Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/KZ9MaFf9moOlWzhDiV51E6z4ruQ.roa
File:                     KZ9MaFf9moOlWzhDiV51E6z4ruQ.roa (raw, json)
Hash identifier:          o42ZvTk2aV903nYiy/wXE7YfcS2jTGFMZ4dlRDRmvzw=
Subject key identifier:   29:9F:4C:68:57:FD:9A:83:A5:5B:38:43:89:5E:75:13:AC:F8:AE:E4
Certificate issuer:       /CN=4acef45fbb0f26930aeb833cf79fc41e22ca9235
Certificate serial:       0194221F4595B346FF440C4CAE85EE1565C5
Authority key identifier: 4A:CE:F4:5F:BB:0F:26:93:0A:EB:83:3C:F7:9F:C4:1E:22:CA:92:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/KZ9MaFf9moOlWzhDiV51E6z4ruQ.roa
Signing time:             Wed 01 Jan 2025 13:47:42 +0000
ROA not before:           Wed 01 Jan 2025 13:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210820
IP address blocks:        193.111.235.0/24 maxlen: 24
                          193.134.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:45:95:b3:46:ff:44:0c:4c:ae:85:ee:15:65:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4acef45fbb0f26930aeb833cf79fc41e22ca9235
        Validity
            Not Before: Jan  1 13:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=299f4c6857fd9a83a55b3843895e7513acf8aee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b4:58:d8:0c:13:d4:1f:08:87:14:4a:e5:6d:
                    8a:63:cb:d3:54:d6:67:4f:7d:b4:51:ff:9f:5b:d4:
                    03:40:16:92:93:b6:78:6e:52:e3:5c:c4:2d:cc:6b:
                    30:da:32:ce:97:42:ef:f4:90:58:4c:56:75:1a:14:
                    9c:76:9c:0a:83:4f:c4:e8:d6:6f:98:d1:58:3f:6d:
                    47:65:18:5d:85:ba:2a:df:23:af:7e:79:6a:e5:fe:
                    dc:e4:1b:7b:53:5d:44:b8:83:2f:2e:89:f1:47:31:
                    60:ae:a1:33:73:5c:70:e6:80:25:86:cb:73:8e:23:
                    b6:8e:18:2b:80:58:8c:9a:37:09:f2:e9:7e:9b:11:
                    66:90:35:b6:ad:ab:b8:a7:c7:fd:25:79:5c:af:8b:
                    29:61:35:60:53:31:33:89:b1:d9:71:0d:b4:59:61:
                    12:45:93:2b:94:88:3b:6e:5c:5c:c9:20:c2:90:f1:
                    3a:46:4d:e8:4b:1f:cd:86:62:5d:55:95:08:87:f6:
                    11:aa:c9:76:ea:36:5f:96:17:0a:3e:31:49:59:58:
                    70:ab:01:8c:cd:8b:a7:8f:e9:e5:7d:c7:45:f7:39:
                    39:08:70:0a:2c:97:5b:45:6b:d8:59:e9:78:2f:6d:
                    b3:9a:26:f0:ac:ac:3f:d8:bd:15:da:8e:67:15:5a:
                    11:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9F:4C:68:57:FD:9A:83:A5:5B:38:43:89:5E:75:13:AC:F8:AE:E4
            X509v3 Authority Key Identifier:
                keyid:4A:CE:F4:5F:BB:0F:26:93:0A:EB:83:3C:F7:9F:C4:1E:22:CA:92:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss70X7sPJpMK64M895_EHiLKkjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/KZ9MaFf9moOlWzhDiV51E6z4ruQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/97fb36-ea9b-43f4-aad5-06f7290dc44a/1/Ss70X7sPJpMK64M895_EHiLKkjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.235.0/24
                  193.134.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:92:72:76:01:9b:0c:b8:36:49:2e:96:71:d0:41:89:1a:a2:
         81:21:3d:eb:09:11:0c:d2:fb:db:a4:25:89:a1:ea:1f:f8:e7:
         6d:de:6d:c7:28:ad:50:46:2a:4f:d8:d7:db:e6:57:48:f1:97:
         e8:f5:87:c6:21:47:65:f7:03:e9:0d:be:11:cf:02:5a:34:68:
         99:7b:92:cf:2a:fb:b7:3d:9d:e8:48:c7:95:53:91:84:08:2c:
         4c:06:26:d1:bc:58:80:59:26:c8:ce:d4:14:66:89:22:48:57:
         34:f0:9a:99:7c:8d:a7:38:d1:45:82:97:08:58:4c:b9:bc:b8:
         8c:ba:84:60:41:4f:ba:36:af:e9:84:09:31:78:b3:ef:b6:35:
         74:b1:82:cd:0a:7a:8e:37:b3:c7:8e:74:78:47:c8:97:70:3f:
         f8:bc:30:a6:74:cb:55:cc:9d:db:36:73:67:78:e4:06:26:07:
         84:f3:20:3b:2d:e1:b2:46:17:c1:6b:9c:bf:49:d5:59:ba:c6:
         71:54:66:59:42:2c:5d:1a:36:68:6a:fc:68:65:77:29:03:53:
         d4:81:57:88:e9:28:c0:73:d2:0b:84:9a:7b:4e:a0:4b:fa:04:
         80:63:7d:9b:75:52:b1:41:be:93:b9:fc:ab:e3:d3:ac:b8:73:
         05:b0:89:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH0WVs0b/RAxMroXuFWXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2VmNDVmYmIwZjI2OTMwYWViODMzY2Y3OWZjNDFlMjJj
YTkyMzUwHhcNMjUwMTAxMTM0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlmNGM2ODU3ZmQ5YTgzYTU1YjM4NDM4OTVlNzUxM2FjZjhhZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbRY2AwT1B8IhxRK5W2KY8vTVNZn
T320Uf+fW9QDQBaSk7Z4blLjXMQtzGsw2jLOl0Lv9JBYTFZ1GhScdpwKg0/E6NZv
mNFYP21HZRhdhboq3yOvfnlq5f7c5Bt7U11EuIMvLonxRzFgrqEzc1xw5oAlhstz
jiO2jhgrgFiMmjcJ8ul+mxFmkDW2rau4p8f9JXlcr4spYTVgUzEzibHZcQ20WWES
RZMrlIg7blxcySDCkPE6Rk3oSx/NhmJdVZUIh/YRqsl26jZflhcKPjFJWVhwqwGM
zYunj+nlfcdF9zk5CHAKLJdbRWvYWel4L22zmibwrKw/2L0V2o5nFVoRuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCmfTGhX/ZqDpVs4Q4ledROs+K7kMB8GA1UdIwQY
MBaAFErO9F+7DyaTCuuDPPefxB4iypI1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3M3MFg3c1BKcE1LNjRNODk1X0VIaUxLa2pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi85N2ZiMzYtZWE5Yi00M2Y0LWFhZDUt
MDZmNzI5MGRjNDRhLzEvS1o5TWFGZjltb09sV3poRGlWNTFFNno0cnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi85N2ZiMzYtZWE5Yi00M2Y0LWFhZDUtMDZmNzI5MGRjNDRh
LzEvU3M3MFg3c1BKcE1LNjRNODk1X0VIaUxLa2pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW/rAwQA
wYZlMA0GCSqGSIb3DQEBCwUAA4IBAQCZknJ2AZsMuDZJLpZx0EGJGqKBIT3rCREM
0vvbpCWJoeof+Odt3m3HKK1QRipP2Nfb5ldI8Zfo9YfGIUdl9wPpDb4RzwJaNGiZ
e5LPKvu3PZ3oSMeVU5GECCxMBibRvFiAWSbIztQUZokiSFc08JqZfI2nONFFgpcI
WEy5vLiMuoRgQU+6Nq/phAkxeLPvtjV0sYLNCnqON7PHjnR4R8iXcD/4vDCmdMtV
zJ3bNnNneOQGJgeE8yA7LeGyRhfBa5y/SdVZusZxVGZZQixdGjZoavxoZXcpA1PU
gVeI6SjAc9ILhJp7TqBL+gSAY32bdVKxQb6Tufyr49OsuHMFsIma
-----END CERTIFICATE-----