Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/hsXOS728ssx8bAD81ls-MhEMYHY.roa
File:                     hsXOS728ssx8bAD81ls-MhEMYHY.roa (raw, json)
Hash identifier:          WicCvVpq6yjNVb8B4LAK2/Mh2on49kT2FPzZdWAqLP4=
Subject key identifier:   86:C5:CE:4B:BD:BC:B2:CC:7C:6C:00:FC:D6:5B:3E:32:11:0C:60:76
Certificate issuer:       /CN=67c3acf929a22338f2b380180cc852db4779aad0
Certificate serial:       019425FDE30DF9B04938CAFFFED586CE53E4
Authority key identifier: 67:C3:AC:F9:29:A2:23:38:F2:B3:80:18:0C:C8:52:DB:47:79:AA:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z8Os-SmiIzjys4AYDMhS20d5qtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/hsXOS728ssx8bAD81ls-MhEMYHY.roa
Signing time:             Thu 02 Jan 2025 07:49:43 +0000
ROA not before:           Thu 02 Jan 2025 07:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        193.43.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/Z8Os-SmiIzjys4AYDMhS20d5qtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/Z8Os-SmiIzjys4AYDMhS20d5qtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z8Os-SmiIzjys4AYDMhS20d5qtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e3:0d:f9:b0:49:38:ca:ff:fe:d5:86:ce:53:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67c3acf929a22338f2b380180cc852db4779aad0
        Validity
            Not Before: Jan  2 07:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86c5ce4bbdbcb2cc7c6c00fcd65b3e32110c6076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c7:e0:81:9e:8b:4f:f5:95:e2:18:f9:35:48:
                    f6:05:ba:6b:59:7f:f4:52:4b:b9:70:30:6a:ae:a2:
                    a6:c8:1d:eb:d2:e7:fa:fa:13:ac:45:f4:66:73:4c:
                    e4:00:a3:bc:dd:93:f5:1e:4c:a8:ee:20:2c:a0:2a:
                    96:39:7a:78:24:04:76:22:bf:3e:42:ce:f4:d3:ed:
                    fb:28:2e:f1:50:6e:c3:f3:33:da:da:79:e3:53:90:
                    f6:2e:45:bb:e1:0a:76:81:c9:68:2f:22:33:34:b3:
                    51:26:36:90:aa:04:a6:97:89:1b:ab:ac:f6:5a:ad:
                    3e:70:b4:87:f2:39:1a:32:28:4b:c4:2a:3c:12:be:
                    4f:4b:a0:ef:c2:9f:ac:93:29:d4:ba:86:07:41:5a:
                    4a:c1:bd:57:51:92:a2:3a:6f:53:06:1a:e2:22:da:
                    e0:1b:78:63:14:a7:a7:5c:bc:91:d1:43:d4:07:a0:
                    2b:ac:9d:14:9b:42:e2:7a:c9:6b:6b:dd:ac:14:5e:
                    1a:c1:cc:cd:a0:be:19:1e:09:6f:fb:17:a0:c2:ab:
                    c0:9b:3d:3d:1c:21:54:39:aa:03:82:15:8d:e6:86:
                    a6:72:28:f5:45:3f:91:3e:b5:40:4c:92:13:9b:ff:
                    dd:54:64:90:d8:a7:5a:f7:02:ed:a6:61:d9:ba:64:
                    06:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C5:CE:4B:BD:BC:B2:CC:7C:6C:00:FC:D6:5B:3E:32:11:0C:60:76
            X509v3 Authority Key Identifier:
                keyid:67:C3:AC:F9:29:A2:23:38:F2:B3:80:18:0C:C8:52:DB:47:79:AA:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8Os-SmiIzjys4AYDMhS20d5qtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/hsXOS728ssx8bAD81ls-MhEMYHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ca4815-0e00-49bf-88f5-caca8b80c91c/1/Z8Os-SmiIzjys4AYDMhS20d5qtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:4b:5c:b7:6f:e8:0b:81:46:2e:07:c6:e0:7d:ce:81:52:60:
         98:7c:4f:41:81:18:d8:40:4b:f4:64:34:0c:4d:3f:a4:c7:a3:
         af:ff:a4:8d:34:5d:07:90:59:69:82:88:da:8c:73:0f:d5:83:
         22:ae:6e:c0:b5:95:4b:4d:95:3e:1b:79:11:89:97:aa:82:c1:
         d7:f8:7a:30:1d:35:36:fa:a4:b6:aa:d4:c4:73:83:db:7b:91:
         c9:d2:1f:d5:07:fe:38:f6:75:3f:a7:c4:00:72:23:92:f7:5b:
         bc:e7:17:0d:ef:aa:3c:a7:7b:60:2c:ec:32:53:3f:8b:52:e0:
         79:2a:03:d9:34:a5:f5:e2:d6:c3:0c:39:43:db:27:02:15:c5:
         10:e8:62:1a:b0:bd:86:c2:a6:58:f6:33:9a:4c:35:3b:e3:38:
         56:82:7a:28:08:b2:01:fe:31:8c:89:d3:74:d5:f8:74:21:e8:
         a8:38:e6:36:89:ae:7f:86:26:d4:ff:a2:31:f9:07:a8:f9:e3:
         bb:3b:2d:ad:f1:16:47:c4:9a:a3:a6:dc:91:7a:60:e6:47:ff:
         9d:0e:4d:5f:ff:17:e1:39:c7:7d:fe:70:b9:e2:e4:12:a5:7d:
         8b:c4:f5:c9:33:4f:98:1d:d6:84:81:0a:0b:4a:4a:14:63:e4:
         15:a3:85:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eMN+bBJOMr//tWGzlPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YzNhY2Y5MjlhMjIzMzhmMmIzODAxODBjYzg1MmRiNDc3
OWFhZDAwHhcNMjUwMTAyMDc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmM1Y2U0YmJkYmNiMmNjN2M2YzAwZmNkNjViM2UzMjExMGM2MDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMfggZ6LT/WV4hj5NUj2BbprWX/0
Uku5cDBqrqKmyB3r0uf6+hOsRfRmc0zkAKO83ZP1Hkyo7iAsoCqWOXp4JAR2Ir8+
Qs700+37KC7xUG7D8zPa2nnjU5D2LkW74Qp2gcloLyIzNLNRJjaQqgSml4kbq6z2
Wq0+cLSH8jkaMihLxCo8Er5PS6Dvwp+skynUuoYHQVpKwb1XUZKiOm9TBhriItrg
G3hjFKenXLyR0UPUB6ArrJ0Um0Lieslra92sFF4awczNoL4ZHglv+xegwqvAmz09
HCFUOaoDghWN5oamcij1RT+RPrVATJITm//dVGSQ2Kda9wLtpmHZumQGSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbFzku9vLLMfGwA/NZbPjIRDGB2MB8GA1UdIwQY
MBaAFGfDrPkpoiM48rOAGAzIUttHearQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhPcy1TbWlJemp5czRBWURNaFMyMGQ1cXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jYTQ4MTUtMGUwMC00OWJmLTg4ZjUt
Y2FjYThiODBjOTFjLzEvaHNYT1M3Mjhzc3g4YkFEODFscy1NaEVNWUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9jYTQ4MTUtMGUwMC00OWJmLTg4ZjUtY2FjYThiODBjOTFj
LzEvWjhPcy1TbWlJemp5czRBWURNaFMyMGQ1cXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSv0MA0G
CSqGSIb3DQEBCwUAA4IBAQBdS1y3b+gLgUYuB8bgfc6BUmCYfE9BgRjYQEv0ZDQM
TT+kx6Ov/6SNNF0HkFlpgojajHMP1YMirm7AtZVLTZU+G3kRiZeqgsHX+HowHTU2
+qS2qtTEc4Pbe5HJ0h/VB/449nU/p8QAciOS91u85xcN76o8p3tgLOwyUz+LUuB5
KgPZNKX14tbDDDlD2ycCFcUQ6GIasL2GwqZY9jOaTDU74zhWgnooCLIB/jGMidN0
1fh0IeioOOY2ia5/hibU/6Ix+Qeo+eO7Oy2t8RZHxJqjptyRemDmR/+dDk1f/xfh
Ocd9/nC54uQSpX2LxPXJM0+YHdaEgQoLSkoUY+QVo4Ux
-----END CERTIFICATE-----