Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/W6UFgd1odFEpB7yZ8yh2zvPhsiY.roa
File:                     W6UFgd1odFEpB7yZ8yh2zvPhsiY.roa (raw, json)
Hash identifier:          LvcKF6t3uZYTlOYAa5WsslLoy//GBEckr4M/iNuIBFI=
Subject key identifier:   5B:A5:05:81:DD:68:74:51:29:07:BC:99:F3:28:76:CE:F3:E1:B2:26
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F9DF03420192007ED0F50B49F500C
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/W6UFgd1odFEpB7yZ8yh2zvPhsiY.roa
Signing time:             Thu 02 Jan 2025 05:49:16 +0000
ROA not before:           Thu 02 Jan 2025 05:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61302
IP address blocks:        193.32.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:9d:f0:34:20:19:20:07:ed:0f:50:b4:9f:50:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ba50581dd6874512907bc99f32876cef3e1b226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:54:f8:68:9d:5f:95:95:5d:a0:c5:97:9b:47:
                    1b:5e:61:6c:0b:9a:9e:f1:db:e4:91:f2:a2:e1:67:
                    92:96:30:c7:02:12:0e:ea:49:4a:83:09:6a:bc:81:
                    25:43:9e:b2:8a:97:9b:5c:a3:50:5e:ee:20:fa:62:
                    97:0c:3e:be:b8:e0:25:b9:ae:8c:0e:46:6a:aa:28:
                    65:f8:85:b2:c9:53:2b:66:4b:44:12:89:47:ca:93:
                    c5:8d:bf:1c:39:61:a6:30:96:e7:7d:24:0f:b8:32:
                    c8:f7:56:45:7f:70:7d:17:8b:e2:57:a0:75:9a:21:
                    46:9e:7d:4f:5c:f0:27:27:8b:1a:31:5e:b0:ee:4c:
                    2c:96:d9:15:56:98:b9:79:6c:d6:bc:7f:53:09:fd:
                    bf:c0:44:43:08:8a:f0:02:b4:fb:7e:70:24:e4:c9:
                    5d:11:43:8f:c3:5b:b4:cd:03:36:4b:5b:dd:82:fb:
                    e2:1f:ba:ba:eb:ea:e6:81:f1:2c:ef:54:d4:a2:68:
                    7f:a9:5f:8d:22:2c:81:fe:dc:f9:90:2f:d8:28:41:
                    33:b8:29:45:3f:a0:96:1a:ac:69:6a:2b:52:3b:ce:
                    f5:ae:9f:fb:63:e7:fb:0f:66:59:d0:27:95:19:c8:
                    4e:81:8f:d7:e7:76:13:18:52:07:51:b1:69:20:25:
                    16:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:A5:05:81:DD:68:74:51:29:07:BC:99:F3:28:76:CE:F3:E1:B2:26
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/W6UFgd1odFEpB7yZ8yh2zvPhsiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:cd:fd:f5:36:0e:cc:0a:dd:da:ba:7b:08:ba:ec:80:09:60:
         f7:c0:64:f6:b1:f0:4f:05:d5:b5:b9:5d:29:39:92:8b:35:98:
         20:b2:67:37:b6:7f:19:22:20:71:d2:47:b6:be:c2:0e:48:16:
         ab:9b:b0:fd:c5:2c:d0:bf:d6:65:74:f9:ae:61:3f:af:2e:b5:
         af:65:a8:5f:ec:71:a4:83:22:20:9e:d0:b2:75:eb:44:6e:1c:
         1a:3c:86:d6:43:26:10:34:0a:bf:67:8e:88:84:d3:a1:39:33:
         8a:5a:1b:c4:75:1f:e4:5a:6f:d9:d3:ec:fb:d9:ba:e9:1a:7b:
         f4:2b:a7:68:6b:de:fd:b5:e4:6f:c7:c6:78:1b:63:32:4b:88:
         e7:30:9b:75:28:3b:21:27:e0:63:d9:ac:36:1a:9f:ed:a0:55:
         f7:a1:90:5a:32:98:53:bd:e5:bc:f6:52:d8:ba:e5:c0:c7:3a:
         6e:7b:81:75:5a:ff:77:00:28:f9:b1:40:59:60:9e:d8:1b:bf:
         72:04:1e:a2:61:c3:86:d3:b9:f6:be:b7:98:aa:6a:23:f3:ae:
         30:0d:6f:07:f1:48:b1:53:a2:ee:a3:b8:25:e0:41:19:5f:45:
         b5:45:47:42:0b:37:63:e7:40:c2:36:a6:af:20:b5:35:c3:8d:
         29:91:54:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj53wNCAZIAftD1C0n1AMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmE1MDU4MWRkNjg3NDUxMjkwN2JjOTlmMzI4NzZjZWYzZTFiMjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VT4aJ1flZVdoMWXm0cbXmFsC5qe
8dvkkfKi4WeSljDHAhIO6klKgwlqvIElQ56yipebXKNQXu4g+mKXDD6+uOAlua6M
DkZqqihl+IWyyVMrZktEEolHypPFjb8cOWGmMJbnfSQPuDLI91ZFf3B9F4viV6B1
miFGnn1PXPAnJ4saMV6w7kwsltkVVpi5eWzWvH9TCf2/wERDCIrwArT7fnAk5Mld
EUOPw1u0zQM2S1vdgvviH7q66+rmgfEs71TUomh/qV+NIiyB/tz5kC/YKEEzuClF
P6CWGqxpaitSO871rp/7Y+f7D2ZZ0CeVGchOgY/X53YTGFIHUbFpICUWJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFulBYHdaHRRKQe8mfMods7z4bImMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvVzZVRmdkMW9kRkVwQjd5Wjh5aDJ6dlBoc2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSC8MA0G
CSqGSIb3DQEBCwUAA4IBAQBpzf31Ng7MCt3aunsIuuyACWD3wGT2sfBPBdW1uV0p
OZKLNZggsmc3tn8ZIiBx0ke2vsIOSBarm7D9xSzQv9ZldPmuYT+vLrWvZahf7HGk
gyIgntCydetEbhwaPIbWQyYQNAq/Z46IhNOhOTOKWhvEdR/kWm/Z0+z72brpGnv0
K6doa979teRvx8Z4G2MyS4jnMJt1KDshJ+Bj2aw2Gp/toFX3oZBaMphTveW89lLY
uuXAxzpue4F1Wv93ACj5sUBZYJ7YG79yBB6iYcOG07n2vreYqmoj864wDW8H8Uix
U6Luo7gl4EEZX0W1RUdCCzdj50DCNqavILU1w40pkVSK
-----END CERTIFICATE-----