Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/yzwcVTa4_EkxmkA3zs7RU2L0KuA.roa
File:                     yzwcVTa4_EkxmkA3zs7RU2L0KuA.roa (raw, json)
Hash identifier:          DiSWwAw7nqN/ZHYKb36GWp0hrc3vDQ6bPbUIBdkwyko=
Subject key identifier:   CB:3C:1C:55:36:B8:FC:49:31:9A:40:37:CE:CE:D1:53:62:F4:2A:E0
Certificate issuer:       /CN=6883f347e3891f573df8015ad6cc331cceb04768
Certificate serial:       0194258F0D088976FCE80071F99E0C9886C4
Authority key identifier: 68:83:F3:47:E3:89:1F:57:3D:F8:01:5A:D6:CC:33:1C:CE:B0:47:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aIPzR-OJH1c9-AFa1swzHM6wR2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/yzwcVTa4_EkxmkA3zs7RU2L0KuA.roa
Signing time:             Thu 02 Jan 2025 05:48:39 +0000
ROA not before:           Thu 02 Jan 2025 05:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48955
IP address blocks:        193.176.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/aIPzR-OJH1c9-AFa1swzHM6wR2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/aIPzR-OJH1c9-AFa1swzHM6wR2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aIPzR-OJH1c9-AFa1swzHM6wR2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 02:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0d:08:89:76:fc:e8:00:71:f9:9e:0c:98:86:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6883f347e3891f573df8015ad6cc331cceb04768
        Validity
            Not Before: Jan  2 05:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb3c1c5536b8fc49319a4037ceced15362f42ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4f:a5:49:b8:9f:a8:24:9e:df:69:51:fb:06:
                    82:ef:69:f9:0c:30:ea:f4:04:c8:d2:76:cf:5c:11:
                    f7:32:3b:d5:5c:36:73:62:61:1f:34:bf:59:77:85:
                    17:c1:27:eb:5b:62:7d:c8:73:87:a7:d1:3c:cf:87:
                    c6:26:51:d5:e4:5e:41:ae:52:7a:3b:9d:3d:2a:3d:
                    60:9f:49:96:bc:78:b2:eb:5a:55:95:e0:86:b5:63:
                    d2:c4:5a:62:d3:ce:cd:d5:88:d5:93:15:47:1e:7b:
                    38:23:f0:11:8c:d2:7d:31:43:11:39:14:29:ef:a8:
                    f9:33:5f:d3:fc:ac:3b:c6:f5:60:2e:4b:35:88:48:
                    41:83:09:6c:25:e1:71:fe:45:9a:76:bc:0a:f2:f5:
                    67:a3:67:78:b2:b7:bc:1c:91:6e:56:b1:a4:63:76:
                    25:64:da:ab:5c:c4:1a:73:fb:c0:0f:e4:1f:8f:fd:
                    33:ad:0f:b2:04:ed:71:7c:00:59:aa:2c:db:67:a7:
                    0a:8a:ed:dd:ef:61:42:09:86:da:4d:8e:bc:71:75:
                    96:20:25:09:4f:d7:67:49:98:0c:d1:bb:c7:dc:2c:
                    65:35:0d:a5:2b:da:f3:86:e0:da:0d:25:f0:58:8f:
                    3f:cb:9d:07:6d:66:2f:5c:ce:14:65:ba:64:03:bd:
                    60:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:3C:1C:55:36:B8:FC:49:31:9A:40:37:CE:CE:D1:53:62:F4:2A:E0
            X509v3 Authority Key Identifier:
                keyid:68:83:F3:47:E3:89:1F:57:3D:F8:01:5A:D6:CC:33:1C:CE:B0:47:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aIPzR-OJH1c9-AFa1swzHM6wR2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/yzwcVTa4_EkxmkA3zs7RU2L0KuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/618d33-dd92-4d91-b821-e850677cffb3/1/aIPzR-OJH1c9-AFa1swzHM6wR2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:18:28:23:f1:5c:16:8d:10:4b:6e:ab:f8:e1:66:1d:45:42:
         b9:5a:34:e2:03:ba:dd:42:24:c6:d4:49:3a:02:ca:8a:2e:40:
         ea:7f:d4:79:40:ce:be:27:3c:74:98:e9:df:45:8a:22:64:2b:
         65:d0:ad:c5:b8:03:35:0d:7b:45:66:a1:76:c9:f8:65:4c:e1:
         ac:9a:56:a0:31:93:5e:c3:3b:7d:e5:b1:65:74:39:2e:d2:cf:
         5b:39:38:3c:a8:7e:de:48:c9:83:15:93:95:55:b7:d0:b1:8c:
         cd:ff:e2:44:c9:9c:09:03:a3:e5:c7:6a:47:8a:69:e9:e8:41:
         14:84:38:33:1b:c0:6d:72:25:a6:56:17:cb:d9:a5:79:12:86:
         13:76:ee:08:c5:0a:03:cd:d2:7d:33:5f:3f:d5:64:80:b4:82:
         89:15:28:77:fd:f8:4a:63:9d:44:65:9e:05:be:90:f4:8a:b0:
         3c:51:30:fc:02:02:d6:74:b6:e9:6a:bb:c7:60:c5:13:da:07:
         0d:9c:ee:e5:d1:90:e0:3a:c2:de:be:a5:4e:60:4d:7a:1d:99:
         2a:2a:a5:9c:5f:04:94:78:54:9b:23:da:f6:b0:aa:39:83:b7:
         9e:ab:a7:23:5a:2c:3d:71:45:c7:4a:02:92:71:56:3b:6f:bd:
         dc:38:ca:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljw0IiXb86ABx+Z4MmIbEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ODNmMzQ3ZTM4OTFmNTczZGY4MDE1YWQ2Y2MzMzFjY2Vi
MDQ3NjgwHhcNMjUwMTAyMDU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjNjMWM1NTM2YjhmYzQ5MzE5YTQwMzdjZWNlZDE1MzYyZjQyYWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0+lSbifqCSe32lR+waC72n5DDDq
9ATI0nbPXBH3MjvVXDZzYmEfNL9Zd4UXwSfrW2J9yHOHp9E8z4fGJlHV5F5BrlJ6
O509Kj1gn0mWvHiy61pVleCGtWPSxFpi087N1YjVkxVHHns4I/ARjNJ9MUMRORQp
76j5M1/T/Kw7xvVgLks1iEhBgwlsJeFx/kWadrwK8vVno2d4sre8HJFuVrGkY3Yl
ZNqrXMQac/vAD+Qfj/0zrQ+yBO1xfABZqizbZ6cKiu3d72FCCYbaTY68cXWWICUJ
T9dnSZgM0bvH3CxlNQ2lK9rzhuDaDSXwWI8/y50HbWYvXM4UZbpkA71gFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMs8HFU2uPxJMZpAN87O0VNi9CrgMB8GA1UdIwQY
MBaAFGiD80fjiR9XPfgBWtbMMxzOsEdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUlQelItT0pIMWM5LUFGYTFzd3pITTZ3UjJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82MThkMzMtZGQ5Mi00ZDkxLWI4MjEt
ZTg1MDY3N2NmZmIzLzEveXp3Y1ZUYTRfRWt4bWtBM3pzN1JVMkwwS3VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82MThkMzMtZGQ5Mi00ZDkxLWI4MjEtZTg1MDY3N2NmZmIz
LzEvYUlQelItT0pIMWM5LUFGYTFzd3pITTZ3UjJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbBjMA0G
CSqGSIb3DQEBCwUAA4IBAQAoGCgj8VwWjRBLbqv44WYdRUK5WjTiA7rdQiTG1Ek6
AsqKLkDqf9R5QM6+Jzx0mOnfRYoiZCtl0K3FuAM1DXtFZqF2yfhlTOGsmlagMZNe
wzt95bFldDku0s9bOTg8qH7eSMmDFZOVVbfQsYzN/+JEyZwJA6Plx2pHimnp6EEU
hDgzG8BtciWmVhfL2aV5EoYTdu4IxQoDzdJ9M18/1WSAtIKJFSh3/fhKY51EZZ4F
vpD0irA8UTD8AgLWdLbparvHYMUT2gcNnO7l0ZDgOsLevqVOYE16HZkqKqWcXwSU
eFSbI9r2sKo5g7eeq6cjWiw9cUXHSgKScVY7b73cOMql
-----END CERTIFICATE-----