Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/HJd9P_PlKCAbara3DxGKUKKnE7c.roa
File:                     HJd9P_PlKCAbara3DxGKUKKnE7c.roa (raw, json)
Hash identifier:          eUsrGFzXfQW/Dn1ODD605ExEOtBlWFeJQugMdp5/EgU=
Subject key identifier:   1C:97:7D:3F:F3:E5:28:20:1B:6A:B6:B7:0F:11:8A:50:A2:A7:13:B7
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1D4159DB59742DFB19FB82BCDAE41
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/HJd9P_PlKCAbara3DxGKUKKnE7c.roa
Signing time:             Wed 01 Jan 2025 11:48:09 +0000
ROA not before:           Wed 01 Jan 2025 11:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30836
IP address blocks:        195.56.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d4:15:9d:b5:97:42:df:b1:9f:b8:2b:cd:ae:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c977d3ff3e528201b6ab6b70f118a50a2a713b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:97:d0:37:fb:63:18:e9:91:24:27:75:54:d4:
                    3f:aa:83:8e:fc:25:82:5f:9b:83:74:6a:db:41:c1:
                    d9:21:19:a1:12:59:96:5c:44:30:72:f0:98:59:fe:
                    81:01:b3:7d:f3:e7:81:06:6c:30:d7:79:44:4c:45:
                    32:d3:a9:16:f9:2e:34:28:2d:48:90:60:2d:d1:94:
                    2c:5a:9f:9f:dd:b9:08:a4:36:b7:30:08:7d:df:0d:
                    63:2c:f0:1d:cb:07:f1:31:a3:21:27:3d:44:8b:6b:
                    0c:81:60:1e:bb:53:13:e5:b1:a7:d6:1b:9a:f2:fc:
                    7f:ad:23:b4:b0:88:ff:1f:71:cf:e5:45:ca:b6:0c:
                    e7:c2:50:dc:1c:2d:99:22:e8:ab:e5:40:fc:96:cb:
                    f9:5c:a1:c8:29:71:8a:66:ce:a2:75:d4:da:e8:e1:
                    51:64:26:56:42:1f:89:99:a1:09:78:d2:c3:03:50:
                    9a:51:ee:53:e5:71:e0:8c:6a:1f:4f:32:77:19:17:
                    42:6c:af:6b:74:2b:04:33:cf:00:b5:1d:9c:20:4d:
                    c8:ee:7f:33:04:ad:f6:0e:2a:60:b9:db:d7:74:f3:
                    07:5c:6b:5b:07:f1:80:d4:1f:9d:60:f6:05:8e:c6:
                    0b:6c:df:3f:c3:b9:77:94:35:ba:c7:a0:55:38:e8:
                    46:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:97:7D:3F:F3:E5:28:20:1B:6A:B6:B7:0F:11:8A:50:A2:A7:13:B7
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/HJd9P_PlKCAbara3DxGKUKKnE7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.56.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:56:49:eb:c5:ab:6b:15:3b:dc:74:31:15:9a:f1:4b:09:15:
         4a:03:c8:83:b3:e6:3b:70:c2:77:7d:70:b6:4b:56:cb:6f:fc:
         ae:83:b3:dd:24:02:f2:3b:39:f9:82:8d:e5:e6:2d:a9:cf:77:
         f4:8c:2d:cb:96:b6:81:62:ba:88:c2:3c:cb:9c:3f:47:eb:60:
         81:fe:39:04:7f:3f:4c:ce:0b:ab:6a:1d:67:b0:e3:38:f8:9b:
         b1:a9:3b:6e:db:96:83:8f:f0:95:96:8c:ac:8e:2f:88:e1:25:
         33:3f:7a:c7:e8:70:17:a5:2b:da:d5:8c:29:4a:0a:39:47:b6:
         0b:c0:a0:7c:01:b1:c3:24:52:8b:cf:0e:7f:3c:d4:26:62:13:
         09:28:9f:72:3f:80:e0:2a:af:e0:c7:c8:25:fa:66:13:85:ca:
         70:86:27:b2:19:de:ae:8e:73:3c:a3:c4:bf:86:20:bc:26:9d:
         cc:9b:10:13:53:7f:b3:42:a4:51:cb:7b:c7:4f:0f:f9:ae:97:
         e0:78:51:0b:40:a4:32:50:fe:0c:b7:e1:9a:1c:c3:61:77:64:
         87:e1:dd:de:7d:27:8f:4b:09:bb:00:7a:e9:0f:79:42:15:ad:
         f2:76:30:5a:07:14:56:a8:b2:67:d3:a2:74:40:b4:b3:e5:22:
         3c:4b:be:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdQVnbWXQt+xn7grza5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzk3N2QzZmYzZTUyODIwMWI2YWI2YjcwZjExOGE1MGEyYTcxM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJfQN/tjGOmRJCd1VNQ/qoOO/CWC
X5uDdGrbQcHZIRmhElmWXEQwcvCYWf6BAbN98+eBBmww13lETEUy06kW+S40KC1I
kGAt0ZQsWp+f3bkIpDa3MAh93w1jLPAdywfxMaMhJz1Ei2sMgWAeu1MT5bGn1hua
8vx/rSO0sIj/H3HP5UXKtgznwlDcHC2ZIuir5UD8lsv5XKHIKXGKZs6iddTa6OFR
ZCZWQh+JmaEJeNLDA1CaUe5T5XHgjGofTzJ3GRdCbK9rdCsEM88AtR2cIE3I7n8z
BK32DipgudvXdPMHXGtbB/GA1B+dYPYFjsYLbN8/w7l3lDW6x6BVOOhGHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByXfT/z5SggG2q2tw8RilCipxO3MB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvSEpkOVBfUGxLQ0FiYXJhM0R4R0tVS0tuRTdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzhlMA0G
CSqGSIb3DQEBCwUAA4IBAQBBVknrxatrFTvcdDEVmvFLCRVKA8iDs+Y7cMJ3fXC2
S1bLb/yug7PdJALyOzn5go3l5i2pz3f0jC3LlraBYrqIwjzLnD9H62CB/jkEfz9M
zgurah1nsOM4+JuxqTtu25aDj/CVloysji+I4SUzP3rH6HAXpSva1YwpSgo5R7YL
wKB8AbHDJFKLzw5/PNQmYhMJKJ9yP4DgKq/gx8gl+mYThcpwhieyGd6ujnM8o8S/
hiC8Jp3MmxATU3+zQqRRy3vHTw/5rpfgeFELQKQyUP4Mt+GaHMNhd2SH4d3efSeP
Swm7AHrpD3lCFa3ydjBaBxRWqLJn06J0QLSz5SI8S74N
-----END CERTIFICATE-----