Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/RVm4PleqV8m6zGkcPiKBRGWO1cI.roa
File:                     RVm4PleqV8m6zGkcPiKBRGWO1cI.roa (raw, json)
Hash identifier:          3p0hXdk+JmHhQEiq1MExor2f3lGKmZyobEJTxOu9buE=
Subject key identifier:   45:59:B8:3E:57:AA:57:C9:BA:CC:69:1C:3E:22:81:44:65:8E:D5:C2
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       0194266B0F6E4D357EFDEBE46A5D0DDF60C4
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/RVm4PleqV8m6zGkcPiKBRGWO1cI.roa
Signing time:             Thu 02 Jan 2025 09:48:57 +0000
ROA not before:           Thu 02 Jan 2025 09:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44901
IP address blocks:        193.9.47.0/24 maxlen: 24
                          2a14:640::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:0f:6e:4d:35:7e:fd:eb:e4:6a:5d:0d:df:60:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Jan  2 09:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4559b83e57aa57c9bacc691c3e228144658ed5c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:45:8d:1f:c2:f8:cd:8c:88:68:12:5c:b9:03:
                    b4:6f:61:7b:5d:1c:24:c4:5b:39:d1:af:6c:d6:e0:
                    cc:c7:7c:11:f7:93:70:a6:b4:1c:42:48:96:09:2f:
                    1a:93:8f:cb:d7:cd:66:9b:87:50:d5:ee:1b:f8:54:
                    2b:75:b7:1b:8c:4a:a8:c3:0a:a0:f6:cf:09:3a:7a:
                    0e:7b:e3:dc:a2:e7:74:a0:55:38:ff:64:45:03:b7:
                    61:b0:97:ba:a8:2f:67:4b:62:a9:b4:6a:7d:69:e2:
                    ce:93:55:32:61:52:13:d0:4a:39:eb:9a:bc:60:e8:
                    9b:42:e2:d6:0f:26:62:71:c0:f8:68:c4:6c:e4:2d:
                    b4:31:ed:d4:b7:aa:97:cc:b8:af:4f:b6:b8:31:6f:
                    71:92:58:79:fb:35:7a:db:3a:20:94:9f:fd:24:f0:
                    1a:2b:3b:d9:ee:8f:7c:5d:c5:a1:45:33:ab:b8:18:
                    1e:4d:97:93:6f:81:80:ef:5f:c9:81:67:b0:5e:7d:
                    3e:fd:6f:c7:b7:59:a0:6b:74:de:f7:45:4a:69:4a:
                    80:94:1d:e5:e8:00:08:49:2a:13:7e:69:a8:e3:b8:
                    06:c3:ba:be:5e:90:0b:57:78:01:36:86:99:90:8e:
                    02:ac:9a:13:05:99:54:3b:6a:2c:1b:cd:b3:59:d4:
                    9d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:59:B8:3E:57:AA:57:C9:BA:CC:69:1C:3E:22:81:44:65:8E:D5:C2
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/RVm4PleqV8m6zGkcPiKBRGWO1cI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.47.0/24
                IPv6:
                  2a14:640::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:e2:a3:ca:c9:21:78:55:bd:d5:ab:99:2e:5a:bf:62:1c:15:
         c3:6e:fc:31:17:e1:a8:bd:7a:0c:4c:8c:8f:eb:47:96:5e:b7:
         df:2a:af:d3:f5:30:6a:f3:fd:19:da:5c:fc:e9:2f:72:d2:ca:
         f2:b9:42:47:39:25:82:74:12:8b:17:02:5f:a0:2e:e5:ac:cc:
         02:3e:d3:cb:99:5c:bd:90:24:f5:ff:2d:c2:ca:46:40:3e:8b:
         f2:12:3d:a2:ed:79:38:1c:37:d4:f9:1d:bc:a4:ff:13:1f:6f:
         78:17:07:d6:c9:9c:63:b1:fd:86:5a:9c:21:c3:ff:85:98:c0:
         de:a6:d3:68:ab:e6:34:9a:e8:15:6e:3a:72:97:be:6e:07:65:
         59:4d:a2:d1:bc:95:c7:fb:8a:db:e8:87:4d:c4:96:11:75:14:
         a5:29:fe:71:01:5e:46:06:5f:be:10:1f:f9:cf:68:ae:a7:f0:
         aa:84:58:ee:52:f8:79:24:4a:03:39:dc:63:60:1f:43:43:9b:
         53:6a:42:63:f4:6e:d8:61:f9:2d:de:64:fc:d4:c6:e6:50:24:
         71:70:11:3b:cd:0d:16:4a:f4:8f:17:7e:6c:cf:f2:93:a7:5f:
         a2:d4:e8:3b:8a:fb:e8:70:8d:9c:54:e8:5a:6b:ee:41:14:bd:
         78:22:4c:e5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmaw9uTTV+/evkal0N32DEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwMTAyMDk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTU5YjgzZTU3YWE1N2M5YmFjYzY5MWMzZTIyODE0NDY1OGVkNWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkWNH8L4zYyIaBJcuQO0b2F7XRwk
xFs50a9s1uDMx3wR95NwprQcQkiWCS8ak4/L181mm4dQ1e4b+FQrdbcbjEqowwqg
9s8JOnoOe+Pcoud0oFU4/2RFA7dhsJe6qC9nS2KptGp9aeLOk1UyYVIT0Eo565q8
YOibQuLWDyZiccD4aMRs5C20Me3Ut6qXzLivT7a4MW9xklh5+zV62zoglJ/9JPAa
KzvZ7o98XcWhRTOruBgeTZeTb4GA71/JgWewXn0+/W/Ht1mga3Te90VKaUqAlB3l
6AAISSoTfmmo47gGw7q+XpALV3gBNoaZkI4CrJoTBZlUO2osG82zWdSd0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEVZuD5XqlfJusxpHD4igURljtXCMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvUlZtNFBsZXFWOG02ekdrY1BpS0JSR1dPMWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwQkvMA8E
AgACMAkDBwAqFAZAAAAwDQYJKoZIhvcNAQELBQADggEBAJzio8rJIXhVvdWrmS5a
v2IcFcNu/DEX4ai9egxMjI/rR5Zet98qr9P1MGrz/RnaXPzpL3LSyvK5Qkc5JYJ0
EosXAl+gLuWszAI+08uZXL2QJPX/LcLKRkA+i/ISPaLteTgcN9T5Hbyk/xMfb3gX
B9bJnGOx/YZanCHD/4WYwN6m02ir5jSa6BVuOnKXvm4HZVlNotG8lcf7itvoh03E
lhF1FKUp/nEBXkYGX74QH/nPaK6n8KqEWO5S+HkkSgM53GNgH0NDm1NqQmP0bthh
+S3eZPzUxuZQJHFwETvNDRZK9I8XfmzP8pOnX6LU6DuK++hwjZxU6Fpr7kEUvXgi
TOU=
-----END CERTIFICATE-----