Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/fe69b2-0abb-4e55-8b38-a91634d2a808/1/ixKyOCrozUgfgF7gZjbgd74b7D8.roa
File:                     ixKyOCrozUgfgF7gZjbgd74b7D8.roa (raw, json)
Hash identifier:          3ZudSa89cqvRuz+AlsHNzxSkAK3mpz40E5GR+nCuQeQ=
Subject key identifier:   8B:12:B2:38:2A:E8:CD:48:1F:80:5E:E0:66:36:E0:77:BE:1B:EC:3F
Certificate issuer:       /CN=46369dc5da5e4e70c735b235704d9ebc58259349
Certificate serial:       019425FDCA935A3087BBB1303A1D40023AC5
Authority key identifier: 46:36:9D:C5:DA:5E:4E:70:C7:35:B2:35:70:4D:9E:BC:58:25:93:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RjadxdpeTnDHNbI1cE2evFglk0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/fe69b2-0abb-4e55-8b38-a91634d2a808/1/ixKyOCrozUgfgF7gZjbgd74b7D8.roa
Signing time:             Thu 02 Jan 2025 07:49:36 +0000
ROA not before:           Thu 02 Jan 2025 07:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3332
IP address blocks:        193.203.196.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/fe69b2-0abb-4e55-8b38-a91634d2a808/1/RjadxdpeTnDHNbI1cE2evFglk0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/fe69b2-0abb-4e55-8b38-a91634d2a808/1/RjadxdpeTnDHNbI1cE2evFglk0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RjadxdpeTnDHNbI1cE2evFglk0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ca:93:5a:30:87:bb:b1:30:3a:1d:40:02:3a:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46369dc5da5e4e70c735b235704d9ebc58259349
        Validity
            Not Before: Jan  2 07:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b12b2382ae8cd481f805ee06636e077be1bec3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:9a:ae:4a:a2:27:c5:fb:03:69:2c:b8:3f:d4:
                    59:c0:08:2e:fd:91:e4:c5:13:f5:d0:f6:a8:a8:38:
                    8f:70:d6:80:85:d9:5d:3b:38:2a:ce:21:ee:69:75:
                    87:22:64:89:03:e5:89:db:17:37:22:3b:7a:d8:24:
                    14:ae:db:ce:8d:a3:f0:43:25:dd:f0:af:0e:45:06:
                    48:08:99:43:ea:3d:47:8b:06:62:64:43:0d:e3:84:
                    3a:ee:15:e6:2a:8f:43:a4:55:f1:3b:a7:db:24:59:
                    83:fa:94:d1:50:f1:34:1f:c8:e9:8b:d3:c7:23:70:
                    40:19:ec:06:26:ff:80:4c:54:4d:d1:f1:f2:5b:55:
                    66:9a:0d:36:63:90:9f:6f:d0:43:26:a6:6a:ba:e9:
                    61:29:06:fa:70:de:35:55:cb:c8:3e:e9:c9:7f:e8:
                    7c:42:ee:59:87:25:3f:b6:af:c3:1c:3f:c8:65:8d:
                    49:73:f8:1f:2c:73:12:43:14:8c:21:b9:a7:9c:9f:
                    1f:f3:21:bb:40:6b:26:8f:05:e8:cd:62:99:c5:38:
                    a5:03:9a:08:78:1d:2b:06:e3:4c:d9:f7:f3:c6:a8:
                    a0:0a:64:00:b2:a1:99:07:c8:be:c2:94:57:c4:f2:
                    10:30:72:1c:fd:53:c7:ca:38:f8:84:5e:78:73:77:
                    6b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:12:B2:38:2A:E8:CD:48:1F:80:5E:E0:66:36:E0:77:BE:1B:EC:3F
            X509v3 Authority Key Identifier:
                keyid:46:36:9D:C5:DA:5E:4E:70:C7:35:B2:35:70:4D:9E:BC:58:25:93:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RjadxdpeTnDHNbI1cE2evFglk0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/fe69b2-0abb-4e55-8b38-a91634d2a808/1/ixKyOCrozUgfgF7gZjbgd74b7D8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/fe69b2-0abb-4e55-8b38-a91634d2a808/1/RjadxdpeTnDHNbI1cE2evFglk0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:bf:d1:5b:93:6d:fe:48:f4:ff:b7:fa:ba:dc:e2:44:89:4f:
         98:27:66:b7:2c:d0:0b:5a:a2:c5:57:60:65:07:ab:af:53:ec:
         49:36:04:19:48:a5:33:aa:5b:46:9c:d3:1b:c3:02:71:58:b3:
         37:71:93:36:7e:1d:2a:f0:eb:45:aa:e9:8d:38:e7:25:0a:37:
         77:9d:31:3f:ab:e1:64:28:60:89:8f:ea:c5:b5:67:6a:5b:1d:
         7b:c5:db:19:f6:0b:25:bb:2d:4f:85:70:62:dd:b0:c9:3e:c5:
         a9:40:73:62:8c:10:05:04:9b:b2:93:2a:ae:43:e1:58:30:bf:
         33:30:af:8e:e4:a8:69:49:ea:64:28:e6:cd:ae:a6:77:17:82:
         ee:40:15:e2:22:ef:ef:38:ec:21:89:ee:bd:97:45:0a:68:cf:
         0e:0c:eb:03:3a:f1:fd:81:96:8b:cc:a2:8d:b3:50:bb:d4:6f:
         e8:20:59:4f:a6:27:32:fa:4d:d7:10:a7:a8:b2:60:8b:6a:97:
         2b:d8:07:89:45:bb:11:ec:25:da:fe:f2:a7:99:93:e4:78:71:
         db:56:47:62:57:6b:82:a0:bb:71:7b:27:95:b5:c0:b1:75:d3:
         9f:fd:d3:5c:1d:f6:4d:fe:64:80:a8:81:03:2c:22:e6:36:d3:
         c3:64:d1:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/cqTWjCHu7EwOh1AAjrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MzY5ZGM1ZGE1ZTRlNzBjNzM1YjIzNTcwNGQ5ZWJjNTgy
NTkzNDkwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjEyYjIzODJhZThjZDQ4MWY4MDVlZTA2NjM2ZTA3N2JlMWJlYzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJquSqInxfsDaSy4P9RZwAgu/ZHk
xRP10PaoqDiPcNaAhdldOzgqziHuaXWHImSJA+WJ2xc3Ijt62CQUrtvOjaPwQyXd
8K8ORQZICJlD6j1HiwZiZEMN44Q67hXmKo9DpFXxO6fbJFmD+pTRUPE0H8jpi9PH
I3BAGewGJv+ATFRN0fHyW1Vmmg02Y5Cfb9BDJqZquulhKQb6cN41VcvIPunJf+h8
Qu5ZhyU/tq/DHD/IZY1Jc/gfLHMSQxSMIbmnnJ8f8yG7QGsmjwXozWKZxTilA5oI
eB0rBuNM2ffzxqigCmQAsqGZB8i+wpRXxPIQMHIc/VPHyjj4hF54c3dr8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsSsjgq6M1IH4Be4GY24He+G+w/MB8GA1UdIwQY
MBaAFEY2ncXaXk5wxzWyNXBNnrxYJZNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmphZHhkcGVUbkRITmJJMWNFMmV2RmdsazBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9mZTY5YjItMGFiYi00ZTU1LThiMzgt
YTkxNjM0ZDJhODA4LzEvaXhLeU9Dcm96VWdmZ0Y3Z1pqYmdkNzRiN0Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9mZTY5YjItMGFiYi00ZTU1LThiMzgtYTkxNjM0ZDJhODA4
LzEvUmphZHhkcGVUbkRITmJJMWNFMmV2RmdsazBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcvEMA0G
CSqGSIb3DQEBCwUAA4IBAQBJv9Fbk23+SPT/t/q63OJEiU+YJ2a3LNALWqLFV2Bl
B6uvU+xJNgQZSKUzqltGnNMbwwJxWLM3cZM2fh0q8OtFqumNOOclCjd3nTE/q+Fk
KGCJj+rFtWdqWx17xdsZ9gsluy1PhXBi3bDJPsWpQHNijBAFBJuykyquQ+FYML8z
MK+O5KhpSepkKObNrqZ3F4LuQBXiIu/vOOwhie69l0UKaM8ODOsDOvH9gZaLzKKN
s1C71G/oIFlPpicy+k3XEKeosmCLapcr2AeJRbsR7CXa/vKnmZPkeHHbVkdiV2uC
oLtxeyeVtcCxddOf/dNcHfZN/mSAqIEDLCLmNtPDZNHq
-----END CERTIFICATE-----