Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/hWSKcMqeZaW4Zv4jBiknXOuGsW8.roa
File:                     hWSKcMqeZaW4Zv4jBiknXOuGsW8.roa (raw, json)
Hash identifier:          2qZdD5hbe6sIKnLdKsWHsV9kY8NKZnUdaQZKVQK/Jyo=
Subject key identifier:   85:64:8A:70:CA:9E:65:A5:B8:66:FE:23:06:29:27:5C:EB:86:B1:6F
Certificate issuer:       /CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
Certificate serial:       0194258F01DA04BEA95E77C2B27DBC74A5AD
Authority key identifier: 90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/hWSKcMqeZaW4Zv4jBiknXOuGsW8.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        194.242.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:01:da:04:be:a9:5e:77:c2:b2:7d:bc:74:a5:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85648a70ca9e65a5b866fe230629275ceb86b16f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:fb:b3:fb:34:2a:87:11:5d:26:c5:f3:4f:d9:
                    a6:00:0a:56:a3:65:01:99:af:a3:54:76:60:7e:f9:
                    d7:42:84:7b:23:af:24:76:a9:61:ed:d9:79:32:a3:
                    e5:ce:4a:fc:96:99:17:3e:ec:db:ab:0c:29:9b:2d:
                    1a:01:f8:c3:0f:ce:d2:15:bb:a0:0b:42:4b:b0:89:
                    fd:c6:9c:95:15:cf:dd:88:c9:5b:45:20:4a:2c:13:
                    e2:ce:1d:2e:cf:0a:02:2b:54:bc:76:dd:50:7a:1b:
                    cf:78:5a:00:7f:8d:57:15:15:f0:6c:db:41:6d:86:
                    0a:12:6e:a7:c4:2e:a1:9b:6b:99:c3:e8:19:e8:63:
                    c7:b6:e7:0e:31:ab:41:81:b5:ee:59:55:32:db:e7:
                    41:8c:48:79:99:83:2f:61:fd:5b:63:bf:ee:49:9d:
                    29:80:40:07:be:17:f4:0d:db:27:2b:5e:72:59:d5:
                    4a:30:a0:9d:bd:8a:88:b8:41:3c:1c:7c:c6:bb:6f:
                    12:e0:c8:2d:d3:32:f2:24:8f:81:12:64:cf:e9:f6:
                    94:c5:62:24:40:e7:9f:76:07:14:36:3d:12:79:96:
                    53:b3:60:e1:aa:f3:78:63:32:5e:10:7c:3d:83:fd:
                    c7:fe:1c:28:14:b2:d1:56:55:c2:62:5a:cf:ca:a1:
                    ca:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:64:8A:70:CA:9E:65:A5:B8:66:FE:23:06:29:27:5C:EB:86:B1:6F
            X509v3 Authority Key Identifier:
                keyid:90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/hWSKcMqeZaW4Zv4jBiknXOuGsW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:b7:d5:a3:35:9f:5b:73:c0:a0:75:01:82:f8:c1:30:61:c4:
         a2:0c:ee:54:8d:63:27:3f:5e:84:0b:fd:0e:5a:1e:3d:50:85:
         bb:c8:2c:75:a3:40:13:37:ce:c9:20:47:ef:0c:67:23:bd:46:
         16:5c:3c:83:fb:f1:41:9f:91:f9:94:9f:26:d6:cd:84:54:9f:
         f2:5e:44:a3:33:02:c8:dc:12:e1:1b:93:07:36:e9:3b:ac:a4:
         b0:2e:81:9f:3c:de:42:c7:7e:c8:0e:e3:25:ba:d4:69:f4:8c:
         97:ce:36:30:66:ba:3a:8f:e3:da:72:e3:20:d7:c3:f7:d4:ca:
         51:8a:56:e5:dc:d4:e4:9e:a1:5b:de:62:b7:e7:72:78:3d:16:
         f2:69:e2:6f:2b:f4:d0:cc:77:a3:1d:2b:d9:f9:0e:2b:81:66:
         34:84:7d:d3:b2:d2:ba:c8:73:29:83:f2:4f:1c:b9:04:ec:d4:
         e3:fb:4d:81:73:c1:7f:30:75:bc:51:95:34:6b:c2:a3:36:e6:
         08:51:a7:33:eb:e6:48:aa:60:9d:58:c5:c7:12:36:67:88:0c:
         d8:a1:73:c5:18:bf:8d:cd:7e:4d:07:4b:dd:04:0b:58:39:86:
         34:16:03:61:b4:64:25:af:05:64:86:e0:67:e2:76:33:c5:7d:
         29:21:b9:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwHaBL6pXnfCsn28dKWtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODE0ZGQzOWRkMzkyNWNmZjg4YmYzNGQ0MzA3ZmQ2YzYy
MTY1ZWIwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTY0OGE3MGNhOWU2NWE1Yjg2NmZlMjMwNjI5Mjc1Y2ViODZiMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/uz+zQqhxFdJsXzT9mmAApWo2UB
ma+jVHZgfvnXQoR7I68kdqlh7dl5MqPlzkr8lpkXPuzbqwwpmy0aAfjDD87SFbug
C0JLsIn9xpyVFc/diMlbRSBKLBPizh0uzwoCK1S8dt1QehvPeFoAf41XFRXwbNtB
bYYKEm6nxC6hm2uZw+gZ6GPHtucOMatBgbXuWVUy2+dBjEh5mYMvYf1bY7/uSZ0p
gEAHvhf0DdsnK15yWdVKMKCdvYqIuEE8HHzGu28S4Mgt0zLyJI+BEmTP6faUxWIk
QOefdgcUNj0SeZZTs2DhqvN4YzJeEHw9g/3H/hwoFLLRVlXCYlrPyqHK1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVkinDKnmWluGb+IwYpJ1zrhrFvMB8GA1UdIwQY
MBaAFJCBTdOd05Jc/4i/NNQwf9bGIWXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjkt
OTQwYWU0NTRjYjg1LzEvaFdTS2NNcWVaYVc0WnY0akJpa25YT3VHc1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjktOTQwYWU0NTRjYjg1
LzEva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQADt9WjNZ9bc8CgdQGC+MEwYcSiDO5UjWMnP16EC/0O
Wh49UIW7yCx1o0ATN87JIEfvDGcjvUYWXDyD+/FBn5H5lJ8m1s2EVJ/yXkSjMwLI
3BLhG5MHNuk7rKSwLoGfPN5Cx37IDuMlutRp9IyXzjYwZro6j+PacuMg18P31MpR
ilbl3NTknqFb3mK353J4PRbyaeJvK/TQzHejHSvZ+Q4rgWY0hH3TstK6yHMpg/JP
HLkE7NTj+02Bc8F/MHW8UZU0a8KjNuYIUacz6+ZIqmCdWMXHEjZniAzYoXPFGL+N
zX5NB0vdBAtYOYY0FgNhtGQlrwVkhuBn4nYzxX0pIbna
-----END CERTIFICATE-----