Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/1DNJXUdN9aHYwhJ0OLj39VSopnQ.roa
File:                     1DNJXUdN9aHYwhJ0OLj39VSopnQ.roa (raw, json)
Hash identifier:          QBTrHThXdQY8h/nmwy8ckGzuWyt8cYLb33EN8JyG6aE=
Subject key identifier:   D4:33:49:5D:47:4D:F5:A1:D8:C2:12:74:38:B8:F7:F5:54:A8:A6:74
Certificate issuer:       /CN=65e0062e54a5fcb6a0c99e598557fed6f37a4629
Certificate serial:       0194236A132313B60C285A29D534CD305CF8
Authority key identifier: 65:E0:06:2E:54:A5:FC:B6:A0:C9:9E:59:85:57:FE:D6:F3:7A:46:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/1DNJXUdN9aHYwhJ0OLj39VSopnQ.roa
Signing time:             Wed 01 Jan 2025 19:49:01 +0000
ROA not before:           Wed 01 Jan 2025 19:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211491
IP address blocks:        193.22.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:13:23:13:b6:0c:28:5a:29:d5:34:cd:30:5c:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65e0062e54a5fcb6a0c99e598557fed6f37a4629
        Validity
            Not Before: Jan  1 19:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d433495d474df5a1d8c2127438b8f7f554a8a674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:9c:dc:d3:db:ba:85:ed:c3:4b:c9:7d:c6:6d:
                    b8:84:09:74:62:a7:b9:4a:5f:41:97:c6:06:bd:98:
                    44:3c:a3:bd:3b:b2:5e:1f:e5:b4:aa:5f:fd:5c:2c:
                    04:ee:22:93:6f:ee:2a:87:98:f6:b0:ac:54:d9:51:
                    4b:16:d5:2e:4a:c6:d9:f8:8b:cb:08:fd:20:59:bb:
                    a7:f6:4a:d5:f0:95:7a:e9:ca:2a:24:bb:f1:83:07:
                    4e:18:99:97:8f:c6:4b:76:22:77:68:5e:17:32:a8:
                    65:91:9f:d9:11:fe:44:96:ea:a9:2e:fb:62:a1:0c:
                    34:41:d8:96:72:eb:e7:af:57:10:81:c4:af:9b:ce:
                    bc:99:88:9f:6e:78:8d:7b:0e:a8:c7:4d:86:cf:55:
                    6b:bb:b8:a7:6a:a6:37:c3:8c:5b:0d:4e:7a:73:02:
                    53:cf:c4:e7:92:19:f3:fc:09:11:c4:a0:05:dc:2c:
                    81:1b:96:80:f4:7d:56:7c:97:fb:ff:a7:54:10:9d:
                    b4:d9:53:43:db:65:c3:c7:fa:34:00:11:ed:88:d7:
                    fd:2f:a1:b7:4a:99:85:96:29:ec:7d:ba:9b:3d:97:
                    e5:f3:24:eb:25:ab:d0:5b:db:d5:dc:c3:bd:15:33:
                    07:b1:56:87:6d:ac:e0:12:b8:18:b9:65:bc:98:d4:
                    42:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:33:49:5D:47:4D:F5:A1:D8:C2:12:74:38:B8:F7:F5:54:A8:A6:74
            X509v3 Authority Key Identifier:
                keyid:65:E0:06:2E:54:A5:FC:B6:A0:C9:9E:59:85:57:FE:D6:F3:7A:46:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/1DNJXUdN9aHYwhJ0OLj39VSopnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/975e68-8662-43b9-8ed2-aae97e65015c/1/ZeAGLlSl_LagyZ5ZhVf-1vN6Rik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:2d:cf:fb:40:07:38:13:69:6c:05:c8:b5:de:05:13:5d:e4:
         42:28:d0:a5:c0:ea:71:19:b3:a8:45:ed:d3:4f:90:03:5a:db:
         4b:12:ee:33:34:71:4d:bd:58:eb:12:e1:97:39:4e:0d:89:12:
         f6:7a:ae:3b:df:97:b4:d5:a5:56:7c:bb:51:f4:ec:f5:d1:ae:
         c8:cf:d9:32:c2:10:58:1a:b6:f5:52:0c:c1:2a:77:dc:4e:30:
         9f:69:70:ef:dd:bf:aa:6e:93:7d:30:5f:8f:b4:86:4c:6d:76:
         ec:e2:ab:c5:db:9f:cd:40:c8:51:db:8c:96:af:e4:2d:d1:1f:
         67:36:25:00:20:62:2a:24:1e:bd:df:3a:8e:0b:39:37:6b:16:
         aa:3c:97:6d:21:3f:45:67:4e:b6:18:6d:cb:8e:bb:14:01:8e:
         b7:cc:0b:7a:69:99:3d:3a:96:e1:1a:cc:23:8d:95:2c:d3:6f:
         2b:82:fe:0d:c7:f2:36:40:1f:3f:10:33:c8:62:75:c0:9a:70:
         a8:47:a8:12:f5:33:80:d6:ae:80:ac:40:24:78:63:6f:9f:c3:
         d7:b9:b3:62:ce:2b:c4:2e:97:ab:95:90:07:0d:cf:24:59:c1:
         8e:60:f0:cd:15:b3:79:23:11:37:de:60:d7:5a:53:5d:d1:5d:
         aa:2f:59:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjahMjE7YMKFop1TTNMFz4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZTAwNjJlNTRhNWZjYjZhMGM5OWU1OTg1NTdmZWQ2ZjM3
YTQ2MjkwHhcNMjUwMTAxMTk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDMzNDk1ZDQ3NGRmNWExZDhjMjEyNzQzOGI4ZjdmNTU0YThhNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZzc09u6he3DS8l9xm24hAl0Yqe5
Sl9Bl8YGvZhEPKO9O7JeH+W0ql/9XCwE7iKTb+4qh5j2sKxU2VFLFtUuSsbZ+IvL
CP0gWbun9krV8JV66coqJLvxgwdOGJmXj8ZLdiJ3aF4XMqhlkZ/ZEf5EluqpLvti
oQw0QdiWcuvnr1cQgcSvm868mYifbniNew6ox02Gz1Vru7inaqY3w4xbDU56cwJT
z8Tnkhnz/AkRxKAF3CyBG5aA9H1WfJf7/6dUEJ202VND22XDx/o0ABHtiNf9L6G3
SpmFlinsfbqbPZfl8yTrJavQW9vV3MO9FTMHsVaHbazgErgYuWW8mNRCzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQzSV1HTfWh2MISdDi49/VUqKZ0MB8GA1UdIwQY
MBaAFGXgBi5Upfy2oMmeWYVX/tbzekYpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVBR0xsU2xfTGFneVo1WmhWZi0xdk42UmlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85NzVlNjgtODY2Mi00M2I5LThlZDIt
YWFlOTdlNjUwMTVjLzEvMUROSlhVZE45YUhZd2hKME9MajM5VlNvcG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85NzVlNjgtODY2Mi00M2I5LThlZDItYWFlOTdlNjUwMTVj
LzEvWmVBR0xsU2xfTGFneVo1WmhWZi0xdk42UmlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRYUMA0G
CSqGSIb3DQEBCwUAA4IBAQCBLc/7QAc4E2lsBci13gUTXeRCKNClwOpxGbOoRe3T
T5ADWttLEu4zNHFNvVjrEuGXOU4NiRL2eq4735e01aVWfLtR9Oz10a7Iz9kywhBY
Grb1UgzBKnfcTjCfaXDv3b+qbpN9MF+PtIZMbXbs4qvF25/NQMhR24yWr+Qt0R9n
NiUAIGIqJB693zqOCzk3axaqPJdtIT9FZ062GG3LjrsUAY63zAt6aZk9OpbhGswj
jZUs028rgv4Nx/I2QB8/EDPIYnXAmnCoR6gS9TOA1q6ArEAkeGNvn8PXubNizivE
LperlZAHDc8kWcGOYPDNFbN5IxE33mDXWlNd0V2qL1lh
-----END CERTIFICATE-----