Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/Co6zif6CgWxRVPx-_ozSij8EWsM.roa
File:                     Co6zif6CgWxRVPx-_ozSij8EWsM.roa (raw, json)
Hash identifier:          tL4rizo5edxFSlgftU4orevud41ccjdavnz1fdBIeh8=
Subject key identifier:   0A:8E:B3:89:FE:82:81:6C:51:54:FC:7E:FE:8C:D2:8A:3F:04:5A:C3
Certificate issuer:       /CN=07d44a52778aa65f736e72436003f6654f268318
Certificate serial:       0196A5A3B10F6C603F6DC226B4EC76A1EAF5
Authority key identifier: 07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/Co6zif6CgWxRVPx-_ozSij8EWsM.roa
Signing time:             Tue 06 May 2025 12:48:10 +0000
ROA not before:           Tue 06 May 2025 12:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12301
IP address blocks:        193.224.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:a3:b1:0f:6c:60:3f:6d:c2:26:b4:ec:76:a1:ea:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d44a52778aa65f736e72436003f6654f268318
        Validity
            Not Before: May  6 12:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a8eb389fe82816c5154fc7efe8cd28a3f045ac3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a6:54:13:95:f2:31:8a:8f:c8:52:8a:52:fb:
                    25:5b:d4:09:e3:99:9d:03:17:03:0c:9a:0b:4b:a5:
                    22:ae:de:f9:a5:02:5c:f0:10:d3:b5:49:89:d5:79:
                    22:a0:33:d6:ad:e2:6c:8d:ad:d6:3b:b0:a1:c0:15:
                    9b:7f:aa:df:75:7c:56:d1:46:f1:94:64:da:48:8e:
                    6f:4d:4f:69:e6:ee:a3:bc:24:15:9b:e2:5a:20:23:
                    c8:d4:9e:67:44:31:c7:3e:20:4f:d7:1b:e3:e6:28:
                    4b:c7:da:3a:0a:bc:e0:69:27:be:47:bf:3e:e8:4e:
                    cd:57:f4:39:ab:ca:25:0d:fc:96:ed:19:04:71:06:
                    37:b1:1b:1f:be:c2:8e:3d:64:14:97:76:40:1e:99:
                    b4:e2:f9:93:aa:26:1d:f6:31:d0:cd:eb:4a:dd:ea:
                    72:67:42:83:e1:01:44:da:43:29:ed:5f:ca:82:89:
                    c0:c3:aa:92:8f:29:3f:3c:5a:4f:c1:ba:77:94:f8:
                    43:fd:1e:10:b9:b3:66:25:0f:79:a0:68:fb:d6:4f:
                    38:ee:9d:fa:70:b4:62:7e:82:55:5d:84:c9:9c:2a:
                    15:24:a6:82:0f:71:98:85:9e:09:2c:07:be:da:47:
                    44:a7:d8:56:4b:32:31:24:9d:36:90:d9:db:60:85:
                    56:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:8E:B3:89:FE:82:81:6C:51:54:FC:7E:FE:8C:D2:8A:3F:04:5A:C3
            X509v3 Authority Key Identifier:
                keyid:07:D4:4A:52:77:8A:A6:5F:73:6E:72:43:60:03:F6:65:4F:26:83:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9RKUneKpl9zbnJDYAP2ZU8mgxg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/Co6zif6CgWxRVPx-_ozSij8EWsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/813cbc-4fa4-4646-a8db-1d28a60e0e30/1/B9RKUneKpl9zbnJDYAP2ZU8mgxg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.224.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:18:e3:e7:db:1d:5a:8d:ea:80:f0:76:e8:39:85:23:60:2b:
         51:8e:15:fb:80:a6:cb:49:8c:17:b2:03:47:29:a4:3d:fc:26:
         b5:eb:e0:e3:5d:f0:6e:13:87:35:a9:61:75:8b:71:8b:31:ac:
         da:f6:c6:b3:44:14:93:f1:e0:39:fa:15:61:98:ad:c2:6a:e4:
         67:0e:43:2a:d0:cb:c5:3a:bd:37:24:01:7a:65:5b:f1:e0:e6:
         51:5e:b6:eb:4c:94:4a:95:c8:c6:8a:82:91:f2:78:4c:8d:d0:
         e0:45:e5:e6:30:18:16:5a:0e:32:f6:60:4d:fd:29:68:33:27:
         9c:02:f2:78:ab:b7:62:29:7b:5c:89:f4:66:68:75:cc:2b:37:
         8c:22:1b:13:4e:aa:43:66:5d:cc:13:a2:37:5d:99:4f:30:ff:
         df:1d:19:c6:62:85:70:81:5a:5f:85:03:c8:ff:d3:71:67:cc:
         32:99:06:64:f3:88:54:db:6c:b6:01:70:a1:14:3c:e1:d9:4d:
         56:f8:e5:1c:d8:58:cb:0f:bb:c2:79:8c:e7:77:32:66:e4:24:
         be:7c:b6:76:c5:86:6e:82:32:c3:8f:6b:72:f4:42:e4:5f:a5:
         3d:b3:ab:aa:0f:85:e0:e0:db:86:0a:f7:bf:76:a2:09:fc:4a:
         7f:3a:e8:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZalo7EPbGA/bcImtOx2oer1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDQ0YTUyNzc4YWE2NWY3MzZlNzI0MzYwMDNmNjY1NGYy
NjgzMTgwHhcNMjUwNTA2MTI0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYThlYjM4OWZlODI4MTZjNTE1NGZjN2VmZThjZDI4YTNmMDQ1YWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqZUE5XyMYqPyFKKUvslW9QJ45md
AxcDDJoLS6Uirt75pQJc8BDTtUmJ1XkioDPWreJsja3WO7ChwBWbf6rfdXxW0Ubx
lGTaSI5vTU9p5u6jvCQVm+JaICPI1J5nRDHHPiBP1xvj5ihLx9o6CrzgaSe+R78+
6E7NV/Q5q8olDfyW7RkEcQY3sRsfvsKOPWQUl3ZAHpm04vmTqiYd9jHQzetK3epy
Z0KD4QFE2kMp7V/KgonAw6qSjyk/PFpPwbp3lPhD/R4QubNmJQ95oGj71k847p36
cLRifoJVXYTJnCoVJKaCD3GYhZ4JLAe+2kdEp9hWSzIxJJ02kNnbYIVWGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqOs4n+goFsUVT8fv6M0oo/BFrDMB8GA1UdIwQY
MBaAFAfUSlJ3iqZfc25yQ2AD9mVPJoMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGIt
MWQyOGE2MGUwZTMwLzEvQ282emlmNkNnV3hSVlB4LV9velNpajhFV3NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84MTNjYmMtNGZhNC00NjQ2LWE4ZGItMWQyOGE2MGUwZTMw
LzEvQjlSS1VuZUtwbDl6Ym5KRFlBUDJaVThtZ3hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweDvMA0G
CSqGSIb3DQEBCwUAA4IBAQAzGOPn2x1ajeqA8HboOYUjYCtRjhX7gKbLSYwXsgNH
KaQ9/Ca16+DjXfBuE4c1qWF1i3GLMaza9sazRBST8eA5+hVhmK3CauRnDkMq0MvF
Or03JAF6ZVvx4OZRXrbrTJRKlcjGioKR8nhMjdDgReXmMBgWWg4y9mBN/SloMyec
AvJ4q7diKXtcifRmaHXMKzeMIhsTTqpDZl3ME6I3XZlPMP/fHRnGYoVwgVpfhQPI
/9NxZ8wymQZk84hU22y2AXChFDzh2U1W+OUc2FjLD7vCeYzndzJm5CS+fLZ2xYZu
gjLDj2ty9ELkX6U9s6uqD4Xg4NuGCve/dqIJ/Ep/Ougd
-----END CERTIFICATE-----