Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/1hk2beP_0noowMbOmNtoNb3trEI.roa
File:                     1hk2beP_0noowMbOmNtoNb3trEI.roa (raw, json)
Hash identifier:          yPaUkjXMWXPL0Y518Fz9alSB7qRK1+1Dm8ayCL/j/eg=
Subject key identifier:   D6:19:36:6D:E3:FF:D2:7A:28:C0:C6:CE:98:DB:68:35:BD:ED:AC:42
Certificate issuer:       /CN=42fe55e6288a1b4702f9ebe7f8c6060b6cfbb1bc
Certificate serial:       01942143A5A26BDD5832B29D0E6961AF2429
Authority key identifier: 42:FE:55:E6:28:8A:1B:47:02:F9:EB:E7:F8:C6:06:0B:6C:FB:B1:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qv5V5iiKG0cC-evn-MYGC2z7sbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/1hk2beP_0noowMbOmNtoNb3trEI.roa
Signing time:             Wed 01 Jan 2025 09:47:48 +0000
ROA not before:           Wed 01 Jan 2025 09:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15703
IP address blocks:        194.50.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Qv5V5iiKG0cC-evn-MYGC2z7sbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Qv5V5iiKG0cC-evn-MYGC2z7sbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qv5V5iiKG0cC-evn-MYGC2z7sbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:a5:a2:6b:dd:58:32:b2:9d:0e:69:61:af:24:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42fe55e6288a1b4702f9ebe7f8c6060b6cfbb1bc
        Validity
            Not Before: Jan  1 09:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d619366de3ffd27a28c0c6ce98db6835bdedac42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:15:4b:6d:63:62:e5:ba:80:e8:cd:0b:ae:7e:
                    ba:1d:2e:b6:b1:77:0e:40:2a:a9:49:0f:84:48:6a:
                    72:95:b0:9c:72:fc:f4:06:5b:ff:69:e3:7c:5e:31:
                    50:e6:cc:e2:75:cf:31:42:44:87:2f:ea:29:53:a3:
                    77:b4:35:e1:be:1f:be:12:0f:2e:76:64:95:a2:1d:
                    8f:ae:eb:d9:21:ee:81:2e:db:ef:c5:b3:db:93:c9:
                    75:5b:a3:92:c8:f1:a8:6c:66:1b:9f:8f:19:55:57:
                    c7:74:80:54:d4:3e:f3:4d:d1:f9:69:dc:88:73:c3:
                    dc:7b:2b:25:dd:a6:11:27:51:ee:d7:82:e1:b2:0d:
                    de:36:b2:c9:bf:7f:5a:e8:cb:11:1b:2e:43:e0:b5:
                    17:ae:cd:c6:cc:f5:e5:8a:d5:72:cf:e9:d0:d7:97:
                    81:4e:a1:ee:cf:bf:e4:bb:8d:e7:f6:b2:4d:f8:bd:
                    be:bd:48:e9:2f:61:21:38:31:de:14:58:67:b3:95:
                    a7:5e:96:da:5d:4f:08:8e:fd:ee:9e:52:1f:f7:42:
                    31:53:2b:ba:ed:2f:79:04:51:71:91:32:e8:68:bc:
                    55:8f:0d:d9:11:ad:c5:bf:9e:db:1a:9f:c6:6c:d4:
                    af:e3:e7:bd:54:08:8f:10:08:09:ad:11:f0:ab:d9:
                    1f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:19:36:6D:E3:FF:D2:7A:28:C0:C6:CE:98:DB:68:35:BD:ED:AC:42
            X509v3 Authority Key Identifier:
                keyid:42:FE:55:E6:28:8A:1B:47:02:F9:EB:E7:F8:C6:06:0B:6C:FB:B1:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qv5V5iiKG0cC-evn-MYGC2z7sbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/1hk2beP_0noowMbOmNtoNb3trEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/8141dd-449b-4d1f-811a-d6190ccf7857/1/Qv5V5iiKG0cC-evn-MYGC2z7sbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:6a:bf:7b:ae:64:41:f0:99:d4:e6:5a:fd:6c:aa:8a:26:7e:
         fa:43:c9:9b:82:ad:6f:35:e6:b3:37:f4:32:44:71:cd:a0:df:
         ee:bd:57:77:4f:3a:cb:b9:34:66:7d:0f:7d:f7:ba:23:04:c3:
         23:ad:2e:08:64:48:66:fc:38:4f:dd:9a:86:55:0e:e1:05:8f:
         9d:21:26:ad:06:7c:aa:56:31:3b:0a:47:01:4a:c3:0a:fb:80:
         9e:3a:23:71:24:cd:9b:84:62:2d:b8:9f:03:4a:4b:73:ff:02:
         81:bc:f5:3c:2b:e1:06:0d:05:34:cd:82:33:ec:fe:9f:72:09:
         f4:9e:6f:33:47:8c:0f:75:80:0e:bc:ff:4c:18:b3:56:8d:35:
         f9:c8:4d:b9:59:03:31:0e:f5:02:86:42:e7:45:f2:96:6b:66:
         0c:2f:49:b6:e6:9d:ab:af:1a:ef:76:80:df:08:1c:5d:08:94:
         9e:7f:d2:85:28:f4:ae:4d:69:72:d1:b5:3d:40:a6:30:3e:ff:
         e5:41:08:2f:d8:8d:2c:f2:70:5c:bb:98:c9:06:6f:95:18:13:
         99:46:34:ee:5d:fa:3b:54:da:8c:8f:27:a4:d1:73:8f:e0:05:
         30:0e:c5:03:f8:04:89:5a:bc:96:0a:58:d0:88:0f:f7:34:62:
         27:7c:b8:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ6Wia91YMrKdDmlhryQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZmU1NWU2Mjg4YTFiNDcwMmY5ZWJlN2Y4YzYwNjBiNmNm
YmIxYmMwHhcNMjUwMTAxMDk0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjE5MzY2ZGUzZmZkMjdhMjhjMGM2Y2U5OGRiNjgzNWJkZWRhYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBVLbWNi5bqA6M0Lrn66HS62sXcO
QCqpSQ+ESGpylbCccvz0Blv/aeN8XjFQ5szidc8xQkSHL+opU6N3tDXhvh++Eg8u
dmSVoh2PruvZIe6BLtvvxbPbk8l1W6OSyPGobGYbn48ZVVfHdIBU1D7zTdH5adyI
c8Pceysl3aYRJ1Hu14Lhsg3eNrLJv39a6MsRGy5D4LUXrs3GzPXlitVyz+nQ15eB
TqHuz7/ku43n9rJN+L2+vUjpL2EhODHeFFhns5WnXpbaXU8Ijv3unlIf90IxUyu6
7S95BFFxkTLoaLxVjw3ZEa3Fv57bGp/GbNSv4+e9VAiPEAgJrRHwq9kfRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYZNm3j/9J6KMDGzpjbaDW97axCMB8GA1UdIwQY
MBaAFEL+VeYoihtHAvnr5/jGBgts+7G8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXY1VjVpaUtHMGNDLWV2bi1NWUdDMno3c2J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC84MTQxZGQtNDQ5Yi00ZDFmLTgxMWEt
ZDYxOTBjY2Y3ODU3LzEvMWhrMmJlUF8wbm9vd01iT21OdG9OYjN0ckVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC84MTQxZGQtNDQ5Yi00ZDFmLTgxMWEtZDYxOTBjY2Y3ODU3
LzEvUXY1VjVpaUtHMGNDLWV2bi1NWUdDMno3c2J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJwMA0G
CSqGSIb3DQEBCwUAA4IBAQAyar97rmRB8JnU5lr9bKqKJn76Q8mbgq1vNeazN/Qy
RHHNoN/uvVd3TzrLuTRmfQ9997ojBMMjrS4IZEhm/DhP3ZqGVQ7hBY+dISatBnyq
VjE7CkcBSsMK+4CeOiNxJM2bhGItuJ8DSktz/wKBvPU8K+EGDQU0zYIz7P6fcgn0
nm8zR4wPdYAOvP9MGLNWjTX5yE25WQMxDvUChkLnRfKWa2YML0m25p2rrxrvdoDf
CBxdCJSef9KFKPSuTWly0bU9QKYwPv/lQQgv2I0s8nBcu5jJBm+VGBOZRjTuXfo7
VNqMjyek0XOP4AUwDsUD+ASJWryWCljQiA/3NGInfLgX
-----END CERTIFICATE-----