Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/Xr-NcPqiqWD0En7rU2u7z5juqP8.roa
File:                     Xr-NcPqiqWD0En7rU2u7z5juqP8.roa (raw, json)
Hash identifier:          YXFDQGXz9/9G7jKbS0K5dvch1N6iWyFu6xqTpl4Ldmo=
Subject key identifier:   5E:BF:8D:70:FA:A2:A9:60:F4:12:7E:EB:53:6B:BB:CF:98:EE:A8:FF
Certificate issuer:       /CN=09633ef6550a82af315146a942cf3559557c1fe2
Certificate serial:       0194221F7C854AEEF9A8594CDDA9A6218E27
Authority key identifier: 09:63:3E:F6:55:0A:82:AF:31:51:46:A9:42:CF:35:59:55:7C:1F:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWM-9lUKgq8xUUapQs81WVV8H-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/Xr-NcPqiqWD0En7rU2u7z5juqP8.roa
Signing time:             Wed 01 Jan 2025 13:47:56 +0000
ROA not before:           Wed 01 Jan 2025 13:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20847
IP address blocks:        193.105.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/CWM-9lUKgq8xUUapQs81WVV8H-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/CWM-9lUKgq8xUUapQs81WVV8H-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWM-9lUKgq8xUUapQs81WVV8H-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7c:85:4a:ee:f9:a8:59:4c:dd:a9:a6:21:8e:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09633ef6550a82af315146a942cf3559557c1fe2
        Validity
            Not Before: Jan  1 13:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ebf8d70faa2a960f4127eeb536bbbcf98eea8ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d9:a8:02:a8:78:ad:e2:f9:e7:b0:90:42:24:
                    38:f4:91:ee:35:9e:08:be:98:5a:7f:48:ec:76:83:
                    f0:ea:e8:0f:2f:37:05:05:fc:67:89:f0:9a:e0:fc:
                    0c:76:bf:d1:6b:e2:82:73:72:af:21:1e:3b:1b:77:
                    ee:58:6e:4b:1c:21:fc:66:43:6c:86:15:07:a6:55:
                    92:2c:fe:55:05:3b:da:07:59:f4:1e:4a:24:81:b9:
                    5a:d2:19:b1:ed:6e:38:b2:e8:ef:dc:07:03:92:0d:
                    d7:fb:27:9b:c0:d4:28:a6:1f:e3:2d:2f:8d:ea:d3:
                    48:6f:8a:e2:5e:e4:71:be:87:01:4f:79:3b:01:ab:
                    af:98:ba:ec:c5:a3:4a:3b:b4:43:d2:36:90:3e:83:
                    35:86:70:8a:3a:7d:c0:e2:14:12:2b:ae:bd:2b:5a:
                    31:89:ee:10:fa:25:77:0b:84:6d:d4:02:87:54:42:
                    b8:be:f0:85:03:76:aa:da:f5:2c:20:cd:79:9c:6d:
                    ac:bf:c9:c7:e5:75:97:d4:3c:85:cf:3d:f9:23:86:
                    d6:7a:a3:13:51:3e:b6:82:45:d4:e3:64:a7:19:0f:
                    89:7c:ec:da:30:4f:d5:13:07:d3:be:f5:cc:01:5e:
                    cf:0c:2f:a7:89:c0:a8:20:d5:54:04:a4:7c:50:3c:
                    ee:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:BF:8D:70:FA:A2:A9:60:F4:12:7E:EB:53:6B:BB:CF:98:EE:A8:FF
            X509v3 Authority Key Identifier:
                keyid:09:63:3E:F6:55:0A:82:AF:31:51:46:A9:42:CF:35:59:55:7C:1F:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWM-9lUKgq8xUUapQs81WVV8H-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/Xr-NcPqiqWD0En7rU2u7z5juqP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/34d548-e02f-4f82-baeb-bb1df1b3d32d/1/CWM-9lUKgq8xUUapQs81WVV8H-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:45:96:f7:6a:64:b0:f0:4a:89:31:43:09:87:d2:8d:c3:4b:
         ef:a8:06:ea:3d:f0:05:0d:99:1f:86:2e:48:29:30:4a:73:da:
         1d:2f:6e:a5:90:a8:52:b5:63:4c:92:aa:e9:88:76:c0:34:e3:
         e1:28:5c:62:67:91:06:54:87:66:36:d0:ae:74:7c:d2:68:d5:
         22:c1:d1:07:8b:19:aa:7d:96:e1:b6:47:52:05:7e:d2:b1:7a:
         93:c1:c9:a5:ea:6a:b7:b6:c1:d7:ec:d4:06:93:9f:02:cb:da:
         53:1b:8c:ec:b0:e2:f6:ab:f6:7f:fe:d8:17:81:b5:5e:53:17:
         69:f2:91:b5:5f:97:ef:70:3a:2d:1b:1e:f1:38:88:49:ff:bb:
         2a:b4:e0:32:f5:f1:fa:c6:89:22:61:5f:6c:d4:a0:aa:97:9c:
         f5:b1:f3:5f:78:ad:c2:50:fd:26:10:a8:c4:b4:89:db:e2:30:
         09:78:69:61:33:70:77:2e:2c:83:df:aa:06:5d:23:0a:2c:18:
         79:22:f4:fd:eb:3d:30:a0:f5:dd:9e:87:e7:22:da:b1:7c:b3:
         a2:21:15:ec:d2:ce:aa:66:5c:ef:a7:2c:2f:25:be:89:90:75:
         26:c0:36:5c:2d:8e:79:48:67:0d:d7:3a:13:b2:91:4f:bc:f6:
         8f:13:d0:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH3yFSu75qFlM3ammIY4nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjMzZWY2NTUwYTgyYWYzMTUxNDZhOTQyY2YzNTU5NTU3
YzFmZTIwHhcNMjUwMTAxMTM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWJmOGQ3MGZhYTJhOTYwZjQxMjdlZWI1MzZiYmJjZjk4ZWVhOGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltmoAqh4reL557CQQiQ49JHuNZ4I
vphaf0jsdoPw6ugPLzcFBfxnifCa4PwMdr/Ra+KCc3KvIR47G3fuWG5LHCH8ZkNs
hhUHplWSLP5VBTvaB1n0Hkokgbla0hmx7W44sujv3AcDkg3X+yebwNQoph/jLS+N
6tNIb4riXuRxvocBT3k7AauvmLrsxaNKO7RD0jaQPoM1hnCKOn3A4hQSK669K1ox
ie4Q+iV3C4Rt1AKHVEK4vvCFA3aq2vUsIM15nG2sv8nH5XWX1DyFzz35I4bWeqMT
UT62gkXU42SnGQ+JfOzaME/VEwfTvvXMAV7PDC+nicCoINVUBKR8UDzu9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6/jXD6oqlg9BJ+61Nru8+Y7qj/MB8GA1UdIwQY
MBaAFAljPvZVCoKvMVFGqULPNVlVfB/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dNLTlsVUtncTh4VVVhcFFzODFXVlY4SC1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8zNGQ1NDgtZTAyZi00ZjgyLWJhZWIt
YmIxZGYxYjNkMzJkLzEvWHItTmNQcWlxV0QwRW43clUydTd6NWp1cVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8zNGQ1NDgtZTAyZi00ZjgyLWJhZWItYmIxZGYxYjNkMzJk
LzEvQ1dNLTlsVUtncTh4VVVhcFFzODFXVlY4SC1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkMMA0G
CSqGSIb3DQEBCwUAA4IBAQBvRZb3amSw8EqJMUMJh9KNw0vvqAbqPfAFDZkfhi5I
KTBKc9odL26lkKhStWNMkqrpiHbANOPhKFxiZ5EGVIdmNtCudHzSaNUiwdEHixmq
fZbhtkdSBX7SsXqTwcml6mq3tsHX7NQGk58Cy9pTG4zssOL2q/Z//tgXgbVeUxdp
8pG1X5fvcDotGx7xOIhJ/7sqtOAy9fH6xokiYV9s1KCql5z1sfNfeK3CUP0mEKjE
tInb4jAJeGlhM3B3LiyD36oGXSMKLBh5IvT96z0woPXdnofnItqxfLOiIRXs0s6q
ZlzvpywvJb6JkHUmwDZcLY55SGcN1zoTspFPvPaPE9D3
-----END CERTIFICATE-----