Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/riI-pOFWNLX8839TKqYFfWOwpZ8.roa
File:                     riI-pOFWNLX8839TKqYFfWOwpZ8.roa (raw, json)
Hash identifier:          fqG5C98P6l1daY/xcAV9OUvehrdtHt6AHPVOzurPOBw=
Subject key identifier:   AE:22:3E:A4:E1:56:34:B5:FC:F3:7F:53:2A:A6:05:7D:63:B0:A5:9F
Certificate issuer:       /CN=2ef957aba2ef00352850e202464c71d33ca81448
Certificate serial:       0194258F898122C7A5CC56AAECADDC0F63F7
Authority key identifier: 2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/riI-pOFWNLX8839TKqYFfWOwpZ8.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1942
IP address blocks:        193.48.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:89:81:22:c7:a5:cc:56:aa:ec:ad:dc:0f:63:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ef957aba2ef00352850e202464c71d33ca81448
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae223ea4e15634b5fcf37f532aa6057d63b0a59f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:4d:60:0e:f4:57:a3:52:99:e6:57:4e:7a:30:
                    ea:13:b4:bb:e8:30:ec:7e:fe:2b:86:c9:6c:ed:5f:
                    5c:1f:58:c2:8b:56:0d:25:33:d5:c7:92:01:0b:b7:
                    80:40:18:78:47:a5:74:c4:e4:d7:8d:a8:62:46:04:
                    37:98:6f:e3:f0:62:aa:cd:ad:29:2d:61:60:51:b1:
                    57:6d:ea:22:d0:6a:0e:15:95:b8:ed:b8:3d:97:60:
                    bd:ab:29:78:8f:15:c3:e6:36:2d:82:83:ef:32:2d:
                    99:03:a8:c6:b3:e8:cd:2f:4d:cb:75:2a:3b:02:66:
                    0d:30:72:a7:7b:89:9a:81:db:c0:a3:5e:d3:07:bc:
                    6c:89:d3:a2:79:93:1d:90:dc:16:94:34:77:c5:9a:
                    84:5c:fd:26:10:17:25:55:cb:d6:71:99:cf:4b:3b:
                    56:73:99:10:0a:ce:a8:4f:09:d5:48:bd:97:1a:6b:
                    e1:6d:ed:8f:da:70:25:ce:1e:f3:c0:9e:a7:46:83:
                    9e:23:2d:2a:9e:9c:0e:fc:fa:4e:40:c2:1d:4e:53:
                    bd:9c:bf:c6:2e:7b:65:4c:a7:bb:f5:0d:bb:e0:2e:
                    c9:db:e8:78:93:15:fa:f6:53:b8:b7:f6:0e:73:b6:
                    a1:56:4e:25:18:d9:96:bd:c9:ff:27:cb:ea:53:f5:
                    87:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:22:3E:A4:E1:56:34:B5:FC:F3:7F:53:2A:A6:05:7D:63:B0:A5:9F
            X509v3 Authority Key Identifier:
                keyid:2E:F9:57:AB:A2:EF:00:35:28:50:E2:02:46:4C:71:D3:3C:A8:14:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LvlXq6LvADUoUOICRkxx0zyoFEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/riI-pOFWNLX8839TKqYFfWOwpZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/a584e4-ccd4-4c4f-9d16-04a27c4d5453/1/LvlXq6LvADUoUOICRkxx0zyoFEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.48.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:0a:8b:69:7b:64:38:18:84:e0:d7:d4:b1:3b:b5:70:ab:c2:
         6c:04:d0:b5:e6:66:7b:e1:1d:06:ec:73:0b:68:c8:59:97:2c:
         9a:24:20:e9:8a:75:86:a2:f4:99:41:57:13:db:3f:49:10:59:
         77:a8:02:d4:8c:aa:10:23:3a:3c:d2:2a:ce:d9:6e:70:f2:e5:
         e7:3a:36:ee:68:e1:e4:92:23:05:d0:31:b7:0e:43:99:a2:37:
         b8:81:b3:72:5e:9c:ab:e0:8f:19:3c:9a:94:af:71:e1:b8:14:
         3d:c6:d7:3d:6d:2a:23:9b:88:08:22:18:96:b0:d7:26:5c:96:
         d0:35:72:c1:3a:64:d3:1c:08:43:b7:7a:2b:8b:2f:93:27:42:
         ff:58:e9:78:72:f9:80:ab:40:03:b3:61:6a:11:00:68:ca:1c:
         16:72:09:57:b2:4f:73:79:da:31:13:ec:f4:4e:e3:fb:b9:2c:
         40:25:e0:21:6f:94:20:e8:0e:82:a0:f2:cc:fc:de:d8:bd:2b:
         d6:8e:aa:b2:6a:fd:95:fc:e7:4b:80:9f:ba:ad:50:88:b7:1d:
         c0:3b:79:d6:f0:29:07:5b:88:24:cb:7f:36:99:f9:70:31:87:
         12:d3:b9:bd:7e:1e:aa:94:d3:60:cf:05:22:55:c0:ba:27:a1:
         7c:b7:53:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4mBIselzFaq7K3cD2P3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZjk1N2FiYTJlZjAwMzUyODUwZTIwMjQ2NGM3MWQzM2Nh
ODE0NDgwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTIyM2VhNGUxNTYzNGI1ZmNmMzdmNTMyYWE2MDU3ZDYzYjBhNTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA401gDvRXo1KZ5ldOejDqE7S76DDs
fv4rhsls7V9cH1jCi1YNJTPVx5IBC7eAQBh4R6V0xOTXjahiRgQ3mG/j8GKqza0p
LWFgUbFXbeoi0GoOFZW47bg9l2C9qyl4jxXD5jYtgoPvMi2ZA6jGs+jNL03LdSo7
AmYNMHKne4magdvAo17TB7xsidOieZMdkNwWlDR3xZqEXP0mEBclVcvWcZnPSztW
c5kQCs6oTwnVSL2XGmvhbe2P2nAlzh7zwJ6nRoOeIy0qnpwO/PpOQMIdTlO9nL/G
LntlTKe79Q274C7J2+h4kxX69lO4t/YOc7ahVk4lGNmWvcn/J8vqU/WHZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4iPqThVjS1/PN/UyqmBX1jsKWfMB8GA1UdIwQY
MBaAFC75V6ui7wA1KFDiAkZMcdM8qBRIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYt
MDRhMjdjNGQ1NDUzLzEvcmlJLXBPRldOTFg4ODM5VEtxWUZmV093cFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hNTg0ZTQtY2NkNC00YzRmLTlkMTYtMDRhMjdjNGQ1NDUz
LzEvTHZsWHE2THZBRFVvVU9JQ1JreHgwenlvRkVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTBTMA0G
CSqGSIb3DQEBCwUAA4IBAQCBCotpe2Q4GITg19SxO7Vwq8JsBNC15mZ74R0G7HML
aMhZlyyaJCDpinWGovSZQVcT2z9JEFl3qALUjKoQIzo80irO2W5w8uXnOjbuaOHk
kiMF0DG3DkOZoje4gbNyXpyr4I8ZPJqUr3HhuBQ9xtc9bSojm4gIIhiWsNcmXJbQ
NXLBOmTTHAhDt3oriy+TJ0L/WOl4cvmAq0ADs2FqEQBoyhwWcglXsk9zedoxE+z0
TuP7uSxAJeAhb5Qg6A6CoPLM/N7YvSvWjqqyav2V/OdLgJ+6rVCItx3AO3nW8CkH
W4gky382mflwMYcS07m9fh6qlNNgzwUiVcC6J6F8t1Nc
-----END CERTIFICATE-----