Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/1d2823-3474-4d85-95e9-acf093226b07/1/c19V5yQN4hQJXG1HEKFTsTlUGYc.roa
File:                     c19V5yQN4hQJXG1HEKFTsTlUGYc.roa (raw, json)
Hash identifier:          LxQCTalyFAq3yyk0zwyqgHCvSE1O+q8WDWzWwj0pBzA=
Subject key identifier:   73:5F:55:E7:24:0D:E2:14:09:5C:6D:47:10:A1:53:B1:39:54:19:87
Certificate issuer:       /CN=fc9a7b7a2c28a0b3c0e0a588c3c892e52a59f0e6
Certificate serial:       019423D78BDFB5A4E016D724D0627836DB28
Authority key identifier: FC:9A:7B:7A:2C:28:A0:B3:C0:E0:A5:88:C3:C8:92:E5:2A:59:F0:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Jp7eiwooLPA4KWIw8iS5SpZ8OY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/1d2823-3474-4d85-95e9-acf093226b07/1/c19V5yQN4hQJXG1HEKFTsTlUGYc.roa
Signing time:             Wed 01 Jan 2025 21:48:36 +0000
ROA not before:           Wed 01 Jan 2025 21:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26125
IP address blocks:        193.27.47.0/24 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/1d2823-3474-4d85-95e9-acf093226b07/1/_Jp7eiwooLPA4KWIw8iS5SpZ8OY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/1d2823-3474-4d85-95e9-acf093226b07/1/_Jp7eiwooLPA4KWIw8iS5SpZ8OY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Jp7eiwooLPA4KWIw8iS5SpZ8OY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:8b:df:b5:a4:e0:16:d7:24:d0:62:78:36:db:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc9a7b7a2c28a0b3c0e0a588c3c892e52a59f0e6
        Validity
            Not Before: Jan  1 21:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=735f55e7240de214095c6d4710a153b139541987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:eb:d6:69:4c:4d:bd:59:94:16:55:58:36:d9:
                    0c:bd:48:91:c3:ad:2c:61:96:47:d4:92:67:37:83:
                    64:ae:19:e9:69:77:ce:bb:de:de:1f:e5:5b:fd:8c:
                    ee:ea:cb:50:8c:06:e7:0a:6f:bf:b7:4d:e8:1c:b8:
                    0f:4d:7b:ea:e5:f2:a1:f0:76:74:d9:8e:29:62:1e:
                    11:60:e4:dd:ac:6d:d0:d6:c1:a4:4b:47:00:75:48:
                    52:36:76:b7:f6:55:6c:c6:e0:41:3b:fa:a4:0e:a8:
                    7c:2e:dd:c9:9d:6e:88:57:d6:94:ee:a1:2e:e4:f5:
                    e3:56:b8:20:de:f3:a1:93:43:16:0e:3b:91:01:4a:
                    7e:7e:65:12:f3:97:f2:03:99:58:6f:fa:cb:20:c6:
                    6f:81:3a:ad:2a:1f:84:2a:7e:4d:14:51:84:39:fd:
                    d1:c0:16:ed:d3:56:76:11:0e:dc:98:e9:82:d0:14:
                    a6:32:58:cd:23:9c:02:43:1a:eb:7e:1d:49:8b:4c:
                    c5:23:e5:d8:d9:7e:e9:10:c3:d5:bd:88:54:23:ab:
                    24:23:d4:bf:69:d9:2f:11:82:70:e0:ba:a0:6e:7d:
                    5c:01:fe:c4:35:cc:1a:eb:72:bd:5d:28:86:d6:b9:
                    91:f9:0e:cb:86:36:a6:76:4c:bd:e9:69:2d:b8:0c:
                    78:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:5F:55:E7:24:0D:E2:14:09:5C:6D:47:10:A1:53:B1:39:54:19:87
            X509v3 Authority Key Identifier:
                keyid:FC:9A:7B:7A:2C:28:A0:B3:C0:E0:A5:88:C3:C8:92:E5:2A:59:F0:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Jp7eiwooLPA4KWIw8iS5SpZ8OY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1d2823-3474-4d85-95e9-acf093226b07/1/c19V5yQN4hQJXG1HEKFTsTlUGYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/1d2823-3474-4d85-95e9-acf093226b07/1/_Jp7eiwooLPA4KWIw8iS5SpZ8OY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:9a:f5:2c:8b:5b:0f:3e:86:53:ef:43:77:1f:20:f7:a5:33:
         d2:5d:40:ac:43:77:50:92:5c:61:d7:46:ad:6d:1a:e4:2a:da:
         4c:0d:8a:d5:81:65:d3:18:cb:14:fb:a9:3f:00:e7:e1:bf:13:
         24:62:bb:3e:1e:9a:57:30:19:a4:cd:16:1a:91:f1:06:5f:f0:
         02:f3:1c:74:24:38:70:bd:54:6c:36:62:87:d0:85:47:0f:3b:
         c9:7a:1a:e1:20:cc:20:7c:45:b8:26:c2:d3:20:96:b3:6d:f2:
         b1:5f:46:22:e2:ca:ce:09:e0:48:e5:9a:10:6f:51:26:a6:30:
         1c:ec:9d:a9:96:9e:cc:b8:b3:dc:51:1e:84:d8:78:2a:ea:fd:
         bf:fe:40:2d:5e:e0:a1:ae:5f:0d:68:35:b6:8f:25:d5:a4:1b:
         82:f0:68:83:fa:64:0d:a2:0a:af:1e:cd:67:91:b1:94:d5:b4:
         0d:21:80:db:e2:12:97:aa:24:e9:48:8c:e2:da:72:ea:1f:d3:
         d5:28:1c:f6:16:6c:02:67:4d:93:07:05:4a:f8:3d:a3:97:07:
         04:f5:67:9a:b1:69:ff:07:66:7b:e3:26:6a:9f:39:33:2b:35:
         99:34:c3:f9:84:ed:98:4b:22:ac:bd:08:17:77:cb:f7:b7:0d:
         5a:a1:49:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj14vftaTgFtck0GJ4NtsoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOWE3YjdhMmMyOGEwYjNjMGUwYTU4OGMzYzg5MmU1MmE1
OWYwZTYwHhcNMjUwMTAxMjE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzVmNTVlNzI0MGRlMjE0MDk1YzZkNDcxMGExNTNiMTM5NTQxOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOvWaUxNvVmUFlVYNtkMvUiRw60s
YZZH1JJnN4NkrhnpaXfOu97eH+Vb/Yzu6stQjAbnCm+/t03oHLgPTXvq5fKh8HZ0
2Y4pYh4RYOTdrG3Q1sGkS0cAdUhSNna39lVsxuBBO/qkDqh8Lt3JnW6IV9aU7qEu
5PXjVrgg3vOhk0MWDjuRAUp+fmUS85fyA5lYb/rLIMZvgTqtKh+EKn5NFFGEOf3R
wBbt01Z2EQ7cmOmC0BSmMljNI5wCQxrrfh1Ji0zFI+XY2X7pEMPVvYhUI6skI9S/
adkvEYJw4Lqgbn1cAf7ENcwa63K9XSiG1rmR+Q7Lhjamdky96WktuAx4MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNfVeckDeIUCVxtRxChU7E5VBmHMB8GA1UdIwQY
MBaAFPyae3osKKCzwOCliMPIkuUqWfDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pwN2Vpd29vTFBBNEtXSXc4aVM1U3BaOE9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8xZDI4MjMtMzQ3NC00ZDg1LTk1ZTkt
YWNmMDkzMjI2YjA3LzEvYzE5VjV5UU40aFFKWEcxSEVLRlRzVGxVR1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8xZDI4MjMtMzQ3NC00ZDg1LTk1ZTktYWNmMDkzMjI2YjA3
LzEvX0pwN2Vpd29vTFBBNEtXSXc4aVM1U3BaOE9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRsvMA0G
CSqGSIb3DQEBCwUAA4IBAQAomvUsi1sPPoZT70N3HyD3pTPSXUCsQ3dQklxh10at
bRrkKtpMDYrVgWXTGMsU+6k/AOfhvxMkYrs+HppXMBmkzRYakfEGX/AC8xx0JDhw
vVRsNmKH0IVHDzvJehrhIMwgfEW4JsLTIJazbfKxX0Yi4srOCeBI5ZoQb1EmpjAc
7J2plp7MuLPcUR6E2Hgq6v2//kAtXuChrl8NaDW2jyXVpBuC8GiD+mQNogqvHs1n
kbGU1bQNIYDb4hKXqiTpSIzi2nLqH9PVKBz2FmwCZ02TBwVK+D2jlwcE9WeasWn/
B2Z74yZqnzkzKzWZNMP5hO2YSyKsvQgXd8v3tw1aoUkW
-----END CERTIFICATE-----