Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/UZ6oBAYvDqEIadhrw2DO49OXd4M.roa
File:                     UZ6oBAYvDqEIadhrw2DO49OXd4M.roa (raw, json)
Hash identifier:          hNLRe7VoLal2kN+aDGwW7RFMXgmWRT2E6T33XzWJ1Fg=
Subject key identifier:   51:9E:A8:04:06:2F:0E:A1:08:69:D8:6B:C3:60:CE:E3:D3:97:77:83
Certificate issuer:       /CN=785ef4bd2976bf292ab73304907f510cd00cc8a2
Certificate serial:       0194228E31C5226456D0E0DC172C9EDE1FCC
Authority key identifier: 78:5E:F4:BD:29:76:BF:29:2A:B7:33:04:90:7F:51:0C:D0:0C:C8:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eF70vSl2vykqtzMEkH9RDNAMyKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/UZ6oBAYvDqEIadhrw2DO49OXd4M.roa
Signing time:             Wed 01 Jan 2025 15:48:51 +0000
ROA not before:           Wed 01 Jan 2025 15:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201223
IP address blocks:        193.134.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/eF70vSl2vykqtzMEkH9RDNAMyKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/eF70vSl2vykqtzMEkH9RDNAMyKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eF70vSl2vykqtzMEkH9RDNAMyKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:31:c5:22:64:56:d0:e0:dc:17:2c:9e:de:1f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=785ef4bd2976bf292ab73304907f510cd00cc8a2
        Validity
            Not Before: Jan  1 15:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=519ea804062f0ea10869d86bc360cee3d3977783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:84:78:44:94:a5:39:cc:df:1f:dd:e9:21:7a:
                    b2:b6:27:c9:50:3e:e5:30:d8:26:c9:e3:40:c3:46:
                    c3:bf:90:6b:3f:7e:d9:70:98:be:62:25:9d:84:3a:
                    e9:06:be:b2:b4:3b:d2:c7:34:73:88:f6:13:bb:3c:
                    3f:73:aa:5e:4b:b3:10:ff:72:96:ff:d4:10:2d:4f:
                    2d:b2:6b:49:6a:bb:fd:9d:48:54:ee:28:a6:56:95:
                    d5:71:82:50:2a:7d:8b:f2:38:97:b6:11:fc:9b:9c:
                    93:73:83:b3:4f:84:85:2d:e0:ee:f8:84:dd:27:ae:
                    82:82:f9:c1:bf:91:fc:c4:61:ce:62:aa:cf:a4:8b:
                    42:fa:32:4d:2a:55:fc:d8:ba:5f:f9:9c:b5:21:e9:
                    1c:28:28:50:6c:cf:07:fb:eb:9f:ac:b7:e9:9e:57:
                    5a:76:a9:4c:d6:b1:05:76:78:9e:fe:79:92:51:09:
                    40:c4:ce:a4:16:45:c0:d6:f0:35:d5:9a:72:c0:d9:
                    2c:fa:05:94:72:80:24:8c:09:04:fb:27:0a:cf:f0:
                    cc:26:9c:22:a5:e9:d4:e6:dd:ee:01:c3:05:2f:02:
                    d1:8c:1f:ba:16:d2:4c:55:78:e3:ad:83:af:e0:bc:
                    c3:d2:56:6b:18:92:67:6e:7b:0e:e7:6c:5c:e7:79:
                    a7:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:9E:A8:04:06:2F:0E:A1:08:69:D8:6B:C3:60:CE:E3:D3:97:77:83
            X509v3 Authority Key Identifier:
                keyid:78:5E:F4:BD:29:76:BF:29:2A:B7:33:04:90:7F:51:0C:D0:0C:C8:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eF70vSl2vykqtzMEkH9RDNAMyKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/UZ6oBAYvDqEIadhrw2DO49OXd4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/18e882-97d7-41dd-9efb-7d4fa4cdc7a2/1/eF70vSl2vykqtzMEkH9RDNAMyKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:a8:ec:40:f1:f3:c1:91:8b:20:56:84:14:82:88:62:ed:c2:
         c9:ee:76:aa:b9:f3:b2:27:cf:25:c8:2b:80:24:29:4c:a1:1a:
         9e:fa:d9:7b:aa:58:c3:0d:e8:93:2a:4d:53:87:09:9b:bf:de:
         a1:74:5c:bd:a1:66:ed:b1:e3:9b:f4:e5:1d:4c:b1:2e:ad:77:
         bc:12:e1:58:84:2e:49:92:7f:ba:2d:69:40:6c:e6:21:d5:44:
         ba:cd:77:b9:35:31:78:0d:59:8c:b3:e7:ca:85:9c:75:c2:4d:
         db:94:df:f8:aa:fb:09:35:61:b1:21:75:df:81:9c:5b:3f:f8:
         65:16:71:05:9a:12:62:4e:86:d3:ce:a1:d4:1f:57:27:27:e7:
         a3:6e:46:98:57:04:77:12:90:89:f0:18:ec:ef:e3:1c:4c:87:
         fe:91:27:92:f2:06:26:15:8d:10:b8:b5:b6:06:bc:8d:1a:35:
         c0:c3:a1:7d:2e:ca:73:7e:29:cf:66:8a:e6:11:c5:d5:ba:3a:
         9e:00:10:f1:fe:e8:2c:e3:90:7c:62:d3:dc:91:61:18:53:50:
         23:d3:af:52:90:05:d9:8b:33:79:53:cf:f0:dc:db:b2:4e:5a:
         6f:9d:e2:99:23:ab:df:15:d5:78:d9:59:11:ba:f4:c7:8b:60:
         0b:f7:90:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijjHFImRW0ODcFyye3h/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NWVmNGJkMjk3NmJmMjkyYWI3MzMwNDkwN2Y1MTBjZDAw
Y2M4YTIwHhcNMjUwMTAxMTU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTllYTgwNDA2MmYwZWExMDg2OWQ4NmJjMzYwY2VlM2QzOTc3NzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIR4RJSlOczfH93pIXqytifJUD7l
MNgmyeNAw0bDv5BrP37ZcJi+YiWdhDrpBr6ytDvSxzRziPYTuzw/c6peS7MQ/3KW
/9QQLU8tsmtJarv9nUhU7iimVpXVcYJQKn2L8jiXthH8m5yTc4OzT4SFLeDu+ITd
J66CgvnBv5H8xGHOYqrPpItC+jJNKlX82Lpf+Zy1IekcKChQbM8H++ufrLfpnlda
dqlM1rEFdnie/nmSUQlAxM6kFkXA1vA11ZpywNks+gWUcoAkjAkE+ycKz/DMJpwi
penU5t3uAcMFLwLRjB+6FtJMVXjjrYOv4LzD0lZrGJJnbnsO52xc53mniwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFGeqAQGLw6hCGnYa8NgzuPTl3eDMB8GA1UdIwQY
MBaAFHhe9L0pdr8pKrczBJB/UQzQDMiiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUY3MHZTbDJ2eWtxdHpNRWtIOVJETkFNeUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xOGU4ODItOTdkNy00MWRkLTllZmIt
N2Q0ZmE0Y2RjN2EyLzEvVVo2b0JBWXZEcUVJYWRocncyRE80OU9YZDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xOGU4ODItOTdkNy00MWRkLTllZmItN2Q0ZmE0Y2RjN2Ey
LzEvZUY3MHZTbDJ2eWtxdHpNRWtIOVJETkFNeUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYajMA0G
CSqGSIb3DQEBCwUAA4IBAQBGqOxA8fPBkYsgVoQUgohi7cLJ7naqufOyJ88lyCuA
JClMoRqe+tl7qljDDeiTKk1Thwmbv96hdFy9oWbtseOb9OUdTLEurXe8EuFYhC5J
kn+6LWlAbOYh1US6zXe5NTF4DVmMs+fKhZx1wk3blN/4qvsJNWGxIXXfgZxbP/hl
FnEFmhJiTobTzqHUH1cnJ+ejbkaYVwR3EpCJ8Bjs7+McTIf+kSeS8gYmFY0QuLW2
BryNGjXAw6F9LspzfinPZormEcXVujqeABDx/ugs45B8YtPckWEYU1Aj069SkAXZ
izN5U8/w3NuyTlpvneKZI6vfFdV42VkRuvTHi2AL95CH
-----END CERTIFICATE-----