Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/715ade-9dae-4151-819f-af62c8465dab/1/AOrWMlaoWwr9BiH2KC52e33LvU8.roa
File:                     AOrWMlaoWwr9BiH2KC52e33LvU8.roa (raw, json)
Hash identifier:          C5KmnNcC1frqJFB0GlvW18JGpvtpy3xiJI4dTDmXhFM=
Subject key identifier:   00:EA:D6:32:56:A8:5B:0A:FD:06:21:F6:28:2E:76:7B:7D:CB:BD:4F
Certificate issuer:       /CN=c4d8a738d4c13c4a677af51275ba84c8b36dc9ce
Certificate serial:       019420D6215ABC793676EB8C7C3C9844603E
Authority key identifier: C4:D8:A7:38:D4:C1:3C:4A:67:7A:F5:12:75:BA:84:C8:B3:6D:C9:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xNinONTBPEpnevUSdbqEyLNtyc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/715ade-9dae-4151-819f-af62c8465dab/1/AOrWMlaoWwr9BiH2KC52e33LvU8.roa
Signing time:             Wed 01 Jan 2025 07:48:11 +0000
ROA not before:           Wed 01 Jan 2025 07:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214298
IP address blocks:        193.218.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/715ade-9dae-4151-819f-af62c8465dab/1/xNinONTBPEpnevUSdbqEyLNtyc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/715ade-9dae-4151-819f-af62c8465dab/1/xNinONTBPEpnevUSdbqEyLNtyc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xNinONTBPEpnevUSdbqEyLNtyc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:21:5a:bc:79:36:76:eb:8c:7c:3c:98:44:60:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4d8a738d4c13c4a677af51275ba84c8b36dc9ce
        Validity
            Not Before: Jan  1 07:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00ead63256a85b0afd0621f6282e767b7dcbbd4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d1:87:3e:b5:79:54:42:93:5c:26:59:5c:ac:
                    39:0e:5a:05:f5:9d:82:8f:fc:ed:c1:46:b3:88:7a:
                    8d:3b:cd:a8:03:b5:83:2b:09:3c:8f:74:06:12:01:
                    0a:a0:60:aa:d1:d4:c4:fc:cb:47:3a:10:28:dd:40:
                    f8:89:19:4f:27:c9:a6:19:79:fa:aa:d2:e6:58:7a:
                    b2:f2:57:6d:60:e8:33:4e:92:6c:82:7a:5c:b8:b2:
                    c8:88:20:3b:09:db:71:b9:ec:b0:41:e3:63:48:2c:
                    3d:e5:0e:93:ec:9a:15:c3:9e:c0:21:c9:04:6d:15:
                    dd:d0:34:a8:da:da:71:31:f3:13:e5:0c:5f:2f:8e:
                    9a:7b:a1:88:c2:7e:3f:61:f0:0a:4e:32:09:c0:87:
                    a8:30:39:9e:79:7b:4e:68:34:a3:d3:df:20:ef:fc:
                    ff:cd:97:ac:00:18:de:70:c7:9f:5d:69:a3:82:d8:
                    c0:e7:74:57:81:aa:46:0f:b6:16:d6:70:68:7f:7a:
                    57:90:09:70:bb:11:b8:df:a2:f6:1a:2c:fa:d9:ee:
                    e3:89:71:a2:3e:9a:63:22:0f:52:78:48:34:24:3a:
                    8f:14:8a:07:da:f1:21:67:e3:b5:95:21:3f:e4:56:
                    67:6a:a0:73:47:7e:3c:42:89:03:b0:02:7a:5c:1b:
                    70:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:EA:D6:32:56:A8:5B:0A:FD:06:21:F6:28:2E:76:7B:7D:CB:BD:4F
            X509v3 Authority Key Identifier:
                keyid:C4:D8:A7:38:D4:C1:3C:4A:67:7A:F5:12:75:BA:84:C8:B3:6D:C9:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xNinONTBPEpnevUSdbqEyLNtyc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/715ade-9dae-4151-819f-af62c8465dab/1/AOrWMlaoWwr9BiH2KC52e33LvU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/715ade-9dae-4151-819f-af62c8465dab/1/xNinONTBPEpnevUSdbqEyLNtyc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:dd:f7:b9:00:8b:97:1f:11:ac:19:ee:f8:0e:63:da:ea:23:
         76:38:e5:30:70:c5:4f:74:24:ed:b5:72:bb:fe:63:d7:d1:5b:
         00:5b:e9:93:b9:ec:c2:05:93:c2:20:86:59:31:cb:a0:48:f2:
         2d:12:0a:8e:e7:bc:04:f9:48:d1:a3:00:91:dc:cd:c8:3d:e4:
         5b:bf:54:18:58:3a:0a:66:9a:36:1d:a1:d3:7d:89:77:a3:33:
         ca:a5:78:f9:0c:d0:95:d5:9f:b0:cc:2a:75:ee:a7:62:61:f9:
         d1:ef:68:fa:05:3e:44:7c:4d:ba:3d:69:ad:d6:68:97:3f:0f:
         e6:84:8d:7d:f7:7d:7f:fd:e7:23:6a:83:65:d6:af:cd:1f:27:
         f2:42:f7:67:c3:43:a3:c5:78:ac:22:69:02:07:40:af:ff:00:
         82:a0:54:a6:77:04:0e:da:5b:3f:da:92:31:67:98:99:42:19:
         47:2f:79:26:6d:19:fd:6a:48:f2:34:7f:67:1f:33:9d:87:58:
         ac:61:af:15:ba:60:b7:65:84:29:2e:1f:29:1d:44:94:da:f5:
         b8:a6:d6:43:da:12:1a:5a:bb:5e:12:be:db:a2:bc:d5:2d:0e:
         0a:c6:69:b2:a8:5a:3e:ee:3d:50:68:92:65:e3:c7:f4:dd:63:
         eb:aa:f1:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1iFavHk2duuMfDyYRGA+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZDhhNzM4ZDRjMTNjNGE2NzdhZjUxMjc1YmE4NGM4YjM2
ZGM5Y2UwHhcNMjUwMTAxMDc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGVhZDYzMjU2YTg1YjBhZmQwNjIxZjYyODJlNzY3YjdkY2JiZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudGHPrV5VEKTXCZZXKw5DloF9Z2C
j/ztwUaziHqNO82oA7WDKwk8j3QGEgEKoGCq0dTE/MtHOhAo3UD4iRlPJ8mmGXn6
qtLmWHqy8ldtYOgzTpJsgnpcuLLIiCA7CdtxueywQeNjSCw95Q6T7JoVw57AIckE
bRXd0DSo2tpxMfMT5QxfL46ae6GIwn4/YfAKTjIJwIeoMDmeeXtOaDSj098g7/z/
zZesABjecMefXWmjgtjA53RXgapGD7YW1nBof3pXkAlwuxG436L2Giz62e7jiXGi
PppjIg9SeEg0JDqPFIoH2vEhZ+O1lSE/5FZnaqBzR348QokDsAJ6XBtw4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFADq1jJWqFsK/QYh9igudnt9y71PMB8GA1UdIwQY
MBaAFMTYpzjUwTxKZ3r1EnW6hMizbcnOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE5pbk9OVEJQRXBuZXZVU2RicUV5TE50eWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS83MTVhZGUtOWRhZS00MTUxLTgxOWYt
YWY2MmM4NDY1ZGFiLzEvQU9yV01sYW9Xd3I5QmlIMktDNTJlMzNMdlU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS83MTVhZGUtOWRhZS00MTUxLTgxOWYtYWY2MmM4NDY1ZGFi
LzEveE5pbk9OVEJQRXBuZXZVU2RicUV5TE50eWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwdpwMA0G
CSqGSIb3DQEBCwUAA4IBAQAf3fe5AIuXHxGsGe74DmPa6iN2OOUwcMVPdCTttXK7
/mPX0VsAW+mTuezCBZPCIIZZMcugSPItEgqO57wE+UjRowCR3M3IPeRbv1QYWDoK
Zpo2HaHTfYl3ozPKpXj5DNCV1Z+wzCp17qdiYfnR72j6BT5EfE26PWmt1miXPw/m
hI19931//ecjaoNl1q/NHyfyQvdnw0OjxXisImkCB0Cv/wCCoFSmdwQO2ls/2pIx
Z5iZQhlHL3kmbRn9akjyNH9nHzOdh1isYa8VumC3ZYQpLh8pHUSU2vW4ptZD2hIa
WrteEr7borzVLQ4KxmmyqFo+7j1QaJJl48f03WPrqvEb
-----END CERTIFICATE-----