Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Z0sinVsrjztZdWZXyq0HAMquROw.roa
File:                     Z0sinVsrjztZdWZXyq0HAMquROw.roa (raw, json)
Hash identifier:          5+GjpnCGBWsr7RuL/tVtX2VueODcLobULhwbhL426U8=
Subject key identifier:   67:4B:22:9D:5B:2B:8F:3B:59:75:66:57:CA:AD:07:00:CA:AE:44:EC
Certificate issuer:       /CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
Certificate serial:       0194266AD7E1C612FF6ADBE34FF7EF2CFE7C
Authority key identifier: 12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Z0sinVsrjztZdWZXyq0HAMquROw.roa
Signing time:             Thu 02 Jan 2025 09:48:43 +0000
ROA not before:           Thu 02 Jan 2025 09:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        193.222.50.0/24 maxlen: 24
                          193.222.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:d7:e1:c6:12:ff:6a:db:e3:4f:f7:ef:2c:fe:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12fd558a64e97586a43dc7ee50a8d6b292365b60
        Validity
            Not Before: Jan  2 09:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=674b229d5b2b8f3b59756657caad0700caae44ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3e:3c:eb:0d:5a:9d:ec:95:62:62:bf:34:3a:
                    15:b6:6b:e3:97:93:58:9c:9a:62:93:bc:44:e8:31:
                    e9:8f:4b:cb:05:85:40:de:38:45:bf:1c:a5:1b:38:
                    4a:76:c1:e3:ff:31:86:cd:b0:fb:7e:e8:2d:a3:d4:
                    d6:f8:46:96:ac:be:38:64:bf:b4:cc:70:ee:f6:ec:
                    23:d4:6d:8a:e7:8a:d0:1b:95:d6:f2:32:b5:7f:7d:
                    4a:b5:0c:c1:be:8a:c2:96:04:79:70:07:e2:ef:58:
                    dd:36:3d:6f:81:84:1f:1b:9f:00:f7:8a:2f:23:02:
                    59:83:21:a8:f3:78:93:c1:30:02:4c:c6:17:c3:48:
                    9b:30:11:f3:4e:90:65:52:56:31:42:4b:0e:ba:b4:
                    51:bf:4b:3d:5b:35:ca:59:33:1f:5a:f8:20:a8:e5:
                    5d:96:0d:3f:b1:f5:e4:86:94:ff:87:50:f9:d6:6d:
                    3e:c8:f6:30:c0:76:8a:62:e3:4b:42:01:c8:f7:5f:
                    fe:d6:d2:e5:16:dc:01:ad:66:23:44:aa:83:17:5d:
                    9d:20:5a:ee:bd:91:c3:ab:38:9c:db:d8:7c:17:68:
                    df:52:f5:b2:09:4b:b6:d5:b4:5d:9f:27:92:74:13:
                    b3:8e:5c:8e:8e:97:ed:d6:e3:b6:81:de:1a:6a:69:
                    34:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:4B:22:9D:5B:2B:8F:3B:59:75:66:57:CA:AD:07:00:CA:AE:44:EC
            X509v3 Authority Key Identifier:
                keyid:12:FD:55:8A:64:E9:75:86:A4:3D:C7:EE:50:A8:D6:B2:92:36:5B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ev1VimTpdYakPcfuUKjWspI2W2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Z0sinVsrjztZdWZXyq0HAMquROw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/af96df-a4d5-48f9-ac0c-24d8e747c38f/1/Ev1VimTpdYakPcfuUKjWspI2W2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.222.50.0/24
                  193.222.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:2c:cd:d6:bb:df:fe:e7:ff:8c:e3:9c:8d:6f:99:5b:20:5e:
         36:f3:4f:d2:aa:ea:59:6c:ca:66:e4:db:52:d9:27:31:28:a4:
         8a:f6:95:0d:cf:ee:53:a4:fc:ac:0f:0b:09:26:50:52:41:2b:
         e6:9a:1e:31:8d:86:f3:61:24:b6:8c:fb:e6:cc:14:b2:c0:50:
         05:c9:83:f8:d6:53:f1:59:47:12:9c:b9:7b:25:68:b2:c4:b8:
         67:49:7a:f5:ea:3d:5b:71:7c:2d:d9:ee:0d:2e:8f:54:c4:2c:
         df:9f:35:7f:48:c8:81:25:53:57:fa:da:63:95:7f:bf:98:fc:
         a8:f6:26:31:90:50:7f:4a:a8:3e:20:56:d0:a2:ae:3b:72:55:
         2a:73:b9:15:d5:48:16:32:88:e2:ab:1b:82:e9:f7:5c:3b:7b:
         46:62:f3:cd:af:3b:be:6b:a2:95:ec:e6:47:f6:7e:14:ef:9d:
         3f:05:83:f7:91:61:dd:b1:4d:7a:76:2a:05:e3:4f:ac:52:98:
         b9:cf:b4:e7:bb:62:38:df:f0:ea:e8:cf:c3:ec:9b:2e:6a:33:
         3d:32:6a:bf:73:78:99:17:47:25:25:86:85:93:02:d2:09:a5:
         b1:a0:8f:da:41:0d:b9:8a:74:28:de:5d:88:0f:39:40:20:74:
         f2:32:64:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmatfhxhL/atvjT/fvLP58MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZmQ1NThhNjRlOTc1ODZhNDNkYzdlZTUwYThkNmIyOTIz
NjViNjAwHhcNMjUwMTAyMDk0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzRiMjI5ZDViMmI4ZjNiNTk3NTY2NTdjYWFkMDcwMGNhYWU0NGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz486w1aneyVYmK/NDoVtmvjl5NY
nJpik7xE6DHpj0vLBYVA3jhFvxylGzhKdsHj/zGGzbD7fugto9TW+EaWrL44ZL+0
zHDu9uwj1G2K54rQG5XW8jK1f31KtQzBvorClgR5cAfi71jdNj1vgYQfG58A94ov
IwJZgyGo83iTwTACTMYXw0ibMBHzTpBlUlYxQksOurRRv0s9WzXKWTMfWvggqOVd
lg0/sfXkhpT/h1D51m0+yPYwwHaKYuNLQgHI91/+1tLlFtwBrWYjRKqDF12dIFru
vZHDqzic29h8F2jfUvWyCUu21bRdnyeSdBOzjlyOjpft1uO2gd4aamk0uwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGdLIp1bK487WXVmV8qtBwDKrkTsMB8GA1UdIwQY
MBaAFBL9VYpk6XWGpD3H7lCo1rKSNltgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMt
MjRkOGU3NDdjMzhmLzEvWjBzaW5Wc3JqenRaZFdaWHlxMEhBTXF1Uk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9hZjk2ZGYtYTRkNS00OGY5LWFjMGMtMjRkOGU3NDdjMzhm
LzEvRXYxVmltVHBkWWFrUGNmdVVLaldzcEkyVzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwd4yAwQA
wd48MA0GCSqGSIb3DQEBCwUAA4IBAQAJLM3Wu9/+5/+M45yNb5lbIF4280/SqupZ
bMpm5NtS2ScxKKSK9pUNz+5TpPysDwsJJlBSQSvmmh4xjYbzYSS2jPvmzBSywFAF
yYP41lPxWUcSnLl7JWiyxLhnSXr16j1bcXwt2e4NLo9UxCzfnzV/SMiBJVNX+tpj
lX+/mPyo9iYxkFB/Sqg+IFbQoq47clUqc7kV1UgWMojiqxuC6fdcO3tGYvPNrzu+
a6KV7OZH9n4U750/BYP3kWHdsU16dioF40+sUpi5z7Tnu2I43/Dq6M/D7JsuajM9
Mmq/c3iZF0clJYaFkwLSCaWxoI/aQQ25inQo3l2IDzlAIHTyMmQa
-----END CERTIFICATE-----