Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/STQhTVEdoeGn3LGRCtz_IFAHWdM.roa
File:                     STQhTVEdoeGn3LGRCtz_IFAHWdM.roa (raw, json)
Hash identifier:          lJA+P3xzpJoE/23kp+QFPprWwo01m1U/nvmFZ+Rh2tE=
Subject key identifier:   49:34:21:4D:51:1D:A1:E1:A7:DC:B1:91:0A:DC:FF:20:50:07:59:D3
Certificate issuer:       /CN=5b95a94adad3a2896c72074d667c1b62075958cb
Certificate serial:       0194236A1A0E1E434BFDCAF239C161EA0AB7
Authority key identifier: 5B:95:A9:4A:DA:D3:A2:89:6C:72:07:4D:66:7C:1B:62:07:59:58:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W5WpStrToolscgdNZnwbYgdZWMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/STQhTVEdoeGn3LGRCtz_IFAHWdM.roa
Signing time:             Wed 01 Jan 2025 19:49:03 +0000
ROA not before:           Wed 01 Jan 2025 19:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34933
IP address blocks:        193.238.224.0/24 maxlen: 24
                          193.238.225.0/24 maxlen: 24
                          193.238.226.0/24 maxlen: 24
                          193.238.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/W5WpStrToolscgdNZnwbYgdZWMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/W5WpStrToolscgdNZnwbYgdZWMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W5WpStrToolscgdNZnwbYgdZWMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:1a:0e:1e:43:4b:fd:ca:f2:39:c1:61:ea:0a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b95a94adad3a2896c72074d667c1b62075958cb
        Validity
            Not Before: Jan  1 19:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4934214d511da1e1a7dcb1910adcff20500759d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e0:35:a6:39:3d:ec:c4:ff:41:18:88:f9:cb:
                    c3:d8:90:19:06:01:8d:24:61:fe:57:06:e0:52:19:
                    85:cf:5a:fc:7b:94:e3:22:f2:17:6d:10:1c:da:25:
                    eb:94:8c:16:1f:61:1b:36:4a:da:2c:eb:d8:81:95:
                    05:bb:d5:10:bb:ef:27:39:78:55:8d:d7:60:46:d4:
                    8e:30:9e:9b:95:0b:ec:7b:cb:91:5d:ef:07:9c:05:
                    a5:7a:7b:18:8b:47:2a:e4:a4:1e:11:65:30:91:07:
                    93:ee:c8:70:9a:bb:d2:41:a6:48:f6:1d:b0:e7:46:
                    5c:13:9c:58:22:0e:89:ef:fd:83:e5:a5:5f:63:f0:
                    a3:b9:91:95:e9:e4:e5:08:88:02:18:03:e7:ab:00:
                    dd:5b:f9:1d:cd:11:44:33:09:93:8c:7f:59:37:50:
                    e3:cc:07:66:9f:f0:2b:91:c6:74:34:43:2b:e3:ee:
                    46:28:e9:f6:68:af:94:70:59:1d:5c:ec:5b:1b:db:
                    ae:3b:8b:77:31:20:a3:51:11:9a:f0:5a:2c:b2:aa:
                    23:34:e9:29:c1:a1:e5:a0:1a:c5:c1:e5:f9:d8:fd:
                    5e:8f:b6:2b:52:fe:c6:b7:f8:94:72:cf:d8:fe:63:
                    e3:28:25:99:a0:b1:ed:3a:01:6c:6f:71:a0:f7:74:
                    3a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:34:21:4D:51:1D:A1:E1:A7:DC:B1:91:0A:DC:FF:20:50:07:59:D3
            X509v3 Authority Key Identifier:
                keyid:5B:95:A9:4A:DA:D3:A2:89:6C:72:07:4D:66:7C:1B:62:07:59:58:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W5WpStrToolscgdNZnwbYgdZWMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/STQhTVEdoeGn3LGRCtz_IFAHWdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/839925-1555-4ff6-bc46-7feab48eee61/1/W5WpStrToolscgdNZnwbYgdZWMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.238.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:f4:f2:d6:48:04:ce:2b:73:9e:4f:39:9f:6b:c6:b5:b0:77:
         36:fc:cf:57:bf:71:f1:98:0d:bc:31:98:f9:56:40:5b:55:74:
         98:6f:0d:68:10:43:25:34:4c:9f:6b:cc:68:8b:1b:f6:49:7c:
         60:09:3c:dd:5a:3c:cc:a2:70:a8:6b:ee:c0:da:f2:84:ce:99:
         dd:c8:b4:c0:5e:e2:b4:26:d0:b1:4b:ae:26:39:05:df:d5:1f:
         7c:98:2e:5c:69:8b:ab:66:ee:d1:d6:59:db:38:ad:b0:94:bb:
         1f:78:b3:a9:56:6f:98:8b:a2:bc:ef:3d:cd:81:bf:c8:fa:bc:
         31:a5:ff:f1:6d:71:a3:d8:e8:73:12:c0:0c:30:5a:62:e1:36:
         f1:69:d4:7f:91:45:e7:13:3d:96:3d:84:84:fb:4a:ce:57:bf:
         07:29:f2:f8:37:5a:95:5a:e6:7c:29:33:09:83:11:78:59:d2:
         32:9f:f3:17:19:39:6b:50:0f:02:f9:f7:d2:fd:22:01:06:fc:
         3f:4d:2c:91:d0:ac:1d:b5:6d:35:ca:0f:40:14:48:ae:fb:03:
         07:e9:b5:48:d0:e9:97:59:86:d7:67:22:3f:c3:75:94:dc:39:
         ab:a0:5b:1f:f2:55:23:5a:e7:01:90:bb:37:3f:51:7f:19:d2:
         18:48:ba:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjahoOHkNL/cryOcFh6gq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViOTVhOTRhZGFkM2EyODk2YzcyMDc0ZDY2N2MxYjYyMDc1
OTU4Y2IwHhcNMjUwMTAxMTk0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM0MjE0ZDUxMWRhMWUxYTdkY2IxOTEwYWRjZmYyMDUwMDc1OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOA1pjk97MT/QRiI+cvD2JAZBgGN
JGH+VwbgUhmFz1r8e5TjIvIXbRAc2iXrlIwWH2EbNkraLOvYgZUFu9UQu+8nOXhV
jddgRtSOMJ6blQvse8uRXe8HnAWlensYi0cq5KQeEWUwkQeT7shwmrvSQaZI9h2w
50ZcE5xYIg6J7/2D5aVfY/CjuZGV6eTlCIgCGAPnqwDdW/kdzRFEMwmTjH9ZN1Dj
zAdmn/ArkcZ0NEMr4+5GKOn2aK+UcFkdXOxbG9uuO4t3MSCjURGa8FossqojNOkp
waHloBrFweX52P1ej7YrUv7Gt/iUcs/Y/mPjKCWZoLHtOgFsb3Gg93Q6lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEk0IU1RHaHhp9yxkQrc/yBQB1nTMB8GA1UdIwQY
MBaAFFuVqUra06KJbHIHTWZ8G2IHWVjLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzVXcFN0clRvb2xzY2dkTlpud2JZZ2RaV01zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS84Mzk5MjUtMTU1NS00ZmY2LWJjNDYt
N2ZlYWI0OGVlZTYxLzEvU1RRaFRWRWRvZUduM0xHUkN0el9JRkFIV2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS84Mzk5MjUtMTU1NS00ZmY2LWJjNDYtN2ZlYWI0OGVlZTYx
LzEvVzVXcFN0clRvb2xzY2dkTlpud2JZZ2RaV01zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwe7gMA0G
CSqGSIb3DQEBCwUAA4IBAQBH9PLWSATOK3OeTzmfa8a1sHc2/M9Xv3HxmA28MZj5
VkBbVXSYbw1oEEMlNEyfa8xoixv2SXxgCTzdWjzMonCoa+7A2vKEzpndyLTAXuK0
JtCxS64mOQXf1R98mC5caYurZu7R1lnbOK2wlLsfeLOpVm+Yi6K87z3Ngb/I+rwx
pf/xbXGj2OhzEsAMMFpi4TbxadR/kUXnEz2WPYSE+0rOV78HKfL4N1qVWuZ8KTMJ
gxF4WdIyn/MXGTlrUA8C+ffS/SIBBvw/TSyR0KwdtW01yg9AFEiu+wMH6bVI0OmX
WYbXZyI/w3WU3DmroFsf8lUjWucBkLs3P1F/GdIYSLpJ
-----END CERTIFICATE-----