Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/1xdn8NiVRswlc4uk1WDeK_RiIBI.roa
File:                     1xdn8NiVRswlc4uk1WDeK_RiIBI.roa (raw, json)
Hash identifier:          q1iCF9iJIPjwrPQXtH4xaMoQe7AL1oF2LyzhxGkgni4=
Subject key identifier:   D7:17:67:F0:D8:95:46:CC:25:73:8B:A4:D5:60:DE:2B:F4:62:20:12
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       0194266AD987CF287C86F903B8A6DFD7697A
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/1xdn8NiVRswlc4uk1WDeK_RiIBI.roa
Signing time:             Thu 02 Jan 2025 09:48:44 +0000
ROA not before:           Thu 02 Jan 2025 09:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        193.222.111.0/24 maxlen: 24
                          193.222.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:d9:87:cf:28:7c:86:f9:03:b8:a6:df:d7:69:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  2 09:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d71767f0d89546cc25738ba4d560de2bf4622012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:13:62:46:f2:3b:3a:2b:4a:4f:74:80:5c:c2:
                    cc:7f:a2:02:c6:c3:38:53:9c:04:12:5c:eb:1b:97:
                    2a:22:b1:c0:36:28:c2:a2:cd:9f:40:c5:bc:0f:a6:
                    a7:99:c6:00:a6:35:9b:67:50:50:fd:37:50:86:23:
                    2c:4f:ab:c0:db:82:1f:bd:97:6c:30:5b:67:07:f8:
                    bd:66:20:ad:0c:30:82:37:5e:4d:7e:cc:ad:bc:f8:
                    7c:a6:c2:d3:94:7b:32:d1:31:67:c4:e4:a1:da:28:
                    35:aa:d8:8c:59:0b:4c:63:37:01:dd:20:3f:c2:36:
                    07:a6:74:8b:a9:e8:35:0e:1f:e6:52:8d:79:db:03:
                    b4:5d:86:80:55:9d:ad:de:ed:74:b3:c1:36:a4:ae:
                    1d:a9:f9:bb:89:24:ad:3c:5c:f0:ba:5a:9e:c4:d6:
                    e5:8e:b0:bf:b5:72:75:d1:69:52:a9:e2:8e:f4:29:
                    a3:0c:ab:3a:20:88:d4:e7:de:f0:2a:94:9c:5e:6b:
                    36:ea:cb:0f:d8:f2:c5:58:f9:a2:fc:4e:03:dd:34:
                    77:06:23:85:49:ac:37:da:7b:11:1f:93:d9:75:78:
                    fe:2e:d5:8a:b1:27:26:98:fb:29:56:d0:eb:e8:02:
                    03:a2:70:95:cc:72:8f:b1:3b:91:b3:f6:9e:02:d2:
                    a1:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:17:67:F0:D8:95:46:CC:25:73:8B:A4:D5:60:DE:2B:F4:62:20:12
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/1xdn8NiVRswlc4uk1WDeK_RiIBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.111.0/24
                  193.222.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ec:4b:a3:6e:f3:4d:ae:20:de:59:a9:a2:e0:5b:41:76:a6:
         79:83:a6:6c:64:54:88:73:74:76:66:9d:6f:f6:2d:30:38:10:
         bd:9d:1f:3a:b6:ad:35:ed:39:da:29:21:32:ed:03:44:fd:eb:
         04:1d:f3:d4:52:c2:0c:a8:08:0b:fb:ef:9a:58:05:57:3a:4a:
         7d:2f:af:82:5a:95:e8:1e:73:0d:11:c4:b6:c3:de:72:23:b1:
         e6:b3:6e:db:9c:03:ff:3c:6f:5e:ee:5b:59:ba:41:64:69:77:
         ba:1d:df:71:25:f6:af:9a:eb:d3:f8:b2:e4:a1:cc:80:68:96:
         e4:bf:18:ed:61:46:68:0c:55:4c:ab:80:b5:18:71:05:32:e7:
         00:35:27:bd:f6:a0:44:f5:14:3a:ea:54:e8:ce:8b:85:d2:fa:
         a1:de:41:24:d6:58:74:34:be:9c:4f:ff:87:92:67:95:fb:66:
         83:2b:ea:bf:ff:8d:07:08:87:0b:aa:a5:1f:15:4a:cb:a3:85:
         0c:82:71:ed:e8:34:95:c6:e3:ca:b3:dd:a0:12:7a:8d:af:ea:
         6c:d0:f9:c6:05:85:20:ae:75:45:2b:a5:e3:a0:55:5b:aa:22:
         0b:74:52:8b:0b:80:95:c8:26:07:8e:ad:3a:8b:72:2b:b2:cf:
         7c:55:b1:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmatmHzyh8hvkDuKbf12l6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwMTAyMDk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzE3NjdmMGQ4OTU0NmNjMjU3MzhiYTRkNTYwZGUyYmY0NjIyMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7RNiRvI7OitKT3SAXMLMf6ICxsM4
U5wEElzrG5cqIrHANijCos2fQMW8D6anmcYApjWbZ1BQ/TdQhiMsT6vA24IfvZds
MFtnB/i9ZiCtDDCCN15NfsytvPh8psLTlHsy0TFnxOSh2ig1qtiMWQtMYzcB3SA/
wjYHpnSLqeg1Dh/mUo152wO0XYaAVZ2t3u10s8E2pK4dqfm7iSStPFzwulqexNbl
jrC/tXJ10WlSqeKO9CmjDKs6IIjU597wKpScXms26ssP2PLFWPmi/E4D3TR3BiOF
Saw32nsRH5PZdXj+LtWKsScmmPspVtDr6AIDonCVzHKPsTuRs/aeAtKhgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNcXZ/DYlUbMJXOLpNVg3iv0YiASMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvMXhkbjhOaVZSc3dsYzR1azFXRGVLX1JpSUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwd5vAwQA
wd6LMA0GCSqGSIb3DQEBCwUAA4IBAQAq7EujbvNNriDeWami4FtBdqZ5g6ZsZFSI
c3R2Zp1v9i0wOBC9nR86tq017TnaKSEy7QNE/esEHfPUUsIMqAgL+++aWAVXOkp9
L6+CWpXoHnMNEcS2w95yI7Hms27bnAP/PG9e7ltZukFkaXe6Hd9xJfavmuvT+LLk
ocyAaJbkvxjtYUZoDFVMq4C1GHEFMucANSe99qBE9RQ66lTozouF0vqh3kEk1lh0
NL6cT/+HkmeV+2aDK+q//40HCIcLqqUfFUrLo4UMgnHt6DSVxuPKs92gEnqNr+ps
0PnGBYUgrnVFK6XjoFVbqiILdFKLC4CVyCYHjq06i3Irss98VbEK
-----END CERTIFICATE-----