPb7FZS8r2MB8GA1UdIwQY
MBaAFE/WZGyTwpdHiezve0RGVu5kFhcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEt
NzZhNTM4NWM1MTVhLzEvVzQ0c3prVno5MjBWNi1KeXdFOXZzVmxMeXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEtNzZhNTM4NWM1MTVh
LzEvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRNcMA0G
CSqGSIb3DQEBCwUAA4IBAQA21Mb5fCmNKMSqpqedulYYlBPm0cFxPcqEP0EVzAPJ
ErZtPeSR7x2QegwUkG7Cooqd3xHh4pWA4T5K13tM/ovhNL5/gE+n4G5sieZMP+AF
jVVSJDfklNUP5JJGpZ7O74e9kcJJplOcCbMfKQAz+QMyjbKmLi8pXt6DR/X5fEgE
P6px9ga4oeL0LOE4cERuSm5FuJ/X3VHnFyyr+TYIwmIevOI1zBFl+d+sV+Tna8TD
sLJCEpmaV7cbOFpdFB4N+fOsjGacuYCZuQpbEyR5Ifj42nePgC7LYBfQaYka5j+T
SGPnfCtAkm3zQOfSWKwLttw8T+x0hcIjzYbTQyHy/GQl
-----END CERTIFICATE-----