Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/e5e53a-dfe8-4e99-85a8-1e0367c07d46/1/pKpK0fpxNLfPfRjxRzWWa3fKR3w.roa
File:                     pKpK0fpxNLfPfRjxRzWWa3fKR3w.roa (raw, json)
Hash identifier:          8dKtN3Slnvd8pwQgjMVGY+0Hoa2j4W49VOwrSD+22e4=
Subject key identifier:   A4:AA:4A:D1:FA:71:34:B7:CF:7D:18:F1:47:35:96:6B:77:CA:47:7C
Certificate issuer:       /CN=5f1768e26ff4f9a2a8a56da4dcb7e1ec0c2e4a93
Certificate serial:       0194266BA24A9BA5C7F0F3FCEE59FFA69B0B
Authority key identifier: 5F:17:68:E2:6F:F4:F9:A2:A8:A5:6D:A4:DC:B7:E1:EC:0C:2E:4A:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xxdo4m_0-aKopW2k3Lfh7AwuSpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/e5e53a-dfe8-4e99-85a8-1e0367c07d46/1/pKpK0fpxNLfPfRjxRzWWa3fKR3w.roa
Signing time:             Thu 02 Jan 2025 09:49:35 +0000
ROA not before:           Thu 02 Jan 2025 09:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198611
IP address blocks:        193.239.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/e5e53a-dfe8-4e99-85a8-1e0367c07d46/1/Xxdo4m_0-aKopW2k3Lfh7AwuSpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/e5e53a-dfe8-4e99-85a8-1e0367c07d46/1/Xxdo4m_0-aKopW2k3Lfh7AwuSpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xxdo4m_0-aKopW2k3Lfh7AwuSpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a2:4a:9b:a5:c7:f0:f3:fc:ee:59:ff:a6:9b:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1768e26ff4f9a2a8a56da4dcb7e1ec0c2e4a93
        Validity
            Not Before: Jan  2 09:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4aa4ad1fa7134b7cf7d18f14735966b77ca477c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:1b:02:c7:2f:57:5e:16:4b:7e:6d:59:ea:6a:
                    2d:3a:7c:30:b1:4f:cc:4d:e5:ed:e2:26:9e:17:95:
                    1e:db:4a:3d:24:6b:d4:ad:f7:b1:f2:70:b6:00:5d:
                    fc:ed:80:44:ca:1d:6f:86:d7:f0:14:82:c3:42:9b:
                    7f:3c:77:82:6b:c4:5f:e4:2f:24:df:19:13:a2:63:
                    0f:c2:d7:e4:70:b1:96:90:99:88:71:66:0f:53:64:
                    27:79:78:d5:cd:89:a1:07:bc:83:6d:fb:f4:f2:8a:
                    94:21:5c:17:f9:bf:70:34:1a:f0:40:67:c6:ab:a1:
                    96:62:5f:73:6b:a7:49:13:cd:a8:ae:78:0e:79:40:
                    4f:38:51:52:8b:af:cd:19:f8:0b:18:f3:a3:9f:fb:
                    77:0a:04:b2:0f:53:7b:31:a9:d1:65:16:72:ea:4b:
                    0a:81:b9:35:77:ac:1e:84:d3:ea:0f:df:ab:d0:f7:
                    bf:30:c7:87:07:f4:ff:bb:62:33:c3:91:b8:bc:54:
                    01:28:a5:25:d8:b7:d5:04:83:a0:20:6c:be:0a:9f:
                    eb:a6:1c:87:00:19:27:b1:3d:76:c2:63:c5:70:78:
                    b0:e8:16:a6:cd:47:d7:d2:23:1d:6c:92:30:dc:b4:
                    f2:06:a5:96:14:fb:09:0d:df:7c:49:fc:b1:bb:ab:
                    61:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:AA:4A:D1:FA:71:34:B7:CF:7D:18:F1:47:35:96:6B:77:CA:47:7C
            X509v3 Authority Key Identifier:
                keyid:5F:17:68:E2:6F:F4:F9:A2:A8:A5:6D:A4:DC:B7:E1:EC:0C:2E:4A:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xxdo4m_0-aKopW2k3Lfh7AwuSpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/e5e53a-dfe8-4e99-85a8-1e0367c07d46/1/pKpK0fpxNLfPfRjxRzWWa3fKR3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/e5e53a-dfe8-4e99-85a8-1e0367c07d46/1/Xxdo4m_0-aKopW2k3Lfh7AwuSpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:89:e0:27:96:0b:b1:df:06:e9:fc:2a:44:50:03:58:7a:f6:
         9f:88:ea:91:5d:63:aa:c7:23:25:09:a6:52:78:7e:88:4c:9c:
         f2:a7:f0:7b:ae:07:b3:e4:b4:0c:09:dc:9a:89:9d:d4:db:8c:
         c3:bb:81:d4:6a:30:58:c7:b7:23:1c:a5:ec:d3:dc:be:32:89:
         9a:f2:83:66:87:68:48:26:19:f0:93:0a:b5:92:a0:c8:62:0e:
         51:ec:06:7d:28:88:36:d8:94:43:56:f7:27:2b:f1:53:7e:9b:
         5e:fe:42:32:e8:27:7b:a1:5d:7a:24:0f:eb:64:82:c9:b2:21:
         f0:19:c4:80:5c:b3:db:af:b5:1d:77:d3:74:98:12:70:c8:f7:
         45:1a:9a:d4:b2:23:61:92:c8:3d:27:f6:8b:c7:f8:70:71:41:
         84:96:bc:58:70:b9:8b:1f:57:5f:eb:d9:be:46:2b:d6:8b:55:
         75:65:c7:0a:77:d7:18:8f:16:a6:0d:77:69:c5:6b:a8:fc:8c:
         ea:19:f9:43:f5:63:09:24:e5:7e:ad:06:da:86:2c:11:bc:17:
         80:ab:b7:42:a3:df:42:56:74:e4:01:07:60:29:44:af:f2:29:
         44:88:e8:dd:87:db:d9:87:c1:d0:39:e8:72:49:3b:5b:32:c0:
         c1:19:8e:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma6JKm6XH8PP87ln/ppsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMTc2OGUyNmZmNGY5YTJhOGE1NmRhNGRjYjdlMWVjMGMy
ZTRhOTMwHhcNMjUwMTAyMDk0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGFhNGFkMWZhNzEzNGI3Y2Y3ZDE4ZjE0NzM1OTY2Yjc3Y2E0NzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxsCxy9XXhZLfm1Z6motOnwwsU/M
TeXt4iaeF5Ue20o9JGvUrfex8nC2AF387YBEyh1vhtfwFILDQpt/PHeCa8Rf5C8k
3xkTomMPwtfkcLGWkJmIcWYPU2QneXjVzYmhB7yDbfv08oqUIVwX+b9wNBrwQGfG
q6GWYl9za6dJE82orngOeUBPOFFSi6/NGfgLGPOjn/t3CgSyD1N7ManRZRZy6ksK
gbk1d6wehNPqD9+r0Pe/MMeHB/T/u2Izw5G4vFQBKKUl2LfVBIOgIGy+Cp/rphyH
ABknsT12wmPFcHiw6BamzUfX0iMdbJIw3LTyBqWWFPsJDd98Sfyxu6th9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSqStH6cTS3z30Y8Uc1lmt3ykd8MB8GA1UdIwQY
MBaAFF8XaOJv9PmiqKVtpNy34ewMLkqTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHhkbzRtXzAtYUtvcFcyazNMZmg3QXd1U3BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lNWU1M2EtZGZlOC00ZTk5LTg1YTgt
MWUwMzY3YzA3ZDQ2LzEvcEtwSzBmcHhOTGZQZlJqeFJ6V1dhM2ZLUjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lNWU1M2EtZGZlOC00ZTk5LTg1YTgtMWUwMzY3YzA3ZDQ2
LzEvWHhkbzRtXzAtYUtvcFcyazNMZmg3QXd1U3BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwe/MMA0G
CSqGSIb3DQEBCwUAA4IBAQBGieAnlgux3wbp/CpEUANYevafiOqRXWOqxyMlCaZS
eH6ITJzyp/B7rgez5LQMCdyaiZ3U24zDu4HUajBYx7cjHKXs09y+Moma8oNmh2hI
Jhnwkwq1kqDIYg5R7AZ9KIg22JRDVvcnK/FTfpte/kIy6Cd7oV16JA/rZILJsiHw
GcSAXLPbr7Udd9N0mBJwyPdFGprUsiNhksg9J/aLx/hwcUGElrxYcLmLH1df69m+
RivWi1V1ZccKd9cYjxamDXdpxWuo/IzqGflD9WMJJOV+rQbahiwRvBeAq7dCo99C
VnTkAQdgKUSv8ilEiOjdh9vZh8HQOehySTtbMsDBGY7j
-----END CERTIFICATE-----