Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/hwXn82QbEbf-SULTcBIDnH5UIZU.roa
File:                     hwXn82QbEbf-SULTcBIDnH5UIZU.roa (raw, json)
Hash identifier:          08kQDvBZvCyHX595Crm1xVl4v8KtIgUsNRfQUr9hTAQ=
Subject key identifier:   87:05:E7:F3:64:1B:11:B7:FE:49:42:D3:70:12:03:9C:7E:54:21:95
Certificate issuer:       /CN=a4cb50e78a3a31e3375cf2aab865e845ff2e99c1
Certificate serial:       01942067D5918430AB7778FE2DF0968CDF6A
Authority key identifier: A4:CB:50:E7:8A:3A:31:E3:37:5C:F2:AA:B8:65:E8:45:FF:2E:99:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/hwXn82QbEbf-SULTcBIDnH5UIZU.roa
Signing time:             Wed 01 Jan 2025 05:47:43 +0000
ROA not before:           Wed 01 Jan 2025 05:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197835
IP address blocks:        195.94.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d5:91:84:30:ab:77:78:fe:2d:f0:96:8c:df:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4cb50e78a3a31e3375cf2aab865e845ff2e99c1
        Validity
            Not Before: Jan  1 05:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8705e7f3641b11b7fe4942d37012039c7e542195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:93:c5:56:83:28:11:df:f6:fc:d6:9d:df:a3:
                    af:14:5b:ab:75:52:5a:ed:75:8d:0f:8e:cb:e3:16:
                    cb:28:63:93:ba:62:9b:82:07:47:bb:b7:17:42:d9:
                    b9:af:0e:8d:ca:4c:08:6c:53:9d:33:24:0d:eb:46:
                    11:4b:7a:ee:14:24:d8:50:06:71:cd:eb:e4:a5:dd:
                    e1:f7:81:75:54:00:b6:63:44:0f:bc:14:1a:c0:7d:
                    f8:61:88:55:31:e3:76:eb:60:29:d4:19:ef:ab:36:
                    1d:32:84:5e:f9:4a:c0:20:00:99:03:df:5c:f9:7d:
                    42:5c:53:f2:80:13:25:a6:b7:5c:67:b9:99:ff:7a:
                    3c:28:b0:6e:c2:b9:a6:0e:9d:d5:9e:cd:81:da:03:
                    6e:ea:a1:6f:3a:12:d8:81:ac:58:55:98:d5:73:27:
                    87:e8:29:d7:e9:a9:1d:2c:06:e7:a9:e8:b0:bf:d5:
                    b6:06:9d:3b:94:38:e7:65:b0:85:1a:28:f7:cd:fe:
                    94:de:b6:f4:19:0b:54:34:b6:e6:fb:11:0b:c0:c1:
                    25:46:c3:cc:bb:2e:75:8a:f9:8e:24:df:eb:73:dc:
                    31:d6:af:dd:9c:39:3f:b4:5c:31:3a:19:c1:68:e7:
                    4a:cb:dd:e8:07:21:3f:f2:c7:79:5d:e4:f1:14:c2:
                    81:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:05:E7:F3:64:1B:11:B7:FE:49:42:D3:70:12:03:9C:7E:54:21:95
            X509v3 Authority Key Identifier:
                keyid:A4:CB:50:E7:8A:3A:31:E3:37:5C:F2:AA:B8:65:E8:45:FF:2E:99:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMtQ54o6MeM3XPKquGXoRf8umcE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/hwXn82QbEbf-SULTcBIDnH5UIZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b1f2e0-8a60-4c8a-90dc-4be794d6406d/1/pMtQ54o6MeM3XPKquGXoRf8umcE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.94.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:09:f5:34:1e:dd:67:cc:06:d9:f3:ec:14:53:53:7e:59:fc:
         0d:f4:29:10:06:bf:78:98:f1:99:69:67:bc:e4:88:b4:9c:67:
         51:31:3d:07:73:4d:e7:05:9f:ca:38:50:5d:cd:0c:8b:1b:67:
         98:a3:55:63:c8:b8:d3:16:1e:e8:fb:0b:db:1e:da:31:03:c2:
         e7:3b:c1:ff:6f:07:12:27:18:0f:d2:b3:71:76:22:04:4e:63:
         05:c9:a0:a8:85:42:db:95:66:a4:f6:07:4a:e2:d4:db:2c:0f:
         eb:25:bd:b7:22:58:e1:8a:d5:b9:c7:86:e3:16:b3:13:7c:0b:
         7e:6b:b2:af:0b:c7:4c:4f:47:f2:ef:5e:f5:23:1a:6b:3c:99:
         7a:9f:44:e1:8d:55:cd:65:25:d2:06:f4:2f:c7:f7:84:76:b6:
         a9:d1:61:d5:ef:af:87:19:72:19:f8:93:64:53:22:c8:8b:67:
         15:7b:8f:8d:00:38:aa:53:fb:fe:bf:44:02:12:1f:8d:00:a9:
         70:af:fc:f4:55:9a:39:30:af:cd:a4:b3:1d:3f:ab:d3:3f:07:
         54:29:77:d3:48:e2:87:34:d7:4e:c5:b8:84:b0:a2:48:ba:88:
         cc:da:bb:6a:70:c0:f9:f7:d8:af:fe:78:b1:b7:67:d1:c2:84:
         a8:d7:8f:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9WRhDCrd3j+LfCWjN9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2I1MGU3OGEzYTMxZTMzNzVjZjJhYWI4NjVlODQ1ZmYy
ZTk5YzEwHhcNMjUwMTAxMDU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzA1ZTdmMzY0MWIxMWI3ZmU0OTQyZDM3MDEyMDM5YzdlNTQyMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJPFVoMoEd/2/Nad36OvFFurdVJa
7XWND47L4xbLKGOTumKbggdHu7cXQtm5rw6NykwIbFOdMyQN60YRS3ruFCTYUAZx
zevkpd3h94F1VAC2Y0QPvBQawH34YYhVMeN262Ap1BnvqzYdMoRe+UrAIACZA99c
+X1CXFPygBMlprdcZ7mZ/3o8KLBuwrmmDp3Vns2B2gNu6qFvOhLYgaxYVZjVcyeH
6CnX6akdLAbnqeiwv9W2Bp07lDjnZbCFGij3zf6U3rb0GQtUNLbm+xELwMElRsPM
uy51ivmOJN/rc9wx1q/dnDk/tFwxOhnBaOdKy93oByE/8sd5XeTxFMKB9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcF5/NkGxG3/klC03ASA5x+VCGVMB8GA1UdIwQY
MBaAFKTLUOeKOjHjN1zyqrhl6EX/LpnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE10UTU0bzZNZU0zWFBLcXVHWG9SZjh1bWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9iMWYyZTAtOGE2MC00YzhhLTkwZGMt
NGJlNzk0ZDY0MDZkLzEvaHdYbjgyUWJFYmYtU1VMVGNCSURuSDVVSVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9iMWYyZTAtOGE2MC00YzhhLTkwZGMtNGJlNzk0ZDY0MDZk
LzEvcE10UTU0bzZNZU0zWFBLcXVHWG9SZjh1bWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw16GMA0G
CSqGSIb3DQEBCwUAA4IBAQAjCfU0Ht1nzAbZ8+wUU1N+WfwN9CkQBr94mPGZaWe8
5Ii0nGdRMT0Hc03nBZ/KOFBdzQyLG2eYo1VjyLjTFh7o+wvbHtoxA8LnO8H/bwcS
JxgP0rNxdiIETmMFyaCohULblWak9gdK4tTbLA/rJb23IljhitW5x4bjFrMTfAt+
a7KvC8dMT0fy7171IxprPJl6n0ThjVXNZSXSBvQvx/eEdrap0WHV76+HGXIZ+JNk
UyLIi2cVe4+NADiqU/v+v0QCEh+NAKlwr/z0VZo5MK/NpLMdP6vTPwdUKXfTSOKH
NNdOxbiEsKJIuojM2rtqcMD599iv/nixt2fRwoSo148S
-----END CERTIFICATE-----