Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/Hp2ljcULzg53pBCXbKt3KAlFkVw.roa
File:                     Hp2ljcULzg53pBCXbKt3KAlFkVw.roa (raw, json)
Hash identifier:          qsDz5TZedLiWJnxlNWk1Ko36qqmg6+ybGLmJSNA11KU=
Subject key identifier:   1E:9D:A5:8D:C5:0B:CE:0E:77:A4:10:97:6C:AB:77:28:09:45:91:5C
Certificate issuer:       /CN=a4a07cdcd09503ecfe3e697cc3266985181ae82a
Certificate serial:       0194266A1A0410219C30DED41E2D26F351BD
Authority key identifier: A4:A0:7C:DC:D0:95:03:EC:FE:3E:69:7C:C3:26:69:85:18:1A:E8:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pKB83NCVA-z-Pml8wyZphRga6Co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/Hp2ljcULzg53pBCXbKt3KAlFkVw.roa
Signing time:             Thu 02 Jan 2025 09:47:55 +0000
ROA not before:           Thu 02 Jan 2025 09:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62270
IP address blocks:        193.162.140.0/24 maxlen: 24
                          2a10:8080::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/pKB83NCVA-z-Pml8wyZphRga6Co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/pKB83NCVA-z-Pml8wyZphRga6Co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pKB83NCVA-z-Pml8wyZphRga6Co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:1a:04:10:21:9c:30:de:d4:1e:2d:26:f3:51:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4a07cdcd09503ecfe3e697cc3266985181ae82a
        Validity
            Not Before: Jan  2 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e9da58dc50bce0e77a410976cab77280945915c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1d:b3:8c:54:f6:5a:7c:27:85:42:3c:ac:44:
                    8d:fa:a4:de:63:1d:90:79:22:f6:f8:dc:27:c5:59:
                    a3:e4:57:90:41:a2:06:47:04:11:40:63:6f:89:53:
                    e9:49:3b:f2:a8:5c:24:e4:15:5a:0d:e8:41:20:20:
                    c5:dc:29:96:37:c3:d7:dd:79:d3:9e:24:67:13:49:
                    5d:98:b5:0b:12:37:a0:c4:4b:2f:02:9b:7f:af:eb:
                    0e:3d:43:8e:2f:02:56:a0:82:97:68:6a:81:7e:28:
                    9b:33:91:55:8f:06:89:f0:c4:5e:e1:23:ea:44:03:
                    aa:ea:bc:79:97:57:47:e9:37:c6:45:c8:93:36:e4:
                    40:a8:93:e3:2f:83:57:ca:51:f6:0c:68:a0:e6:c5:
                    6b:f2:de:dd:cc:3b:43:be:28:4e:d4:3a:91:20:0d:
                    9f:ee:3e:56:7b:72:ec:f7:e4:96:90:e2:e8:16:64:
                    cf:61:a5:01:3b:b2:4b:af:26:7c:30:2c:53:b0:31:
                    14:2e:a2:dd:f0:4a:74:8b:4b:f2:f7:00:12:f6:70:
                    e7:08:7f:12:a0:b8:d2:29:55:74:3d:89:b9:3a:5d:
                    1b:4d:5d:43:ee:eb:47:55:5d:45:ee:c6:05:d8:43:
                    1b:75:ec:95:4a:82:45:20:bc:df:ca:7c:a8:91:97:
                    71:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:9D:A5:8D:C5:0B:CE:0E:77:A4:10:97:6C:AB:77:28:09:45:91:5C
            X509v3 Authority Key Identifier:
                keyid:A4:A0:7C:DC:D0:95:03:EC:FE:3E:69:7C:C3:26:69:85:18:1A:E8:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pKB83NCVA-z-Pml8wyZphRga6Co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/Hp2ljcULzg53pBCXbKt3KAlFkVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/d8548c-30b1-48a4-ae28-d6b0bc90f2f5/1/pKB83NCVA-z-Pml8wyZphRga6Co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.140.0/24
                IPv6:
                  2a10:8080::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:d3:2f:79:c4:b4:b4:dc:ce:dd:a0:3c:8e:86:fc:6c:0c:e6:
         c9:14:33:50:43:4d:a8:ea:5e:23:cf:3d:44:e3:76:e9:f0:97:
         ce:e5:ba:fb:44:3d:56:9e:7b:fd:f9:2b:76:cc:99:26:41:78:
         a5:8f:e3:89:66:15:3f:c4:4e:1a:df:28:6a:df:0e:e1:85:a5:
         84:6c:a5:be:b6:d4:fc:a5:16:6e:9a:13:30:3e:cf:6f:88:5a:
         7b:23:72:b9:fc:1f:38:82:e4:c5:7f:41:bf:4d:e0:82:ab:88:
         3d:32:b6:95:d5:ab:38:13:64:5c:9e:9e:98:98:f0:fe:67:bb:
         e8:55:47:f2:67:98:32:1c:b9:0c:50:f9:d3:69:1f:78:15:ef:
         17:fd:4b:25:e3:76:7e:ab:65:04:3c:00:2e:37:fd:a8:e9:90:
         80:dd:e6:04:40:d2:c2:06:26:68:a8:ad:38:be:8c:1e:67:e0:
         3a:6e:16:4e:95:e5:f4:e8:bf:69:de:41:5a:63:fe:f9:10:de:
         05:6a:68:85:7f:ef:fc:7a:17:37:27:78:04:70:cd:1a:da:5d:
         da:c3:23:76:e0:82:f3:22:d6:77:2b:58:f6:56:cd:c6:1b:30:
         fd:4c:7d:89:59:0e:81:3d:e6:f6:f2:71:69:11:a1:b6:d6:ef:
         96:9f:aa:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmahoEECGcMN7UHi0m81G9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YTA3Y2RjZDA5NTAzZWNmZTNlNjk3Y2MzMjY2OTg1MTgx
YWU4MmEwHhcNMjUwMTAyMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTlkYTU4ZGM1MGJjZTBlNzdhNDEwOTc2Y2FiNzcyODA5NDU5MTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6h2zjFT2WnwnhUI8rESN+qTeYx2Q
eSL2+NwnxVmj5FeQQaIGRwQRQGNviVPpSTvyqFwk5BVaDehBICDF3CmWN8PX3XnT
niRnE0ldmLULEjegxEsvApt/r+sOPUOOLwJWoIKXaGqBfiibM5FVjwaJ8MRe4SPq
RAOq6rx5l1dH6TfGRciTNuRAqJPjL4NXylH2DGig5sVr8t7dzDtDvihO1DqRIA2f
7j5We3Ls9+SWkOLoFmTPYaUBO7JLryZ8MCxTsDEULqLd8Ep0i0vy9wAS9nDnCH8S
oLjSKVV0PYm5Ol0bTV1D7utHVV1F7sYF2EMbdeyVSoJFILzfynyokZdxEwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB6dpY3FC84Od6QQl2yrdygJRZFcMB8GA1UdIwQY
MBaAFKSgfNzQlQPs/j5pfMMmaYUYGugqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEtCODNOQ1ZBLXotUG1sOHd5WnBoUmdhNkNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9kODU0OGMtMzBiMS00OGE0LWFlMjgt
ZDZiMGJjOTBmMmY1LzEvSHAybGpjVUx6ZzUzcEJDWGJLdDNLQWxGa1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9kODU0OGMtMzBiMS00OGE0LWFlMjgtZDZiMGJjOTBmMmY1
LzEvcEtCODNOQ1ZBLXotUG1sOHd5WnBoUmdhNkNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaKMMA0E
AgACMAcDBQMqEICAMA0GCSqGSIb3DQEBCwUAA4IBAQBg0y95xLS03M7doDyOhvxs
DObJFDNQQ02o6l4jzz1E43bp8JfO5br7RD1Wnnv9+St2zJkmQXilj+OJZhU/xE4a
3yhq3w7hhaWEbKW+ttT8pRZumhMwPs9viFp7I3K5/B84guTFf0G/TeCCq4g9MraV
1as4E2Rcnp6YmPD+Z7voVUfyZ5gyHLkMUPnTaR94Fe8X/Usl43Z+q2UEPAAuN/2o
6ZCA3eYEQNLCBiZoqK04voweZ+A6bhZOleX06L9p3kFaY/75EN4FamiFf+/8ehc3
J3gEcM0a2l3awyN24ILzItZ3K1j2Vs3GGzD9TH2JWQ6BPeb28nFpEaG21u+Wn6pb
-----END CERTIFICATE-----