Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/6e17dd-b483-4e7a-acf9-2664dace9580/1/0aywYTi5Sc6yVfxfBxLpHYbIDYs.roa
File:                     0aywYTi5Sc6yVfxfBxLpHYbIDYs.roa (raw, json)
Hash identifier:          XltTkT+5iNEXCHy8WnwN+9b+D1DDxHii8Hapue8Rijw=
Subject key identifier:   D1:AC:B0:61:38:B9:49:CE:B2:55:FC:5F:07:12:E9:1D:86:C8:0D:8B
Certificate issuer:       /CN=f3a80c48337bf27db2fd083c172c6a1cc5d1d17c
Certificate serial:       0194228E452251D1EC4828314BAAA936B2C3
Authority key identifier: F3:A8:0C:48:33:7B:F2:7D:B2:FD:08:3C:17:2C:6A:1C:C5:D1:D1:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/86gMSDN78n2y_Qg8FyxqHMXR0Xw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/6e17dd-b483-4e7a-acf9-2664dace9580/1/0aywYTi5Sc6yVfxfBxLpHYbIDYs.roa
Signing time:             Wed 01 Jan 2025 15:48:56 +0000
ROA not before:           Wed 01 Jan 2025 15:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        193.33.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/6e17dd-b483-4e7a-acf9-2664dace9580/1/86gMSDN78n2y_Qg8FyxqHMXR0Xw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/6e17dd-b483-4e7a-acf9-2664dace9580/1/86gMSDN78n2y_Qg8FyxqHMXR0Xw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/86gMSDN78n2y_Qg8FyxqHMXR0Xw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:45:22:51:d1:ec:48:28:31:4b:aa:a9:36:b2:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3a80c48337bf27db2fd083c172c6a1cc5d1d17c
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1acb06138b949ceb255fc5f0712e91d86c80d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ee:1d:90:82:31:16:88:aa:e6:ad:df:c2:99:
                    03:21:1f:39:c9:15:40:7a:3c:7b:a8:53:d8:a6:d6:
                    23:3b:6b:d5:c9:27:35:6c:13:04:92:4c:98:ae:55:
                    aa:0f:12:d6:2d:9e:08:5b:7b:03:3a:3f:fa:50:fa:
                    b1:9f:ee:ef:6e:f9:fb:fc:ee:0a:a1:24:31:b6:d4:
                    21:94:d8:a0:17:ed:7f:33:eb:21:0e:03:e8:59:bf:
                    d9:d3:79:31:89:bf:66:b7:e6:bd:d0:96:da:a6:c9:
                    59:71:8a:08:0d:4c:36:b0:dd:5b:d7:2b:89:8b:17:
                    8c:2b:02:71:a3:68:87:34:63:e6:7b:7e:a4:24:1f:
                    c2:ef:aa:37:a9:0e:a8:90:d5:33:eb:4e:e2:ce:b0:
                    52:a0:79:0b:25:89:b5:01:c6:a4:00:65:27:fc:26:
                    c0:2a:08:c6:3b:da:43:5e:f0:17:90:29:c2:6e:1a:
                    d0:9d:95:49:e0:3b:6f:66:fe:56:41:76:58:78:fa:
                    a6:b3:30:25:32:67:48:5e:13:96:b2:ff:ec:cf:f3:
                    28:1d:45:9b:aa:11:7e:06:03:db:9c:a9:24:74:1e:
                    22:eb:4a:d3:23:80:51:ec:a3:65:2a:23:36:5a:27:
                    37:fb:e8:7f:10:a6:b6:20:cb:4a:01:6f:a1:0b:1b:
                    9e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:AC:B0:61:38:B9:49:CE:B2:55:FC:5F:07:12:E9:1D:86:C8:0D:8B
            X509v3 Authority Key Identifier:
                keyid:F3:A8:0C:48:33:7B:F2:7D:B2:FD:08:3C:17:2C:6A:1C:C5:D1:D1:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/86gMSDN78n2y_Qg8FyxqHMXR0Xw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6e17dd-b483-4e7a-acf9-2664dace9580/1/0aywYTi5Sc6yVfxfBxLpHYbIDYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6e17dd-b483-4e7a-acf9-2664dace9580/1/86gMSDN78n2y_Qg8FyxqHMXR0Xw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:be:5c:50:a9:ab:2c:94:f9:ae:b2:fa:da:fc:f2:18:6f:1e:
         25:0f:27:b3:46:5e:fc:fd:58:7e:92:9f:3d:67:6e:d9:2b:61:
         c5:67:46:8e:4d:be:80:d7:55:ad:8a:18:5b:6b:75:da:2e:eb:
         d8:2e:77:1d:2d:bd:ac:7f:5d:61:60:ba:7a:83:b9:99:68:6f:
         2d:40:5a:05:5f:61:2d:84:7c:23:f6:15:18:6c:40:db:6a:1d:
         cf:d3:ac:3b:bd:1c:00:0f:3c:ac:31:bd:f0:3d:66:11:16:99:
         a4:71:a3:c1:66:2b:bf:82:da:61:ef:cf:6f:a2:86:b6:9b:32:
         63:f9:12:8c:e5:e5:bc:39:3d:2b:0a:64:5f:0a:14:63:3c:ef:
         76:ab:a0:50:10:fd:2a:7c:db:e1:9c:cb:87:d1:ee:2f:0e:05:
         86:40:0c:14:d9:c2:d3:01:0b:e2:2c:6b:25:87:69:0d:65:56:
         36:20:7f:8f:6d:2d:c2:15:61:43:52:3a:e2:1a:4d:04:66:13:
         46:ba:11:fe:d2:44:78:71:f4:4f:8d:97:11:78:3f:e1:d6:39:
         27:2d:e8:56:72:9a:0f:13:76:48:2c:34:57:60:cf:b0:3b:a3:
         cf:9a:6d:8e:3c:15:6a:d2:39:df:91:c8:d4:be:4f:fd:95:fb:
         dd:82:e1:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkUiUdHsSCgxS6qpNrLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYTgwYzQ4MzM3YmYyN2RiMmZkMDgzYzE3MmM2YTFjYzVk
MWQxN2MwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWFjYjA2MTM4Yjk0OWNlYjI1NWZjNWYwNzEyZTkxZDg2YzgwZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+4dkIIxFoiq5q3fwpkDIR85yRVA
ejx7qFPYptYjO2vVySc1bBMEkkyYrlWqDxLWLZ4IW3sDOj/6UPqxn+7vbvn7/O4K
oSQxttQhlNigF+1/M+shDgPoWb/Z03kxib9mt+a90JbapslZcYoIDUw2sN1b1yuJ
ixeMKwJxo2iHNGPme36kJB/C76o3qQ6okNUz607izrBSoHkLJYm1AcakAGUn/CbA
KgjGO9pDXvAXkCnCbhrQnZVJ4DtvZv5WQXZYePqmszAlMmdIXhOWsv/sz/MoHUWb
qhF+BgPbnKkkdB4i60rTI4BR7KNlKiM2Wic3++h/EKa2IMtKAW+hCxueAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGssGE4uUnOslX8XwcS6R2GyA2LMB8GA1UdIwQY
MBaAFPOoDEgze/J9sv0IPBcsahzF0dF8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODZnTVNETjc4bjJ5X1FnOEZ5eHFITVhSMFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC82ZTE3ZGQtYjQ4My00ZTdhLWFjZjkt
MjY2NGRhY2U5NTgwLzEvMGF5d1lUaTVTYzZ5VmZ4ZkJ4THBIWWJJRFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC82ZTE3ZGQtYjQ4My00ZTdhLWFjZjktMjY2NGRhY2U5NTgw
LzEvODZnTVNETjc4bjJ5X1FnOEZ5eHFITVhSMFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSGnMA0G
CSqGSIb3DQEBCwUAA4IBAQCfvlxQqasslPmusvra/PIYbx4lDyezRl78/Vh+kp89
Z27ZK2HFZ0aOTb6A11Wtihhba3XaLuvYLncdLb2sf11hYLp6g7mZaG8tQFoFX2Et
hHwj9hUYbEDbah3P06w7vRwADzysMb3wPWYRFpmkcaPBZiu/gtph789vooa2mzJj
+RKM5eW8OT0rCmRfChRjPO92q6BQEP0qfNvhnMuH0e4vDgWGQAwU2cLTAQviLGsl
h2kNZVY2IH+PbS3CFWFDUjriGk0EZhNGuhH+0kR4cfRPjZcReD/h1jknLehWcpoP
E3ZILDRXYM+wO6PPmm2OPBVq0jnfkcjUvk/9lfvdguHs
-----END CERTIFICATE-----