Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/bOKc5OfkNTYPFxlTts0wqCFe3RM.roa
File:                     bOKc5OfkNTYPFxlTts0wqCFe3RM.roa (raw, json)
Hash identifier:          V84JFOGtu1RZTKKpVLc0/478v9UFmxFvSlNuGf0rXZ4=
Subject key identifier:   6C:E2:9C:E4:E7:E4:35:36:0F:17:19:53:B6:CD:30:A8:21:5E:DD:13
Certificate issuer:       /CN=a65f995603663a569430ccc617287e919df144a0
Certificate serial:       019424459F11811F4E03EDA761D25E5F7324
Authority key identifier: A6:5F:99:56:03:66:3A:56:94:30:CC:C6:17:28:7E:91:9D:F1:44:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/bOKc5OfkNTYPFxlTts0wqCFe3RM.roa
Signing time:             Wed 01 Jan 2025 23:48:49 +0000
ROA not before:           Wed 01 Jan 2025 23:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62269
IP address blocks:        193.56.133.0/24 maxlen: 24
                          2a11:5b00::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:9f:11:81:1f:4e:03:ed:a7:61:d2:5e:5f:73:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65f995603663a569430ccc617287e919df144a0
        Validity
            Not Before: Jan  1 23:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ce29ce4e7e435360f171953b6cd30a8215edd13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:77:2c:aa:44:24:41:ab:8e:3f:f1:13:04:93:
                    6b:2a:5a:a6:73:38:1b:b2:01:f0:37:8f:67:af:c8:
                    0c:ed:97:b1:bf:f8:7f:ed:2c:4e:e0:9e:3f:84:67:
                    d9:3a:4e:70:04:53:89:30:7f:99:40:c7:f0:b4:58:
                    51:bb:00:37:53:ec:a2:44:f2:c9:fb:04:63:26:0e:
                    84:6b:ed:8a:76:8f:98:71:88:c3:d4:ee:c3:9a:27:
                    25:d0:c2:49:42:17:18:0a:7a:44:98:fc:bc:b4:5c:
                    53:52:fe:8a:c9:82:18:4d:a6:cf:bc:95:13:b4:23:
                    57:77:ec:7b:ec:8b:3c:18:25:af:67:23:f5:6b:4a:
                    99:3f:82:d7:69:85:18:95:20:af:3d:f5:cb:94:74:
                    9f:cc:3a:e3:ed:f2:8e:0a:35:bb:da:9e:bb:0d:88:
                    cc:e1:b1:ea:e0:34:08:13:fa:54:b0:b1:23:86:4e:
                    f4:c1:1f:df:06:80:6b:25:d6:70:b9:72:00:4a:6c:
                    f4:4e:7c:1b:81:7f:1c:5e:49:ba:69:e8:71:9f:b1:
                    b6:00:43:63:43:67:fc:53:70:e5:fb:ce:3b:43:64:
                    7a:3b:9b:8a:dd:4e:da:a1:41:1f:96:33:03:53:f8:
                    93:dd:74:6d:e2:cd:a7:7e:e3:9e:28:22:44:35:e1:
                    20:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E2:9C:E4:E7:E4:35:36:0F:17:19:53:B6:CD:30:A8:21:5E:DD:13
            X509v3 Authority Key Identifier:
                keyid:A6:5F:99:56:03:66:3A:56:94:30:CC:C6:17:28:7E:91:9D:F1:44:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/bOKc5OfkNTYPFxlTts0wqCFe3RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/58a19b-70c4-4a0e-b8ab-58c3f418f3fd/1/pl-ZVgNmOlaUMMzGFyh-kZ3xRKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.133.0/24
                IPv6:
                  2a11:5b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:ac:50:40:24:cd:13:45:e2:a7:96:64:68:54:b1:9a:31:a8:
         d0:76:3a:51:b9:12:20:93:ea:43:ae:c6:17:fc:e1:23:29:ab:
         e7:ec:59:7c:6d:20:e7:9a:b2:c1:6d:b0:1c:bd:71:8c:3d:11:
         d1:c5:33:e0:32:7e:f3:fa:ac:9d:03:87:25:21:62:38:98:d3:
         21:9e:30:a6:11:88:fd:0f:d3:24:c4:a9:25:8f:ea:04:1e:bc:
         3e:08:ff:d9:87:6a:0b:a4:be:27:8a:c9:6b:f9:28:3e:24:12:
         99:9c:5d:b1:4e:fb:10:77:3f:ff:bc:4a:64:41:c8:ac:a0:21:
         37:12:33:41:5f:1d:ef:17:31:8f:00:5d:d6:0b:35:76:72:09:
         ff:6d:a1:78:6e:b0:2c:6a:cd:14:ff:27:cf:92:66:44:a5:83:
         b2:cb:79:b7:37:ce:5d:51:99:31:f5:dd:2b:df:2e:a8:b5:43:
         0a:64:36:51:f5:6d:7e:a8:b6:86:d6:39:8b:a5:2a:6c:05:20:
         f8:03:93:03:89:ed:a4:e2:fb:29:c0:51:3b:79:0c:48:ab:8c:
         58:81:93:90:f9:c2:41:5a:e0:b0:a4:5e:68:d4:07:f3:1c:fb:
         9d:a9:10:d9:c2:47:0c:fd:54:c9:0d:0b:8f:90:42:ce:b0:3d:
         4e:a1:2e:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRZ8RgR9OA+2nYdJeX3MkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NWY5OTU2MDM2NjNhNTY5NDMwY2NjNjE3Mjg3ZTkxOWRm
MTQ0YTAwHhcNMjUwMTAxMjM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UyOWNlNGU3ZTQzNTM2MGYxNzE5NTNiNmNkMzBhODIxNWVkZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoncsqkQkQauOP/ETBJNrKlqmczgb
sgHwN49nr8gM7Zexv/h/7SxO4J4/hGfZOk5wBFOJMH+ZQMfwtFhRuwA3U+yiRPLJ
+wRjJg6Ea+2Kdo+YcYjD1O7Dmicl0MJJQhcYCnpEmPy8tFxTUv6KyYIYTabPvJUT
tCNXd+x77Is8GCWvZyP1a0qZP4LXaYUYlSCvPfXLlHSfzDrj7fKOCjW72p67DYjM
4bHq4DQIE/pUsLEjhk70wR/fBoBrJdZwuXIASmz0TnwbgX8cXkm6aehxn7G2AENj
Q2f8U3Dl+847Q2R6O5uK3U7aoUEfljMDU/iT3XRt4s2nfuOeKCJENeEgGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGzinOTn5DU2DxcZU7bNMKghXt0TMB8GA1UdIwQY
MBaAFKZfmVYDZjpWlDDMxhcofpGd8USgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGwtWlZnTm1PbGFVTU16R0Z5aC1rWjN4UktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC81OGExOWItNzBjNC00YTBlLWI4YWIt
NThjM2Y0MThmM2ZkLzEvYk9LYzVPZmtOVFlQRnhsVHRzMHdxQ0ZlM1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC81OGExOWItNzBjNC00YTBlLWI4YWItNThjM2Y0MThmM2Zk
LzEvcGwtWlZnTm1PbGFVTU16R0Z5aC1rWjN4UktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwTiFMA0E
AgACMAcDBQAqEVsAMA0GCSqGSIb3DQEBCwUAA4IBAQCPrFBAJM0TReKnlmRoVLGa
MajQdjpRuRIgk+pDrsYX/OEjKavn7Fl8bSDnmrLBbbAcvXGMPRHRxTPgMn7z+qyd
A4clIWI4mNMhnjCmEYj9D9MkxKklj+oEHrw+CP/Zh2oLpL4nislr+Sg+JBKZnF2x
TvsQdz//vEpkQcisoCE3EjNBXx3vFzGPAF3WCzV2cgn/baF4brAsas0U/yfPkmZE
pYOyy3m3N85dUZkx9d0r3y6otUMKZDZR9W1+qLaG1jmLpSpsBSD4A5MDie2k4vsp
wFE7eQxIq4xYgZOQ+cJBWuCwpF5o1AfzHPudqRDZwkcM/VTJDQuPkELOsD1OoS5t
-----END CERTIFICATE-----