Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/e2510d-e573-45d3-9d20-754b60c5b568/1/9FStBrS0NlZ9f0JDPC2m90a8BCY.roa
File:                     9FStBrS0NlZ9f0JDPC2m90a8BCY.roa (raw, json)
Hash identifier:          xw+KW2Ni2Cd+C3tg5Q5Vf8DrtdT917ZQWwgX4LJaEm4=
Subject key identifier:   F4:54:AD:06:B4:B4:36:56:7D:7F:42:43:3C:2D:A6:F7:46:BC:04:26
Certificate issuer:       /CN=b53ba18d5ceb8e794c8139ce02a791b8501825ef
Certificate serial:       019423D6E4F90F7D7A191A6D67909C3CE697
Authority key identifier: B5:3B:A1:8D:5C:EB:8E:79:4C:81:39:CE:02:A7:91:B8:50:18:25:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tTuhjVzrjnlMgTnOAqeRuFAYJe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/e2510d-e573-45d3-9d20-754b60c5b568/1/9FStBrS0NlZ9f0JDPC2m90a8BCY.roa
Signing time:             Wed 01 Jan 2025 21:47:53 +0000
ROA not before:           Wed 01 Jan 2025 21:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17905
IP address blocks:        193.108.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/e2510d-e573-45d3-9d20-754b60c5b568/1/tTuhjVzrjnlMgTnOAqeRuFAYJe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/e2510d-e573-45d3-9d20-754b60c5b568/1/tTuhjVzrjnlMgTnOAqeRuFAYJe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tTuhjVzrjnlMgTnOAqeRuFAYJe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e4:f9:0f:7d:7a:19:1a:6d:67:90:9c:3c:e6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b53ba18d5ceb8e794c8139ce02a791b8501825ef
        Validity
            Not Before: Jan  1 21:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f454ad06b4b436567d7f42433c2da6f746bc0426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3d:8a:0e:64:fd:7c:08:e5:3e:2c:fa:ac:83:
                    b0:55:01:4e:dc:d5:ca:d1:06:95:49:48:f8:d9:91:
                    49:dc:92:bb:b4:a4:63:7a:8d:5d:e2:67:26:c8:01:
                    dc:ee:ef:b4:36:52:f0:db:1f:1c:cc:3d:ed:92:ac:
                    bb:ce:c4:24:a5:0c:4f:d2:95:4e:12:c2:e7:0d:c0:
                    6d:50:18:e5:bd:67:6a:9e:e6:cb:d0:5f:ec:30:2e:
                    69:a5:f1:4e:35:04:16:34:c4:81:d6:ca:d5:3f:8a:
                    86:2d:a8:26:12:64:60:d5:19:31:20:40:12:1d:32:
                    6a:87:a0:42:f2:7e:5b:7f:40:e5:5d:4a:be:cf:5a:
                    48:84:8e:35:02:1d:d5:3c:aa:76:79:c6:6e:b0:35:
                    c4:69:de:0c:88:3f:17:b5:c7:13:71:d1:d2:d7:b2:
                    42:66:42:e0:2e:8a:93:51:ef:72:0c:61:8b:b4:78:
                    74:a8:26:6b:dc:21:35:f7:f4:89:24:fd:57:7c:d3:
                    23:d1:87:29:bd:40:2d:f9:d5:5c:ae:56:48:cb:5b:
                    75:df:3c:5a:d0:0d:f7:9d:96:ee:f5:4d:52:1c:c6:
                    9c:1e:46:7e:4a:db:b9:be:c7:7d:15:50:5e:60:27:
                    2c:85:4c:54:2c:eb:96:bd:ff:ac:dd:6c:d7:ee:3c:
                    f1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:54:AD:06:B4:B4:36:56:7D:7F:42:43:3C:2D:A6:F7:46:BC:04:26
            X509v3 Authority Key Identifier:
                keyid:B5:3B:A1:8D:5C:EB:8E:79:4C:81:39:CE:02:A7:91:B8:50:18:25:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTuhjVzrjnlMgTnOAqeRuFAYJe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/e2510d-e573-45d3-9d20-754b60c5b568/1/9FStBrS0NlZ9f0JDPC2m90a8BCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/e2510d-e573-45d3-9d20-754b60c5b568/1/tTuhjVzrjnlMgTnOAqeRuFAYJe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:45:a4:16:d1:50:73:a4:d0:39:1f:f9:b2:13:c6:21:e4:0f:
         4e:de:cc:e6:91:11:b9:2c:85:65:d3:8b:f2:9d:73:ee:6b:25:
         6c:a5:aa:07:07:d7:d1:91:f6:71:09:74:8a:ba:e2:98:08:d8:
         b0:a4:b1:be:91:21:9c:af:88:8b:87:84:2b:c4:ac:fd:ce:8e:
         95:bd:dd:07:3b:86:fd:b4:89:5a:f2:17:50:7e:99:3d:b9:eb:
         15:77:f0:74:09:78:ec:27:da:0d:2c:85:58:d3:98:24:fa:97:
         e8:8e:19:21:70:f8:02:b1:50:b3:7c:8a:f5:f2:ba:3a:d5:0f:
         ff:06:eb:cb:89:3c:e4:c7:33:ab:3f:13:19:08:1f:25:2d:39:
         d5:06:60:1e:e9:3f:75:a2:75:98:a7:2d:51:25:8f:48:d3:14:
         93:4e:bb:ab:7d:6c:5c:3e:f1:c9:cb:81:15:76:b7:c3:3f:61:
         dd:6d:f2:5d:d7:54:0d:e6:14:7b:f4:8c:4b:65:89:4d:91:0e:
         b4:37:8c:b3:c4:f1:9f:ce:b0:21:ae:5b:fb:35:43:63:ec:5e:
         d9:66:ce:f1:b3:c5:9a:bd:5b:76:8d:09:50:2d:cf:5d:4c:e0:
         8b:b7:69:fc:aa:0e:6d:2c:14:7f:5a:05:5a:4c:c3:61:ec:57:
         d0:7b:ff:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1uT5D316GRptZ5CcPOaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1M2JhMThkNWNlYjhlNzk0YzgxMzljZTAyYTc5MWI4NTAx
ODI1ZWYwHhcNMjUwMTAxMjE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDU0YWQwNmI0YjQzNjU2N2Q3ZjQyNDMzYzJkYTZmNzQ2YmMwNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0j2KDmT9fAjlPiz6rIOwVQFO3NXK
0QaVSUj42ZFJ3JK7tKRjeo1d4mcmyAHc7u+0NlLw2x8czD3tkqy7zsQkpQxP0pVO
EsLnDcBtUBjlvWdqnubL0F/sMC5ppfFONQQWNMSB1srVP4qGLagmEmRg1RkxIEAS
HTJqh6BC8n5bf0DlXUq+z1pIhI41Ah3VPKp2ecZusDXEad4MiD8XtccTcdHS17JC
ZkLgLoqTUe9yDGGLtHh0qCZr3CE19/SJJP1XfNMj0YcpvUAt+dVcrlZIy1t13zxa
0A33nZbu9U1SHMacHkZ+Stu5vsd9FVBeYCcshUxULOuWvf+s3WzX7jzxmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRUrQa0tDZWfX9CQzwtpvdGvAQmMB8GA1UdIwQY
MBaAFLU7oY1c6455TIE5zgKnkbhQGCXvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFR1aGpWenJqbmxNZ1RuT0FxZVJ1RkFZSmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9lMjUxMGQtZTU3My00NWQzLTlkMjAt
NzU0YjYwYzViNTY4LzEvOUZTdEJyUzBObFo5ZjBKRFBDMm05MGE4QkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9lMjUxMGQtZTU3My00NWQzLTlkMjAtNzU0YjYwYzViNTY4
LzEvdFR1aGpWenJqbmxNZ1RuT0FxZVJ1RkFZSmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWydMA0G
CSqGSIb3DQEBCwUAA4IBAQBURaQW0VBzpNA5H/myE8Yh5A9O3szmkRG5LIVl04vy
nXPuayVspaoHB9fRkfZxCXSKuuKYCNiwpLG+kSGcr4iLh4QrxKz9zo6Vvd0HO4b9
tIla8hdQfpk9uesVd/B0CXjsJ9oNLIVY05gk+pfojhkhcPgCsVCzfIr18ro61Q//
BuvLiTzkxzOrPxMZCB8lLTnVBmAe6T91onWYpy1RJY9I0xSTTrurfWxcPvHJy4EV
drfDP2HdbfJd11QN5hR79IxLZYlNkQ60N4yzxPGfzrAhrlv7NUNj7F7ZZs7xs8Wa
vVt2jQlQLc9dTOCLt2n8qg5tLBR/WgVaTMNh7FfQe//+
-----END CERTIFICATE-----