Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/Hzds528Tcf94jO1Zeb2KN2vDYd0.roa
File:                     Hzds528Tcf94jO1Zeb2KN2vDYd0.roa (raw, json)
Hash identifier:          rE5fdWY1nAX/lcPA1uobJyvYvLRyY7jbxJyC3np6MSc=
Subject key identifier:   1F:37:6C:E7:6F:13:71:FF:78:8C:ED:59:79:BD:8A:37:6B:C3:61:DD
Certificate issuer:       /CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
Certificate serial:       01942369D43952846DB317B29D1E44BD1196
Authority key identifier: F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/Hzds528Tcf94jO1Zeb2KN2vDYd0.roa
Signing time:             Wed 01 Jan 2025 19:48:45 +0000
ROA not before:           Wed 01 Jan 2025 19:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53356
IP address blocks:        193.30.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d4:39:52:84:6d:b3:17:b2:9d:1e:44:bd:11:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
        Validity
            Not Before: Jan  1 19:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f376ce76f1371ff788ced5979bd8a376bc361dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:21:ea:62:8c:20:c2:8a:b3:dd:99:ac:8f:7b:
                    b0:c0:c8:9a:55:e3:2b:ba:e8:02:7b:5e:2e:2d:02:
                    e5:b3:81:dd:34:59:2c:35:a1:a0:b6:93:34:66:8b:
                    63:be:24:38:7a:68:f5:11:b1:cc:f5:b9:7f:fd:06:
                    17:92:f6:e4:a2:97:04:84:b1:d4:37:c3:e2:93:dd:
                    92:af:39:8f:36:31:c8:d5:d5:ea:dc:8b:71:d2:3b:
                    4a:1d:f7:da:e7:54:62:5c:6c:54:31:2e:c3:ec:30:
                    1c:b0:c0:ec:26:2f:8b:3b:4d:6f:e9:56:5d:ca:54:
                    0e:1d:85:f9:a7:91:63:d8:d7:1a:97:5e:b1:8b:00:
                    79:8e:ae:91:2a:47:12:9b:d8:b2:ce:7c:77:9d:ff:
                    75:83:56:86:64:81:c3:80:c7:de:cb:60:16:d8:c5:
                    20:46:a0:68:ea:53:c4:e4:59:93:64:00:2e:1a:83:
                    ed:2f:bb:5b:55:62:ed:4a:c3:a3:4e:27:89:47:da:
                    87:dc:d7:36:71:24:ba:a5:38:95:a2:0f:ff:be:81:
                    13:7f:4a:c7:f9:8e:d7:c4:b9:17:bc:34:1e:33:98:
                    61:a3:bb:03:17:80:58:29:54:88:80:8e:ed:01:da:
                    08:64:b9:1c:41:88:a3:04:4c:d5:15:1a:f0:6e:8d:
                    2c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:37:6C:E7:6F:13:71:FF:78:8C:ED:59:79:BD:8A:37:6B:C3:61:DD
            X509v3 Authority Key Identifier:
                keyid:F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/Hzds528Tcf94jO1Zeb2KN2vDYd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:08:30:cc:3b:d3:7b:f4:b5:99:d5:8b:d0:7e:6e:ce:c3:9b:
         5d:e4:02:f3:7f:ce:30:da:09:db:96:78:e4:1d:6d:0e:1a:5b:
         15:88:27:20:2e:98:58:08:41:8f:e0:a0:13:d3:06:a9:c7:52:
         76:6e:4d:a2:40:23:53:5f:90:22:5c:6a:92:85:0d:31:25:0a:
         d7:e8:55:89:be:32:50:5e:48:f0:b9:7b:3d:ef:a4:8a:cb:b3:
         29:bf:24:60:5e:89:d3:00:26:52:ce:86:74:25:f0:01:d5:77:
         a1:77:ab:bc:65:33:d0:62:68:f0:27:9d:b8:d9:82:97:7a:58:
         92:7c:f5:54:db:6e:cc:a2:10:11:b3:79:07:58:85:6a:a4:c8:
         54:ee:f1:86:3c:73:ee:8c:22:26:29:07:18:2a:d5:04:65:0f:
         1a:86:ac:0c:77:9f:66:b1:9d:b2:89:41:b3:1d:97:c4:c4:04:
         f9:9d:be:7c:6e:75:73:72:1d:d2:ca:b4:4e:8c:6b:51:3e:35:
         4e:96:6a:6e:60:8a:63:fb:22:49:3e:f2:9b:5c:7b:ed:40:6f:
         e0:f3:f4:ae:ba:14:0c:d7:4c:e2:a0:a8:78:ce:fa:54:42:ab:
         02:ae:82:4c:02:20:ed:c0:25:d7:e7:d2:b1:33:59:1c:ab:0a:
         59:38:55:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadQ5UoRtsxeynR5EvRGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NTFkYzk4NzVlMzVlYzU4MGM1NzFmZDA0MTZmNGQ1ZjVk
NDE1OGEwHhcNMjUwMTAxMTk0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM3NmNlNzZmMTM3MWZmNzg4Y2VkNTk3OWJkOGEzNzZiYzM2MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCHqYowgwoqz3Zmsj3uwwMiaVeMr
uugCe14uLQLls4HdNFksNaGgtpM0ZotjviQ4emj1EbHM9bl//QYXkvbkopcEhLHU
N8Pik92SrzmPNjHI1dXq3Itx0jtKHffa51RiXGxUMS7D7DAcsMDsJi+LO01v6VZd
ylQOHYX5p5Fj2Ncal16xiwB5jq6RKkcSm9iyznx3nf91g1aGZIHDgMfey2AW2MUg
RqBo6lPE5FmTZAAuGoPtL7tbVWLtSsOjTieJR9qH3Nc2cSS6pTiVog//voETf0rH
+Y7XxLkXvDQeM5hho7sDF4BYKVSIgI7tAdoIZLkcQYijBEzVFRrwbo0sgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB83bOdvE3H/eIztWXm9ijdrw2HdMB8GA1UdIwQY
MBaAFPZR3Jh1417FgMVx/QQW9NX11BWKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUt
MDc1MTAzODE0MjBhLzEvSHpkczUyOFRjZjk0ak8xWmViMktOMnZEWWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUtMDc1MTAzODE0MjBh
LzEvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5lMA0G
CSqGSIb3DQEBCwUAA4IBAQAyCDDMO9N79LWZ1YvQfm7Ow5td5ALzf84w2gnblnjk
HW0OGlsViCcgLphYCEGP4KAT0wapx1J2bk2iQCNTX5AiXGqShQ0xJQrX6FWJvjJQ
XkjwuXs976SKy7MpvyRgXonTACZSzoZ0JfAB1Xehd6u8ZTPQYmjwJ5242YKXeliS
fPVU227MohARs3kHWIVqpMhU7vGGPHPujCImKQcYKtUEZQ8ahqwMd59msZ2yiUGz
HZfExAT5nb58bnVzch3SyrROjGtRPjVOlmpuYIpj+yJJPvKbXHvtQG/g8/SuuhQM
10zioKh4zvpUQqsCroJMAiDtwCXX59KxM1kcqwpZOFWc
-----END CERTIFICATE-----