Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/hyIZ79qkrdHzxjA2nqjpWKRJazw.roa
File:                     hyIZ79qkrdHzxjA2nqjpWKRJazw.roa (raw, json)
Hash identifier:          uN3TIUn6uJGV9mne7uVtH2Vshh9cYXISPUulyaHzlUE=
Subject key identifier:   87:22:19:EF:DA:A4:AD:D1:F3:C6:30:36:9E:A8:E9:58:A4:49:6B:3C
Certificate issuer:       /CN=42c30371986df5d564ee67074717b66a02ff5712
Certificate serial:       0194221F99B08F9E08184FD4A2A048A46B82
Authority key identifier: 42:C3:03:71:98:6D:F5:D5:64:EE:67:07:47:17:B6:6A:02:FF:57:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QsMDcZht9dVk7mcHRxe2agL_VxI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/hyIZ79qkrdHzxjA2nqjpWKRJazw.roa
Signing time:             Wed 01 Jan 2025 13:48:03 +0000
ROA not before:           Wed 01 Jan 2025 13:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57728
IP address blocks:        188.122.192.0/19 maxlen: 19
                          2a0a:b6c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/QsMDcZht9dVk7mcHRxe2agL_VxI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/QsMDcZht9dVk7mcHRxe2agL_VxI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QsMDcZht9dVk7mcHRxe2agL_VxI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:99:b0:8f:9e:08:18:4f:d4:a2:a0:48:a4:6b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42c30371986df5d564ee67074717b66a02ff5712
        Validity
            Not Before: Jan  1 13:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=872219efdaa4add1f3c630369ea8e958a4496b3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ce:b6:6c:0e:41:41:ed:68:fb:12:ff:04:bf:
                    bd:79:42:2f:f7:ba:57:08:45:f3:4d:cc:a2:6b:25:
                    70:15:03:7f:27:59:b7:72:04:44:30:c6:8c:bf:d9:
                    ba:59:ba:1c:fe:a3:e9:23:ad:d1:ec:54:41:28:96:
                    b7:3e:3d:10:28:08:ce:9e:6b:c3:c5:13:fa:be:8d:
                    6f:c9:d2:07:ec:16:b6:83:31:93:c5:bb:20:70:1f:
                    18:ad:38:e5:08:6a:ce:73:3d:06:3a:bc:68:45:f1:
                    51:72:72:72:c1:cb:23:34:6b:52:83:d5:0a:91:ee:
                    c1:de:ee:b8:fd:0c:fd:bc:3b:24:6b:06:45:a0:f4:
                    b9:aa:f6:2b:69:0b:09:a9:d6:65:cc:b7:11:66:89:
                    b8:91:6a:66:5e:cb:a9:15:be:07:82:b1:8f:d8:21:
                    ae:66:82:ee:8d:e9:a7:43:d1:f9:a7:bb:4f:ac:28:
                    4b:36:eb:ea:60:a0:b2:ba:50:1e:a5:3e:27:39:b9:
                    72:e9:32:10:c0:37:71:bd:0e:9e:0a:9a:da:e8:60:
                    52:25:41:b0:33:24:19:b4:43:b5:1a:b3:b4:6f:ac:
                    b3:66:d2:22:0c:ab:6a:d6:ce:a6:d8:ac:f6:5e:32:
                    7d:0e:f9:ba:f2:28:ef:4a:7f:4f:43:be:5d:55:fa:
                    fb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:22:19:EF:DA:A4:AD:D1:F3:C6:30:36:9E:A8:E9:58:A4:49:6B:3C
            X509v3 Authority Key Identifier:
                keyid:42:C3:03:71:98:6D:F5:D5:64:EE:67:07:47:17:B6:6A:02:FF:57:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QsMDcZht9dVk7mcHRxe2agL_VxI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/hyIZ79qkrdHzxjA2nqjpWKRJazw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/8ba0dd-2fbb-4a6f-9a37-c2454ce28d48/1/QsMDcZht9dVk7mcHRxe2agL_VxI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.122.192.0/19
                IPv6:
                  2a0a:b6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:bd:6e:af:de:49:ee:b9:51:c9:33:06:5f:4e:bb:a5:52:c5:
         91:90:d3:44:bf:1d:c5:27:77:9a:21:2a:5f:22:77:86:c1:1b:
         6e:a2:8b:56:44:40:5f:26:82:cd:e2:b3:5d:67:d2:5a:44:8b:
         22:58:d8:e7:e7:ff:7b:7d:11:24:da:89:05:ab:7f:5a:b0:6d:
         c8:19:7b:37:ec:1f:c7:51:c8:e9:e4:65:52:3e:8e:0d:76:06:
         5e:bf:20:3b:cc:6c:73:b0:65:b0:63:73:62:7a:23:0f:39:e2:
         14:f4:6e:df:df:fd:a6:60:78:65:41:c2:98:e9:a0:1e:5f:45:
         f9:58:99:c5:fa:51:1a:47:18:03:9a:f6:18:86:57:2a:5e:fb:
         45:da:bc:de:24:a7:33:9b:53:ac:9b:1f:b0:2a:8e:56:39:06:
         f1:9c:46:75:43:20:16:ea:e4:3f:cc:3b:8b:e1:68:7e:0b:a5:
         7b:9e:a7:96:1d:9e:60:cf:2c:7a:d7:df:41:e7:68:a4:fe:c4:
         60:83:8b:3c:a9:7d:ea:6e:25:c3:f6:5b:8a:25:50:0c:58:06:
         de:bc:75:03:9d:66:ae:e9:a9:b2:86:d6:6f:d0:52:04:8a:cc:
         d6:d0:02:1a:cd:84:99:41:4b:a3:ce:d8:e6:07:6e:76:75:01:
         12:cb:71:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH5mwj54IGE/UoqBIpGuCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyYzMwMzcxOTg2ZGY1ZDU2NGVlNjcwNzQ3MTdiNjZhMDJm
ZjU3MTIwHhcNMjUwMTAxMTM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzIyMTllZmRhYTRhZGQxZjNjNjMwMzY5ZWE4ZTk1OGE0NDk2YjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis62bA5BQe1o+xL/BL+9eUIv97pX
CEXzTcyiayVwFQN/J1m3cgREMMaMv9m6Wboc/qPpI63R7FRBKJa3Pj0QKAjOnmvD
xRP6vo1vydIH7Ba2gzGTxbsgcB8YrTjlCGrOcz0GOrxoRfFRcnJywcsjNGtSg9UK
ke7B3u64/Qz9vDskawZFoPS5qvYraQsJqdZlzLcRZom4kWpmXsupFb4HgrGP2CGu
ZoLujemnQ9H5p7tPrChLNuvqYKCyulAepT4nObly6TIQwDdxvQ6eCpra6GBSJUGw
MyQZtEO1GrO0b6yzZtIiDKtq1s6m2Kz2XjJ9Dvm68ijvSn9PQ75dVfr7XQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIciGe/apK3R88YwNp6o6VikSWs8MB8GA1UdIwQY
MBaAFELDA3GYbfXVZO5nB0cXtmoC/1cSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXNNRGNaaHQ5ZFZrN21jSFJ4ZTJhZ0xfVnhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC84YmEwZGQtMmZiYi00YTZmLTlhMzct
YzI0NTRjZTI4ZDQ4LzEvaHlJWjc5cWtyZEh6eGpBMm5xanBXS1JKYXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC84YmEwZGQtMmZiYi00YTZmLTlhMzctYzI0NTRjZTI4ZDQ4
LzEvUXNNRGNaaHQ5ZFZrN21jSFJ4ZTJhZ0xfVnhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFvHrAMA0E
AgACMAcDBQAqCrbAMA0GCSqGSIb3DQEBCwUAA4IBAQB5vW6v3knuuVHJMwZfTrul
UsWRkNNEvx3FJ3eaISpfIneGwRtuootWREBfJoLN4rNdZ9JaRIsiWNjn5/97fREk
2okFq39asG3IGXs37B/HUcjp5GVSPo4NdgZevyA7zGxzsGWwY3NieiMPOeIU9G7f
3/2mYHhlQcKY6aAeX0X5WJnF+lEaRxgDmvYYhlcqXvtF2rzeJKczm1Osmx+wKo5W
OQbxnEZ1QyAW6uQ/zDuL4Wh+C6V7nqeWHZ5gzyx6199B52ik/sRgg4s8qX3qbiXD
9luKJVAMWAbevHUDnWau6amyhtZv0FIEiszW0AIazYSZQUujztjmB252dQESy3E0
-----END CERTIFICATE-----