Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/42ad02-d48a-41ac-a80b-2102d96ee355/1/GY1X78tUCHALN-6VezXTntkS1S0.roa
File:                     GY1X78tUCHALN-6VezXTntkS1S0.roa (raw, json)
Hash identifier:          B4/LrjmuUdItXDnKDdePMAJjiq+F77UrPT1SZV8fodQ=
Subject key identifier:   19:8D:57:EF:CB:54:08:70:0B:37:EE:95:7B:35:D3:9E:D9:12:D5:2D
Certificate issuer:       /CN=2ebaaac513982b3c24d360c6d465cf8242056a89
Certificate serial:       0194258F2A3A63806D2910C67259B82DFEBA
Authority key identifier: 2E:BA:AA:C5:13:98:2B:3C:24:D3:60:C6:D4:65:CF:82:42:05:6A:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LrqqxROYKzwk02DG1GXPgkIFaok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/42ad02-d48a-41ac-a80b-2102d96ee355/1/GY1X78tUCHALN-6VezXTntkS1S0.roa
Signing time:             Thu 02 Jan 2025 05:48:46 +0000
ROA not before:           Thu 02 Jan 2025 05:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43455
IP address blocks:        193.46.82.0/24 maxlen: 24
                          2001:67c:1498::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/42ad02-d48a-41ac-a80b-2102d96ee355/1/LrqqxROYKzwk02DG1GXPgkIFaok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/42ad02-d48a-41ac-a80b-2102d96ee355/1/LrqqxROYKzwk02DG1GXPgkIFaok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LrqqxROYKzwk02DG1GXPgkIFaok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:2a:3a:63:80:6d:29:10:c6:72:59:b8:2d:fe:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ebaaac513982b3c24d360c6d465cf8242056a89
        Validity
            Not Before: Jan  2 05:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=198d57efcb5408700b37ee957b35d39ed912d52d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:09:ba:0e:92:d7:f3:83:b7:28:3f:b3:40:3e:
                    08:b6:f4:ec:bc:b4:c1:ec:61:2d:8e:31:81:b0:63:
                    76:2a:0c:3c:70:c6:bd:3b:1e:30:e6:7e:e2:76:73:
                    d4:50:79:46:99:ae:6b:07:3e:fe:3f:05:35:34:b9:
                    04:89:08:3e:95:c6:7f:71:a6:83:b9:d7:1e:dc:43:
                    83:85:80:05:6a:a7:b0:b2:7d:87:ec:3f:b6:35:67:
                    c2:9e:31:be:55:38:4d:4f:7e:73:5e:07:fc:69:70:
                    fc:73:b9:b8:89:59:a1:2b:32:fb:65:0e:af:63:37:
                    96:41:ad:3d:9f:e5:23:a0:01:8c:2d:24:1f:cf:1b:
                    3b:d2:61:b2:cc:fd:3a:65:a2:dd:90:78:45:bb:a2:
                    03:51:87:3d:ed:00:f5:83:95:63:ec:6b:cf:78:97:
                    cf:17:ec:1c:d8:89:09:d3:ca:ee:b6:6f:3b:9e:84:
                    bd:2a:b4:66:31:11:39:34:7f:41:c4:50:3a:47:86:
                    70:e3:2c:43:4c:08:4d:c8:85:c1:41:c1:9d:1c:5a:
                    f3:79:db:1e:fe:de:6f:b6:5c:4f:31:a0:57:a3:50:
                    e5:91:6b:1c:d2:e2:ec:ab:fd:ff:41:90:e0:1c:fa:
                    e9:ac:6d:92:e9:ba:d6:e6:80:8c:32:b7:7c:51:8f:
                    bd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:8D:57:EF:CB:54:08:70:0B:37:EE:95:7B:35:D3:9E:D9:12:D5:2D
            X509v3 Authority Key Identifier:
                keyid:2E:BA:AA:C5:13:98:2B:3C:24:D3:60:C6:D4:65:CF:82:42:05:6A:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LrqqxROYKzwk02DG1GXPgkIFaok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/42ad02-d48a-41ac-a80b-2102d96ee355/1/GY1X78tUCHALN-6VezXTntkS1S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/42ad02-d48a-41ac-a80b-2102d96ee355/1/LrqqxROYKzwk02DG1GXPgkIFaok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.82.0/24
                IPv6:
                  2001:67c:1498::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:51:1a:f4:37:65:47:74:e5:a4:e1:6d:31:cb:25:7e:f6:97:
         5e:ee:6a:bb:5c:16:6e:bc:93:25:96:1a:e4:db:58:22:17:36:
         44:ed:98:1a:d6:2e:02:75:0d:fc:f1:27:7b:f8:34:35:95:d9:
         02:d2:eb:6d:64:a0:d1:63:03:00:18:32:ae:8e:bf:81:ba:1d:
         60:7b:21:95:ee:1e:36:a9:bb:4b:89:4b:02:f5:8c:bb:47:a4:
         33:fc:b9:de:4c:5a:fe:86:c8:49:31:93:50:54:12:c6:f4:4c:
         a1:47:f7:8e:b1:9e:40:57:9c:f0:d7:e0:da:31:4d:fd:68:a3:
         d7:c5:f3:f8:f0:cd:88:81:98:b2:93:fb:37:91:8b:88:df:7a:
         2a:19:7f:9c:27:db:00:cd:84:20:15:84:be:29:44:f9:ed:00:
         a3:c7:31:2d:af:28:df:b1:b6:10:a9:44:1d:4b:79:90:16:e3:
         bd:59:63:11:07:75:7b:65:8c:ed:4b:4b:4b:1c:7a:a1:6b:0e:
         6e:b5:be:77:0e:1d:9b:a1:ad:04:da:e3:b2:58:83:f9:d0:86:
         b1:24:4d:24:15:dc:35:65:03:50:c1:87:88:ee:e6:a9:c7:2e:
         2a:bc:dc:3a:46:00:ab:13:9c:f3:7e:ce:5e:05:35:9b:08:bd:
         8f:33:d4:9e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQljyo6Y4BtKRDGclm4Lf66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlYmFhYWM1MTM5ODJiM2MyNGQzNjBjNmQ0NjVjZjgyNDIw
NTZhODkwHhcNMjUwMTAyMDU0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOThkNTdlZmNiNTQwODcwMGIzN2VlOTU3YjM1ZDM5ZWQ5MTJkNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQm6DpLX84O3KD+zQD4ItvTsvLTB
7GEtjjGBsGN2Kgw8cMa9Ox4w5n7idnPUUHlGma5rBz7+PwU1NLkEiQg+lcZ/caaD
udce3EODhYAFaqewsn2H7D+2NWfCnjG+VThNT35zXgf8aXD8c7m4iVmhKzL7ZQ6v
YzeWQa09n+UjoAGMLSQfzxs70mGyzP06ZaLdkHhFu6IDUYc97QD1g5Vj7GvPeJfP
F+wc2IkJ08rutm87noS9KrRmMRE5NH9BxFA6R4Zw4yxDTAhNyIXBQcGdHFrzedse
/t5vtlxPMaBXo1DlkWsc0uLsq/3/QZDgHPrprG2S6brW5oCMMrd8UY+9CQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBmNV+/LVAhwCzfulXs1057ZEtUtMB8GA1UdIwQY
MBaAFC66qsUTmCs8JNNgxtRlz4JCBWqJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHJxcXhST1lLendrMDJERzFHWFBna0lGYW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC80MmFkMDItZDQ4YS00MWFjLWE4MGIt
MjEwMmQ5NmVlMzU1LzEvR1kxWDc4dFVDSEFMTi02VmV6WFRudGtTMVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC80MmFkMDItZDQ4YS00MWFjLWE4MGItMjEwMmQ5NmVlMzU1
LzEvTHJxcXhST1lLendrMDJERzFHWFBna0lGYW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwS5SMA8E
AgACMAkDBwAgAQZ8FJgwDQYJKoZIhvcNAQELBQADggEBAIhRGvQ3ZUd05aThbTHL
JX72l17uartcFm68kyWWGuTbWCIXNkTtmBrWLgJ1DfzxJ3v4NDWV2QLS621koNFj
AwAYMq6Ov4G6HWB7IZXuHjapu0uJSwL1jLtHpDP8ud5MWv6GyEkxk1BUEsb0TKFH
946xnkBXnPDX4NoxTf1oo9fF8/jwzYiBmLKT+zeRi4jfeioZf5wn2wDNhCAVhL4p
RPntAKPHMS2vKN+xthCpRB1LeZAW471ZYxEHdXtljO1LS0sceqFrDm61vncOHZuh
rQTa47JYg/nQhrEkTSQV3DVlA1DBh4ju5qnHLiq83DpGAKsTnPN+zl4FNZsIvY8z
1J4=
-----END CERTIFICATE-----