Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/9b81c8-732c-43f2-b6ab-484014a4d94e/1/jYHRdDHfT6bQOmOGT7Tls1WhRLY.roa
File:                     jYHRdDHfT6bQOmOGT7Tls1WhRLY.roa (raw, json)
Hash identifier:          pWv0ClQXtIskoLimOYMYx3t3am8WhnpvjCRS+V8Iqy8=
Subject key identifier:   8D:81:D1:74:31:DF:4F:A6:D0:3A:63:86:4F:B4:E5:B3:55:A1:44:B6
Certificate issuer:       /CN=2bed62935fb48af6e44cba19426efab51f1c5410
Certificate serial:       019426D90258DE695C732C37EB4CAB1961AA
Authority key identifier: 2B:ED:62:93:5F:B4:8A:F6:E4:4C:BA:19:42:6E:FA:B5:1F:1C:54:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K-1ik1-0ivbkTLoZQm76tR8cVBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/9b81c8-732c-43f2-b6ab-484014a4d94e/1/jYHRdDHfT6bQOmOGT7Tls1WhRLY.roa
Signing time:             Thu 02 Jan 2025 11:49:03 +0000
ROA not before:           Thu 02 Jan 2025 11:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62342
IP address blocks:        193.202.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/9b81c8-732c-43f2-b6ab-484014a4d94e/1/K-1ik1-0ivbkTLoZQm76tR8cVBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/9b81c8-732c-43f2-b6ab-484014a4d94e/1/K-1ik1-0ivbkTLoZQm76tR8cVBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K-1ik1-0ivbkTLoZQm76tR8cVBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:02:58:de:69:5c:73:2c:37:eb:4c:ab:19:61:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bed62935fb48af6e44cba19426efab51f1c5410
        Validity
            Not Before: Jan  2 11:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d81d17431df4fa6d03a63864fb4e5b355a144b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:bb:11:60:c1:e3:fc:9f:c0:c7:fb:31:9b:c2:
                    b7:56:19:ea:3f:af:76:b4:f6:d9:80:7a:8f:cf:f8:
                    d5:b7:ea:76:90:a8:9c:10:b0:26:e7:e8:a7:a8:ea:
                    8c:16:94:0a:56:9e:27:d4:aa:f1:a0:18:b8:cc:83:
                    18:4e:ed:90:82:52:4b:ba:15:75:64:b3:38:92:0c:
                    8e:1f:fc:47:15:32:0c:f2:9d:45:65:25:63:30:6b:
                    06:18:27:8d:9f:57:6d:bc:6f:1b:ea:22:76:00:f7:
                    64:fa:c7:01:ec:99:8d:98:68:05:14:a8:ee:4f:4f:
                    47:cb:78:36:d3:08:04:fb:b3:d7:55:59:68:e2:07:
                    32:41:2e:7b:91:c1:da:b1:e3:ab:a6:e9:00:90:b2:
                    c8:e2:5c:8d:35:d4:26:84:3a:76:a7:29:f4:36:39:
                    9d:b3:31:82:bb:3f:1f:41:5f:72:35:3e:dc:65:4d:
                    83:ad:af:e0:66:60:54:77:b7:70:c5:07:ac:fe:08:
                    1a:58:89:ba:77:4a:7e:9c:26:52:62:1d:64:a9:0a:
                    7e:41:78:00:0d:f6:83:28:f8:87:11:65:2a:cd:52:
                    29:98:94:f4:cd:5c:c3:7e:77:dd:ac:e9:87:bf:a2:
                    6f:86:d8:75:0e:de:e9:01:ee:3f:7b:62:fa:63:0d:
                    fa:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:81:D1:74:31:DF:4F:A6:D0:3A:63:86:4F:B4:E5:B3:55:A1:44:B6
            X509v3 Authority Key Identifier:
                keyid:2B:ED:62:93:5F:B4:8A:F6:E4:4C:BA:19:42:6E:FA:B5:1F:1C:54:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K-1ik1-0ivbkTLoZQm76tR8cVBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/9b81c8-732c-43f2-b6ab-484014a4d94e/1/jYHRdDHfT6bQOmOGT7Tls1WhRLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/9b81c8-732c-43f2-b6ab-484014a4d94e/1/K-1ik1-0ivbkTLoZQm76tR8cVBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:24:9c:8c:31:69:2c:59:4f:79:4c:aa:b8:66:4a:ab:59:3a:
         3c:4d:d6:cd:5f:e3:b6:a9:c9:97:86:43:a0:8c:2a:98:6a:dc:
         19:b7:97:05:77:70:68:17:e1:f4:88:06:5a:3a:1e:32:80:db:
         18:c9:16:21:a0:7b:56:1e:0a:fc:0e:ae:88:08:8d:b4:ef:6b:
         dd:52:45:b1:1f:ff:48:29:10:fb:a4:69:f3:a3:d8:ef:1c:24:
         1d:48:d3:c1:e9:2d:36:14:ab:38:2f:6b:6b:7e:8f:f0:34:38:
         d6:93:42:d1:a4:ad:6a:16:a0:39:c3:5d:da:c3:ea:e7:0e:66:
         8b:88:92:7b:9e:a6:0e:18:3d:ed:53:d3:b1:bd:c5:fd:61:a6:
         f9:ea:6a:05:e7:75:4c:ae:f7:3c:6c:82:45:ca:0e:69:5d:d7:
         46:1d:96:be:e2:fd:72:8f:b7:cd:6a:58:c7:92:fe:37:81:c6:
         69:7e:58:16:99:f0:4a:0a:33:4e:05:b9:78:58:8d:c8:ca:58:
         f8:f9:7a:c8:66:6c:3a:87:17:e1:a4:35:b2:4a:c9:21:dc:0f:
         cc:67:8a:22:a2:fa:4c:c7:38:86:59:cd:e0:59:6b:73:bd:92:
         ae:7b:3d:73:63:d7:20:24:25:13:7e:95:2f:bf:54:8d:97:cf:
         3b:67:c5:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2QJY3mlccyw360yrGWGqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZWQ2MjkzNWZiNDhhZjZlNDRjYmExOTQyNmVmYWI1MWYx
YzU0MTAwHhcNMjUwMTAyMTE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDgxZDE3NDMxZGY0ZmE2ZDAzYTYzODY0ZmI0ZTViMzU1YTE0NGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LsRYMHj/J/Ax/sxm8K3VhnqP692
tPbZgHqPz/jVt+p2kKicELAm5+inqOqMFpQKVp4n1KrxoBi4zIMYTu2QglJLuhV1
ZLM4kgyOH/xHFTIM8p1FZSVjMGsGGCeNn1dtvG8b6iJ2APdk+scB7JmNmGgFFKju
T09Hy3g20wgE+7PXVVlo4gcyQS57kcHaseOrpukAkLLI4lyNNdQmhDp2pyn0Njmd
szGCuz8fQV9yNT7cZU2Dra/gZmBUd7dwxQes/ggaWIm6d0p+nCZSYh1kqQp+QXgA
DfaDKPiHEWUqzVIpmJT0zVzDfnfdrOmHv6Jvhth1Dt7pAe4/e2L6Yw36owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI2B0XQx30+m0Dpjhk+05bNVoUS2MB8GA1UdIwQY
MBaAFCvtYpNftIr25Ey6GUJu+rUfHFQQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSy0xaWsxLTBpdmJrVExvWlFtNzZ0UjhjVkJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS85YjgxYzgtNzMyYy00M2YyLWI2YWIt
NDg0MDE0YTRkOTRlLzEvallIUmRESGZUNmJRT21PR1Q3VGxzMVdoUkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS85YjgxYzgtNzMyYy00M2YyLWI2YWItNDg0MDE0YTRkOTRl
LzEvSy0xaWsxLTBpdmJrVExvWlFtNzZ0UjhjVkJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcoWMA0G
CSqGSIb3DQEBCwUAA4IBAQB0JJyMMWksWU95TKq4ZkqrWTo8TdbNX+O2qcmXhkOg
jCqYatwZt5cFd3BoF+H0iAZaOh4ygNsYyRYhoHtWHgr8Dq6ICI2072vdUkWxH/9I
KRD7pGnzo9jvHCQdSNPB6S02FKs4L2trfo/wNDjWk0LRpK1qFqA5w13aw+rnDmaL
iJJ7nqYOGD3tU9OxvcX9Yab56moF53VMrvc8bIJFyg5pXddGHZa+4v1yj7fNaljH
kv43gcZpflgWmfBKCjNOBbl4WI3Iylj4+XrIZmw6hxfhpDWySskh3A/MZ4oiovpM
xziGWc3gWWtzvZKuez1zY9cgJCUTfpUvv1SNl887Z8Vv
-----END CERTIFICATE-----