Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/df757c-499d-4020-a5c3-61161a65d3d6/1/157MYG0IejEjRYj-j1k-QApt6pw.roa
File:                     157MYG0IejEjRYj-j1k-QApt6pw.roa (raw, json)
Hash identifier:          /mAnw2Tqo4MtXrtGStA4rPK8XkvjiW+Q+8q7MR/8qbg=
Subject key identifier:   D7:9E:CC:60:6D:08:7A:31:23:45:88:FE:8F:59:3E:40:0A:6D:EA:9C
Certificate issuer:       /CN=ce2bcc10d16b0fed2855e9295fc409d6507b43d6
Certificate serial:       019686CD1902C3051C7D79E878B7950EAC21
Authority key identifier: CE:2B:CC:10:D1:6B:0F:ED:28:55:E9:29:5F:C4:09:D6:50:7B:43:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zivMENFrD-0oVekpX8QJ1lB7Q9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/df757c-499d-4020-a5c3-61161a65d3d6/1/157MYG0IejEjRYj-j1k-QApt6pw.roa
Signing time:             Wed 30 Apr 2025 13:05:10 +0000
ROA not before:           Wed 30 Apr 2025 13:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50281
IP address blocks:        193.46.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/df757c-499d-4020-a5c3-61161a65d3d6/1/zivMENFrD-0oVekpX8QJ1lB7Q9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/df757c-499d-4020-a5c3-61161a65d3d6/1/zivMENFrD-0oVekpX8QJ1lB7Q9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zivMENFrD-0oVekpX8QJ1lB7Q9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:cd:19:02:c3:05:1c:7d:79:e8:78:b7:95:0e:ac:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce2bcc10d16b0fed2855e9295fc409d6507b43d6
        Validity
            Not Before: Apr 30 13:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d79ecc606d087a31234588fe8f593e400a6dea9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:18:a6:51:7d:e1:36:2e:4a:95:cf:ea:03:bd:
                    5b:64:1f:5a:a1:79:ff:75:25:71:43:5e:be:4b:bb:
                    c5:92:ed:4f:dd:41:2e:ad:ee:dd:5a:1f:a0:3b:18:
                    ca:68:b1:4a:99:bd:d6:bc:66:71:31:95:b1:c1:f5:
                    fc:01:96:1b:a5:88:47:05:2e:b7:2a:e0:47:bd:e0:
                    c3:95:79:5d:17:29:f9:55:fb:dd:1d:b6:cf:c9:b9:
                    f3:5b:33:ec:ce:c5:5a:20:96:9d:19:08:ac:1e:c6:
                    48:9e:02:57:5a:94:eb:0d:ca:43:99:79:f3:19:87:
                    c5:01:a4:ef:92:fe:cd:25:e5:ba:f9:ae:93:81:b1:
                    81:4e:45:a1:92:eb:16:57:ec:6b:fe:94:27:d6:38:
                    d9:1e:1d:7d:f7:50:e5:96:d9:bb:69:4a:54:db:48:
                    24:d9:08:f6:08:d5:cf:f5:ef:40:a1:32:b0:3e:ae:
                    bd:55:7a:20:5b:63:76:e8:a3:ac:b1:58:38:3f:1e:
                    e2:bc:ba:f0:32:36:b6:a0:ba:c0:10:d0:2a:8e:8f:
                    b2:50:cf:0b:19:ae:ce:fa:47:92:46:a9:a1:e5:e5:
                    99:a2:8b:4b:b4:5f:ca:aa:b2:69:55:d6:9c:21:90:
                    b8:79:39:9a:7e:fb:da:dd:be:78:55:f7:88:3b:61:
                    5d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:9E:CC:60:6D:08:7A:31:23:45:88:FE:8F:59:3E:40:0A:6D:EA:9C
            X509v3 Authority Key Identifier:
                keyid:CE:2B:CC:10:D1:6B:0F:ED:28:55:E9:29:5F:C4:09:D6:50:7B:43:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zivMENFrD-0oVekpX8QJ1lB7Q9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/df757c-499d-4020-a5c3-61161a65d3d6/1/157MYG0IejEjRYj-j1k-QApt6pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/df757c-499d-4020-a5c3-61161a65d3d6/1/zivMENFrD-0oVekpX8QJ1lB7Q9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:30:db:8e:aa:16:29:d1:57:ab:d6:97:f3:28:20:63:9e:5c:
         a7:9f:34:0b:3f:e4:8e:50:7d:05:05:9b:32:2a:5c:a3:2f:85:
         8f:2c:58:80:28:b4:ce:2d:04:fc:42:cb:40:ee:63:c3:e1:dc:
         1c:ea:33:ad:e6:24:a1:74:fb:e8:b4:4b:97:95:9a:c6:e5:0a:
         33:89:19:f9:db:67:8b:e0:17:a3:e7:0a:b9:48:02:31:1f:d2:
         21:eb:34:8b:0d:23:8c:7f:e0:96:e4:1d:8b:56:0d:4d:eb:7d:
         f2:92:73:08:ad:11:7c:35:5e:6c:70:0e:fe:4f:5d:18:8f:34:
         cc:b3:96:b3:74:16:2e:b3:45:cf:54:a0:19:6f:89:fd:2c:cd:
         62:1f:90:a1:17:a7:62:56:e5:1d:4d:6f:7f:27:0f:64:8c:0d:
         20:68:94:04:23:65:e8:02:73:68:93:b8:03:1d:ec:3f:9b:7a:
         f6:58:db:ea:de:04:32:e5:a9:6d:6b:74:53:cc:d4:93:f8:fc:
         72:95:75:e6:5c:0e:08:94:44:a5:fd:7d:5d:46:a6:86:92:63:
         20:5c:f4:ad:b7:1f:35:1c:1f:20:04:e5:52:e2:ab:b9:3d:4b:
         97:f0:4c:fd:15:da:b1:5d:e0:3a:5e:29:0e:b5:8d:92:5b:77:
         4a:f5:23:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaGzRkCwwUcfXnoeLeVDqwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMmJjYzEwZDE2YjBmZWQyODU1ZTkyOTVmYzQwOWQ2NTA3
YjQzZDYwHhcNMjUwNDMwMTMwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzllY2M2MDZkMDg3YTMxMjM0NTg4ZmU4ZjU5M2U0MDBhNmRlYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBimUX3hNi5Klc/qA71bZB9aoXn/
dSVxQ16+S7vFku1P3UEure7dWh+gOxjKaLFKmb3WvGZxMZWxwfX8AZYbpYhHBS63
KuBHveDDlXldFyn5VfvdHbbPybnzWzPszsVaIJadGQisHsZIngJXWpTrDcpDmXnz
GYfFAaTvkv7NJeW6+a6TgbGBTkWhkusWV+xr/pQn1jjZHh1991Dlltm7aUpU20gk
2Qj2CNXP9e9AoTKwPq69VXogW2N26KOssVg4Px7ivLrwMja2oLrAENAqjo+yUM8L
Ga7O+keSRqmh5eWZootLtF/KqrJpVdacIZC4eTmafvva3b54VfeIO2FddwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeezGBtCHoxI0WI/o9ZPkAKbeqcMB8GA1UdIwQY
MBaAFM4rzBDRaw/tKFXpKV/ECdZQe0PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveml2TUVORnJELTBvVmVrcFg4UUoxbEI3UTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kZjc1N2MtNDk5ZC00MDIwLWE1YzMt
NjExNjFhNjVkM2Q2LzEvMTU3TVlHMEllakVqUllqLWoxay1RQXB0NnB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kZjc1N2MtNDk5ZC00MDIwLWE1YzMtNjExNjFhNjVkM2Q2
LzEveml2TUVORnJELTBvVmVrcFg4UUoxbEI3UTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5ZMA0G
CSqGSIb3DQEBCwUAA4IBAQAXMNuOqhYp0Ver1pfzKCBjnlynnzQLP+SOUH0FBZsy
KlyjL4WPLFiAKLTOLQT8QstA7mPD4dwc6jOt5iShdPvotEuXlZrG5QoziRn522eL
4Bej5wq5SAIxH9Ih6zSLDSOMf+CW5B2LVg1N633yknMIrRF8NV5scA7+T10YjzTM
s5azdBYus0XPVKAZb4n9LM1iH5ChF6diVuUdTW9/Jw9kjA0gaJQEI2XoAnNok7gD
Hew/m3r2WNvq3gQy5alta3RTzNST+PxylXXmXA4IlESl/X1dRqaGkmMgXPSttx81
HB8gBOVS4qu5PUuX8Ez9FdqxXeA6XikOtY2SW3dK9SM/
-----END CERTIFICATE-----