Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/vywQrYyohPA7HiVpUnZvxi_OkIw.roa
File:                     vywQrYyohPA7HiVpUnZvxi_OkIw.roa (raw, json)
Hash identifier:          9ddLtzX64XyzhFvBqGsy3QFMWw7/oarf8SrkFQVzpQI=
Subject key identifier:   BF:2C:10:AD:8C:A8:84:F0:3B:1E:25:69:52:76:6F:C6:2F:CE:90:8C
Certificate issuer:       /CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
Certificate serial:       019420D5EC2E625199701D3433612B8B15C3
Authority key identifier: 81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/vywQrYyohPA7HiVpUnZvxi_OkIw.roa
Signing time:             Wed 01 Jan 2025 07:47:58 +0000
ROA not before:           Wed 01 Jan 2025 07:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1921
IP address blocks:        193.227.117.0/24 maxlen: 24
                          194.0.182.0/24 maxlen: 24
                          194.50.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ec:2e:62:51:99:70:1d:34:33:61:2b:8b:15:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a7ce8bacbeceeb16f600b607d1bfd08033b302
        Validity
            Not Before: Jan  1 07:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf2c10ad8ca884f03b1e256952766fc62fce908c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6b:ad:b9:b1:56:15:83:53:2a:78:7b:a7:ec:
                    ab:b6:a1:41:c8:d2:8b:99:a0:28:e3:7a:49:49:98:
                    2e:e2:f1:1a:d7:f8:dd:f8:4b:00:06:96:86:3b:a2:
                    0f:f8:e1:08:31:14:68:95:5e:cb:55:ff:16:7c:6c:
                    15:3f:aa:de:56:bb:48:a9:d2:98:9d:bf:a8:94:0a:
                    6a:cb:b6:fa:e6:bb:d5:ba:8d:4b:d2:f5:5e:39:34:
                    af:19:b8:9f:52:ae:63:0e:83:30:d0:8d:a9:fb:19:
                    6c:fb:38:56:78:01:2a:cd:43:dc:4a:63:b1:dd:37:
                    98:59:62:52:5d:33:c4:99:bb:41:3a:14:d1:68:3d:
                    8d:05:f7:80:86:ba:b0:f1:c4:dd:b0:4e:f5:38:66:
                    79:9d:f3:d4:af:3b:15:95:ab:0e:1d:a4:86:86:cd:
                    08:19:dc:b3:01:d3:99:c6:44:25:6e:00:4c:67:9f:
                    de:75:6a:2c:0a:ae:d3:78:54:17:43:0e:79:2f:94:
                    59:f9:60:f3:94:74:46:06:3a:4e:bc:6c:87:49:c0:
                    68:dd:e3:6e:44:99:cb:17:9e:8e:83:7f:b2:a2:ed:
                    99:b3:68:3f:37:70:e2:97:84:94:26:9e:ff:55:28:
                    8d:e9:70:22:28:ec:da:4b:1d:b1:c4:3a:fb:70:e6:
                    6b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:2C:10:AD:8C:A8:84:F0:3B:1E:25:69:52:76:6F:C6:2F:CE:90:8C
            X509v3 Authority Key Identifier:
                keyid:81:A7:CE:8B:AC:BE:CE:EB:16:F6:00:B6:07:D1:BF:D0:80:33:B3:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gafOi6y-zusW9gC2B9G_0IAzswI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/vywQrYyohPA7HiVpUnZvxi_OkIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/ee66fb-5dc0-4122-9bc7-b27d8730a270/1/gafOi6y-zusW9gC2B9G_0IAzswI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.117.0/24
                  194.0.182.0/24
                  194.50.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e9:f4:bf:83:f9:e7:93:72:a9:6e:e2:5d:b0:95:d4:02:41:
         87:9b:f4:9c:ac:f4:1c:25:ad:6b:f9:b8:92:91:8a:3c:cc:81:
         a9:03:71:04:a9:58:b7:99:48:74:7c:9b:82:24:3d:14:1c:5f:
         df:58:66:69:cc:35:06:ab:5d:1f:82:13:fc:cb:ab:21:e6:ae:
         23:92:54:59:bb:52:e3:33:3a:6b:5f:47:cc:57:88:68:c5:60:
         4f:dd:db:e1:e8:63:03:cc:90:d9:23:e1:af:6d:40:68:44:5a:
         bb:76:55:b6:f4:f7:b5:54:cb:46:a7:76:b7:fc:8b:29:60:a9:
         4c:7f:f9:e2:5a:85:da:e9:df:a3:b1:a7:54:31:da:85:36:03:
         24:9c:0e:49:2f:28:70:31:df:4d:79:c4:4d:e6:6c:8d:2a:49:
         00:6c:d9:a1:db:29:b9:a3:55:40:73:5d:72:88:72:ad:aa:5a:
         57:eb:13:6b:81:be:39:b7:ac:9f:d0:66:48:9e:2e:aa:f4:c9:
         b8:07:55:85:b1:d1:cb:79:b9:73:a2:5d:93:06:fb:9a:2c:e4:
         9c:91:ec:69:6e:eb:e1:48:1c:43:11:6f:e2:48:a1:b2:6c:61:
         2e:bd:3d:ee:6d:a8:4a:52:73:2c:37:93:98:50:f9:fd:56:ea:
         bd:64:c4:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQg1ewuYlGZcB00M2ErixXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTdjZThiYWNiZWNlZWIxNmY2MDBiNjA3ZDFiZmQwODAz
M2IzMDIwHhcNMjUwMTAxMDc0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjJjMTBhZDhjYTg4NGYwM2IxZTI1Njk1Mjc2NmZjNjJmY2U5MDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmutubFWFYNTKnh7p+yrtqFByNKL
maAo43pJSZgu4vEa1/jd+EsABpaGO6IP+OEIMRRolV7LVf8WfGwVP6reVrtIqdKY
nb+olApqy7b65rvVuo1L0vVeOTSvGbifUq5jDoMw0I2p+xls+zhWeAEqzUPcSmOx
3TeYWWJSXTPEmbtBOhTRaD2NBfeAhrqw8cTdsE71OGZ5nfPUrzsVlasOHaSGhs0I
GdyzAdOZxkQlbgBMZ5/edWosCq7TeFQXQw55L5RZ+WDzlHRGBjpOvGyHScBo3eNu
RJnLF56Og3+you2Zs2g/N3Dil4SUJp7/VSiN6XAiKOzaSx2xxDr7cOZroQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL8sEK2MqITwOx4laVJ2b8YvzpCMMB8GA1UdIwQY
MBaAFIGnzousvs7rFvYAtgfRv9CAM7MCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzct
YjI3ZDg3MzBhMjcwLzEvdnl3UXJZeW9oUEE3SGlWcFVuWnZ4aV9Pa0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9lZTY2ZmItNWRjMC00MTIyLTliYzctYjI3ZDg3MzBhMjcw
LzEvZ2FmT2k2eS16dXNXOWdDMkI5R18wSUF6c3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAweN1AwQA
wgC2AwQAwjK7MA0GCSqGSIb3DQEBCwUAA4IBAQCM6fS/g/nnk3KpbuJdsJXUAkGH
m/ScrPQcJa1r+biSkYo8zIGpA3EEqVi3mUh0fJuCJD0UHF/fWGZpzDUGq10fghP8
y6sh5q4jklRZu1LjMzprX0fMV4hoxWBP3dvh6GMDzJDZI+GvbUBoRFq7dlW29Pe1
VMtGp3a3/IspYKlMf/niWoXa6d+jsadUMdqFNgMknA5JLyhwMd9NecRN5myNKkkA
bNmh2ym5o1VAc11yiHKtqlpX6xNrgb45t6yf0GZIni6q9Mm4B1WFsdHLeblzol2T
BvuaLOSckexpbuvhSBxDEW/iSKGybGEuvT3ubahKUnMsN5OYUPn9Vuq9ZMTj
-----END CERTIFICATE-----