Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/dl4ybKFr-mjNJ3kV-IfkyZfwx44.roa
File:                     dl4ybKFr-mjNJ3kV-IfkyZfwx44.roa (raw, json)
Hash identifier:          /jV0BskL+oSsTISEbyqI8M7CEUXp7IlGvyGOrlDZbmo=
Subject key identifier:   76:5E:32:6C:A1:6B:FA:68:CD:27:79:15:F8:87:E4:C9:97:F0:C7:8E
Certificate issuer:       /CN=0ee296b60c038cdc6bfef4c060b1406164ec868c
Certificate serial:       019427B53D0E4DB70B8FD1DC858508D6D827
Authority key identifier: 0E:E2:96:B6:0C:03:8C:DC:6B:FE:F4:C0:60:B1:40:61:64:EC:86:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DuKWtgwDjNxr_vTAYLFAYWTshow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/dl4ybKFr-mjNJ3kV-IfkyZfwx44.roa
Signing time:             Thu 02 Jan 2025 15:49:36 +0000
ROA not before:           Thu 02 Jan 2025 15:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202503
IP address blocks:        193.111.52.0/22 maxlen: 22
                          193.111.52.0/23 maxlen: 23
                          193.111.53.0/25 maxlen: 25
                          193.111.54.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/DuKWtgwDjNxr_vTAYLFAYWTshow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/DuKWtgwDjNxr_vTAYLFAYWTshow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DuKWtgwDjNxr_vTAYLFAYWTshow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:3d:0e:4d:b7:0b:8f:d1:dc:85:85:08:d6:d8:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee296b60c038cdc6bfef4c060b1406164ec868c
        Validity
            Not Before: Jan  2 15:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=765e326ca16bfa68cd277915f887e4c997f0c78e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:29:09:b0:16:db:7b:62:71:31:3e:15:b1:ef:
                    e3:58:64:2a:14:e7:5c:ee:49:88:2c:36:c7:e1:bc:
                    98:9d:20:0d:ce:d1:20:4c:23:af:f6:4a:d7:eb:15:
                    30:d2:b1:30:df:e8:4a:e1:9e:e6:cb:d6:41:02:1f:
                    cd:0e:f2:55:28:6d:ca:0e:10:e2:5f:37:25:67:87:
                    d7:a9:6a:c1:34:5e:94:b1:43:6e:94:44:6d:c7:b1:
                    dd:06:b3:89:17:56:6c:f1:d3:a5:4b:fc:2c:32:c9:
                    68:43:5a:39:5a:06:0e:21:df:74:98:86:d0:7d:34:
                    66:45:d1:bb:f3:c2:05:14:59:49:52:15:61:d9:91:
                    29:4a:75:7e:93:b7:21:2a:ac:40:56:12:a8:c0:f5:
                    fa:d9:c8:50:da:80:33:9a:9a:21:d7:e1:bc:50:17:
                    0f:3a:15:d3:9f:65:e8:63:80:ef:c7:b2:c0:f6:cd:
                    e6:d8:bb:60:91:1b:3b:4d:79:da:c8:fd:e5:8b:63:
                    92:e8:68:09:44:4c:36:02:55:7f:d2:df:b7:5f:6b:
                    61:fc:76:bf:85:ca:70:0d:6c:8f:a9:0d:46:a2:c5:
                    f2:bd:8a:53:d9:f9:12:38:cf:2f:a1:20:1b:b8:02:
                    e1:8b:c4:50:12:f1:ef:c9:28:50:ac:bf:f3:ac:ba:
                    ec:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:5E:32:6C:A1:6B:FA:68:CD:27:79:15:F8:87:E4:C9:97:F0:C7:8E
            X509v3 Authority Key Identifier:
                keyid:0E:E2:96:B6:0C:03:8C:DC:6B:FE:F4:C0:60:B1:40:61:64:EC:86:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DuKWtgwDjNxr_vTAYLFAYWTshow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/dl4ybKFr-mjNJ3kV-IfkyZfwx44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/0cd0e7-2da9-402b-8a49-f5c805f0255b/1/DuKWtgwDjNxr_vTAYLFAYWTshow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:91:2f:6f:9c:67:93:02:da:ee:87:e5:93:e8:0f:27:d7:33:
         33:fb:59:04:60:49:b0:93:09:5d:c1:f4:75:89:37:cd:35:c0:
         6c:5c:b1:64:3e:94:2e:f1:45:79:20:5c:62:f0:28:ea:2d:5f:
         69:9c:9f:5d:58:27:46:f6:11:50:f6:5e:86:41:cd:8e:1c:b6:
         3c:2b:3e:f9:b3:55:06:05:ed:7f:7c:18:b9:0e:ae:7f:c5:06:
         ee:05:f9:69:cd:21:36:97:02:13:82:55:6c:81:ae:62:38:a0:
         3d:c9:49:95:b7:2c:b3:ee:f3:23:b3:1f:ea:c9:6b:6b:a7:76:
         16:e3:1d:91:7c:a3:7d:15:97:bd:3f:5a:0a:01:23:6f:1d:b2:
         42:36:bf:87:2b:c5:07:e7:36:86:42:bc:37:53:64:cb:33:0d:
         c3:41:a6:9d:a7:95:bd:b0:42:5e:2d:bb:48:07:bb:98:22:b6:
         3f:e5:c1:4e:05:d8:60:2a:9a:5b:a9:24:36:4d:c7:21:ec:8a:
         d5:b1:12:44:c2:5f:3d:af:f4:ec:a5:cc:70:da:c5:0f:b2:d6:
         cd:c0:3c:9a:da:3c:a9:23:39:ed:ac:72:d6:3d:ef:18:16:7e:
         3f:ae:d5:4b:4b:86:39:c5:59:c2:59:b3:82:a2:2e:24:79:64:
         f2:58:83:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntT0OTbcLj9HchYUI1tgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZTI5NmI2MGMwMzhjZGM2YmZlZjRjMDYwYjE0MDYxNjRl
Yzg2OGMwHhcNMjUwMTAyMTU0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjVlMzI2Y2ExNmJmYTY4Y2QyNzc5MTVmODg3ZTRjOTk3ZjBjNzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSkJsBbbe2JxMT4Vse/jWGQqFOdc
7kmILDbH4byYnSANztEgTCOv9krX6xUw0rEw3+hK4Z7my9ZBAh/NDvJVKG3KDhDi
XzclZ4fXqWrBNF6UsUNulERtx7HdBrOJF1Zs8dOlS/wsMsloQ1o5WgYOId90mIbQ
fTRmRdG788IFFFlJUhVh2ZEpSnV+k7chKqxAVhKowPX62chQ2oAzmpoh1+G8UBcP
OhXTn2XoY4Dvx7LA9s3m2LtgkRs7TXnayP3li2OS6GgJREw2AlV/0t+3X2th/Ha/
hcpwDWyPqQ1GosXyvYpT2fkSOM8voSAbuALhi8RQEvHvyShQrL/zrLrsWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZeMmyha/pozSd5FfiH5MmX8MeOMB8GA1UdIwQY
MBaAFA7ilrYMA4zca/70wGCxQGFk7IaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHVLV3Rnd0RqTnhyX3ZUQVlMRkFZV1RzaG93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8wY2QwZTctMmRhOS00MDJiLThhNDkt
ZjVjODA1ZjAyNTViLzEvZGw0eWJLRnItbWpOSjNrVi1JZmt5WmZ3eDQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8wY2QwZTctMmRhOS00MDJiLThhNDktZjVjODA1ZjAyNTVi
LzEvRHVLV3Rnd0RqTnhyX3ZUQVlMRkFZV1RzaG93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW80MA0G
CSqGSIb3DQEBCwUAA4IBAQBXkS9vnGeTAtruh+WT6A8n1zMz+1kEYEmwkwldwfR1
iTfNNcBsXLFkPpQu8UV5IFxi8CjqLV9pnJ9dWCdG9hFQ9l6GQc2OHLY8Kz75s1UG
Be1/fBi5Dq5/xQbuBflpzSE2lwITglVsga5iOKA9yUmVtyyz7vMjsx/qyWtrp3YW
4x2RfKN9FZe9P1oKASNvHbJCNr+HK8UH5zaGQrw3U2TLMw3DQaadp5W9sEJeLbtI
B7uYIrY/5cFOBdhgKppbqSQ2Tcch7IrVsRJEwl89r/Tspcxw2sUPstbNwDya2jyp
IzntrHLWPe8YFn4/rtVLS4Y5xVnCWbOCoi4keWTyWIOf
-----END CERTIFICATE-----