Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hGcC8pH90rVLHDJtvAilqX5XLzE.roa
File:                     hGcC8pH90rVLHDJtvAilqX5XLzE.roa (raw, json)
Hash identifier:          npZGvB15HMuchuk4F3avb+z/HsLdudu/iVriYLY7yVQ=
Subject key identifier:   84:67:02:F2:91:FD:D2:B5:4B:1C:32:6D:BC:08:A5:A9:7E:57:2F:31
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC1C8E2E93C625616ECC181FF00843
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hGcC8pH90rVLHDJtvAilqX5XLzE.roa
Signing time:             Wed 01 Jan 2025 17:48:55 +0000
ROA not before:           Wed 01 Jan 2025 17:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206582
IP address blocks:        193.31.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:1c:8e:2e:93:c6:25:61:6e:cc:18:1f:f0:08:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=846702f291fdd2b54b1c326dbc08a5a97e572f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:95:1a:bb:4f:91:e1:52:b8:2b:66:20:cf:2f:
                    6e:74:6d:e1:c5:05:2e:1f:ad:e7:ff:d8:f0:8e:67:
                    7a:93:60:ba:ce:df:4a:5d:47:9a:ba:81:04:47:45:
                    e3:09:4f:39:a0:23:90:18:15:ea:3d:3e:ca:e4:da:
                    b7:6c:2b:83:59:1a:3d:ec:a4:92:a7:00:0a:f6:0f:
                    0e:14:66:e0:7e:65:28:c7:c7:96:d6:bf:d8:37:02:
                    78:3c:61:b4:b6:f2:54:14:62:83:07:c3:9e:75:b1:
                    92:09:80:e2:da:16:a6:6b:1f:f8:2e:41:e5:53:9c:
                    d6:2c:21:4e:02:5d:82:32:62:f1:dd:e3:b0:4e:4c:
                    85:8f:da:d1:d6:b6:1a:2f:d0:82:c5:09:ca:01:9b:
                    5e:74:e1:c4:f6:ad:4a:18:1a:1e:93:04:62:af:7c:
                    ed:75:fb:87:91:aa:f8:3c:d1:a4:02:f8:91:47:cb:
                    b7:f9:07:6a:2e:84:c9:e0:05:de:31:1c:fb:07:f1:
                    23:05:93:23:78:80:4b:76:f7:13:25:96:8d:d0:70:
                    1b:78:f8:ac:d0:d4:54:a6:6b:b7:81:b3:e2:af:83:
                    6d:bc:4b:66:cd:06:e1:78:38:cd:8e:8a:ed:3a:5f:
                    81:f2:4e:25:56:22:1d:16:a2:df:31:52:1a:3f:8c:
                    05:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:67:02:F2:91:FD:D2:B5:4B:1C:32:6D:BC:08:A5:A9:7E:57:2F:31
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hGcC8pH90rVLHDJtvAilqX5XLzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:bc:d7:4e:e7:64:90:67:f2:ff:50:eb:50:34:69:9d:11:76:
         6f:0e:8a:5d:08:a8:1f:83:79:72:91:6e:e8:40:89:cd:66:e4:
         ae:36:6b:71:b2:73:0c:14:e8:1c:bf:51:05:65:8f:dc:59:99:
         e5:9f:82:2f:40:e9:f4:78:44:7b:60:af:65:c8:87:51:5b:ea:
         81:fd:b9:38:71:90:1c:ac:8e:5c:ba:bf:12:e9:f3:9a:cf:48:
         6a:d2:4a:b1:7d:a0:eb:df:e4:70:a7:94:2c:4c:6d:3a:b9:52:
         17:b0:ce:d7:8c:67:1c:6a:f8:39:94:56:e5:9f:d3:76:a9:d3:
         cc:4a:44:b9:2e:84:85:1d:21:cf:2c:be:fe:c3:ad:a7:fc:08:
         58:ab:b5:1e:f7:28:82:72:54:56:83:6f:a6:5f:a3:1e:82:13:
         aa:ae:a9:3b:2b:20:f8:07:c1:9e:89:60:96:1a:00:6e:10:9f:
         b7:6c:47:61:d1:fe:cd:54:f3:44:fa:00:84:07:66:17:d9:d1:
         6b:ad:4f:e5:b4:ef:f4:88:92:c0:17:65:16:68:b1:24:a8:1b:
         1a:ca:04:e2:08:fb:c7:21:4b:15:a5:77:32:78:f1:53:1a:fc:
         17:70:f5:a5:fd:60:4e:c2:49:50:51:cc:a7:e2:c3:12:1c:3f:
         22:f0:c3:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/ByOLpPGJWFuzBgf8AhDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDY3MDJmMjkxZmRkMmI1NGIxYzMyNmRiYzA4YTVhOTdlNTcyZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Uau0+R4VK4K2Ygzy9udG3hxQUu
H63n/9jwjmd6k2C6zt9KXUeauoEER0XjCU85oCOQGBXqPT7K5Nq3bCuDWRo97KSS
pwAK9g8OFGbgfmUox8eW1r/YNwJ4PGG0tvJUFGKDB8OedbGSCYDi2hamax/4LkHl
U5zWLCFOAl2CMmLx3eOwTkyFj9rR1rYaL9CCxQnKAZtedOHE9q1KGBoekwRir3zt
dfuHkar4PNGkAviRR8u3+QdqLoTJ4AXeMRz7B/EjBZMjeIBLdvcTJZaN0HAbePis
0NRUpmu3gbPir4NtvEtmzQbheDjNjortOl+B8k4lViIdFqLfMVIaP4wFTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRnAvKR/dK1SxwybbwIpal+Vy8xMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaEdjQzhwSDkwclZMSERKdHZBaWxxWDVYTHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwR9oMA0G
CSqGSIb3DQEBCwUAA4IBAQCDvNdO52SQZ/L/UOtQNGmdEXZvDopdCKgfg3lykW7o
QInNZuSuNmtxsnMMFOgcv1EFZY/cWZnln4IvQOn0eER7YK9lyIdRW+qB/bk4cZAc
rI5cur8S6fOaz0hq0kqxfaDr3+Rwp5QsTG06uVIXsM7XjGccavg5lFbln9N2qdPM
SkS5LoSFHSHPLL7+w62n/AhYq7Ue9yiCclRWg2+mX6MeghOqrqk7KyD4B8GeiWCW
GgBuEJ+3bEdh0f7NVPNE+gCEB2YX2dFrrU/ltO/0iJLAF2UWaLEkqBsaygTiCPvH
IUsVpXcyePFTGvwXcPWl/WBOwklQUcyn4sMSHD8i8MNf
-----END CERTIFICATE-----