Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/He_wIqs9WbeGj8B22HW3VzQspCQ.roa
File:                     He_wIqs9WbeGj8B22HW3VzQspCQ.roa (raw, json)
Hash identifier:          tlw/MPCRV5MVLGPRtjnV6Ynl8QAazIvng9cpXGa9Jjc=
Subject key identifier:   1D:EF:F0:22:AB:3D:59:B7:86:8F:C0:76:D8:75:B7:57:34:2C:A4:24
Certificate issuer:       /CN=fc44297e9271c6edf064915f6180ae12690dda8b
Certificate serial:       019420D65348754343C0DD7754A9296563F6
Authority key identifier: FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/He_wIqs9WbeGj8B22HW3VzQspCQ.roa
Signing time:             Wed 01 Jan 2025 07:48:24 +0000
ROA not before:           Wed 01 Jan 2025 07:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24655
IP address blocks:        194.30.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:53:48:75:43:43:c0:dd:77:54:a9:29:65:63:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc44297e9271c6edf064915f6180ae12690dda8b
        Validity
            Not Before: Jan  1 07:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1deff022ab3d59b7868fc076d875b757342ca424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:55:d3:19:83:93:4f:8c:43:bc:fc:66:4d:0f:
                    f7:cf:8f:e6:58:b2:ca:e6:92:28:f2:13:0b:a8:a4:
                    94:58:60:99:63:15:10:05:f4:78:01:77:5b:b8:79:
                    80:2a:35:de:11:c9:98:7f:d7:56:ed:33:24:a9:59:
                    cf:4a:5e:cc:31:0b:de:63:22:2b:87:68:82:f7:4f:
                    d7:1e:fb:c9:a0:57:25:0a:a0:06:df:3a:84:3d:26:
                    aa:2d:8b:d3:33:9d:2f:79:17:aa:4a:d8:8e:fd:85:
                    2d:2b:c7:f4:be:e3:8e:36:8c:c9:8e:e1:7a:ef:16:
                    a4:25:08:48:b9:cc:07:4c:16:c0:0f:9f:28:1a:20:
                    86:cf:03:38:32:8b:d3:76:3d:c6:d9:6e:8c:4f:f7:
                    92:24:5a:2a:59:dd:54:4c:ec:5d:f8:79:aa:65:9e:
                    fb:6b:ed:0a:d3:0e:89:4c:5d:d3:1d:2d:9c:16:f6:
                    d7:a8:48:2e:24:f5:cc:3f:17:7f:3a:4f:a9:61:ef:
                    8b:45:17:ed:37:b8:4f:09:f1:1b:e1:ca:ef:e0:2e:
                    10:d1:e6:64:45:ff:50:7e:aa:f9:40:eb:3d:9f:47:
                    76:a4:e0:23:da:10:9d:98:d2:73:59:3e:cb:08:2b:
                    e7:c9:29:4b:49:7d:c8:57:21:db:cd:21:87:2a:51:
                    f2:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:EF:F0:22:AB:3D:59:B7:86:8F:C0:76:D8:75:B7:57:34:2C:A4:24
            X509v3 Authority Key Identifier:
                keyid:FC:44:29:7E:92:71:C6:ED:F0:64:91:5F:61:80:AE:12:69:0D:DA:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_EQpfpJxxu3wZJFfYYCuEmkN2os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/He_wIqs9WbeGj8B22HW3VzQspCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/7cb179-ad2c-4824-a1e5-ae07f32e4102/1/_EQpfpJxxu3wZJFfYYCuEmkN2os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.30.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:b6:f8:5f:d5:2b:13:7b:84:81:1d:82:79:ab:ab:d6:7c:f4:
         b2:0d:a9:30:cd:52:fd:09:82:50:c6:1f:63:40:46:38:10:e7:
         19:d6:31:f0:e0:c2:7b:99:25:ef:b5:c6:d5:1c:21:be:0a:61:
         37:05:f6:5b:73:d5:90:89:98:82:2d:57:ee:26:34:89:46:f3:
         8b:78:3d:eb:d9:4d:43:96:ae:0e:b8:1a:7c:c4:ab:27:b6:e9:
         af:6d:a6:4e:f8:eb:ea:0a:a9:c5:06:59:a3:ad:f2:75:6b:50:
         04:e2:7a:3e:c7:a6:6a:c0:57:43:fc:98:4b:27:4e:f8:e8:4c:
         87:73:73:cb:c3:ca:70:c8:5c:0d:de:8e:ae:81:92:b8:91:d3:
         39:42:e6:de:e1:39:27:f3:ab:c7:db:47:1b:81:fa:62:67:66:
         7f:15:74:cc:fd:4b:98:81:bd:9b:30:7f:b5:1c:61:0b:11:73:
         3e:b1:1a:85:45:47:19:67:77:3b:38:c2:41:ec:1c:44:df:df:
         ec:69:f8:d2:7f:76:e4:28:95:6d:8f:88:b8:8a:bf:8d:2d:13:
         e1:ce:71:e1:9c:5c:c7:a4:b1:d0:93:28:10:5c:d3:71:54:da:
         d9:c6:75:6a:c8:1a:03:fd:22:d3:e6:8b:74:21:9e:f8:89:97:
         3f:b3:43:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1lNIdUNDwN13VKkpZWP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNDQyOTdlOTI3MWM2ZWRmMDY0OTE1ZjYxODBhZTEyNjkw
ZGRhOGIwHhcNMjUwMTAxMDc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGVmZjAyMmFiM2Q1OWI3ODY4ZmMwNzZkODc1Yjc1NzM0MmNhNDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFXTGYOTT4xDvPxmTQ/3z4/mWLLK
5pIo8hMLqKSUWGCZYxUQBfR4AXdbuHmAKjXeEcmYf9dW7TMkqVnPSl7MMQveYyIr
h2iC90/XHvvJoFclCqAG3zqEPSaqLYvTM50veReqStiO/YUtK8f0vuOONozJjuF6
7xakJQhIucwHTBbAD58oGiCGzwM4MovTdj3G2W6MT/eSJFoqWd1UTOxd+HmqZZ77
a+0K0w6JTF3THS2cFvbXqEguJPXMPxd/Ok+pYe+LRRftN7hPCfEb4crv4C4Q0eZk
Rf9Qfqr5QOs9n0d2pOAj2hCdmNJzWT7LCCvnySlLSX3IVyHbzSGHKlHyqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3v8CKrPVm3ho/Adth1t1c0LKQkMB8GA1UdIwQY
MBaAFPxEKX6Sccbt8GSRX2GArhJpDdqLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUt
YWUwN2YzMmU0MTAyLzEvSGVfd0lxczlXYmVHajhCMjJIVzNWelFzcENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi83Y2IxNzktYWQyYy00ODI0LWExZTUtYWUwN2YzMmU0MTAy
LzEvX0VRcGZwSnh4dTN3WkpGZllZQ3VFbWtOMm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh6OMA0G
CSqGSIb3DQEBCwUAA4IBAQBGtvhf1SsTe4SBHYJ5q6vWfPSyDakwzVL9CYJQxh9j
QEY4EOcZ1jHw4MJ7mSXvtcbVHCG+CmE3BfZbc9WQiZiCLVfuJjSJRvOLeD3r2U1D
lq4OuBp8xKsntumvbaZO+OvqCqnFBlmjrfJ1a1AE4no+x6ZqwFdD/JhLJ0746EyH
c3PLw8pwyFwN3o6ugZK4kdM5Qube4Tkn86vH20cbgfpiZ2Z/FXTM/UuYgb2bMH+1
HGELEXM+sRqFRUcZZ3c7OMJB7BxE39/safjSf3bkKJVtj4i4ir+NLRPhznHhnFzH
pLHQkygQXNNxVNrZxnVqyBoD/SLT5ot0IZ74iZc/s0ML
-----END CERTIFICATE-----