Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/HdoRWbIURzhfnaDDK7ySYFVN2ik.roa
File:                     HdoRWbIURzhfnaDDK7ySYFVN2ik.roa (raw, json)
Hash identifier:          HVbpXptfvhv4ApWMw5QWNQjQp3Pw35JC0KFrZynPEas=
Subject key identifier:   1D:DA:11:59:B2:14:47:38:5F:9D:A0:C3:2B:BC:92:60:55:4D:DA:29
Certificate issuer:       /CN=8ac4731a3ee3942d258d0663570b894e8e1a9233
Certificate serial:       0194258F2DC1DF04DF3FBA7C745B5E786387
Authority key identifier: 8A:C4:73:1A:3E:E3:94:2D:25:8D:06:63:57:0B:89:4E:8E:1A:92:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/isRzGj7jlC0ljQZjVwuJTo4akjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/HdoRWbIURzhfnaDDK7ySYFVN2ik.roa
Signing time:             Thu 02 Jan 2025 05:48:47 +0000
ROA not before:           Thu 02 Jan 2025 05:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        194.242.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/isRzGj7jlC0ljQZjVwuJTo4akjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/isRzGj7jlC0ljQZjVwuJTo4akjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/isRzGj7jlC0ljQZjVwuJTo4akjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:2d:c1:df:04:df:3f:ba:7c:74:5b:5e:78:63:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ac4731a3ee3942d258d0663570b894e8e1a9233
        Validity
            Not Before: Jan  2 05:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dda1159b21447385f9da0c32bbc9260554dda29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b8:f5:38:37:9e:63:51:39:c0:09:b4:72:5f:
                    aa:d5:30:c3:8f:75:b5:ae:ba:85:ff:69:aa:3f:ba:
                    21:18:41:c2:a4:88:08:dd:1c:d3:f6:a0:e5:28:35:
                    a3:14:9f:cf:fe:d3:92:07:69:ae:dd:91:28:b6:41:
                    da:47:fb:f8:df:ef:00:d4:36:a6:9e:55:e4:f2:74:
                    cd:ca:40:4f:bc:8f:4a:a7:8c:4f:96:b7:ca:2a:60:
                    b6:ed:49:63:70:f0:04:49:37:05:7a:2a:ee:50:b7:
                    2b:d5:46:e6:1b:2f:43:37:18:98:6e:9b:85:1a:18:
                    8e:df:ba:a1:bd:d3:39:5e:2d:c1:42:6b:84:b6:7e:
                    29:eb:d3:e2:9e:37:d2:27:aa:34:06:78:59:d6:40:
                    61:e4:f7:a5:5c:1c:66:ad:9a:c0:b0:f5:fc:c2:1d:
                    6f:5c:0b:2c:f3:c8:1b:8a:37:78:64:d8:86:e5:d7:
                    cf:53:4c:4e:91:2f:31:3e:f2:bf:5a:96:5e:e8:0e:
                    53:98:fa:5e:ac:4e:2d:8f:bb:61:83:03:0c:69:86:
                    74:41:06:be:9e:fd:73:89:8b:04:49:49:b1:e5:53:
                    69:dd:99:cc:99:9c:84:b0:bc:87:16:2a:54:58:b7:
                    ba:10:5d:e1:5a:b7:91:d5:6b:70:9c:1f:40:1c:8c:
                    d7:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DA:11:59:B2:14:47:38:5F:9D:A0:C3:2B:BC:92:60:55:4D:DA:29
            X509v3 Authority Key Identifier:
                keyid:8A:C4:73:1A:3E:E3:94:2D:25:8D:06:63:57:0B:89:4E:8E:1A:92:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/isRzGj7jlC0ljQZjVwuJTo4akjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/HdoRWbIURzhfnaDDK7ySYFVN2ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/f0805f-334e-4704-8b28-5adfe30ffda5/1/isRzGj7jlC0ljQZjVwuJTo4akjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:cf:32:4b:15:ca:07:55:ad:79:4c:00:b2:4a:01:40:fa:11:
         70:e0:dd:52:02:79:7c:c5:89:f7:ec:84:36:65:81:db:d8:bc:
         d2:51:5c:9f:00:32:55:94:3e:32:be:54:20:a7:ff:10:81:3f:
         57:0c:4f:8b:f8:ff:73:c0:7c:a5:51:46:d1:31:82:8f:d9:ba:
         a3:a4:7b:ce:bf:64:d9:3c:e7:3b:b5:fe:9e:a0:92:69:c5:6a:
         cc:79:14:52:96:d0:c1:58:bb:75:20:63:1d:76:b4:8c:c7:b8:
         19:40:45:c3:11:65:8a:bb:36:24:d3:0e:d9:57:a2:97:58:c2:
         5c:5c:fa:a5:95:fa:a1:d3:af:d6:35:1e:d1:79:4d:0c:ab:88:
         0f:f0:5f:ff:10:ce:4b:9f:11:07:09:21:8f:e1:22:bb:1f:81:
         af:07:ee:57:65:cb:c5:76:be:cb:e2:b4:e2:79:db:7f:91:3f:
         47:86:fa:fc:3a:d9:b4:48:4c:3d:ad:4d:4d:df:62:0d:5a:95:
         de:90:90:f1:a7:12:92:d2:88:e5:9c:aa:28:09:56:00:a2:99:
         e9:41:a8:7a:eb:3e:6b:ed:ac:35:97:3c:28:c2:32:76:9d:a7:
         c8:a1:5c:2d:24:44:b7:42:ea:5f:4e:f4:e7:09:1c:92:87:8b:
         d9:53:00:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljy3B3wTfP7p8dFteeGOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYzQ3MzFhM2VlMzk0MmQyNThkMDY2MzU3MGI4OTRlOGUx
YTkyMzMwHhcNMjUwMTAyMDU0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRhMTE1OWIyMTQ0NzM4NWY5ZGEwYzMyYmJjOTI2MDU1NGRkYTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7j1ODeeY1E5wAm0cl+q1TDDj3W1
rrqF/2mqP7ohGEHCpIgI3RzT9qDlKDWjFJ/P/tOSB2mu3ZEotkHaR/v43+8A1Dam
nlXk8nTNykBPvI9Kp4xPlrfKKmC27UljcPAESTcFeiruULcr1UbmGy9DNxiYbpuF
GhiO37qhvdM5Xi3BQmuEtn4p69PinjfSJ6o0BnhZ1kBh5PelXBxmrZrAsPX8wh1v
XAss88gbijd4ZNiG5dfPU0xOkS8xPvK/WpZe6A5TmPperE4tj7thgwMMaYZ0QQa+
nv1ziYsESUmx5VNp3ZnMmZyEsLyHFipUWLe6EF3hWreR1WtwnB9AHIzX2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3aEVmyFEc4X52gwyu8kmBVTdopMB8GA1UdIwQY
MBaAFIrEcxo+45QtJY0GY1cLiU6OGpIzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXNSekdqN2psQzBsalFaalZ3dUpUbzRha2pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9mMDgwNWYtMzM0ZS00NzA0LThiMjgt
NWFkZmUzMGZmZGE1LzEvSGRvUldiSVVSemhmbmFEREs3eVNZRlZOMmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9mMDgwNWYtMzM0ZS00NzA0LThiMjgtNWFkZmUzMGZmZGE1
LzEvaXNSekdqN2psQzBsalFaalZ3dUpUbzRha2pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvIsMA0G
CSqGSIb3DQEBCwUAA4IBAQA+zzJLFcoHVa15TACySgFA+hFw4N1SAnl8xYn37IQ2
ZYHb2LzSUVyfADJVlD4yvlQgp/8QgT9XDE+L+P9zwHylUUbRMYKP2bqjpHvOv2TZ
POc7tf6eoJJpxWrMeRRSltDBWLt1IGMddrSMx7gZQEXDEWWKuzYk0w7ZV6KXWMJc
XPqllfqh06/WNR7ReU0Mq4gP8F//EM5LnxEHCSGP4SK7H4GvB+5XZcvFdr7L4rTi
edt/kT9Hhvr8Otm0SEw9rU1N32INWpXekJDxpxKS0ojlnKooCVYAopnpQah66z5r
7aw1lzwowjJ2nafIoVwtJES3QupfTvTnCRySh4vZUwC7
-----END CERTIFICATE-----