Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/42BfRq7Uq2Z4S_hnedC1PWND5eY.roa
File:                     42BfRq7Uq2Z4S_hnedC1PWND5eY.roa (raw, json)
Hash identifier:          SUpoA58huBIRfI1PcJohNyNQhenW9V0GmIZXcKZjs0I=
Subject key identifier:   E3:60:5F:46:AE:D4:AB:66:78:4B:F8:67:79:D0:B5:3D:63:43:E5:E6
Certificate issuer:       /CN=1f22c0848d3059e5ae55f68c07079cb9a92c279e
Certificate serial:       019425FD5365AAA028AAECD6D76F6C7BF6E7
Authority key identifier: 1F:22:C0:84:8D:30:59:E5:AE:55:F6:8C:07:07:9C:B9:A9:2C:27:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HyLAhI0wWeWuVfaMBwecuaksJ54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/42BfRq7Uq2Z4S_hnedC1PWND5eY.roa
Signing time:             Thu 02 Jan 2025 07:49:06 +0000
ROA not before:           Thu 02 Jan 2025 07:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60893
IP address blocks:        195.80.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/HyLAhI0wWeWuVfaMBwecuaksJ54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/HyLAhI0wWeWuVfaMBwecuaksJ54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HyLAhI0wWeWuVfaMBwecuaksJ54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:53:65:aa:a0:28:aa:ec:d6:d7:6f:6c:7b:f6:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f22c0848d3059e5ae55f68c07079cb9a92c279e
        Validity
            Not Before: Jan  2 07:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3605f46aed4ab66784bf86779d0b53d6343e5e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:f5:6c:9e:45:de:41:0f:1e:d7:5b:4f:29:7e:
                    12:42:06:94:eb:ed:80:5d:72:bb:28:26:0d:6d:fc:
                    0a:9f:24:f5:d8:a8:e9:f1:12:a9:ca:82:18:a4:e7:
                    d1:34:fc:13:70:71:41:50:9e:9d:5f:6e:da:bb:7b:
                    58:3a:93:29:af:6c:24:b4:09:d8:d7:44:d0:a9:db:
                    96:6c:cc:31:44:78:b1:aa:81:8c:f6:f7:3c:d7:dc:
                    59:4c:12:5b:10:9d:71:13:f4:d7:eb:fa:27:1d:7c:
                    71:60:6f:b5:e2:0f:ac:01:86:b0:fa:ea:41:ee:4e:
                    d4:48:65:16:0b:7e:66:c3:dd:a6:1a:9b:c7:3e:8b:
                    e0:7f:97:cc:96:5c:36:6c:be:43:4c:74:7a:1f:9f:
                    9c:d1:39:f8:5f:54:ed:76:d9:8e:92:15:5e:2b:5d:
                    7d:1d:15:11:3b:1e:3b:b9:59:cf:b3:b3:35:0c:76:
                    f1:db:75:dd:db:2f:5f:49:19:36:20:72:9a:2b:c7:
                    96:b1:a4:ea:a6:e0:67:23:97:60:d1:fe:d2:31:81:
                    3c:b6:97:ad:0d:cf:c1:ab:b4:ba:8f:a9:3f:d9:24:
                    eb:9c:aa:0d:53:73:62:44:bc:d1:36:89:fc:44:de:
                    6f:99:e5:c9:8b:a5:3a:fa:92:ba:d1:63:ba:45:a0:
                    ca:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:60:5F:46:AE:D4:AB:66:78:4B:F8:67:79:D0:B5:3D:63:43:E5:E6
            X509v3 Authority Key Identifier:
                keyid:1F:22:C0:84:8D:30:59:E5:AE:55:F6:8C:07:07:9C:B9:A9:2C:27:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HyLAhI0wWeWuVfaMBwecuaksJ54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/42BfRq7Uq2Z4S_hnedC1PWND5eY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/c10911-4022-46fb-9214-7c6857648666/1/HyLAhI0wWeWuVfaMBwecuaksJ54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.80.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:e6:1c:00:09:f7:78:b6:7d:f5:c0:9c:64:a7:01:04:30:0a:
         fb:ae:12:7a:ed:a7:44:c7:d0:58:c1:5e:30:78:cb:cc:11:a1:
         ea:41:0c:6b:19:d8:c8:94:cc:09:af:72:6f:82:32:86:17:64:
         23:54:c3:eb:b1:10:8c:6e:26:75:c7:f4:3b:65:1c:de:0a:d6:
         5c:7e:59:77:1e:8c:69:7d:4e:4a:11:1c:0a:b4:91:02:77:13:
         f8:28:3c:1e:a6:7d:96:66:12:ff:8b:05:b3:3c:a6:7e:c4:fd:
         85:56:63:63:cf:0e:87:ff:ea:0c:82:df:ce:92:7f:61:0e:1a:
         c2:7c:d0:dc:be:65:68:5f:2f:b2:04:42:29:bc:57:0a:2e:8a:
         ee:37:f1:a2:e1:90:10:b1:1a:7a:e8:54:9d:2c:81:fa:bc:4f:
         93:16:8c:95:bc:64:02:2b:32:2e:98:5b:ec:c5:40:23:7b:ca:
         41:b6:c4:a3:b9:8b:18:4f:87:ea:17:40:1d:9e:4b:87:29:e4:
         89:0d:7e:93:d5:a7:d4:0a:7d:b2:68:4c:10:e5:e7:e1:fc:61:
         d0:ce:d4:8c:06:58:fd:99:32:56:ae:45:b3:ba:7f:70:93:ef:
         00:e1:22:03:19:46:fe:5f:3f:b6:c2:2b:90:29:92:8c:c2:2f:
         a9:e5:40:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/VNlqqAoquzW129se/bnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMjJjMDg0OGQzMDU5ZTVhZTU1ZjY4YzA3MDc5Y2I5YTky
YzI3OWUwHhcNMjUwMTAyMDc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYwNWY0NmFlZDRhYjY2Nzg0YmY4Njc3OWQwYjUzZDYzNDNlNWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/VsnkXeQQ8e11tPKX4SQgaU6+2A
XXK7KCYNbfwKnyT12Kjp8RKpyoIYpOfRNPwTcHFBUJ6dX27au3tYOpMpr2wktAnY
10TQqduWbMwxRHixqoGM9vc819xZTBJbEJ1xE/TX6/onHXxxYG+14g+sAYaw+upB
7k7USGUWC35mw92mGpvHPovgf5fMllw2bL5DTHR6H5+c0Tn4X1TtdtmOkhVeK119
HRUROx47uVnPs7M1DHbx23Xd2y9fSRk2IHKaK8eWsaTqpuBnI5dg0f7SMYE8tpet
Dc/Bq7S6j6k/2STrnKoNU3NiRLzRNon8RN5vmeXJi6U6+pK60WO6RaDKbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONgX0au1KtmeEv4Z3nQtT1jQ+XmMB8GA1UdIwQY
MBaAFB8iwISNMFnlrlX2jAcHnLmpLCeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHlMQWhJMHdXZVd1VmZhTUJ3ZWN1YWtzSjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9jMTA5MTEtNDAyMi00NmZiLTkyMTQt
N2M2ODU3NjQ4NjY2LzEvNDJCZlJxN1VxMlo0U19obmVkQzFQV05ENWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9jMTA5MTEtNDAyMi00NmZiLTkyMTQtN2M2ODU3NjQ4NjY2
LzEvSHlMQWhJMHdXZVd1VmZhTUJ3ZWN1YWtzSjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw1AoMA0G
CSqGSIb3DQEBCwUAA4IBAQAY5hwACfd4tn31wJxkpwEEMAr7rhJ67adEx9BYwV4w
eMvMEaHqQQxrGdjIlMwJr3JvgjKGF2QjVMPrsRCMbiZ1x/Q7ZRzeCtZcfll3Hoxp
fU5KERwKtJECdxP4KDwepn2WZhL/iwWzPKZ+xP2FVmNjzw6H/+oMgt/Okn9hDhrC
fNDcvmVoXy+yBEIpvFcKLoruN/Gi4ZAQsRp66FSdLIH6vE+TFoyVvGQCKzIumFvs
xUAje8pBtsSjuYsYT4fqF0AdnkuHKeSJDX6T1afUCn2yaEwQ5efh/GHQztSMBlj9
mTJWrkWzun9wk+8A4SIDGUb+Xz+2wiuQKZKMwi+p5UBG
-----END CERTIFICATE-----