Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/HCkGRctLJ1ePeWXWFjnQs-P5BH0.roa
File:                     HCkGRctLJ1ePeWXWFjnQs-P5BH0.roa (raw, json)
Hash identifier:          tw5rYUuFpBr4QpbNuBNtp2/1hdw23rZNSzLDyhsXnAY=
Subject key identifier:   1C:29:06:45:CB:4B:27:57:8F:79:65:D6:16:39:D0:B3:E3:F9:04:7D
Certificate issuer:       /CN=790d1ca78761310ac39a714ff62f3b92b2e77d8a
Certificate serial:       019421B1563C2C4BB5B3FA2EF271A019F046
Authority key identifier: 79:0D:1C:A7:87:61:31:0A:C3:9A:71:4F:F6:2F:3B:92:B2:E7:7D:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eQ0cp4dhMQrDmnFP9i87krLnfYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/HCkGRctLJ1ePeWXWFjnQs-P5BH0.roa
Signing time:             Wed 01 Jan 2025 11:47:37 +0000
ROA not before:           Wed 01 Jan 2025 11:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        194.42.48.0/24 maxlen: 32
                          2001:7f8:c::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/eQ0cp4dhMQrDmnFP9i87krLnfYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/eQ0cp4dhMQrDmnFP9i87krLnfYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eQ0cp4dhMQrDmnFP9i87krLnfYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:56:3c:2c:4b:b5:b3:fa:2e:f2:71:a0:19:f0:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=790d1ca78761310ac39a714ff62f3b92b2e77d8a
        Validity
            Not Before: Jan  1 11:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c290645cb4b27578f7965d61639d0b3e3f9047d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:08:c9:4c:f0:7b:d6:3d:c5:03:6a:84:36:18:
                    46:84:82:92:7c:60:95:bb:50:aa:cc:77:17:5a:30:
                    ec:c2:ef:8f:c5:fa:17:4f:5f:ab:49:68:80:7a:49:
                    d8:55:fa:2f:50:d0:26:17:cb:33:ee:67:15:11:ff:
                    ee:3c:d9:b0:bc:cd:f4:33:c3:56:07:ee:ed:14:92:
                    fb:03:eb:24:19:d0:af:25:f3:9e:7d:64:8d:c3:17:
                    d2:fa:e7:e5:26:34:7e:89:fe:fb:fe:36:e6:92:63:
                    1b:f8:91:a5:d1:ac:3b:ed:ed:b5:92:86:19:5d:48:
                    71:4b:ea:2c:97:5f:e1:dc:6e:53:79:3d:8c:ee:2c:
                    15:36:f4:a5:26:57:69:b0:ff:09:2a:21:fc:98:da:
                    cf:63:39:d1:94:fd:51:40:5a:03:47:b9:f5:de:1f:
                    47:29:95:5b:4b:d5:f0:c6:02:39:c7:ea:0d:24:e1:
                    cc:9b:bd:53:65:65:f5:1e:c3:3c:c8:9c:48:12:c1:
                    3b:1a:f9:55:39:33:eb:4b:5e:e9:33:54:bc:1a:c4:
                    4f:d0:6a:90:69:45:1b:22:5b:f1:c8:19:91:e1:2e:
                    32:59:3c:91:41:72:bc:3a:37:2b:61:dc:a8:d0:f7:
                    f4:8d:61:3c:f7:9b:ee:fd:2b:30:ce:0c:59:b3:86:
                    e8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:29:06:45:CB:4B:27:57:8F:79:65:D6:16:39:D0:B3:E3:F9:04:7D
            X509v3 Authority Key Identifier:
                keyid:79:0D:1C:A7:87:61:31:0A:C3:9A:71:4F:F6:2F:3B:92:B2:E7:7D:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eQ0cp4dhMQrDmnFP9i87krLnfYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/HCkGRctLJ1ePeWXWFjnQs-P5BH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/a3ccce-c0d6-49a8-bbb8-b8ae16b35c31/1/eQ0cp4dhMQrDmnFP9i87krLnfYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.48.0/24
                IPv6:
                  2001:7f8:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:81:1f:de:d1:25:4a:06:6d:2e:79:62:0a:a3:5c:15:fc:f2:
         2b:57:1c:98:53:bc:8f:41:3f:69:d6:9b:76:33:0b:eb:92:7d:
         64:25:78:fe:e3:ab:30:2b:d6:b7:0d:66:32:d4:c3:56:96:39:
         fa:ae:df:04:1d:ba:6e:b8:73:3d:e2:2b:5c:ea:5d:c2:9f:31:
         0a:4d:49:52:d4:de:3e:a9:4c:e4:95:8d:d6:5a:83:d3:8a:7f:
         39:bc:fb:db:13:4e:d8:ba:37:07:9c:8e:2c:52:a1:e7:2c:16:
         27:7a:3a:84:43:38:69:df:91:8d:51:07:35:94:2c:f3:00:ee:
         9a:0e:c3:d4:89:8b:e1:cb:48:59:6e:29:f7:2f:80:d2:29:67:
         7d:3d:ef:69:a2:ea:43:1b:66:58:0e:ef:7c:aa:d8:04:77:46:
         f4:78:7e:1d:da:26:28:e0:0e:66:44:55:64:3e:b4:96:7f:3f:
         15:96:74:25:7c:10:d1:a2:af:9c:2a:04:8c:da:9f:7b:23:8b:
         5f:20:c6:95:d5:1a:e3:50:7b:91:3c:09:17:57:79:e3:df:1e:
         1d:5a:e1:dc:27:b0:f1:6a:4b:7f:a3:00:fb:7e:79:4a:5d:db:
         39:63:0e:b0:2a:32:69:93:72:2d:2d:2f:15:9c:1b:a3:aa:f8:
         34:54:e6:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsVY8LEu1s/ou8nGgGfBGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MGQxY2E3ODc2MTMxMGFjMzlhNzE0ZmY2MmYzYjkyYjJl
NzdkOGEwHhcNMjUwMTAxMTE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzI5MDY0NWNiNGIyNzU3OGY3OTY1ZDYxNjM5ZDBiM2UzZjkwNDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAjJTPB71j3FA2qENhhGhIKSfGCV
u1CqzHcXWjDswu+PxfoXT1+rSWiAeknYVfovUNAmF8sz7mcVEf/uPNmwvM30M8NW
B+7tFJL7A+skGdCvJfOefWSNwxfS+uflJjR+if77/jbmkmMb+JGl0aw77e21koYZ
XUhxS+osl1/h3G5TeT2M7iwVNvSlJldpsP8JKiH8mNrPYznRlP1RQFoDR7n13h9H
KZVbS9XwxgI5x+oNJOHMm71TZWX1HsM8yJxIEsE7GvlVOTPrS17pM1S8GsRP0GqQ
aUUbIlvxyBmR4S4yWTyRQXK8OjcrYdyo0Pf0jWE895vu/SswzgxZs4borQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBwpBkXLSydXj3ll1hY50LPj+QR9MB8GA1UdIwQY
MBaAFHkNHKeHYTEKw5pxT/YvO5Ky532KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVEwY3A0ZGhNUXJEbW5GUDlpODdrckxuZllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9hM2NjY2UtYzBkNi00OWE4LWJiYjgt
YjhhZTE2YjM1YzMxLzEvSENrR1JjdExKMWVQZVdYV0ZqblFzLVA1QkgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9hM2NjY2UtYzBkNi00OWE4LWJiYjgtYjhhZTE2YjM1YzMx
LzEvZVEwY3A0ZGhNUXJEbW5GUDlpODdrckxuZllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwiowMA8E
AgACMAkDBwAgAQf4AAwwDQYJKoZIhvcNAQELBQADggEBAG2BH97RJUoGbS55Ygqj
XBX88itXHJhTvI9BP2nWm3YzC+uSfWQleP7jqzAr1rcNZjLUw1aWOfqu3wQdum64
cz3iK1zqXcKfMQpNSVLU3j6pTOSVjdZag9OKfzm8+9sTTti6NwecjixSoecsFid6
OoRDOGnfkY1RBzWULPMA7poOw9SJi+HLSFluKfcvgNIpZ30972mi6kMbZlgO73yq
2AR3RvR4fh3aJijgDmZEVWQ+tJZ/PxWWdCV8ENGir5wqBIzan3sji18gxpXVGuNQ
e5E8CRdXeePfHh1a4dwnsPFqS3+jAPt+eUpd2zljDrAqMmmTci0tLxWcG6Oq+DRU
5r0=
-----END CERTIFICATE-----