Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/ca9f2c-526e-453f-8b32-60feecea9aa4/1/CtjT3jVnXWmD83KR_4TWffaI4JQ.roa
File:                     CtjT3jVnXWmD83KR_4TWffaI4JQ.roa (raw, json)
Hash identifier:          flK9Ib6/h/dfOz32Mluz/WYLhTwywQZxRxjgsE0wek0=
Subject key identifier:   0A:D8:D3:DE:35:67:5D:69:83:F3:72:91:FF:84:D6:7D:F6:88:E0:94
Certificate issuer:       /CN=984503d4d18140b92aa8923193101d0f3eafe2c3
Certificate serial:       019426D96913C9FF95DC8401CDA09FFE98A0
Authority key identifier: 98:45:03:D4:D1:81:40:B9:2A:A8:92:31:93:10:1D:0F:3E:AF:E2:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mEUD1NGBQLkqqJIxkxAdDz6v4sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/ca9f2c-526e-453f-8b32-60feecea9aa4/1/CtjT3jVnXWmD83KR_4TWffaI4JQ.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52183
IP address blocks:        193.5.116.0/24 maxlen: 24
                          193.5.117.0/24 maxlen: 24
                          193.5.118.0/24 maxlen: 24
                          193.5.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/ca9f2c-526e-453f-8b32-60feecea9aa4/1/mEUD1NGBQLkqqJIxkxAdDz6v4sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/ca9f2c-526e-453f-8b32-60feecea9aa4/1/mEUD1NGBQLkqqJIxkxAdDz6v4sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mEUD1NGBQLkqqJIxkxAdDz6v4sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:69:13:c9:ff:95:dc:84:01:cd:a0:9f:fe:98:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=984503d4d18140b92aa8923193101d0f3eafe2c3
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ad8d3de35675d6983f37291ff84d67df688e094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:76:cb:02:ed:5a:6c:97:cf:d6:76:cf:b1:fd:
                    2b:42:8c:dd:31:30:bc:63:2f:e2:c1:2a:1c:fd:50:
                    c4:5a:ae:78:4e:14:e3:3f:41:2f:f0:df:fc:c1:e3:
                    d8:76:61:a1:1d:d3:4e:52:75:d1:86:01:a8:17:43:
                    c8:fe:fb:83:87:5b:a4:df:17:c4:ee:92:62:25:a7:
                    81:b9:60:f3:e7:1d:96:38:34:94:c5:25:99:cf:a1:
                    c8:45:ac:7e:ac:b0:f2:85:31:6d:fc:5f:5f:6d:17:
                    d7:a6:47:eb:61:4b:fe:bd:86:cc:55:b4:4a:db:b1:
                    92:a0:96:29:5e:42:73:1b:61:e1:45:9e:22:d6:6d:
                    04:97:63:a2:12:24:88:ca:06:5a:7d:7e:48:bb:8a:
                    b5:57:82:74:91:5d:f8:95:ca:65:5c:0a:c4:a0:fe:
                    7c:b3:de:77:97:cf:d5:19:02:70:62:6d:5a:eb:1f:
                    1a:25:fd:9b:7d:36:97:b5:d5:26:9f:87:7a:4d:9d:
                    9b:c3:fd:11:0d:f9:48:9e:60:02:2e:1e:0d:b3:35:
                    2e:dd:b3:f6:f7:f7:a2:25:2c:33:ee:84:9e:96:38:
                    21:22:4f:40:10:c6:f5:4a:a3:ff:66:d4:e1:d1:59:
                    3a:60:2a:fb:7f:bd:32:65:01:1d:d5:d1:5f:7f:7b:
                    26:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D8:D3:DE:35:67:5D:69:83:F3:72:91:FF:84:D6:7D:F6:88:E0:94
            X509v3 Authority Key Identifier:
                keyid:98:45:03:D4:D1:81:40:B9:2A:A8:92:31:93:10:1D:0F:3E:AF:E2:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mEUD1NGBQLkqqJIxkxAdDz6v4sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ca9f2c-526e-453f-8b32-60feecea9aa4/1/CtjT3jVnXWmD83KR_4TWffaI4JQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ca9f2c-526e-453f-8b32-60feecea9aa4/1/mEUD1NGBQLkqqJIxkxAdDz6v4sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:31:82:94:5f:99:93:49:25:cd:55:8b:d7:c4:29:e7:84:84:
         7b:1a:35:cd:5b:fd:80:95:dc:3f:82:c3:87:f8:92:d2:1b:ae:
         3c:03:30:61:0f:e4:64:6d:19:45:b0:59:ca:de:3a:ae:14:ef:
         c5:bb:4c:01:88:74:70:83:78:96:4e:b2:a6:78:50:2b:b3:d8:
         ef:60:4c:1b:a4:62:a7:01:a9:10:33:e5:03:34:1c:95:d3:22:
         ee:9c:8d:74:70:b0:0c:79:67:de:45:f6:28:6c:9a:d2:7b:c3:
         91:ea:1b:14:ea:25:4d:be:57:46:c6:3d:37:42:b6:8d:5d:29:
         2e:57:a1:13:23:3d:a2:b3:32:19:ee:dc:20:93:d4:70:45:44:
         18:51:f3:6e:7a:55:a7:ac:77:dc:19:22:13:bd:92:0e:53:ac:
         b2:55:e5:3e:17:bd:60:ed:51:e5:93:86:e4:e2:e4:38:fe:00:
         87:eb:9d:b2:f6:25:bd:9b:ea:b6:34:22:1b:97:55:b7:8f:51:
         f4:10:05:16:ba:73:1b:32:9d:56:c3:83:3d:d8:e1:31:da:1d:
         0c:f9:9c:c4:39:bf:8f:ac:4f:b7:a4:c3:c5:89:73:2e:80:3a:
         36:c5:cb:5f:2d:65:4c:7c:4c:ed:b6:fb:64:29:b6:57:48:ee:
         88:27:2f:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2WkTyf+V3IQBzaCf/pigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NDUwM2Q0ZDE4MTQwYjkyYWE4OTIzMTkzMTAxZDBmM2Vh
ZmUyYzMwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWQ4ZDNkZTM1Njc1ZDY5ODNmMzcyOTFmZjg0ZDY3ZGY2ODhlMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XbLAu1abJfP1nbPsf0rQozdMTC8
Yy/iwSoc/VDEWq54ThTjP0Ev8N/8wePYdmGhHdNOUnXRhgGoF0PI/vuDh1uk3xfE
7pJiJaeBuWDz5x2WODSUxSWZz6HIRax+rLDyhTFt/F9fbRfXpkfrYUv+vYbMVbRK
27GSoJYpXkJzG2HhRZ4i1m0El2OiEiSIygZafX5Iu4q1V4J0kV34lcplXArEoP58
s953l8/VGQJwYm1a6x8aJf2bfTaXtdUmn4d6TZ2bw/0RDflInmACLh4NszUu3bP2
9/eiJSwz7oSeljghIk9AEMb1SqP/ZtTh0Vk6YCr7f70yZQEd1dFff3smKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFArY0941Z11pg/Nykf+E1n32iOCUMB8GA1UdIwQY
MBaAFJhFA9TRgUC5KqiSMZMQHQ8+r+LDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUVVRDFOR0JRTGtxcUpJeGt4QWREejZ2NHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9jYTlmMmMtNTI2ZS00NTNmLThiMzIt
NjBmZWVjZWE5YWE0LzEvQ3RqVDNqVm5YV21EODNLUl80VFdmZmFJNEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9jYTlmMmMtNTI2ZS00NTNmLThiMzItNjBmZWVjZWE5YWE0
LzEvbUVVRDFOR0JRTGtxcUpJeGt4QWREejZ2NHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwQV0MA0G
CSqGSIb3DQEBCwUAA4IBAQAUMYKUX5mTSSXNVYvXxCnnhIR7GjXNW/2Aldw/gsOH
+JLSG648AzBhD+RkbRlFsFnK3jquFO/Fu0wBiHRwg3iWTrKmeFArs9jvYEwbpGKn
AakQM+UDNByV0yLunI10cLAMeWfeRfYobJrSe8OR6hsU6iVNvldGxj03QraNXSku
V6ETIz2iszIZ7twgk9RwRUQYUfNuelWnrHfcGSITvZIOU6yyVeU+F71g7VHlk4bk
4uQ4/gCH652y9iW9m+q2NCIbl1W3j1H0EAUWunMbMp1Ww4M92OEx2h0M+ZzEOb+P
rE+3pMPFiXMugDo2xctfLWVMfEzttvtkKbZXSO6IJy+6
-----END CERTIFICATE-----