Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/EWuOguv1P9Rw7Q-U1qAW9dBN2No.roa
File:                     EWuOguv1P9Rw7Q-U1qAW9dBN2No.roa (raw, json)
Hash identifier:          rN97euvDe5WCriK9EjJsNO5wn2cUGLmPhpQvNqo71q8=
Subject key identifier:   11:6B:8E:82:EB:F5:3F:D4:70:ED:0F:94:D6:A0:16:F5:D0:4D:D8:DA
Certificate issuer:       /CN=4c3e9da3bf593802cc833fe5d947a52696f58c8d
Certificate serial:       019421B1F5F5B6CB4362892987503574EF0C
Authority key identifier: 4C:3E:9D:A3:BF:59:38:02:CC:83:3F:E5:D9:47:A5:26:96:F5:8C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TD6do79ZOALMgz_l2UelJpb1jI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/EWuOguv1P9Rw7Q-U1qAW9dBN2No.roa
Signing time:             Wed 01 Jan 2025 11:48:18 +0000
ROA not before:           Wed 01 Jan 2025 11:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39122
IP address blocks:        193.203.126.0/24 maxlen: 24
                          2a0d:1f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/TD6do79ZOALMgz_l2UelJpb1jI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/TD6do79ZOALMgz_l2UelJpb1jI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TD6do79ZOALMgz_l2UelJpb1jI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f5:f5:b6:cb:43:62:89:29:87:50:35:74:ef:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3e9da3bf593802cc833fe5d947a52696f58c8d
        Validity
            Not Before: Jan  1 11:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=116b8e82ebf53fd470ed0f94d6a016f5d04dd8da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f7:d1:2d:36:7d:38:23:a1:f9:71:c1:26:50:
                    43:9f:c0:89:90:d0:22:c7:29:11:05:03:be:e6:4c:
                    71:3e:fb:f3:a2:28:d9:ae:eb:e7:a7:ed:6e:2e:4a:
                    b9:fd:ff:3a:49:1f:f2:41:68:85:60:45:aa:fc:a3:
                    32:bb:0d:ff:35:eb:05:b9:ef:88:e8:f5:1f:d5:f2:
                    38:7e:48:d5:82:a5:69:88:53:d9:cb:cd:ce:e5:b6:
                    59:2f:07:ab:91:46:49:c0:f2:d9:99:a0:4d:06:a6:
                    27:29:e8:7f:da:8b:a8:2a:c4:f2:08:9b:34:75:cf:
                    6e:03:2e:2c:70:d2:c9:7a:89:df:3d:9a:a3:96:a1:
                    f9:99:73:35:e3:4f:1b:6c:4a:87:66:77:b1:f1:85:
                    18:22:c9:06:92:04:af:d5:49:9c:87:8e:99:93:9a:
                    54:83:61:76:74:33:41:47:25:78:77:e3:db:82:b5:
                    99:1c:a0:2e:1d:30:c0:9a:4d:7b:c1:3d:f8:df:25:
                    05:ce:75:ad:e4:fb:62:d7:94:49:53:30:c3:8d:4d:
                    c2:12:95:88:fd:f7:ee:03:6f:ce:96:01:f6:b1:0f:
                    32:b2:42:2d:f1:be:0c:b9:2a:98:15:ff:ba:df:03:
                    c5:f3:ad:c6:0f:e1:c8:fa:cb:47:91:4e:3f:5b:e6:
                    f1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:6B:8E:82:EB:F5:3F:D4:70:ED:0F:94:D6:A0:16:F5:D0:4D:D8:DA
            X509v3 Authority Key Identifier:
                keyid:4C:3E:9D:A3:BF:59:38:02:CC:83:3F:E5:D9:47:A5:26:96:F5:8C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TD6do79ZOALMgz_l2UelJpb1jI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/EWuOguv1P9Rw7Q-U1qAW9dBN2No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/TD6do79ZOALMgz_l2UelJpb1jI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.126.0/24
                IPv6:
                  2a0d:1f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:88:d4:82:e7:c2:85:70:be:f4:9f:a0:f0:ec:0c:c2:81:58:
         01:db:ef:e3:64:8f:fa:03:06:f6:55:52:67:82:ed:c5:88:9c:
         88:f8:06:c0:f2:ef:2f:d4:9c:ab:d0:ee:9c:a1:dc:58:ba:1d:
         33:fa:fe:c7:c5:36:e1:c9:ea:8f:7e:5e:ed:54:d2:42:b1:50:
         78:6e:a3:4f:a0:c8:85:10:03:ea:b4:18:78:4d:29:eb:6a:64:
         b0:9c:03:ff:0a:36:98:25:22:fe:30:17:6e:49:cd:f9:80:68:
         9d:24:5c:76:1a:e5:2e:8c:ff:5a:c8:93:8f:cc:25:10:d7:5f:
         14:53:18:be:39:e2:f8:8e:ab:94:ad:93:6c:51:5b:49:3c:93:
         39:58:0e:b4:e7:c5:54:05:6d:44:f9:f1:ab:3e:db:16:8c:3b:
         5f:91:27:cd:01:34:8a:d4:38:89:f3:97:4a:ee:44:80:44:ac:
         40:29:14:4a:4e:39:4b:86:01:14:4b:65:dd:8d:25:2a:8c:fe:
         c3:2a:dc:b3:e2:cb:64:8e:55:26:4f:78:f2:83:c1:38:3a:9e:
         f1:72:fb:80:63:63:d3:81:98:fa:7a:61:b2:7d:96:75:36:86:
         44:37:51:10:75:e6:ac:f0:83:d4:d0:d2:90:f5:20:c7:be:4e:
         37:17:a1:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsfX1tstDYokph1A1dO8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjM2U5ZGEzYmY1OTM4MDJjYzgzM2ZlNWQ5NDdhNTI2OTZm
NThjOGQwHhcNMjUwMTAxMTE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTZiOGU4MmViZjUzZmQ0NzBlZDBmOTRkNmEwMTZmNWQwNGRkOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvfRLTZ9OCOh+XHBJlBDn8CJkNAi
xykRBQO+5kxxPvvzoijZruvnp+1uLkq5/f86SR/yQWiFYEWq/KMyuw3/NesFue+I
6PUf1fI4fkjVgqVpiFPZy83O5bZZLwerkUZJwPLZmaBNBqYnKeh/2ouoKsTyCJs0
dc9uAy4scNLJeonfPZqjlqH5mXM1408bbEqHZnex8YUYIskGkgSv1Umch46Zk5pU
g2F2dDNBRyV4d+PbgrWZHKAuHTDAmk17wT343yUFznWt5Pti15RJUzDDjU3CEpWI
/ffuA2/OlgH2sQ8yskIt8b4MuSqYFf+63wPF863GD+HI+stHkU4/W+bxxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBFrjoLr9T/UcO0PlNagFvXQTdjaMB8GA1UdIwQY
MBaAFEw+naO/WTgCzIM/5dlHpSaW9YyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEQ2ZG83OVpPQUxNZ3pfbDJVZWxKcGIxakkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iOWE4MzAtNjk5Mi00OWM2LTg5NzMt
ZWFjYjQ5NjVmZTM4LzEvRVd1T2d1djFQOVJ3N1EtVTFxQVc5ZEJOMk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iOWE4MzAtNjk5Mi00OWM2LTg5NzMtZWFjYjQ5NjVmZTM4
LzEvVEQ2ZG83OVpPQUxNZ3pfbDJVZWxKcGIxakkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwct+MA0E
AgACMAcDBQMqDR8AMA0GCSqGSIb3DQEBCwUAA4IBAQCtiNSC58KFcL70n6Dw7AzC
gVgB2+/jZI/6Awb2VVJngu3FiJyI+AbA8u8v1Jyr0O6codxYuh0z+v7HxTbhyeqP
fl7tVNJCsVB4bqNPoMiFEAPqtBh4TSnramSwnAP/CjaYJSL+MBduSc35gGidJFx2
GuUujP9ayJOPzCUQ118UUxi+OeL4jquUrZNsUVtJPJM5WA6058VUBW1E+fGrPtsW
jDtfkSfNATSK1DiJ85dK7kSARKxAKRRKTjlLhgEUS2XdjSUqjP7DKtyz4stkjlUm
T3jyg8E4Op7xcvuAY2PTgZj6emGyfZZ1NoZEN1EQdeas8IPU0NKQ9SDHvk43F6GE
-----END CERTIFICATE-----