Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/iuHoct3zHKPAQY0zJWbgQODPfEo.roa
File:                     iuHoct3zHKPAQY0zJWbgQODPfEo.roa (raw, json)
Hash identifier:          Un9DAj/KSTfz3PzRpucfMK4GqYVgsTE2tiPdLJ964Po=
Subject key identifier:   8A:E1:E8:72:DD:F3:1C:A3:C0:41:8D:33:25:66:E0:40:E0:CF:7C:4A
Certificate issuer:       /CN=c0ddd2d4f030fa3638c04be636ef93d289271652
Certificate serial:       01942746CF585F51F4F9ACD9A649AFEC2DDD
Authority key identifier: C0:DD:D2:D4:F0:30:FA:36:38:C0:4B:E6:36:EF:93:D2:89:27:16:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wN3S1PAw-jY4wEvmNu-T0oknFlI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/iuHoct3zHKPAQY0zJWbgQODPfEo.roa
Signing time:             Thu 02 Jan 2025 13:48:59 +0000
ROA not before:           Thu 02 Jan 2025 13:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        193.93.40.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/wN3S1PAw-jY4wEvmNu-T0oknFlI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/wN3S1PAw-jY4wEvmNu-T0oknFlI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wN3S1PAw-jY4wEvmNu-T0oknFlI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:cf:58:5f:51:f4:f9:ac:d9:a6:49:af:ec:2d:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0ddd2d4f030fa3638c04be636ef93d289271652
        Validity
            Not Before: Jan  2 13:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ae1e872ddf31ca3c0418d332566e040e0cf7c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a8:4d:de:1f:f1:82:50:41:b3:09:43:d4:5d:
                    33:91:08:47:0c:d2:0d:66:a2:6c:e4:8a:29:6d:d5:
                    da:23:d8:46:47:af:58:75:30:be:99:07:02:26:a1:
                    1a:80:53:af:ae:d7:fe:05:db:3a:1b:fd:92:13:1f:
                    1a:a6:4f:98:12:b9:5d:81:58:d1:97:3c:a7:c4:87:
                    d6:8e:87:5e:3b:f6:15:34:bd:61:d9:f0:d4:c6:da:
                    0f:1a:e6:21:8d:70:ca:6a:fe:26:48:5c:f9:26:56:
                    f5:7f:7a:8c:e7:70:76:11:3d:2b:2c:fd:7d:ad:51:
                    7f:dd:c9:13:41:57:77:63:22:56:7c:03:73:ab:1b:
                    ad:c0:36:dd:f0:b5:c0:58:cd:6a:ea:bc:62:9c:a8:
                    80:50:68:d7:32:d5:76:89:fc:d1:ac:83:04:78:77:
                    b4:4f:22:05:8b:e8:dd:cb:5b:f8:ef:ed:d5:5c:cf:
                    fa:ef:ca:ab:7e:89:56:f7:eb:e6:e8:c5:d7:a0:68:
                    83:de:00:4e:3f:f6:c9:24:82:35:af:1a:fb:ff:66:
                    eb:a2:43:64:f7:00:15:fa:c8:2c:b3:4b:f9:68:a5:
                    bf:47:9a:a7:93:cb:2a:2f:e2:30:fd:6a:3c:d7:83:
                    f4:d1:96:07:1a:bb:1f:43:4b:88:da:e3:1b:a5:d2:
                    c9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E1:E8:72:DD:F3:1C:A3:C0:41:8D:33:25:66:E0:40:E0:CF:7C:4A
            X509v3 Authority Key Identifier:
                keyid:C0:DD:D2:D4:F0:30:FA:36:38:C0:4B:E6:36:EF:93:D2:89:27:16:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wN3S1PAw-jY4wEvmNu-T0oknFlI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/iuHoct3zHKPAQY0zJWbgQODPfEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/86802e-3f43-4bca-9cc2-4fb40485ff7b/1/wN3S1PAw-jY4wEvmNu-T0oknFlI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.93.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:06:5f:2e:7c:0f:f8:1e:c3:88:a9:8f:fa:b3:c1:ca:f2:c0:
         d9:8b:b4:e4:b8:da:30:c4:af:37:cd:bd:34:fb:ee:08:17:ad:
         b8:46:d7:31:83:67:de:3b:7d:4c:54:ed:51:93:78:7b:e0:0c:
         ae:c6:ef:98:bd:8a:cd:bf:6d:9c:ba:e1:52:67:d8:1d:e8:3d:
         f1:7d:42:4b:fb:a5:ee:45:c4:ad:5e:a3:fa:14:1f:81:16:7e:
         bf:64:e7:70:02:7a:9e:4d:57:62:e2:56:88:21:53:6e:0d:e4:
         18:22:91:ab:d2:30:6b:63:9d:c5:f4:93:8d:bf:88:64:bd:ec:
         4e:ae:90:15:a6:53:83:ab:24:34:24:e3:33:b5:3b:14:76:81:
         e1:b5:3d:24:59:54:6e:f4:38:6a:5c:7b:47:27:b5:bd:fd:05:
         30:5c:00:7e:70:fc:41:b1:0d:5b:6c:df:3e:78:0a:82:2e:9e:
         10:68:fe:af:48:a7:a5:e4:79:09:35:59:f8:57:fe:be:78:62:
         9f:95:73:58:2f:b6:b1:44:3f:9d:f2:db:bf:08:0e:9b:ee:1f:
         52:8a:9d:70:d6:41:2a:a2:58:d9:67:56:bd:52:cf:cb:a4:d9:
         a6:7d:6b:4f:6b:ae:ed:eb:37:05:9e:2d:7f:3a:08:bd:2e:ca:
         08:1f:30:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRs9YX1H0+azZpkmv7C3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZGRkMmQ0ZjAzMGZhMzYzOGMwNGJlNjM2ZWY5M2QyODky
NzE2NTIwHhcNMjUwMTAyMTM0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWUxZTg3MmRkZjMxY2EzYzA0MThkMzMyNTY2ZTA0MGUwY2Y3YzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6hN3h/xglBBswlD1F0zkQhHDNIN
ZqJs5IopbdXaI9hGR69YdTC+mQcCJqEagFOvrtf+Bds6G/2SEx8apk+YErldgVjR
lzynxIfWjodeO/YVNL1h2fDUxtoPGuYhjXDKav4mSFz5Jlb1f3qM53B2ET0rLP19
rVF/3ckTQVd3YyJWfANzqxutwDbd8LXAWM1q6rxinKiAUGjXMtV2ifzRrIMEeHe0
TyIFi+jdy1v47+3VXM/678qrfolW9+vm6MXXoGiD3gBOP/bJJII1rxr7/2brokNk
9wAV+sgss0v5aKW/R5qnk8sqL+Iw/Wo814P00ZYHGrsfQ0uI2uMbpdLJGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrh6HLd8xyjwEGNMyVm4EDgz3xKMB8GA1UdIwQY
MBaAFMDd0tTwMPo2OMBL5jbvk9KJJxZSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd04zUzFQQXctalk0d0V2bU51LVQwb2tuRmxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84NjgwMmUtM2Y0My00YmNhLTljYzIt
NGZiNDA0ODVmZjdiLzEvaXVIb2N0M3pIS1BBUVkwekpXYmdRT0RQZkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84NjgwMmUtM2Y0My00YmNhLTljYzItNGZiNDA0ODVmZjdi
LzEvd04zUzFQQXctalk0d0V2bU51LVQwb2tuRmxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwV0oMA0G
CSqGSIb3DQEBCwUAA4IBAQB4Bl8ufA/4HsOIqY/6s8HK8sDZi7TkuNowxK83zb00
++4IF624Rtcxg2feO31MVO1Rk3h74Ayuxu+YvYrNv22cuuFSZ9gd6D3xfUJL+6Xu
RcStXqP6FB+BFn6/ZOdwAnqeTVdi4laIIVNuDeQYIpGr0jBrY53F9JONv4hkvexO
rpAVplODqyQ0JOMztTsUdoHhtT0kWVRu9DhqXHtHJ7W9/QUwXAB+cPxBsQ1bbN8+
eAqCLp4QaP6vSKel5HkJNVn4V/6+eGKflXNYL7axRD+d8tu/CA6b7h9Sip1w1kEq
oljZZ1a9Us/LpNmmfWtPa67t6zcFni1/Ogi9LsoIHzBM
-----END CERTIFICATE-----