Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/85b29b-0ea2-4741-b439-e4b66a3fe5bc/1/Hdo0JQgTFMLfp514_zX_eH0BV28.roa
File:                     Hdo0JQgTFMLfp514_zX_eH0BV28.roa (raw, json)
Hash identifier:          1zoX3E+YpaDl71akpZOBfWw1Iq/htQIg0CTgRLbNZSk=
Subject key identifier:   1D:DA:34:25:08:13:14:C2:DF:A7:9D:78:FF:35:FF:78:7D:01:57:6F
Certificate issuer:       /CN=7df11a3160db8ce7918bf3ec58b5c5e1e3e93821
Certificate serial:       019427480AC97AA314971BA393B5A79FEDB6
Authority key identifier: 7D:F1:1A:31:60:DB:8C:E7:91:8B:F3:EC:58:B5:C5:E1:E3:E9:38:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEaMWDbjOeRi_PsWLXF4ePpOCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/85b29b-0ea2-4741-b439-e4b66a3fe5bc/1/Hdo0JQgTFMLfp514_zX_eH0BV28.roa
Signing time:             Thu 02 Jan 2025 13:50:20 +0000
ROA not before:           Thu 02 Jan 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41504
IP address blocks:        195.3.212.0/22 maxlen: 24
                          2001:67c:2378::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/85b29b-0ea2-4741-b439-e4b66a3fe5bc/1/ffEaMWDbjOeRi_PsWLXF4ePpOCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/85b29b-0ea2-4741-b439-e4b66a3fe5bc/1/ffEaMWDbjOeRi_PsWLXF4ePpOCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEaMWDbjOeRi_PsWLXF4ePpOCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0a:c9:7a:a3:14:97:1b:a3:93:b5:a7:9f:ed:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df11a3160db8ce7918bf3ec58b5c5e1e3e93821
        Validity
            Not Before: Jan  2 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dda3425081314c2dfa79d78ff35ff787d01576f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8a:a2:38:c4:52:4a:55:84:ca:c6:8c:a0:c2:
                    c8:03:fc:cb:2b:bf:48:2f:ca:d1:6d:2e:c4:7e:f8:
                    bc:8d:cd:3e:3a:98:4a:ab:1d:42:1b:76:50:cb:d8:
                    df:4f:94:e5:6b:9c:d5:d3:cf:97:67:0e:80:18:87:
                    cd:9a:35:a2:59:e7:74:e2:ce:e2:90:c5:7e:43:72:
                    b9:26:23:1d:f9:c6:88:ce:b2:0e:92:1d:d7:62:ae:
                    ea:f9:03:49:91:76:b7:f4:99:38:33:1a:56:4b:c4:
                    9b:ff:c8:f5:64:24:8a:27:70:46:c6:af:08:58:ef:
                    11:35:39:38:14:e4:77:70:fe:e4:f0:0d:6a:61:c0:
                    da:bd:5a:a1:19:cd:cc:3f:5e:41:1c:83:af:27:62:
                    9e:4d:84:4d:5f:b1:ce:94:d4:79:5e:ba:43:6f:34:
                    07:41:21:90:35:4e:9f:5e:a2:a6:f6:39:ca:6f:c4:
                    57:1e:cd:a5:d7:1e:25:25:df:67:94:f1:90:1d:89:
                    ee:30:67:67:fa:f5:5b:e5:4d:ce:0f:f2:31:b6:69:
                    df:f3:a3:79:db:5d:b0:0f:3e:50:e4:83:6d:a8:4a:
                    eb:ac:4f:86:98:13:68:69:91:5d:6f:6d:c1:2f:8b:
                    99:d8:29:7f:68:42:99:a1:ed:ab:7b:c5:dd:62:68:
                    e6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DA:34:25:08:13:14:C2:DF:A7:9D:78:FF:35:FF:78:7D:01:57:6F
            X509v3 Authority Key Identifier:
                keyid:7D:F1:1A:31:60:DB:8C:E7:91:8B:F3:EC:58:B5:C5:E1:E3:E9:38:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEaMWDbjOeRi_PsWLXF4ePpOCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/85b29b-0ea2-4741-b439-e4b66a3fe5bc/1/Hdo0JQgTFMLfp514_zX_eH0BV28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/85b29b-0ea2-4741-b439-e4b66a3fe5bc/1/ffEaMWDbjOeRi_PsWLXF4ePpOCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.3.212.0/22
                IPv6:
                  2001:67c:2378::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:c5:af:ab:6a:e6:05:12:f4:78:49:98:e8:9a:3a:93:aa:6f:
         25:9e:6f:8d:2b:95:1e:46:b1:80:3f:21:a7:b4:1f:71:60:4b:
         74:91:5e:da:86:15:00:c5:e8:9e:96:52:4b:c0:70:e1:87:0e:
         1e:5d:f4:30:b9:46:84:71:0c:0e:3f:18:f8:9a:0e:0b:c7:71:
         61:9c:a1:98:4a:15:14:81:44:6d:35:15:ea:b7:dc:38:7e:5f:
         04:44:34:c2:db:df:ee:6c:c9:f5:bb:69:83:c8:83:10:5e:5b:
         68:52:a1:9b:00:d9:0d:6b:4d:c5:b1:cd:b2:d3:45:c3:b4:6d:
         db:8e:9d:71:bd:56:36:bd:5d:8c:a9:f6:0f:c3:20:eb:2b:33:
         cb:00:45:ba:74:7b:35:91:ba:e9:02:be:31:0b:83:90:d4:49:
         23:2a:0e:9f:89:e8:c0:10:1e:f5:0a:84:62:bd:98:e8:80:be:
         09:39:37:df:44:64:5a:0a:ce:be:5e:5f:1d:cb:60:91:84:ce:
         a7:22:71:2f:b5:39:99:ef:78:95:94:a3:2e:a1:64:14:ce:2b:
         d4:fe:51:ef:2c:a2:88:b7:29:3c:2d:39:e0:31:cd:f3:70:93:
         79:d3:3a:cd:49:f4:ec:f6:81:a9:79:53:23:7b:17:03:be:cb:
         e9:ff:00:22
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnSArJeqMUlxujk7Wnn+22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjExYTMxNjBkYjhjZTc5MThiZjNlYzU4YjVjNWUxZTNl
OTM4MjEwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRhMzQyNTA4MTMxNGMyZGZhNzlkNzhmZjM1ZmY3ODdkMDE1NzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYqiOMRSSlWEysaMoMLIA/zLK79I
L8rRbS7Efvi8jc0+OphKqx1CG3ZQy9jfT5Tla5zV08+XZw6AGIfNmjWiWed04s7i
kMV+Q3K5JiMd+caIzrIOkh3XYq7q+QNJkXa39Jk4MxpWS8Sb/8j1ZCSKJ3BGxq8I
WO8RNTk4FOR3cP7k8A1qYcDavVqhGc3MP15BHIOvJ2KeTYRNX7HOlNR5XrpDbzQH
QSGQNU6fXqKm9jnKb8RXHs2l1x4lJd9nlPGQHYnuMGdn+vVb5U3OD/Ixtmnf86N5
212wDz5Q5INtqErrrE+GmBNoaZFdb23BL4uZ2Cl/aEKZoe2re8XdYmjmhwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB3aNCUIExTC36edeP81/3h9AVdvMB8GA1UdIwQY
MBaAFH3xGjFg24znkYvz7Fi1xeHj6TghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFYU1XRGJqT2VSaV9Qc1dMWEY0ZVBwT0NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy84NWIyOWItMGVhMi00NzQxLWI0Mzkt
ZTRiNjZhM2ZlNWJjLzEvSGRvMEpRZ1RGTUxmcDUxNF96WF9lSDBCVjI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy84NWIyOWItMGVhMi00NzQxLWI0MzktZTRiNjZhM2ZlNWJj
LzEvZmZFYU1XRGJqT2VSaV9Qc1dMWEY0ZVBwT0NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCwwPUMA8E
AgACMAkDBwAgAQZ8I3gwDQYJKoZIhvcNAQELBQADggEBACnFr6tq5gUS9HhJmOia
OpOqbyWeb40rlR5GsYA/Iae0H3FgS3SRXtqGFQDF6J6WUkvAcOGHDh5d9DC5RoRx
DA4/GPiaDgvHcWGcoZhKFRSBRG01Feq33Dh+XwRENMLb3+5syfW7aYPIgxBeW2hS
oZsA2Q1rTcWxzbLTRcO0bduOnXG9Vja9XYyp9g/DIOsrM8sARbp0ezWRuukCvjEL
g5DUSSMqDp+J6MAQHvUKhGK9mOiAvgk5N99EZFoKzr5eXx3LYJGEzqcicS+1OZnv
eJWUoy6hZBTOK9T+Ue8sooi3KTwtOeAxzfNwk3nTOs1J9Oz2gal5UyN7FwO+y+n/
ACI=
-----END CERTIFICATE-----