Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/Hb-5NLpM4XozrSV58LsyAHiY9bA.roa
File:                     Hb-5NLpM4XozrSV58LsyAHiY9bA.roa (raw, json)
Hash identifier:          +CYGYfN0gBkxAw0V7LyKuTOq6F41KvgcfhVQzjVGGHk=
Subject key identifier:   1D:BF:B9:34:BA:4C:E1:7A:33:AD:25:79:F0:BB:32:00:78:98:F5:B0
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0194266BA40360BED52A3D6DCECDEF39E925
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/Hb-5NLpM4XozrSV58LsyAHiY9bA.roa
Signing time:             Thu 02 Jan 2025 09:49:36 +0000
ROA not before:           Thu 02 Jan 2025 09:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     27323
IP address blocks:        193.42.244.0/24 maxlen: 24
                          194.62.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a4:03:60:be:d5:2a:3d:6d:ce:cd:ef:39:e9:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 09:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dbfb934ba4ce17a33ad2579f0bb32007898f5b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6f:99:f3:0b:23:65:66:2c:a3:b5:56:88:52:
                    fa:ee:6a:8a:01:5a:8a:38:d1:6a:dc:37:47:7a:d7:
                    38:ad:00:b5:c8:46:74:75:28:d2:b0:9d:ca:ae:20:
                    07:a7:6f:2b:5b:b0:20:42:7b:07:26:a7:43:74:87:
                    d7:d4:1d:53:71:e6:f4:7b:c5:84:c7:d7:21:00:b3:
                    b6:9b:c3:de:66:22:06:37:3b:7a:d6:78:5e:a0:5d:
                    7d:eb:20:d8:95:63:6f:57:e4:01:d8:3e:d0:99:7f:
                    dc:cd:63:4a:cc:96:1c:28:c5:9d:05:90:1e:00:e6:
                    6d:69:a4:9d:f4:c9:12:21:10:4d:e7:ec:b8:6c:4b:
                    96:4b:db:8f:28:cd:65:eb:4e:47:d5:58:ec:da:9b:
                    1e:ae:94:f1:c0:0e:bf:e0:ab:58:e4:ad:ac:e5:5d:
                    63:35:a9:72:a5:bb:8f:1d:18:d2:df:f3:08:81:71:
                    b8:43:12:23:05:57:25:67:48:d0:0e:7e:2a:d5:0d:
                    97:fe:5c:fe:19:81:5f:89:98:a8:f8:1f:24:5a:88:
                    22:a5:ad:a0:3e:f3:fe:9b:b4:6e:aa:c3:6f:f0:fc:
                    ee:18:ba:65:9d:d6:73:16:5e:3f:b7:e8:2f:9f:fb:
                    76:d5:46:51:22:22:12:07:f4:68:b4:5a:fc:13:c3:
                    e8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:BF:B9:34:BA:4C:E1:7A:33:AD:25:79:F0:BB:32:00:78:98:F5:B0
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/Hb-5NLpM4XozrSV58LsyAHiY9bA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.244.0/24
                  194.62.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:0a:58:21:b9:8c:e2:49:27:97:b1:34:60:fa:bb:75:a5:ea:
         8a:51:ce:76:97:8d:23:af:15:a3:1b:f5:33:ec:f8:f1:1b:37:
         43:76:17:44:4a:e6:9b:75:8a:bd:79:9c:df:cd:3c:aa:02:db:
         7d:1a:b4:e7:ab:d7:ec:79:e7:67:8c:84:77:4c:6b:60:f8:1d:
         65:c4:ab:df:2e:a6:e6:cf:6a:86:9d:45:a9:93:4a:31:31:f8:
         4e:30:50:df:1f:7a:0e:bf:e6:30:c9:5c:59:2a:b8:02:a3:af:
         1f:14:aa:3b:dc:17:d2:d8:73:45:ba:83:b9:0b:7b:a5:73:ef:
         17:6c:51:d1:9c:ce:5b:4d:8e:06:61:ea:ee:dd:ee:aa:58:d6:
         ce:66:e6:b9:88:68:c3:0d:f9:16:31:70:b8:a3:12:2e:2a:ef:
         c1:86:58:b0:25:45:2b:97:13:e5:f8:0f:80:ab:ae:f4:98:0d:
         be:99:08:fd:76:72:8d:b7:44:ba:24:7b:99:ea:67:5b:54:eb:
         5a:2e:4d:04:6d:8d:83:57:32:2e:c5:22:3f:21:d5:b0:23:6f:
         2d:a6:3e:49:b8:f1:55:72:e6:99:90:db:b1:84:ca:62:f3:2b:
         e7:0a:1f:e6:18:6d:58:cd:3f:e3:86:65:e2:bd:7d:59:ed:34:
         94:a6:f4:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma6QDYL7VKj1tzs3vOeklMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGJmYjkzNGJhNGNlMTdhMzNhZDI1NzlmMGJiMzIwMDc4OThmNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2+Z8wsjZWYso7VWiFL67mqKAVqK
ONFq3DdHetc4rQC1yEZ0dSjSsJ3KriAHp28rW7AgQnsHJqdDdIfX1B1Tceb0e8WE
x9chALO2m8PeZiIGNzt61nheoF196yDYlWNvV+QB2D7QmX/czWNKzJYcKMWdBZAe
AOZtaaSd9MkSIRBN5+y4bEuWS9uPKM1l605H1Vjs2pserpTxwA6/4KtY5K2s5V1j
NalypbuPHRjS3/MIgXG4QxIjBVclZ0jQDn4q1Q2X/lz+GYFfiZio+B8kWogipa2g
PvP+m7RuqsNv8PzuGLplndZzFl4/t+gvn/t21UZRIiISB/RotFr8E8PoWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB2/uTS6TOF6M60lefC7MgB4mPWwMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvSGItNU5McE00WG96clNWNThMc3lBSGlZOWJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSr0AwQA
wj6mMA0GCSqGSIb3DQEBCwUAA4IBAQARClghuYziSSeXsTRg+rt1peqKUc52l40j
rxWjG/Uz7PjxGzdDdhdESuabdYq9eZzfzTyqAtt9GrTnq9fseednjIR3TGtg+B1l
xKvfLqbmz2qGnUWpk0oxMfhOMFDfH3oOv+YwyVxZKrgCo68fFKo73BfS2HNFuoO5
C3ulc+8XbFHRnM5bTY4GYeru3e6qWNbOZua5iGjDDfkWMXC4oxIuKu/BhliwJUUr
lxPl+A+Aq670mA2+mQj9dnKNt0S6JHuZ6mdbVOtaLk0EbY2DVzIuxSI/IdWwI28t
pj5JuPFVcuaZkNuxhMpi8yvnCh/mGG1YzT/jhmXivX1Z7TSUpvSd
-----END CERTIFICATE-----