Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/s5YaS3VA0T52xJ5l5rFauUbFgwE.roa
File:                     s5YaS3VA0T52xJ5l5rFauUbFgwE.roa (raw, json)
Hash identifier:          JV1GN+4WYVJ18P7z6Hwge46vI+gFA8OZrJth5Bdr90Y=
Subject key identifier:   B3:96:1A:4B:75:40:D1:3E:76:C4:9E:65:E6:B1:5A:B9:46:C5:83:01
Certificate issuer:       /CN=e6e2575267ff832d979e38ddaf3dd67420162cda
Certificate serial:       01944A63C0B46232839064E8C2E9FBFE5923
Authority key identifier: E6:E2:57:52:67:FF:83:2D:97:9E:38:DD:AF:3D:D6:74:20:16:2C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/s5YaS3VA0T52xJ5l5rFauUbFgwE.roa
Signing time:             Thu 09 Jan 2025 09:27:18 +0000
ROA not before:           Thu 09 Jan 2025 09:27:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9176
IP address blocks:        193.41.126.0/24 maxlen: 24
                          193.41.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:63:c0:b4:62:32:83:90:64:e8:c2:e9:fb:fe:59:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6e2575267ff832d979e38ddaf3dd67420162cda
        Validity
            Not Before: Jan  9 09:27:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3961a4b7540d13e76c49e65e6b15ab946c58301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:dd:2e:28:94:6d:c1:0d:60:19:95:c5:66:f9:
                    d0:b3:df:13:6a:dd:04:3b:13:0b:13:f7:a8:99:c1:
                    13:10:56:96:34:d8:98:e0:3f:0b:d0:c9:07:eb:db:
                    d0:08:3a:24:64:b7:f9:15:ac:16:db:de:64:b6:33:
                    f7:2f:9c:a7:d2:21:b5:9b:23:c2:31:68:b4:59:69:
                    57:2c:fa:7d:d2:42:af:08:ce:b0:51:5d:db:a3:03:
                    14:52:f2:4b:72:f2:6a:3a:4c:ad:3b:23:38:12:bc:
                    d7:c7:df:d9:4f:54:52:c0:e2:0a:5f:bc:0b:dd:5c:
                    16:d6:4a:96:0c:f4:c5:51:8a:e8:3a:dc:86:f1:3a:
                    e3:05:7e:3d:da:ad:54:0e:2c:6a:de:0f:1d:1c:20:
                    3e:05:d7:c2:8c:56:c1:87:c1:26:5a:7a:9d:f9:b3:
                    e8:ed:76:e2:dc:be:6a:2a:1c:f2:45:04:be:65:e1:
                    7c:3b:61:ae:49:fa:25:60:4a:dc:5d:d5:8c:92:9b:
                    42:7d:dd:4e:8f:2c:99:70:24:2e:80:09:cf:9d:22:
                    00:2c:b8:fb:f7:7b:37:4d:18:06:84:7a:83:d7:1d:
                    87:bc:d2:7b:de:ef:0d:bc:2d:3c:53:89:04:d0:2a:
                    90:1d:cc:d3:3e:2a:f5:7c:96:e9:2a:db:c1:45:34:
                    d6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:96:1A:4B:75:40:D1:3E:76:C4:9E:65:E6:B1:5A:B9:46:C5:83:01
            X509v3 Authority Key Identifier:
                keyid:E6:E2:57:52:67:FF:83:2D:97:9E:38:DD:AF:3D:D6:74:20:16:2C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/s5YaS3VA0T52xJ5l5rFauUbFgwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/dd5032-94b9-43f5-9dbb-782cf71c82cc/1/5uJXUmf_gy2Xnjjdrz3WdCAWLNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:31:6c:42:93:94:67:ad:2c:c9:8e:84:09:8c:cf:ed:cc:1c:
         4c:55:e0:70:b7:1d:4f:cc:4a:7d:c5:eb:eb:20:aa:f8:c6:7b:
         34:65:cf:8b:c3:6f:83:e1:26:e2:f7:d3:1a:03:6d:29:97:be:
         9c:ff:6f:d6:6d:8b:70:d2:00:64:a4:9e:19:10:76:82:9a:a4:
         f9:44:2f:1b:65:7f:2c:d6:21:32:8d:75:3e:90:53:a7:a0:2d:
         83:eb:87:9f:7a:ab:ff:ee:84:6e:15:df:6d:49:97:f1:3c:a2:
         09:53:1b:26:35:2a:19:67:aa:70:d8:74:2f:e7:e9:44:8f:cb:
         34:28:32:df:f6:6a:6d:d4:1c:f4:60:1a:b5:8f:9a:70:83:e6:
         3a:92:dc:d5:6b:64:93:e4:ca:b0:1e:01:c6:91:37:63:80:5b:
         60:16:2e:b9:e3:3f:0e:f1:ac:17:0e:04:20:4b:84:fe:6c:c5:
         0d:a6:18:d4:79:e7:a8:80:bc:7b:39:1c:fd:a4:8c:db:e9:fb:
         03:b1:89:91:b0:58:71:5d:9a:89:c2:d8:94:99:a0:67:99:ef:
         95:40:f3:41:14:5b:68:89:49:e6:f5:ea:90:a2:72:5d:cc:dd:
         06:45:ff:59:47:94:14:57:a2:ea:6b:f2:f3:f6:42:ff:f4:a1:
         b8:cf:89:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKY8C0YjKDkGTowun7/lkjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2ZTI1NzUyNjdmZjgzMmQ5NzllMzhkZGFmM2RkNjc0MjAx
NjJjZGEwHhcNMjUwMTA5MDkyNzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk2MWE0Yjc1NDBkMTNlNzZjNDllNjVlNmIxNWFiOTQ2YzU4MzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu90uKJRtwQ1gGZXFZvnQs98Tat0E
OxMLE/eomcETEFaWNNiY4D8L0MkH69vQCDokZLf5FawW295ktjP3L5yn0iG1myPC
MWi0WWlXLPp90kKvCM6wUV3bowMUUvJLcvJqOkytOyM4ErzXx9/ZT1RSwOIKX7wL
3VwW1kqWDPTFUYroOtyG8TrjBX492q1UDixq3g8dHCA+BdfCjFbBh8EmWnqd+bPo
7Xbi3L5qKhzyRQS+ZeF8O2GuSfolYErcXdWMkptCfd1OjyyZcCQugAnPnSIALLj7
93s3TRgGhHqD1x2HvNJ73u8NvC08U4kE0CqQHczTPir1fJbpKtvBRTTWBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOWGkt1QNE+dsSeZeaxWrlGxYMBMB8GA1UdIwQY
MBaAFObiV1Jn/4Mtl5443a891nQgFizaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXVKWFVtZl9neTJYbmpqZHJ6M1dkQ0FXTE5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kZDUwMzItOTRiOS00M2Y1LTlkYmIt
NzgyY2Y3MWM4MmNjLzEvczVZYVMzVkEwVDUyeEo1bDVyRmF1VWJGZ3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kZDUwMzItOTRiOS00M2Y1LTlkYmItNzgyY2Y3MWM4MmNj
LzEvNXVKWFVtZl9neTJYbmpqZHJ6M1dkQ0FXTE5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSl+MA0G
CSqGSIb3DQEBCwUAA4IBAQCeMWxCk5RnrSzJjoQJjM/tzBxMVeBwtx1PzEp9xevr
IKr4xns0Zc+Lw2+D4Sbi99MaA20pl76c/2/WbYtw0gBkpJ4ZEHaCmqT5RC8bZX8s
1iEyjXU+kFOnoC2D64efeqv/7oRuFd9tSZfxPKIJUxsmNSoZZ6pw2HQv5+lEj8s0
KDLf9mpt1Bz0YBq1j5pwg+Y6ktzVa2ST5MqwHgHGkTdjgFtgFi654z8O8awXDgQg
S4T+bMUNphjUeeeogLx7ORz9pIzb6fsDsYmRsFhxXZqJwtiUmaBnme+VQPNBFFto
iUnm9eqQonJdzN0GRf9ZR5QUV6Lqa/Lz9kL/9KG4z4k0
-----END CERTIFICATE-----