Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e094bd-091c-433b-bf58-164cc6a4ed1e/1/humiX4umMQ8U2diSQKMJBIULUzM.roa
File:                     humiX4umMQ8U2diSQKMJBIULUzM.roa (raw, json)
Hash identifier:          se+vrxlBcmmLnHSpfQQqP4vmwa+L+eQnVu6u1QXlV2U=
Subject key identifier:   86:E9:A2:5F:8B:A6:31:0F:14:D9:D8:92:40:A3:09:04:85:0B:53:33
Certificate issuer:       /CN=c9b1d7c3b4ee8723336a658539aa7346f23d6772
Certificate serial:       0194228D0D5E3922FE20975C43260C7143A1
Authority key identifier: C9:B1:D7:C3:B4:EE:87:23:33:6A:65:85:39:AA:73:46:F2:3D:67:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybHXw7TuhyMzamWFOapzRvI9Z3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e094bd-091c-433b-bf58-164cc6a4ed1e/1/humiX4umMQ8U2diSQKMJBIULUzM.roa
Signing time:             Wed 01 Jan 2025 15:47:36 +0000
ROA not before:           Wed 01 Jan 2025 15:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43528
IP address blocks:        193.201.192.0/22 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e094bd-091c-433b-bf58-164cc6a4ed1e/1/ybHXw7TuhyMzamWFOapzRvI9Z3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e094bd-091c-433b-bf58-164cc6a4ed1e/1/ybHXw7TuhyMzamWFOapzRvI9Z3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybHXw7TuhyMzamWFOapzRvI9Z3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:0d:5e:39:22:fe:20:97:5c:43:26:0c:71:43:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b1d7c3b4ee8723336a658539aa7346f23d6772
        Validity
            Not Before: Jan  1 15:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86e9a25f8ba6310f14d9d89240a30904850b5333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:8a:bc:84:bd:be:1c:92:27:c2:58:9c:97:a7:
                    6d:f4:61:d9:c3:8b:6c:6e:14:55:05:58:7e:15:4e:
                    1c:e7:96:ca:bc:62:13:e1:10:b7:93:ef:81:3c:99:
                    7f:2a:d2:85:50:5a:b7:0e:b4:b7:76:0a:96:8f:b0:
                    5e:20:12:8c:43:e3:8a:ba:05:1e:e9:4c:e9:85:44:
                    fc:24:37:ff:96:59:c3:06:32:52:d6:3a:30:37:ab:
                    2c:46:c1:a5:b2:0f:b5:9e:b5:f0:c0:1b:24:64:90:
                    6b:e2:4f:9e:61:a4:09:1d:55:04:ab:c1:d5:6e:90:
                    37:bf:42:bf:28:39:35:86:43:72:67:da:d4:42:6d:
                    fd:d1:61:13:03:5d:8e:dd:92:2b:b8:a1:6c:f9:a2:
                    aa:61:90:f3:84:93:0e:cc:40:17:d7:c8:e8:49:4c:
                    cb:15:0f:72:86:53:f0:2f:d9:fd:ec:ba:45:70:56:
                    5a:60:c9:fa:52:fc:c5:0f:e1:e7:3a:20:e2:3c:9a:
                    e8:44:13:86:6b:78:f4:6b:10:42:11:ae:3b:03:99:
                    d2:62:25:eb:9f:08:ec:bc:fe:ad:12:37:e2:0b:76:
                    eb:93:d5:42:11:95:38:0c:d2:df:58:db:e0:dc:9a:
                    d4:b2:6b:a0:99:05:58:d5:14:66:ea:f3:e5:f6:fc:
                    53:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E9:A2:5F:8B:A6:31:0F:14:D9:D8:92:40:A3:09:04:85:0B:53:33
            X509v3 Authority Key Identifier:
                keyid:C9:B1:D7:C3:B4:EE:87:23:33:6A:65:85:39:AA:73:46:F2:3D:67:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybHXw7TuhyMzamWFOapzRvI9Z3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e094bd-091c-433b-bf58-164cc6a4ed1e/1/humiX4umMQ8U2diSQKMJBIULUzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e094bd-091c-433b-bf58-164cc6a4ed1e/1/ybHXw7TuhyMzamWFOapzRvI9Z3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:4b:ce:04:96:5c:e0:f1:ad:5a:f3:99:67:cd:1b:d4:ab:bd:
         c8:4c:9a:d1:33:89:bc:5b:b2:13:f8:a8:fe:8d:dd:41:40:af:
         fc:ac:66:ea:53:ef:32:f3:a1:d9:d1:5b:b9:ee:c5:d1:eb:a6:
         92:8d:6f:80:d8:66:04:af:99:66:c0:7e:ac:a8:ff:7a:7f:d9:
         6b:d3:fb:38:43:de:09:cc:68:bc:03:88:0f:cc:77:e4:a1:24:
         c7:8c:31:dd:0e:26:a2:0c:88:cb:b7:2d:4d:1d:a1:5b:d8:23:
         69:36:23:35:d1:fd:e3:cd:db:75:7e:1a:37:32:72:be:e6:7f:
         6b:1c:21:90:3e:d8:89:cd:c6:92:08:50:4f:ee:6d:85:38:57:
         0f:9e:0c:a8:57:82:7a:f1:c2:f4:2c:01:e9:96:41:91:7e:a9:
         c6:ad:4b:52:e2:5c:68:40:0e:25:d6:5d:59:ac:f2:75:65:b5:
         05:42:99:c7:fa:7b:d2:b4:1f:fb:10:32:a0:22:83:e2:6e:6a:
         0d:f6:76:fe:2a:41:aa:ad:56:4f:8f:1e:cd:2f:8d:67:c5:58:
         f4:58:54:e7:af:a5:45:bb:d2:21:fa:9b:91:e1:b0:c5:d3:c5:
         ef:a7:81:7a:5c:1b:50:b9:36:c4:a3:83:a3:cd:02:b3:24:96:
         39:6d:e0:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijQ1eOSL+IJdcQyYMcUOhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjFkN2MzYjRlZTg3MjMzMzZhNjU4NTM5YWE3MzQ2ZjIz
ZDY3NzIwHhcNMjUwMTAxMTU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmU5YTI1ZjhiYTYzMTBmMTRkOWQ4OTI0MGEzMDkwNDg1MGI1MzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Yq8hL2+HJInwlicl6dt9GHZw4ts
bhRVBVh+FU4c55bKvGIT4RC3k++BPJl/KtKFUFq3DrS3dgqWj7BeIBKMQ+OKugUe
6UzphUT8JDf/llnDBjJS1jowN6ssRsGlsg+1nrXwwBskZJBr4k+eYaQJHVUEq8HV
bpA3v0K/KDk1hkNyZ9rUQm390WETA12O3ZIruKFs+aKqYZDzhJMOzEAX18joSUzL
FQ9yhlPwL9n97LpFcFZaYMn6UvzFD+HnOiDiPJroRBOGa3j0axBCEa47A5nSYiXr
nwjsvP6tEjfiC3brk9VCEZU4DNLfWNvg3JrUsmugmQVY1RRm6vPl9vxT7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbpol+LpjEPFNnYkkCjCQSFC1MzMB8GA1UdIwQY
MBaAFMmx18O07ocjM2plhTmqc0byPWdyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJIWHc3VHVoeU16YW1XRk9hcHpSdkk5WjNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lMDk0YmQtMDkxYy00MzNiLWJmNTgt
MTY0Y2M2YTRlZDFlLzEvaHVtaVg0dW1NUThVMmRpU1FLTUpCSVVMVXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lMDk0YmQtMDkxYy00MzNiLWJmNTgtMTY0Y2M2YTRlZDFl
LzEveWJIWHc3VHVoeU16YW1XRk9hcHpSdkk5WjNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwcnAMA0G
CSqGSIb3DQEBCwUAA4IBAQChS84Ellzg8a1a85lnzRvUq73ITJrRM4m8W7IT+Kj+
jd1BQK/8rGbqU+8y86HZ0Vu57sXR66aSjW+A2GYEr5lmwH6sqP96f9lr0/s4Q94J
zGi8A4gPzHfkoSTHjDHdDiaiDIjLty1NHaFb2CNpNiM10f3jzdt1fho3MnK+5n9r
HCGQPtiJzcaSCFBP7m2FOFcPngyoV4J68cL0LAHplkGRfqnGrUtS4lxoQA4l1l1Z
rPJ1ZbUFQpnH+nvStB/7EDKgIoPibmoN9nb+KkGqrVZPjx7NL41nxVj0WFTnr6VF
u9Ih+puR4bDF08Xvp4F6XBtQuTbEo4OjzQKzJJY5beBO
-----END CERTIFICATE-----