Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/DqL2Iz-nfiZFz9O_JLFZ1u0upXo.roa
File:                     DqL2Iz-nfiZFz9O_JLFZ1u0upXo.roa (raw, json)
Hash identifier:          IluKRrKBF5sjHfDOuWCJtjWy7NTUF/LiNuEDUpQYIec=
Subject key identifier:   0E:A2:F6:23:3F:A7:7E:26:45:CF:D3:BF:24:B1:59:D6:ED:2E:A5:7A
Certificate issuer:       /CN=15286f0225c141d95857fe74646949e75dd96f28
Certificate serial:       0194282582F9D705EE6BD05BE64FCDC9F30B
Authority key identifier: 15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/DqL2Iz-nfiZFz9O_JLFZ1u0upXo.roa
Signing time:             Thu 02 Jan 2025 17:52:14 +0000
ROA not before:           Thu 02 Jan 2025 17:52:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34397
IP address blocks:        193.8.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:82:f9:d7:05:ee:6b:d0:5b:e6:4f:cd:c9:f3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15286f0225c141d95857fe74646949e75dd96f28
        Validity
            Not Before: Jan  2 17:52:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ea2f6233fa77e2645cfd3bf24b159d6ed2ea57a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e2:07:09:57:b5:b7:34:db:3a:95:ea:e5:bb:
                    16:5c:68:79:85:26:ea:83:1f:6f:8d:50:5f:3e:60:
                    f9:d6:2e:33:b7:40:75:f3:a5:63:0f:71:3f:f9:6e:
                    5d:2e:c1:b5:80:c4:e6:3d:32:87:f2:eb:ed:9e:53:
                    64:2b:38:15:90:4d:63:c4:16:3d:5b:bf:45:20:b9:
                    93:2a:4b:fe:79:71:74:ee:af:59:96:25:fb:63:0a:
                    e5:d4:f2:ea:63:9c:1c:4f:15:05:89:50:5c:16:9b:
                    41:50:cc:3c:c5:08:51:e6:25:45:cd:d7:3c:8b:e5:
                    40:f6:47:20:c2:dd:9f:93:36:80:b1:c8:b8:af:99:
                    1f:67:0f:e2:42:ef:ec:50:6f:d0:48:80:0d:72:a4:
                    99:71:7a:ee:29:2d:1e:ce:bb:4f:09:da:c6:2c:71:
                    1f:81:13:c4:5e:7c:29:d5:b6:b9:67:a7:9e:97:85:
                    2f:00:4c:34:5d:25:3a:49:c0:37:3b:6b:0b:67:4b:
                    03:7e:9b:91:eb:67:02:12:5c:31:3a:76:a8:23:15:
                    cd:3e:51:a8:3e:64:e1:9d:af:5f:4e:76:ea:39:f0:
                    20:1e:b0:b2:00:ba:3d:48:8b:ab:82:82:56:86:b8:
                    17:ab:5f:d2:6d:63:53:b8:da:58:cd:f7:9c:36:c8:
                    ef:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A2:F6:23:3F:A7:7E:26:45:CF:D3:BF:24:B1:59:D6:ED:2E:A5:7A
            X509v3 Authority Key Identifier:
                keyid:15:28:6F:02:25:C1:41:D9:58:57:FE:74:64:69:49:E7:5D:D9:6F:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FShvAiXBQdlYV_50ZGlJ513Zbyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/DqL2Iz-nfiZFz9O_JLFZ1u0upXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/63440c-3d43-458f-879e-021f50932156/1/FShvAiXBQdlYV_50ZGlJ513Zbyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:22:aa:0f:a7:b7:a8:00:8a:13:3b:11:dd:bb:27:e0:d6:1b:
         19:64:fc:0d:3d:72:9a:44:a4:74:47:ab:de:87:aa:07:c2:e1:
         e7:a3:24:da:df:18:70:e4:bd:d0:85:6c:42:ba:20:a7:c4:50:
         36:4e:cc:40:47:81:be:ac:ac:64:9f:18:79:d6:ea:a3:ae:da:
         cd:37:30:8d:98:5d:4f:06:0a:26:fb:a0:42:0a:cd:2a:5d:3b:
         c5:53:b6:67:5e:7c:f0:b2:dc:29:c5:6b:f3:09:54:7e:59:5c:
         fe:16:72:b5:7b:06:c5:f9:bd:58:9e:6b:5d:c0:54:f4:fb:7c:
         88:7f:72:e3:91:5d:da:fa:01:8a:da:4b:b7:2f:bd:88:01:e0:
         f3:78:c3:ca:42:64:13:cf:8f:00:9e:ab:51:fc:49:82:a2:a8:
         17:c4:f0:62:e4:b3:2c:24:6d:5f:8a:13:98:bc:7b:c4:0c:dc:
         20:e7:33:96:4c:90:f3:9e:80:37:5a:66:9a:60:8f:ab:fd:c2:
         4d:dc:86:86:57:75:9e:8f:7f:54:6a:33:8b:fb:a5:5b:14:35:
         09:be:0c:e0:a5:6b:49:e9:5d:b6:41:1e:0b:75:37:f7:54:ab:
         dc:ba:88:40:cd:a5:98:5b:d8:57:e5:3c:87:56:c6:d5:12:d4:
         05:b9:1e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJYL51wXua9Bb5k/NyfMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjg2ZjAyMjVjMTQxZDk1ODU3ZmU3NDY0Njk0OWU3NWRk
OTZmMjgwHhcNMjUwMTAyMTc1MjE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWEyZjYyMzNmYTc3ZTI2NDVjZmQzYmYyNGIxNTlkNmVkMmVhNTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteIHCVe1tzTbOpXq5bsWXGh5hSbq
gx9vjVBfPmD51i4zt0B186VjD3E/+W5dLsG1gMTmPTKH8uvtnlNkKzgVkE1jxBY9
W79FILmTKkv+eXF07q9ZliX7Ywrl1PLqY5wcTxUFiVBcFptBUMw8xQhR5iVFzdc8
i+VA9kcgwt2fkzaAsci4r5kfZw/iQu/sUG/QSIANcqSZcXruKS0ezrtPCdrGLHEf
gRPEXnwp1ba5Z6eel4UvAEw0XSU6ScA3O2sLZ0sDfpuR62cCElwxOnaoIxXNPlGo
PmThna9fTnbqOfAgHrCyALo9SIurgoJWhrgXq1/SbWNTuNpYzfecNsjvbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6i9iM/p34mRc/TvySxWdbtLqV6MB8GA1UdIwQY
MBaAFBUobwIlwUHZWFf+dGRpSedd2W8oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUt
MDIxZjUwOTMyMTU2LzEvRHFMMkl6LW5maVpGejlPX0pMRloxdTB1cFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni82MzQ0MGMtM2Q0My00NThmLTg3OWUtMDIxZjUwOTMyMTU2
LzEvRlNodkFpWEJRZGxZVl81MFpHbEo1MTNaYnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQj6MA0G
CSqGSIb3DQEBCwUAA4IBAQBqIqoPp7eoAIoTOxHduyfg1hsZZPwNPXKaRKR0R6ve
h6oHwuHnoyTa3xhw5L3QhWxCuiCnxFA2TsxAR4G+rKxknxh51uqjrtrNNzCNmF1P
Bgom+6BCCs0qXTvFU7ZnXnzwstwpxWvzCVR+WVz+FnK1ewbF+b1YnmtdwFT0+3yI
f3LjkV3a+gGK2ku3L72IAeDzeMPKQmQTz48AnqtR/EmCoqgXxPBi5LMsJG1fihOY
vHvEDNwg5zOWTJDznoA3WmaaYI+r/cJN3IaGV3Wej39UajOL+6VbFDUJvgzgpWtJ
6V22QR4LdTf3VKvcuohAzaWYW9hX5TyHVsbVEtQFuR7Q
-----END CERTIFICATE-----