Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/h-vjilG4zsTOTFr8jyiuNr7YOYQ.roa
File:                     h-vjilG4zsTOTFr8jyiuNr7YOYQ.roa (raw, json)
Hash identifier:          J1qho6qvh9PzDmhMh26kyKPFY1m2ydeARTE83gY+gJU=
Subject key identifier:   87:EB:E3:8A:51:B8:CE:C4:CE:4C:5A:FC:8F:28:AE:36:BE:D8:39:84
Certificate issuer:       /CN=1bebd33d4cd45465efa50faa824fb812c4173a27
Certificate serial:       0194236A1CC1C9565632B0C4BDFFA78FB34B
Authority key identifier: 1B:EB:D3:3D:4C:D4:54:65:EF:A5:0F:AA:82:4F:B8:12:C4:17:3A:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G-vTPUzUVGXvpQ-qgk-4EsQXOic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/h-vjilG4zsTOTFr8jyiuNr7YOYQ.roa
Signing time:             Wed 01 Jan 2025 19:49:04 +0000
ROA not before:           Wed 01 Jan 2025 19:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6805
IP address blocks:        194.15.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/G-vTPUzUVGXvpQ-qgk-4EsQXOic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/G-vTPUzUVGXvpQ-qgk-4EsQXOic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G-vTPUzUVGXvpQ-qgk-4EsQXOic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:1c:c1:c9:56:56:32:b0:c4:bd:ff:a7:8f:b3:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1bebd33d4cd45465efa50faa824fb812c4173a27
        Validity
            Not Before: Jan  1 19:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87ebe38a51b8cec4ce4c5afc8f28ae36bed83984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:83:c9:08:f8:d0:a5:b7:2f:0c:ec:b9:eb:9e:
                    f3:da:37:aa:18:d0:d4:42:f2:89:4d:16:17:60:f9:
                    18:5e:40:1b:49:9d:6b:0d:d3:16:7c:ae:e4:52:20:
                    e6:db:df:2a:7a:b6:64:8b:6e:9d:12:4b:c0:d3:44:
                    c2:d7:19:98:21:73:bc:02:c6:a5:c8:8d:dd:8e:43:
                    6f:a0:53:0f:f8:f9:08:7b:9d:aa:c4:be:b8:88:8f:
                    b4:d2:ac:a2:e0:35:3f:7c:5c:b3:5b:9d:f6:6b:92:
                    e8:3c:21:0e:14:bb:50:07:dc:08:20:03:09:eb:01:
                    66:b8:67:86:84:c7:5f:78:f8:10:83:49:c2:1d:24:
                    ab:14:a1:ce:ae:d0:7a:a6:57:e5:76:63:98:40:ce:
                    6b:25:01:ae:19:4d:f1:78:71:a4:14:55:de:7f:b6:
                    62:cf:bd:f6:ab:61:b1:81:81:07:e2:f1:c1:3e:88:
                    03:c1:0b:a1:b8:50:c3:19:25:80:8f:be:04:5f:92:
                    dd:d6:20:11:8c:ed:08:ca:6f:84:a7:78:40:a6:07:
                    b5:47:7a:ec:aa:26:a3:4d:91:0c:0f:67:3d:bf:07:
                    24:5b:f2:38:4e:23:74:f6:cf:07:6c:81:f0:8b:ee:
                    49:60:f6:cd:c9:bb:5d:78:d1:ff:87:47:90:bb:de:
                    b7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:EB:E3:8A:51:B8:CE:C4:CE:4C:5A:FC:8F:28:AE:36:BE:D8:39:84
            X509v3 Authority Key Identifier:
                keyid:1B:EB:D3:3D:4C:D4:54:65:EF:A5:0F:AA:82:4F:B8:12:C4:17:3A:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G-vTPUzUVGXvpQ-qgk-4EsQXOic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/h-vjilG4zsTOTFr8jyiuNr7YOYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/1e7b02-889b-4a53-a509-8ab5eb558473/1/G-vTPUzUVGXvpQ-qgk-4EsQXOic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:1a:58:c4:98:f3:e3:9b:8d:c9:b6:22:2a:37:a9:68:6f:38:
         09:87:4b:81:d7:8b:32:14:08:9c:d2:0c:b4:7e:c1:df:1f:4d:
         6f:fe:7a:ea:1e:0d:09:9b:ba:71:48:f0:bb:89:ee:0a:43:a9:
         60:e8:bf:48:04:46:c2:d9:13:5c:f4:f4:0b:fb:01:c3:b1:9b:
         5b:99:87:3c:ee:d8:6d:9f:47:2b:fe:cf:56:ba:91:67:7c:7c:
         17:36:44:98:fc:de:77:60:e2:3f:0c:40:8f:2a:a6:60:7c:96:
         2a:da:1d:f3:aa:ca:85:e0:1c:4b:81:60:bb:55:05:a0:80:3e:
         1c:a0:59:a1:63:f7:2a:03:77:bb:5e:ae:e8:98:b3:8c:01:3a:
         d9:fa:72:df:ef:10:fb:85:a5:f1:6d:65:59:31:46:8d:73:bd:
         7f:fa:3d:3e:98:36:e3:5f:ec:ec:2b:af:29:eb:8c:01:08:21:
         23:86:d0:59:14:e2:d9:d1:ed:88:5b:46:6f:c2:87:44:ea:0d:
         97:93:79:39:2b:4b:80:c0:2a:14:cb:6a:81:c3:54:e3:84:a6:
         22:bf:eb:b0:c3:7d:8b:95:9a:63:1b:38:47:33:2c:15:33:d1:
         78:19:f5:51:69:41:31:6f:f7:36:f9:17:e9:7e:5c:59:61:b9:
         08:e9:fd:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjahzByVZWMrDEvf+nj7NLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZWJkMzNkNGNkNDU0NjVlZmE1MGZhYTgyNGZiODEyYzQx
NzNhMjcwHhcNMjUwMTAxMTk0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2ViZTM4YTUxYjhjZWM0Y2U0YzVhZmM4ZjI4YWUzNmJlZDgzOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYPJCPjQpbcvDOy5657z2jeqGNDU
QvKJTRYXYPkYXkAbSZ1rDdMWfK7kUiDm298qerZki26dEkvA00TC1xmYIXO8Asal
yI3djkNvoFMP+PkIe52qxL64iI+00qyi4DU/fFyzW532a5LoPCEOFLtQB9wIIAMJ
6wFmuGeGhMdfePgQg0nCHSSrFKHOrtB6plfldmOYQM5rJQGuGU3xeHGkFFXef7Zi
z732q2GxgYEH4vHBPogDwQuhuFDDGSWAj74EX5Ld1iARjO0Iym+Ep3hApge1R3rs
qiajTZEMD2c9vwckW/I4TiN09s8HbIHwi+5JYPbNybtdeNH/h0eQu963nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfr44pRuM7Ezkxa/I8orja+2DmEMB8GA1UdIwQY
MBaAFBvr0z1M1FRl76UPqoJPuBLEFzonMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRy12VFBVelVWR1h2cFEtcWdrLTRFc1FYT2ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8xZTdiMDItODg5Yi00YTUzLWE1MDkt
OGFiNWViNTU4NDczLzEvaC12amlsRzR6c1RPVEZyOGp5aXVOcjdZT1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8xZTdiMDItODg5Yi00YTUzLWE1MDktOGFiNWViNTU4NDcz
LzEvRy12VFBVelVWR1h2cFEtcWdrLTRFc1FYT2ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg/tMA0G
CSqGSIb3DQEBCwUAA4IBAQAwGljEmPPjm43JtiIqN6lobzgJh0uB14syFAic0gy0
fsHfH01v/nrqHg0Jm7pxSPC7ie4KQ6lg6L9IBEbC2RNc9PQL+wHDsZtbmYc87tht
n0cr/s9WupFnfHwXNkSY/N53YOI/DECPKqZgfJYq2h3zqsqF4BxLgWC7VQWggD4c
oFmhY/cqA3e7Xq7omLOMATrZ+nLf7xD7haXxbWVZMUaNc71/+j0+mDbjX+zsK68p
64wBCCEjhtBZFOLZ0e2IW0ZvwodE6g2Xk3k5K0uAwCoUy2qBw1TjhKYiv+uww32L
lZpjGzhHMywVM9F4GfVRaUExb/c2+RfpflxZYbkI6f30
-----END CERTIFICATE-----