Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/T5XESpftQ8U-6htl3x7h46EITBM.roa
File:                     T5XESpftQ8U-6htl3x7h46EITBM.roa (raw, json)
Hash identifier:          mLyi8ckRLE6vkKGXnLEA5j7dMGSnw+G4t2k9Cm93xko=
Subject key identifier:   4F:95:C4:4A:97:ED:43:C5:3E:EA:1B:65:DF:1E:E1:E3:A1:08:4C:13
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01942827EEC2B2C68FF2F58EF00FA7719B01
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/T5XESpftQ8U-6htl3x7h46EITBM.roa
Signing time:             Thu 02 Jan 2025 17:54:53 +0000
ROA not before:           Thu 02 Jan 2025 17:54:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        193.37.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:ee:c2:b2:c6:8f:f2:f5:8e:f0:0f:a7:71:9b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  2 17:54:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f95c44a97ed43c53eea1b65df1ee1e3a1084c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:50:a3:ed:ec:e3:06:dc:1e:fa:40:1d:f0:4a:
                    11:f6:b9:2f:df:79:5c:23:0c:c2:09:eb:6f:9d:c3:
                    ca:e2:a1:f0:77:75:cc:9d:c0:fa:cd:01:1a:20:dc:
                    3b:5b:b5:bb:94:04:79:a9:a1:58:39:df:74:77:22:
                    99:61:90:2c:25:66:c3:e8:fa:97:75:48:49:fd:b1:
                    01:41:1c:3e:bc:f1:66:6f:40:bd:70:8e:f0:b3:c7:
                    ff:be:1e:68:f0:d2:54:e7:22:56:7c:f6:4d:88:70:
                    5d:81:45:e1:dc:07:76:f6:c6:db:ab:0d:18:e7:d9:
                    c1:9a:0b:cd:ce:c5:2e:c2:d6:f1:f0:04:a0:62:f1:
                    90:8f:8e:3d:16:39:a6:6b:06:d9:c0:68:7e:45:1b:
                    96:d7:0b:29:64:58:36:7f:ac:8d:5c:79:76:fa:34:
                    00:00:d0:0d:ab:84:56:1f:53:19:7c:cc:19:f5:e5:
                    4a:60:95:a3:b4:84:8c:9b:2d:4a:9b:75:e2:41:af:
                    1e:03:e6:c6:33:4d:62:a0:73:49:f4:07:8c:33:9e:
                    be:e6:f7:28:e2:15:db:d5:ca:31:d9:db:36:9e:79:
                    a0:8b:b7:e2:22:68:f4:90:2c:72:44:d4:d5:72:5d:
                    ba:b0:92:93:2a:99:b7:49:5b:af:af:d2:b2:01:ab:
                    a7:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:95:C4:4A:97:ED:43:C5:3E:EA:1B:65:DF:1E:E1:E3:A1:08:4C:13
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/T5XESpftQ8U-6htl3x7h46EITBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:7f:df:5d:5c:79:3a:c5:35:d6:af:d6:2d:95:40:5d:b7:bc:
         f3:69:03:04:e6:d4:ab:88:03:89:a4:b4:b8:8a:a9:ab:44:da:
         47:ee:45:25:75:44:41:17:80:03:b9:68:a2:1c:09:24:f4:0c:
         9e:57:f4:2d:04:51:83:25:9c:2c:fc:4e:f1:a7:98:fa:5b:31:
         d8:44:2e:ee:c4:bc:20:dc:b1:45:76:20:6b:ba:e0:37:23:d7:
         30:a5:39:5f:66:37:81:4e:63:e9:a5:30:ac:31:d5:4c:fe:54:
         d2:f8:01:17:f9:a7:a0:9f:e3:f5:94:92:98:65:a3:7e:17:6d:
         93:40:1e:76:8a:e6:6d:e5:29:af:e4:b3:f6:33:ac:b8:31:d2:
         55:dd:bb:90:7f:87:32:f3:54:4a:fa:f2:3a:43:b5:e9:fc:97:
         fe:94:b7:bf:12:7b:4f:60:3f:e5:c0:c5:89:89:f6:11:81:e2:
         b7:50:b6:a5:97:60:6e:4d:b1:6e:7a:86:54:de:a2:86:4b:0a:
         d8:2d:62:34:28:6e:b7:f8:80:39:6f:d9:f9:51:07:2c:97:ed:
         f8:e9:c0:30:37:e3:8c:2d:59:30:f9:42:e4:39:e7:72:d4:d0:
         a5:fb:de:11:b2:e0:53:53:88:e9:70:9e:13:67:a3:20:69:f3:
         07:45:84:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ+7CssaP8vWO8A+ncZsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMTAyMTc1NDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjk1YzQ0YTk3ZWQ0M2M1M2VlYTFiNjVkZjFlZTFlM2ExMDg0YzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1Cj7ezjBtwe+kAd8EoR9rkv33lc
IwzCCetvncPK4qHwd3XMncD6zQEaINw7W7W7lAR5qaFYOd90dyKZYZAsJWbD6PqX
dUhJ/bEBQRw+vPFmb0C9cI7ws8f/vh5o8NJU5yJWfPZNiHBdgUXh3Ad29sbbqw0Y
59nBmgvNzsUuwtbx8ASgYvGQj449FjmmawbZwGh+RRuW1wspZFg2f6yNXHl2+jQA
ANANq4RWH1MZfMwZ9eVKYJWjtISMmy1Km3XiQa8eA+bGM01ioHNJ9AeMM56+5vco
4hXb1cox2ds2nnmgi7fiImj0kCxyRNTVcl26sJKTKpm3SVuvr9KyAaunowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+VxEqX7UPFPuobZd8e4eOhCEwTMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvVDVYRVNwZnRROFUtNmh0bDN4N2g0NkVJVEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXEMA0G
CSqGSIb3DQEBCwUAA4IBAQByf99dXHk6xTXWr9YtlUBdt7zzaQME5tSriAOJpLS4
iqmrRNpH7kUldURBF4ADuWiiHAkk9AyeV/QtBFGDJZws/E7xp5j6WzHYRC7uxLwg
3LFFdiBruuA3I9cwpTlfZjeBTmPppTCsMdVM/lTS+AEX+aegn+P1lJKYZaN+F22T
QB52iuZt5Smv5LP2M6y4MdJV3buQf4cy81RK+vI6Q7Xp/Jf+lLe/EntPYD/lwMWJ
ifYRgeK3ULall2BuTbFueoZU3qKGSwrYLWI0KG63+IA5b9n5UQcsl+346cAwN+OM
LVkw+ULkOedy1NCl+94RsuBTU4jpcJ4TZ6MgafMHRYRh
-----END CERTIFICATE-----