Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/H33ZXIhbVy7xU6xnvVekDxlllNY.roa
File:                     H33ZXIhbVy7xU6xnvVekDxlllNY.roa (raw, json)
Hash identifier:          gLytCIr8moIJFxRmjTSWLIbls8kZi2qpSK/USMqXNdU=
Subject key identifier:   1F:7D:D9:5C:88:5B:57:2E:F1:53:AC:67:BD:57:A4:0F:19:65:94:D6
Certificate issuer:       /CN=943bc576732374e8d89d7013ab3630b6e0a9f19a
Certificate serial:       019424B38FE05D38F870B5EBC78587F2C210
Authority key identifier: 94:3B:C5:76:73:23:74:E8:D8:9D:70:13:AB:36:30:B6:E0:A9:F1:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lDvFdnMjdOjYnXATqzYwtuCp8Zo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/H33ZXIhbVy7xU6xnvVekDxlllNY.roa
Signing time:             Thu 02 Jan 2025 01:48:54 +0000
ROA not before:           Thu 02 Jan 2025 01:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49289
IP address blocks:        193.200.26.0/24 maxlen: 24
                          193.200.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/lDvFdnMjdOjYnXATqzYwtuCp8Zo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/lDvFdnMjdOjYnXATqzYwtuCp8Zo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lDvFdnMjdOjYnXATqzYwtuCp8Zo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:8f:e0:5d:38:f8:70:b5:eb:c7:85:87:f2:c2:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=943bc576732374e8d89d7013ab3630b6e0a9f19a
        Validity
            Not Before: Jan  2 01:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f7dd95c885b572ef153ac67bd57a40f196594d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ab:cf:ac:14:4f:60:d6:9c:63:ea:83:06:e1:
                    b0:4f:47:42:d4:29:de:b1:ac:a3:97:d2:7c:1a:db:
                    00:71:79:c6:1b:f1:67:0c:88:8b:e2:e1:7a:f2:37:
                    c6:d1:09:1c:02:c1:4e:da:2f:3d:df:e5:f0:02:65:
                    79:17:0f:71:e3:a6:14:c6:bc:82:38:d5:43:87:70:
                    8e:5b:78:63:67:18:1a:b3:f4:a2:98:95:48:27:3f:
                    7e:e9:8e:50:44:c2:8a:54:90:64:4d:fa:0a:da:97:
                    0a:bc:d2:82:d0:98:ad:aa:8e:f9:b3:5b:22:9d:05:
                    9b:65:e5:67:15:0f:c1:34:db:a7:de:af:bf:cd:b7:
                    1e:bb:1d:a2:45:c2:91:54:bd:96:59:a9:45:ac:70:
                    de:9f:66:cb:87:f3:6d:34:9d:da:70:ce:73:33:8c:
                    ed:36:a6:dc:8e:cf:7d:ad:0e:d9:95:b3:f0:df:11:
                    bc:57:07:9b:d7:bd:5c:d3:ec:86:5f:ad:a5:4d:d1:
                    b8:a5:19:43:78:e4:98:54:7f:a3:6f:27:97:86:e0:
                    cb:5f:22:b9:46:13:de:a3:4d:c0:86:08:45:87:55:
                    d4:2a:25:f6:c5:a6:de:6d:aa:77:f6:16:b6:35:fe:
                    f7:a1:c4:d4:67:05:4e:81:12:3a:e2:88:05:b3:0d:
                    37:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7D:D9:5C:88:5B:57:2E:F1:53:AC:67:BD:57:A4:0F:19:65:94:D6
            X509v3 Authority Key Identifier:
                keyid:94:3B:C5:76:73:23:74:E8:D8:9D:70:13:AB:36:30:B6:E0:A9:F1:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lDvFdnMjdOjYnXATqzYwtuCp8Zo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/H33ZXIhbVy7xU6xnvVekDxlllNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b8d065-ed81-409e-b1f1-76ab3fca1f32/1/lDvFdnMjdOjYnXATqzYwtuCp8Zo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:ca:87:3f:81:91:91:b4:f0:4b:cf:c0:95:0d:9f:05:6e:fe:
         ef:d8:81:19:84:d6:af:b0:ba:86:34:4f:f7:ef:52:77:d1:18:
         f9:f5:93:31:3c:1b:99:86:d7:74:c7:f3:bb:1f:20:8c:c7:bd:
         02:12:7d:7e:29:7f:ce:21:33:a9:af:60:86:92:b7:1e:b5:d9:
         f1:46:89:1f:a7:77:5e:75:cc:bc:62:a7:1a:c2:75:13:18:c6:
         7a:4b:e3:5d:35:7a:75:6c:50:1e:40:38:85:86:1f:f4:05:3d:
         df:5f:b4:44:ee:43:40:7f:d0:cb:7c:0e:45:36:9a:96:e7:84:
         99:99:a1:e3:cb:b8:b2:37:bf:ab:c5:62:5d:7b:67:5e:22:ef:
         5e:85:b2:51:fe:53:40:c3:4e:df:d4:20:40:aa:7d:67:22:46:
         ed:5b:47:42:da:61:87:b2:ef:6e:88:78:79:a7:d6:f6:ef:e4:
         52:2a:4a:5c:04:2c:bd:4a:95:1c:3b:b9:77:65:31:e5:34:03:
         11:e1:c9:7f:9a:78:f6:10:d4:93:2e:32:16:70:5f:87:bb:ad:
         bd:58:68:e1:4f:3d:42:02:10:9f:07:82:c7:c5:f5:f0:62:bc:
         45:82:2b:d4:36:2a:5e:45:94:27:00:53:5b:f2:dd:c7:19:7f:
         0c:6a:26:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4/gXTj4cLXrx4WH8sIQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0M2JjNTc2NzMyMzc0ZThkODlkNzAxM2FiMzYzMGI2ZTBh
OWYxOWEwHhcNMjUwMTAyMDE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdkZDk1Yzg4NWI1NzJlZjE1M2FjNjdiZDU3YTQwZjE5NjU5NGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzavPrBRPYNacY+qDBuGwT0dC1Cne
sayjl9J8GtsAcXnGG/FnDIiL4uF68jfG0QkcAsFO2i893+XwAmV5Fw9x46YUxryC
ONVDh3COW3hjZxgas/SimJVIJz9+6Y5QRMKKVJBkTfoK2pcKvNKC0Jitqo75s1si
nQWbZeVnFQ/BNNun3q+/zbceux2iRcKRVL2WWalFrHDen2bLh/NtNJ3acM5zM4zt
Nqbcjs99rQ7ZlbPw3xG8Vweb171c0+yGX62lTdG4pRlDeOSYVH+jbyeXhuDLXyK5
RhPeo03AhghFh1XUKiX2xabebap39ha2Nf73ocTUZwVOgRI64ogFsw036QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB992VyIW1cu8VOsZ71XpA8ZZZTWMB8GA1UdIwQY
MBaAFJQ7xXZzI3To2J1wE6s2MLbgqfGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbER2RmRuTWpkT2pZblhBVHF6WXd0dUNwOFpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iOGQwNjUtZWQ4MS00MDllLWIxZjEt
NzZhYjNmY2ExZjMyLzEvSDMzWlhJaGJWeTd4VTZ4bnZWZWtEeGxsbE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iOGQwNjUtZWQ4MS00MDllLWIxZjEtNzZhYjNmY2ExZjMy
LzEvbER2RmRuTWpkT2pZblhBVHF6WXd0dUNwOFpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcgaMA0G
CSqGSIb3DQEBCwUAA4IBAQBZyoc/gZGRtPBLz8CVDZ8Fbv7v2IEZhNavsLqGNE/3
71J30Rj59ZMxPBuZhtd0x/O7HyCMx70CEn1+KX/OITOpr2CGkrcetdnxRokfp3de
dcy8YqcawnUTGMZ6S+NdNXp1bFAeQDiFhh/0BT3fX7RE7kNAf9DLfA5FNpqW54SZ
maHjy7iyN7+rxWJde2deIu9ehbJR/lNAw07f1CBAqn1nIkbtW0dC2mGHsu9uiHh5
p9b27+RSKkpcBCy9SpUcO7l3ZTHlNAMR4cl/mnj2ENSTLjIWcF+Hu629WGjhTz1C
AhCfB4LHxfXwYrxFgivUNipeRZQnAFNb8t3HGX8MaibU
-----END CERTIFICATE-----