Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/c646e8-bb6d-4862-b9ad-fc779b0d9eed/1/YnK9gT6S7S0RgJeRsD04H4ISSzM.roa
File:                     YnK9gT6S7S0RgJeRsD04H4ISSzM.roa (raw, json)
Hash identifier:          DtfDFV6FFewqe27Bp/4vezKhP0+2FJRS8CYQqbxzDS4=
Subject key identifier:   62:72:BD:81:3E:92:ED:2D:11:80:97:91:B0:3D:38:1F:82:12:4B:33
Certificate issuer:       /CN=a8032f57a6119b692a2b8f142ce494ec08b1fcd8
Certificate serial:       019444C91F78D03CAAB21C0EE5169278D4A8
Authority key identifier: A8:03:2F:57:A6:11:9B:69:2A:2B:8F:14:2C:E4:94:EC:08:B1:FC:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAMvV6YRm2kqK48ULOSU7Aix_Ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/c646e8-bb6d-4862-b9ad-fc779b0d9eed/1/YnK9gT6S7S0RgJeRsD04H4ISSzM.roa
Signing time:             Wed 08 Jan 2025 07:20:19 +0000
ROA not before:           Wed 08 Jan 2025 07:20:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214281
IP address blocks:        193.31.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/c646e8-bb6d-4862-b9ad-fc779b0d9eed/1/qAMvV6YRm2kqK48ULOSU7Aix_Ng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/c646e8-bb6d-4862-b9ad-fc779b0d9eed/1/qAMvV6YRm2kqK48ULOSU7Aix_Ng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qAMvV6YRm2kqK48ULOSU7Aix_Ng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:44:c9:1f:78:d0:3c:aa:b2:1c:0e:e5:16:92:78:d4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8032f57a6119b692a2b8f142ce494ec08b1fcd8
        Validity
            Not Before: Jan  8 07:20:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6272bd813e92ed2d11809791b03d381f82124b33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:58:fe:04:cb:7e:af:56:9e:e5:83:68:fd:7d:
                    99:30:69:5b:6c:a0:8a:91:03:95:11:ce:0b:43:b0:
                    8f:19:99:7b:09:bc:6f:34:ce:1a:1d:84:e7:b5:73:
                    86:bc:c4:07:b5:71:67:0e:ac:43:67:31:3a:c8:a9:
                    e3:6e:67:7f:ca:0d:d2:8e:7b:bf:f8:15:cb:21:cb:
                    9f:6c:a9:d9:ed:e6:15:5c:f5:34:70:12:fa:90:d6:
                    e9:69:33:cd:ce:b1:7c:22:70:00:eb:07:35:1c:15:
                    35:57:eb:d9:bf:65:d0:6e:f2:91:c8:98:01:4a:9e:
                    aa:72:7d:fd:0b:fc:d5:c9:5d:c3:61:e2:fe:ee:78:
                    ba:b6:8e:fb:f5:21:63:eb:8a:7e:90:86:8c:a8:ad:
                    f0:e9:19:d7:ca:6c:0a:3e:4c:1b:70:24:00:e6:b3:
                    6b:9b:4a:bc:de:35:47:36:db:ce:51:50:7c:77:3c:
                    44:7f:69:de:47:9d:66:5a:86:8e:53:ed:12:aa:6c:
                    12:16:8c:3c:12:34:74:de:1a:84:d5:96:cf:8f:f0:
                    c1:6f:bb:b4:df:fe:04:c6:24:06:44:18:3f:2d:c0:
                    0c:d7:28:3b:05:50:b0:f1:66:ea:14:46:ce:14:40:
                    88:da:89:4d:86:16:d1:4f:4f:ac:14:e8:24:09:13:
                    e9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:72:BD:81:3E:92:ED:2D:11:80:97:91:B0:3D:38:1F:82:12:4B:33
            X509v3 Authority Key Identifier:
                keyid:A8:03:2F:57:A6:11:9B:69:2A:2B:8F:14:2C:E4:94:EC:08:B1:FC:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAMvV6YRm2kqK48ULOSU7Aix_Ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c646e8-bb6d-4862-b9ad-fc779b0d9eed/1/YnK9gT6S7S0RgJeRsD04H4ISSzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/c646e8-bb6d-4862-b9ad-fc779b0d9eed/1/qAMvV6YRm2kqK48ULOSU7Aix_Ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:45:9c:34:cb:3c:ec:20:17:74:e3:b6:2b:38:6a:99:a8:0b:
         b2:c8:d9:23:87:2b:79:a1:ca:c9:5e:a3:d0:01:86:e4:6f:c2:
         42:ee:9e:88:e6:72:dd:d5:8d:01:fc:06:5b:17:06:71:28:3f:
         59:10:7d:a3:3c:29:93:fb:08:79:49:9b:61:1b:ec:91:de:48:
         dc:06:f5:9e:f4:7a:25:63:01:02:d9:35:1c:dc:4a:ea:9f:aa:
         cd:5a:5c:8b:31:b3:ee:02:73:77:cc:bc:b7:0a:40:40:bc:01:
         c0:b9:94:cc:50:57:04:63:60:77:f2:75:55:6e:0f:61:9c:a1:
         92:fa:41:3a:a4:c0:a2:71:57:07:1e:34:04:9a:7b:ad:64:46:
         b9:74:85:e0:03:bf:26:33:77:a1:5f:4e:38:77:63:9f:ab:5f:
         74:75:f1:fe:53:1e:41:06:a7:e9:3d:56:9c:a7:25:6a:ca:5c:
         92:58:55:61:b0:6e:c2:d2:31:0b:86:12:f0:ef:38:c7:6e:1e:
         55:76:82:a8:8e:bf:80:01:61:85:4b:97:b7:7f:82:b9:49:91:
         bc:0f:a9:a9:1c:29:8f:74:d5:9b:6c:8f:27:36:2a:85:28:63:
         9e:be:bb:66:69:0a:b2:ad:47:d8:82:3e:c4:1c:65:3c:2b:d2:
         f7:d8:7a:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZREyR940DyqshwO5RaSeNSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDMyZjU3YTYxMTliNjkyYTJiOGYxNDJjZTQ5NGVjMDhi
MWZjZDgwHhcNMjUwMTA4MDcyMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjcyYmQ4MTNlOTJlZDJkMTE4MDk3OTFiMDNkMzgxZjgyMTI0YjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1j+BMt+r1ae5YNo/X2ZMGlbbKCK
kQOVEc4LQ7CPGZl7CbxvNM4aHYTntXOGvMQHtXFnDqxDZzE6yKnjbmd/yg3Sjnu/
+BXLIcufbKnZ7eYVXPU0cBL6kNbpaTPNzrF8InAA6wc1HBU1V+vZv2XQbvKRyJgB
Sp6qcn39C/zVyV3DYeL+7ni6to779SFj64p+kIaMqK3w6RnXymwKPkwbcCQA5rNr
m0q83jVHNtvOUVB8dzxEf2neR51mWoaOU+0SqmwSFow8EjR03hqE1ZbPj/DBb7u0
3/4ExiQGRBg/LcAM1yg7BVCw8WbqFEbOFECI2olNhhbRT0+sFOgkCRPpDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJyvYE+ku0tEYCXkbA9OB+CEkszMB8GA1UdIwQY
MBaAFKgDL1emEZtpKiuPFCzklOwIsfzYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFNdlY2WVJtMmtxSzQ4VUxPU1U3QWl4X05nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jNjQ2ZTgtYmI2ZC00ODYyLWI5YWQt
ZmM3NzliMGQ5ZWVkLzEvWW5LOWdUNlM3UzBSZ0plUnNEMDRINElTU3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jNjQ2ZTgtYmI2ZC00ODYyLWI5YWQtZmM3NzliMGQ5ZWVk
LzEvcUFNdlY2WVJtMmtxSzQ4VUxPU1U3QWl4X05nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR93MA0G
CSqGSIb3DQEBCwUAA4IBAQBIRZw0yzzsIBd047YrOGqZqAuyyNkjhyt5ocrJXqPQ
AYbkb8JC7p6I5nLd1Y0B/AZbFwZxKD9ZEH2jPCmT+wh5SZthG+yR3kjcBvWe9Hol
YwEC2TUc3Erqn6rNWlyLMbPuAnN3zLy3CkBAvAHAuZTMUFcEY2B38nVVbg9hnKGS
+kE6pMCicVcHHjQEmnutZEa5dIXgA78mM3ehX044d2Ofq190dfH+Ux5BBqfpPVac
pyVqylySWFVhsG7C0jELhhLw7zjHbh5VdoKojr+AAWGFS5e3f4K5SZG8D6mpHCmP
dNWbbI8nNiqFKGOevrtmaQqyrUfYgj7EHGU8K9L32HrV
-----END CERTIFICATE-----