Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/rzPMwtKJbrfVAK2tZQ7ho2lMTko.roa
File:                     rzPMwtKJbrfVAK2tZQ7ho2lMTko.roa (raw, json)
Hash identifier:          6lSfgp9VWZJODBNAF2r5pCybLvr4sFR9bMz2OJU8t8k=
Subject key identifier:   AF:33:CC:C2:D2:89:6E:B7:D5:00:AD:AD:65:0E:E1:A3:69:4C:4E:4A
Certificate issuer:       /CN=95e88359b95a3964ae6f9a0cdaae07f579f98c35
Certificate serial:       01946557F81EBB4ADF1F1E47AD6C59F7BB66
Authority key identifier: 95:E8:83:59:B9:5A:39:64:AE:6F:9A:0C:DA:AE:07:F5:79:F9:8C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/leiDWblaOWSub5oM2q4H9Xn5jDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/rzPMwtKJbrfVAK2tZQ7ho2lMTko.roa
Signing time:             Tue 14 Jan 2025 15:04:11 +0000
ROA not before:           Tue 14 Jan 2025 15:04:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214684
IP address blocks:        193.18.197.0/24 maxlen: 24
                          193.18.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/leiDWblaOWSub5oM2q4H9Xn5jDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/leiDWblaOWSub5oM2q4H9Xn5jDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/leiDWblaOWSub5oM2q4H9Xn5jDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:65:57:f8:1e:bb:4a:df:1f:1e:47:ad:6c:59:f7:bb:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95e88359b95a3964ae6f9a0cdaae07f579f98c35
        Validity
            Not Before: Jan 14 15:04:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af33ccc2d2896eb7d500adad650ee1a3694c4e4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:11:53:2a:a8:99:88:28:34:82:a6:f9:80:60:
                    df:2a:e8:ad:04:33:b4:a8:ec:c0:0f:88:c3:b4:1d:
                    55:b6:e1:77:43:cb:e1:62:6f:d5:26:6b:d7:8e:85:
                    86:30:e0:06:2b:98:b0:75:f2:29:ad:9c:d2:5f:a1:
                    82:e0:08:87:95:6a:bb:2a:26:bd:c2:c4:73:93:d3:
                    2e:c3:03:63:d2:de:d7:eb:6a:38:5f:fc:a8:66:a3:
                    a8:ff:19:78:a5:25:f1:82:f6:63:8c:72:bd:61:c1:
                    45:d8:18:a1:9b:5f:84:e9:19:d3:9d:ea:3e:f0:0d:
                    66:35:8d:0f:80:c3:a7:2b:63:7a:1a:ab:51:48:66:
                    0d:fd:64:f4:b5:8b:ba:6c:1e:a9:4a:5b:54:36:92:
                    88:a9:a3:64:de:8d:1c:d9:e6:c0:8f:79:29:79:cd:
                    49:3b:32:88:3e:bc:ff:16:44:4e:7e:c3:d1:6b:36:
                    14:64:65:52:a2:68:08:1e:5e:a3:79:6b:a9:80:8b:
                    d0:d7:2c:81:f7:45:b9:f3:2c:3f:39:35:40:35:92:
                    25:8a:48:ac:71:cc:e8:f3:3c:16:ae:40:ae:33:66:
                    c6:4e:e6:0a:5d:a0:e4:d1:83:dd:35:bb:05:59:cd:
                    5b:6c:71:39:03:b6:c9:e6:62:db:1a:8e:ad:78:87:
                    2d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:33:CC:C2:D2:89:6E:B7:D5:00:AD:AD:65:0E:E1:A3:69:4C:4E:4A
            X509v3 Authority Key Identifier:
                keyid:95:E8:83:59:B9:5A:39:64:AE:6F:9A:0C:DA:AE:07:F5:79:F9:8C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/leiDWblaOWSub5oM2q4H9Xn5jDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/rzPMwtKJbrfVAK2tZQ7ho2lMTko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/264f9a-13ea-4c50-a6a9-712d5e17a6f6/1/leiDWblaOWSub5oM2q4H9Xn5jDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.18.197.0/24
                  193.18.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:09:7b:dd:86:9f:8e:c6:24:40:93:d1:03:66:6d:e1:63:b2:
         46:72:5d:d1:63:4f:c0:f5:b4:e7:07:e9:de:e7:c3:1f:52:52:
         5c:5a:4b:f1:81:4a:92:ca:d5:94:6d:e5:20:33:7f:54:6a:39:
         48:88:03:69:df:65:5d:6e:fe:01:5d:f4:00:ff:1d:cb:f5:04:
         13:b7:91:ce:f4:b4:2a:85:83:ea:41:ba:81:57:8e:ca:86:0a:
         33:80:8f:46:b6:d3:ed:72:2a:8f:60:76:cb:1d:2d:c3:eb:c9:
         99:df:fc:ca:a8:7b:ff:01:a0:41:49:ba:29:e3:37:bc:f2:1b:
         42:f6:f2:45:10:94:81:77:b9:9e:96:4e:81:c8:2d:e4:ae:4b:
         54:09:bc:51:49:58:8d:99:ec:b6:4f:53:8c:cf:39:0c:1f:bf:
         f6:83:7a:c2:4e:19:f0:56:3c:70:df:06:ad:53:a2:bc:ea:8c:
         42:f2:a9:09:40:3c:d4:83:92:46:e7:55:e5:b5:3a:7f:a5:2d:
         c2:ca:60:e7:51:09:b2:77:51:1f:a1:9a:b7:a3:76:99:7a:cd:
         9e:64:a6:5d:74:fc:bd:cb:f6:01:c6:b3:99:7d:58:a9:48:3b:
         c9:2e:39:e6:d6:7c:6c:2d:56:8c:c0:38:c2:2e:4c:ad:bb:58:
         ed:02:06:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRlV/geu0rfHx5HrWxZ97tmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZTg4MzU5Yjk1YTM5NjRhZTZmOWEwY2RhYWUwN2Y1Nzlm
OThjMzUwHhcNMjUwMTE0MTUwNDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMzY2NjMmQyODk2ZWI3ZDUwMGFkYWQ2NTBlZTFhMzY5NGM0ZTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRFTKqiZiCg0gqb5gGDfKuitBDO0
qOzAD4jDtB1VtuF3Q8vhYm/VJmvXjoWGMOAGK5iwdfIprZzSX6GC4AiHlWq7Kia9
wsRzk9MuwwNj0t7X62o4X/yoZqOo/xl4pSXxgvZjjHK9YcFF2Bihm1+E6RnTneo+
8A1mNY0PgMOnK2N6GqtRSGYN/WT0tYu6bB6pSltUNpKIqaNk3o0c2ebAj3kpec1J
OzKIPrz/FkROfsPRazYUZGVSomgIHl6jeWupgIvQ1yyB90W58yw/OTVANZIlikis
cczo8zwWrkCuM2bGTuYKXaDk0YPdNbsFWc1bbHE5A7bJ5mLbGo6teIctMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK8zzMLSiW631QCtrWUO4aNpTE5KMB8GA1UdIwQY
MBaAFJXog1m5Wjlkrm+aDNquB/V5+Yw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGVpRFdibGFPV1N1YjVvTTJxNEg5WG41akRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yNjRmOWEtMTNlYS00YzUwLWE2YTkt
NzEyZDVlMTdhNmY2LzEvcnpQTXd0S0picmZWQUsydFpRN2hvMmxNVGtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yNjRmOWEtMTNlYS00YzUwLWE2YTktNzEyZDVlMTdhNmY2
LzEvbGVpRFdibGFPV1N1YjVvTTJxNEg5WG41akRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRLFAwQA
wRLHMA0GCSqGSIb3DQEBCwUAA4IBAQB6CXvdhp+OxiRAk9EDZm3hY7JGcl3RY0/A
9bTnB+ne58MfUlJcWkvxgUqSytWUbeUgM39UajlIiANp32Vdbv4BXfQA/x3L9QQT
t5HO9LQqhYPqQbqBV47KhgozgI9GttPtciqPYHbLHS3D68mZ3/zKqHv/AaBBSbop
4ze88htC9vJFEJSBd7melk6ByC3krktUCbxRSViNmey2T1OMzzkMH7/2g3rCThnw
Vjxw3watU6K86oxC8qkJQDzUg5JG51XltTp/pS3CymDnUQmyd1EfoZq3o3aZes2e
ZKZddPy9y/YBxrOZfVipSDvJLjnm1nxsLVaMwDjCLkytu1jtAgYs
-----END CERTIFICATE-----