Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/59e107-704f-4480-b69e-f06a761c9a20/1/Ex-cB_4h1wPjXU2C6qgnvAowG6s.roa
File:                     Ex-cB_4h1wPjXU2C6qgnvAowG6s.roa (raw, json)
Hash identifier:          Pfofg8M1L5a51wZ24aPVDYrdbmmkhLSc6VaiAue9C68=
Subject key identifier:   13:1F:9C:07:FE:21:D7:03:E3:5D:4D:82:EA:A8:27:BC:0A:30:1B:AB
Certificate issuer:       /CN=c1dd777ce7d709268c0c55a59c00c6aea5b219bd
Certificate serial:       0194221FF1B6F25750DF2E17450930CE161B
Authority key identifier: C1:DD:77:7C:E7:D7:09:26:8C:0C:55:A5:9C:00:C6:AE:A5:B2:19:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wd13fOfXCSaMDFWlnADGrqWyGb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/59e107-704f-4480-b69e-f06a761c9a20/1/Ex-cB_4h1wPjXU2C6qgnvAowG6s.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211339
IP address blocks:        193.228.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/59e107-704f-4480-b69e-f06a761c9a20/1/wd13fOfXCSaMDFWlnADGrqWyGb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/59e107-704f-4480-b69e-f06a761c9a20/1/wd13fOfXCSaMDFWlnADGrqWyGb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wd13fOfXCSaMDFWlnADGrqWyGb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f1:b6:f2:57:50:df:2e:17:45:09:30:ce:16:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1dd777ce7d709268c0c55a59c00c6aea5b219bd
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=131f9c07fe21d703e35d4d82eaa827bc0a301bab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:98:be:cb:59:89:15:fd:38:59:fa:3b:ee:99:
                    8a:8e:0b:dd:89:8a:7e:cf:b3:5f:46:4d:f3:13:ea:
                    fb:a7:a3:ad:ed:cd:6e:e2:c3:db:2d:52:b3:5b:99:
                    0e:26:5e:55:4b:66:81:c5:e6:69:b5:43:73:ce:a2:
                    f7:32:b0:97:7f:ff:44:53:6f:ec:bd:ee:c4:db:24:
                    cb:87:7d:e0:7d:66:9e:b7:de:d1:da:d7:3f:3f:c4:
                    39:b7:b4:ab:94:e1:cf:bc:7b:57:ba:fa:b5:0a:d8:
                    62:68:60:46:66:02:8c:4c:d5:ae:f1:16:54:61:92:
                    6f:43:4e:bd:5e:4b:3b:a3:9a:6a:4f:82:fa:f8:30:
                    a6:63:b1:4c:8a:0e:1f:46:9b:a8:4f:6a:6c:f9:a6:
                    bf:4d:99:90:b0:fa:f0:22:94:95:64:77:ec:c2:95:
                    19:bf:0d:94:e6:30:99:fd:bb:75:3a:8f:bd:3a:03:
                    a3:d6:cd:bc:a5:89:c8:d9:7b:e9:7a:48:aa:d8:78:
                    ae:cc:90:14:7d:24:d3:7c:cf:2f:b9:0c:87:63:f2:
                    38:37:d6:ad:86:51:1e:a2:d3:8d:a2:de:06:56:fd:
                    ea:21:61:33:aa:9a:37:0f:ae:cb:b7:08:4f:c3:b8:
                    de:fb:a6:5f:0c:ba:27:83:d7:3f:6a:ac:84:e0:c3:
                    85:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:1F:9C:07:FE:21:D7:03:E3:5D:4D:82:EA:A8:27:BC:0A:30:1B:AB
            X509v3 Authority Key Identifier:
                keyid:C1:DD:77:7C:E7:D7:09:26:8C:0C:55:A5:9C:00:C6:AE:A5:B2:19:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wd13fOfXCSaMDFWlnADGrqWyGb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/59e107-704f-4480-b69e-f06a761c9a20/1/Ex-cB_4h1wPjXU2C6qgnvAowG6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/59e107-704f-4480-b69e-f06a761c9a20/1/wd13fOfXCSaMDFWlnADGrqWyGb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:b1:05:92:e9:3f:91:2b:f7:71:09:3b:c4:e1:61:a6:86:86:
         3d:78:2f:23:a9:b9:fa:2a:e6:3f:22:1b:a9:9b:52:c6:d1:fb:
         52:74:c9:fd:b3:d7:b5:b9:72:07:3c:08:e9:95:2c:33:67:2c:
         f4:f6:69:0c:93:1d:85:2d:ee:ec:ed:1c:24:4c:70:82:1f:e8:
         ac:2b:88:05:cc:57:14:f9:d7:26:3c:49:94:0e:31:4b:56:25:
         24:51:58:4c:2c:e2:cf:de:b2:b6:7c:72:ae:ca:82:10:cc:15:
         f4:7a:be:b1:f7:92:05:f4:e7:48:56:6b:97:21:00:4b:ed:65:
         21:1c:71:4e:59:3c:7c:0f:c6:d2:ca:74:e5:6a:f2:1a:40:6a:
         8c:51:d9:0d:5a:23:8e:8b:87:58:a9:5e:87:e0:ff:ba:ce:59:
         0d:e9:91:05:0c:19:1f:a3:4a:13:03:2b:94:3c:b3:d6:e5:b6:
         24:b0:03:55:7e:95:23:e6:7d:90:03:11:3a:1b:05:fc:9c:b1:
         17:da:7f:f4:d7:aa:35:a0:39:1a:c6:15:3b:d7:f8:24:bd:3c:
         02:c9:de:4e:d2:15:59:fe:24:e7:b1:3f:5e:d3:58:f8:5d:9c:
         09:46:6b:00:8c:49:c1:cc:6d:11:cb:c9:aa:e9:92:ee:76:95:
         51:76:92:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/G28ldQ3y4XRQkwzhYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZGQ3NzdjZTdkNzA5MjY4YzBjNTVhNTljMDBjNmFlYTVi
MjE5YmQwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzFmOWMwN2ZlMjFkNzAzZTM1ZDRkODJlYWE4MjdiYzBhMzAxYmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpi+y1mJFf04Wfo77pmKjgvdiYp+
z7NfRk3zE+r7p6Ot7c1u4sPbLVKzW5kOJl5VS2aBxeZptUNzzqL3MrCXf/9EU2/s
ve7E2yTLh33gfWaet97R2tc/P8Q5t7SrlOHPvHtXuvq1CthiaGBGZgKMTNWu8RZU
YZJvQ069Xks7o5pqT4L6+DCmY7FMig4fRpuoT2ps+aa/TZmQsPrwIpSVZHfswpUZ
vw2U5jCZ/bt1Oo+9OgOj1s28pYnI2Xvpekiq2HiuzJAUfSTTfM8vuQyHY/I4N9at
hlEeotONot4GVv3qIWEzqpo3D67LtwhPw7je+6ZfDLong9c/aqyE4MOFMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMfnAf+IdcD411NguqoJ7wKMBurMB8GA1UdIwQY
MBaAFMHdd3zn1wkmjAxVpZwAxq6lshm9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2QxM2ZPZlhDU2FNREZXbG5BREdycVd5R2IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS81OWUxMDctNzA0Zi00NDgwLWI2OWUt
ZjA2YTc2MWM5YTIwLzEvRXgtY0JfNGgxd1BqWFUyQzZxZ252QW93RzZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS81OWUxMDctNzA0Zi00NDgwLWI2OWUtZjA2YTc2MWM5YTIw
LzEvd2QxM2ZPZlhDU2FNREZXbG5BREdycVd5R2IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweR8MA0G
CSqGSIb3DQEBCwUAA4IBAQBPsQWS6T+RK/dxCTvE4WGmhoY9eC8jqbn6KuY/Ihup
m1LG0ftSdMn9s9e1uXIHPAjplSwzZyz09mkMkx2FLe7s7RwkTHCCH+isK4gFzFcU
+dcmPEmUDjFLViUkUVhMLOLP3rK2fHKuyoIQzBX0er6x95IF9OdIVmuXIQBL7WUh
HHFOWTx8D8bSynTlavIaQGqMUdkNWiOOi4dYqV6H4P+6zlkN6ZEFDBkfo0oTAyuU
PLPW5bYksANVfpUj5n2QAxE6GwX8nLEX2n/016o1oDkaxhU71/gkvTwCyd5O0hVZ
/iTnsT9e01j4XZwJRmsAjEnBzG0Ry8mq6ZLudpVRdpLR
-----END CERTIFICATE-----