Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/Hiu-YkREzGKKTtSRBgf6M5S0mUM.roa
File:                     Hiu-YkREzGKKTtSRBgf6M5S0mUM.roa (raw, json)
Hash identifier:          fxvguMnjN9xF6RFcgtEIfOjUPdwUBHDkuyyelgRCorQ=
Subject key identifier:   1E:2B:BE:62:44:44:CC:62:8A:4E:D4:91:06:07:FA:33:94:B4:99:43
Certificate issuer:       /CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Certificate serial:       019427B5871F4ADCFCD534FB2C0D34D2195E
Authority key identifier: 9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/Hiu-YkREzGKKTtSRBgf6M5S0mUM.roa
Signing time:             Thu 02 Jan 2025 15:49:55 +0000
ROA not before:           Thu 02 Jan 2025 15:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        195.64.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 00:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:87:1f:4a:dc:fc:d5:34:fb:2c:0d:34:d2:19:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
        Validity
            Not Before: Jan  2 15:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e2bbe624444cc628a4ed4910607fa3394b49943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5c:2d:d7:7b:a3:7a:12:5d:75:10:0a:94:52:
                    cb:21:15:6f:f5:ba:7f:e3:5a:cb:ea:62:b1:55:da:
                    b2:b5:47:92:c6:8d:f6:03:f2:4d:c9:f0:0b:14:4c:
                    88:d9:8d:72:67:16:d3:31:ea:c6:1a:30:55:3c:83:
                    55:3c:84:57:52:96:1d:a5:58:89:57:43:d5:94:ad:
                    91:1f:7c:ea:e6:a5:77:31:15:17:00:2e:cc:a8:5d:
                    77:b0:ba:60:ff:e5:80:d7:a1:fb:e7:1c:5b:ca:34:
                    41:da:1a:16:87:d3:d8:20:0c:14:c1:ba:ca:8c:4c:
                    1b:16:03:97:d9:c9:4f:52:72:48:2e:6b:31:1e:e6:
                    b0:31:0d:e8:94:5b:97:3c:d8:d5:64:71:9e:2e:76:
                    f2:8b:1f:2e:87:1c:23:62:93:a8:eb:b6:47:89:88:
                    18:e1:38:a0:86:7c:c0:b4:30:08:92:02:1d:dc:35:
                    f4:78:3d:c7:92:6d:a4:12:77:18:4d:0e:36:85:45:
                    79:a9:fe:2c:47:6d:1b:3d:44:e2:02:36:47:d5:1b:
                    fa:80:72:bf:c8:fb:b2:20:16:c8:45:e9:f3:2b:4c:
                    78:62:8a:74:4d:07:b1:99:9f:3b:75:b7:67:50:04:
                    eb:32:c8:04:b0:cd:02:80:d9:9f:aa:9d:02:78:68:
                    f3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:2B:BE:62:44:44:CC:62:8A:4E:D4:91:06:07:FA:33:94:B4:99:43
            X509v3 Authority Key Identifier:
                keyid:9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/Hiu-YkREzGKKTtSRBgf6M5S0mUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:aa:9f:72:86:14:bc:2d:76:37:94:3f:a4:4a:e8:09:29:c8:
         5f:7c:8e:d8:ba:e6:d5:9d:2b:5f:b0:d7:7d:52:ab:82:89:f4:
         23:8e:a0:87:18:dc:ae:57:19:f2:b4:4a:74:ab:a9:e3:2f:4d:
         44:4f:f7:da:d0:a6:93:03:8d:d0:8e:a4:68:05:25:53:0a:d1:
         bc:00:bd:cd:57:8d:d9:0d:44:6a:98:4e:e9:b6:53:f8:11:d6:
         b8:40:a2:d1:b7:e0:c0:eb:83:02:ad:44:1e:d1:60:5c:c6:9d:
         87:cf:d3:61:c0:a4:00:0f:14:bd:a2:4d:dd:a6:78:71:00:53:
         ce:fa:21:3a:8e:ab:2a:a3:a3:26:6e:41:80:6d:1d:26:5c:46:
         19:64:94:f0:85:2b:4a:5e:39:8d:6d:b6:74:07:a0:79:41:7b:
         98:3b:76:ff:c2:8f:43:16:e9:93:9a:69:6f:cd:bf:ed:5f:9f:
         6a:ac:80:e8:02:8f:cd:7c:f6:25:f0:5d:9c:c5:b9:cd:44:5f:
         b6:ca:23:0b:f4:83:83:2e:49:88:d4:eb:4f:19:38:f7:48:76:
         11:df:f8:cb:31:06:81:9c:bb:11:d5:4e:1d:10:c1:9d:49:dd:
         2d:69:67:9f:b5:16:38:d7:8c:cb:6d:cc:45:88:21:3b:69:20:
         4d:cb:8e:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntYcfStz81TT7LA000hleMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzI4YWU5OTM3ZmY3ZTQ5ZWM0ZjEyMzRlNTNkOGI5ZGQ2
OTQ1NDEwHhcNMjUwMTAyMTU0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTJiYmU2MjQ0NDRjYzYyOGE0ZWQ0OTEwNjA3ZmEzMzk0YjQ5OTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlwt13ujehJddRAKlFLLIRVv9bp/
41rL6mKxVdqytUeSxo32A/JNyfALFEyI2Y1yZxbTMerGGjBVPINVPIRXUpYdpViJ
V0PVlK2RH3zq5qV3MRUXAC7MqF13sLpg/+WA16H75xxbyjRB2hoWh9PYIAwUwbrK
jEwbFgOX2clPUnJILmsxHuawMQ3olFuXPNjVZHGeLnbyix8uhxwjYpOo67ZHiYgY
4TighnzAtDAIkgId3DX0eD3Hkm2kEncYTQ42hUV5qf4sR20bPUTiAjZH1Rv6gHK/
yPuyIBbIRenzK0x4Yop0TQexmZ87dbdnUATrMsgEsM0CgNmfqp0CeGjzbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4rvmJERMxiik7UkQYH+jOUtJlDMB8GA1UdIwQY
MBaAFJ3CiumTf/fknsTxI05T2LndaUVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMt
MTkyY2JkMDhkYjUxLzEvSGl1LVlrUkV6R0tLVHRTUkJnZjZNNVMwbVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMtMTkyY2JkMDhkYjUx
LzEvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0BsMA0G
CSqGSIb3DQEBCwUAA4IBAQCZqp9yhhS8LXY3lD+kSugJKchffI7YuubVnStfsNd9
UquCifQjjqCHGNyuVxnytEp0q6njL01ET/fa0KaTA43QjqRoBSVTCtG8AL3NV43Z
DURqmE7ptlP4Eda4QKLRt+DA64MCrUQe0WBcxp2Hz9NhwKQADxS9ok3dpnhxAFPO
+iE6jqsqo6MmbkGAbR0mXEYZZJTwhStKXjmNbbZ0B6B5QXuYO3b/wo9DFumTmmlv
zb/tX59qrIDoAo/NfPYl8F2cxbnNRF+2yiML9IODLkmI1OtPGTj3SHYR3/jLMQaB
nLsR1U4dEMGdSd0taWeftRY414zLbcxFiCE7aSBNy45E
-----END CERTIFICATE-----