Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/92b381-e514-438c-b8f9-f8aed30d54c3/1/vHFL3NqT62c-dvNoqZM6UY1Qkso.roa
File:                     vHFL3NqT62c-dvNoqZM6UY1Qkso.roa (raw, json)
Hash identifier:          a6jTEveih8CJwQfmE458rXUCSvGrU0Bb9osIwlUUdEM=
Subject key identifier:   BC:71:4B:DC:DA:93:EB:67:3E:76:F3:68:A9:93:3A:51:8D:50:92:CA
Certificate issuer:       /CN=218da7ff576e78dc234eb74cbf073076c1f7ebc9
Certificate serial:       019421B1F3ABC4AAF79AC83ADAB2107C8CE2
Authority key identifier: 21:8D:A7:FF:57:6E:78:DC:23:4E:B7:4C:BF:07:30:76:C1:F7:EB:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IY2n_1dueNwjTrdMvwcwdsH368k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/92b381-e514-438c-b8f9-f8aed30d54c3/1/vHFL3NqT62c-dvNoqZM6UY1Qkso.roa
Signing time:             Wed 01 Jan 2025 11:48:17 +0000
ROA not before:           Wed 01 Jan 2025 11:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197608
IP address blocks:        193.150.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/92b381-e514-438c-b8f9-f8aed30d54c3/1/IY2n_1dueNwjTrdMvwcwdsH368k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/92b381-e514-438c-b8f9-f8aed30d54c3/1/IY2n_1dueNwjTrdMvwcwdsH368k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IY2n_1dueNwjTrdMvwcwdsH368k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f3:ab:c4:aa:f7:9a:c8:3a:da:b2:10:7c:8c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218da7ff576e78dc234eb74cbf073076c1f7ebc9
        Validity
            Not Before: Jan  1 11:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc714bdcda93eb673e76f368a9933a518d5092ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5b:75:77:45:8f:67:43:6f:ad:84:f1:3c:50:
                    0b:55:d0:9d:57:e2:0b:82:1e:39:aa:00:07:ff:65:
                    79:1e:49:c3:1f:05:67:b6:00:90:2f:5f:b2:b6:26:
                    3c:ab:de:48:31:b1:e9:29:8d:d4:67:4b:75:d3:a4:
                    54:6b:1a:22:62:f4:96:3a:a9:d6:80:d5:c5:e4:b8:
                    fb:35:1f:0a:41:36:24:79:07:5a:91:df:08:30:5a:
                    c4:16:69:83:95:52:52:7b:42:0d:06:f5:83:cf:02:
                    b4:04:94:10:5c:54:37:d6:88:a5:2d:b4:0a:e4:a0:
                    de:ce:df:82:16:74:e4:53:e9:4c:d8:aa:58:da:d1:
                    1f:d3:b5:35:1a:d1:41:ba:83:37:f8:0a:68:db:e7:
                    cb:b7:00:1c:5f:f1:35:aa:f4:fa:5f:06:ca:b4:0f:
                    26:df:ee:47:3a:79:88:cd:bc:7a:a3:cb:3a:dd:31:
                    f0:f1:02:b9:93:cb:0b:a9:01:d0:d1:60:2a:c8:58:
                    18:37:f9:65:ce:9c:30:ff:e4:fe:b7:4a:14:7d:88:
                    db:38:7b:cc:be:37:4a:ff:5e:4a:ac:f4:ac:11:ae:
                    6f:8c:47:1e:1b:ea:5c:21:11:e3:02:82:67:a3:2f:
                    e2:d8:10:4b:0b:68:85:eb:30:1f:5e:51:cd:11:d1:
                    2e:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:71:4B:DC:DA:93:EB:67:3E:76:F3:68:A9:93:3A:51:8D:50:92:CA
            X509v3 Authority Key Identifier:
                keyid:21:8D:A7:FF:57:6E:78:DC:23:4E:B7:4C:BF:07:30:76:C1:F7:EB:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IY2n_1dueNwjTrdMvwcwdsH368k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/92b381-e514-438c-b8f9-f8aed30d54c3/1/vHFL3NqT62c-dvNoqZM6UY1Qkso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/92b381-e514-438c-b8f9-f8aed30d54c3/1/IY2n_1dueNwjTrdMvwcwdsH368k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:85:f3:8c:c0:d1:8f:36:b2:19:29:6e:31:a8:03:a1:d7:2d:
         6d:e8:aa:e1:9e:b6:e7:4d:dc:12:17:9a:d0:89:75:14:9b:97:
         9a:d3:8d:1c:af:46:86:ec:17:b2:bd:17:de:8e:42:36:dd:8a:
         65:5b:9b:91:34:03:36:57:35:d1:36:90:fa:3d:f4:ef:0a:65:
         48:6b:e5:ef:b3:15:5c:68:89:16:a3:11:a3:ef:30:b9:b4:60:
         d9:55:47:6b:9e:c6:b4:9b:28:c5:6a:a2:1b:ca:b1:e7:23:27:
         2b:9a:2c:6b:6b:47:59:d4:fb:3e:ed:ab:f4:f1:36:77:ad:ce:
         14:66:4b:3c:b1:5d:65:b3:3f:8e:1c:a3:c7:0c:3f:49:0f:75:
         77:65:b7:46:dc:e9:29:86:da:6b:03:c8:8a:88:47:17:53:c0:
         0d:d9:9a:eb:45:43:41:89:b8:6c:c8:87:4c:c7:e5:70:fd:14:
         1c:46:3f:ed:04:bb:df:e2:72:66:53:78:79:34:95:b4:46:1b:
         05:6f:a3:8a:e6:86:63:09:ae:4a:43:20:fd:f6:3f:49:cb:c2:
         cd:49:d9:06:40:89:2b:77:a7:bc:84:ce:98:f2:9f:b6:67:47:
         be:4a:cf:8d:3e:b9:44:37:38:f8:15:1e:02:ad:84:90:8f:78:
         e0:b4:af:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsfOrxKr3msg62rIQfIziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOGRhN2ZmNTc2ZTc4ZGMyMzRlYjc0Y2JmMDczMDc2YzFm
N2ViYzkwHhcNMjUwMTAxMTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzcxNGJkY2RhOTNlYjY3M2U3NmYzNjhhOTkzM2E1MThkNTA5MmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1t1d0WPZ0NvrYTxPFALVdCdV+IL
gh45qgAH/2V5HknDHwVntgCQL1+ytiY8q95IMbHpKY3UZ0t106RUaxoiYvSWOqnW
gNXF5Lj7NR8KQTYkeQdakd8IMFrEFmmDlVJSe0INBvWDzwK0BJQQXFQ31oilLbQK
5KDezt+CFnTkU+lM2KpY2tEf07U1GtFBuoM3+Apo2+fLtwAcX/E1qvT6XwbKtA8m
3+5HOnmIzbx6o8s63THw8QK5k8sLqQHQ0WAqyFgYN/llzpww/+T+t0oUfYjbOHvM
vjdK/15KrPSsEa5vjEceG+pcIRHjAoJnoy/i2BBLC2iF6zAfXlHNEdEuHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxxS9zak+tnPnbzaKmTOlGNUJLKMB8GA1UdIwQY
MBaAFCGNp/9XbnjcI063TL8HMHbB9+vJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVkybl8xZHVlTndqVHJkTXZ3Y3dkc0gzNjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS85MmIzODEtZTUxNC00MzhjLWI4Zjkt
ZjhhZWQzMGQ1NGMzLzEvdkhGTDNOcVQ2MmMtZHZOb3FaTTZVWTFRa3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS85MmIzODEtZTUxNC00MzhjLWI4ZjktZjhhZWQzMGQ1NGMz
LzEvSVkybl8xZHVlTndqVHJkTXZ3Y3dkc0gzNjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZYpMA0G
CSqGSIb3DQEBCwUAA4IBAQCYhfOMwNGPNrIZKW4xqAOh1y1t6KrhnrbnTdwSF5rQ
iXUUm5ea040cr0aG7BeyvRfejkI23YplW5uRNAM2VzXRNpD6PfTvCmVIa+XvsxVc
aIkWoxGj7zC5tGDZVUdrnsa0myjFaqIbyrHnIycrmixra0dZ1Ps+7av08TZ3rc4U
Zks8sV1lsz+OHKPHDD9JD3V3ZbdG3OkphtprA8iKiEcXU8AN2ZrrRUNBibhsyIdM
x+Vw/RQcRj/tBLvf4nJmU3h5NJW0RhsFb6OK5oZjCa5KQyD99j9Jy8LNSdkGQIkr
d6e8hM6Y8p+2Z0e+Ss+NPrlENzj4FR4CrYSQj3jgtK+Z
-----END CERTIFICATE-----