Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Yn15-lSTYzCSP9GpLWZu207hyyQ.roa
File:                     Yn15-lSTYzCSP9GpLWZu207hyyQ.roa (raw, json)
Hash identifier:          ZRDear1XR2zxFa1Zzdm3ZmOBKV2EW2XYwQOhJXSb+c4=
Subject key identifier:   62:7D:79:FA:54:93:63:30:92:3F:D1:A9:2D:66:6E:DB:4E:E1:CB:24
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0194221FD0E886EF71CE24BB6E0048300DD8
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Yn15-lSTYzCSP9GpLWZu207hyyQ.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        193.43.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d0:e8:86:ef:71:ce:24:bb:6e:00:48:30:0d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=627d79fa54936330923fd1a92d666edb4ee1cb24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:71:01:1a:e4:92:3e:2f:35:3c:f1:d7:ee:
                    9a:a3:79:af:c8:1a:40:fd:95:32:ca:e4:66:9b:ff:
                    19:fa:93:a4:9f:b3:66:70:14:4a:e2:ec:3c:47:20:
                    1b:39:4f:f5:c7:a1:b8:6b:2d:8b:98:02:e7:f7:53:
                    29:4e:71:d7:8a:34:39:fc:f8:d7:58:a4:53:80:b4:
                    03:04:76:5b:8d:c9:d5:f6:f8:17:62:cf:97:ad:72:
                    37:5c:40:35:08:c9:d3:4f:76:63:fe:dc:0d:68:04:
                    a1:51:78:68:c7:7e:63:fe:fc:44:58:10:57:77:eb:
                    9c:97:83:a9:7e:d6:e2:ce:47:f7:a7:a1:72:44:85:
                    14:0d:25:f8:36:8d:6e:f5:81:14:35:82:e6:28:51:
                    cd:32:27:0b:6c:4a:91:65:e0:49:9f:2c:86:90:f2:
                    08:26:f6:8f:c3:ae:52:8a:24:24:01:6d:ca:0c:14:
                    03:13:8a:6f:d8:0d:22:ac:0d:41:6c:91:03:a0:7c:
                    19:03:02:fd:3a:e1:d9:50:b1:47:b8:47:92:1f:27:
                    05:7f:4e:5c:99:9e:38:39:59:81:79:3a:95:19:0c:
                    ad:f7:bc:c0:d6:2e:86:b6:b0:1c:0c:f0:01:ee:11:
                    98:27:3d:ae:1e:cb:e1:af:5b:c0:d3:35:ef:dc:d5:
                    d4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:7D:79:FA:54:93:63:30:92:3F:D1:A9:2D:66:6E:DB:4E:E1:CB:24
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Yn15-lSTYzCSP9GpLWZu207hyyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:45:79:be:da:54:af:ef:21:30:4e:c6:9b:0b:2f:38:fb:59:
         5a:4c:9a:91:80:2a:b4:84:90:4d:14:bc:88:94:a8:02:6d:65:
         c0:c2:82:5a:7f:69:5e:53:9b:ab:cd:59:80:ca:8d:2d:41:d3:
         b9:15:89:f2:0e:9a:b1:b2:3f:72:0d:aa:f3:3d:e1:92:e8:a2:
         1b:99:ba:66:64:95:0e:94:00:9c:66:4d:0d:33:28:22:e4:66:
         48:a7:d5:d7:20:4a:b2:3f:25:c1:70:15:9f:a7:ed:4b:86:09:
         ae:2d:27:76:4b:46:6c:6d:c4:70:11:81:dc:14:90:15:5d:b1:
         d2:60:76:21:92:ec:a6:38:5e:7b:a3:36:54:ef:fb:5e:42:8a:
         71:a6:48:f1:36:f6:2d:5f:22:84:20:50:13:18:4d:61:24:f3:
         54:fd:63:39:8c:76:1d:1e:ab:10:f1:7d:3a:1b:5f:c3:6e:f0:
         57:ec:98:48:4f:4c:11:fe:ab:94:e4:47:19:5d:93:95:67:b8:
         d9:6f:a8:4f:0c:1f:31:3c:c0:99:cd:39:96:b0:d2:f5:74:cb:
         f2:f4:7f:80:80:39:11:cd:5a:9a:a8:8c:53:af:ff:58:42:54:
         d1:d5:65:2e:66:32:2a:df:92:d8:01:53:26:bb:9d:13:19:95:
         aa:48:5d:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9Dohu9xziS7bgBIMA3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjdkNzlmYTU0OTM2MzMwOTIzZmQxYTkyZDY2NmVkYjRlZTFjYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwf5xARrkkj4vNTzx1+6ao3mvyBpA
/ZUyyuRmm/8Z+pOkn7NmcBRK4uw8RyAbOU/1x6G4ay2LmALn91MpTnHXijQ5/PjX
WKRTgLQDBHZbjcnV9vgXYs+XrXI3XEA1CMnTT3Zj/twNaAShUXhox35j/vxEWBBX
d+ucl4Opftbizkf3p6FyRIUUDSX4No1u9YEUNYLmKFHNMicLbEqRZeBJnyyGkPII
JvaPw65SiiQkAW3KDBQDE4pv2A0irA1BbJEDoHwZAwL9OuHZULFHuEeSHycFf05c
mZ44OVmBeTqVGQyt97zA1i6GtrAcDPAB7hGYJz2uHsvhr1vA0zXv3NXUbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJ9efpUk2Mwkj/RqS1mbttO4cskMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvWW4xNS1sU1RZekNTUDlHcExXWnUyMDdoeXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSv5MA0G
CSqGSIb3DQEBCwUAA4IBAQAzRXm+2lSv7yEwTsabCy84+1laTJqRgCq0hJBNFLyI
lKgCbWXAwoJaf2leU5urzVmAyo0tQdO5FYnyDpqxsj9yDarzPeGS6KIbmbpmZJUO
lACcZk0NMygi5GZIp9XXIEqyPyXBcBWfp+1LhgmuLSd2S0ZsbcRwEYHcFJAVXbHS
YHYhkuymOF57ozZU7/teQopxpkjxNvYtXyKEIFATGE1hJPNU/WM5jHYdHqsQ8X06
G1/DbvBX7JhIT0wR/quU5EcZXZOVZ7jZb6hPDB8xPMCZzTmWsNL1dMvy9H+AgDkR
zVqaqIxTr/9YQlTR1WUuZjIq35LYAVMmu50TGZWqSF2M
-----END CERTIFICATE-----