Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/HoMgEifDpVQ65AHqBFCCx_7uMoE.roa
File:                     HoMgEifDpVQ65AHqBFCCx_7uMoE.roa (raw, json)
Hash identifier:          MZgT/uxhPiKd1q/F+OrFW0KnU1po9n7PWWPZxZXmYvg=
Subject key identifier:   1E:83:20:12:27:C3:A5:54:3A:E4:01:EA:04:50:82:C7:FE:EE:32:81
Certificate issuer:       /CN=6df293212d25d4863e386b9c480ddc9be738124f
Certificate serial:       0194221FD6B45982CEFAE50073BA1FB98D02
Authority key identifier: 6D:F2:93:21:2D:25:D4:86:3E:38:6B:9C:48:0D:DC:9B:E7:38:12:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bfKTIS0l1IY-OGucSA3cm-c4Ek8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/HoMgEifDpVQ65AHqBFCCx_7uMoE.roa
Signing time:             Wed 01 Jan 2025 13:48:19 +0000
ROA not before:           Wed 01 Jan 2025 13:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21263
IP address blocks:        192.81.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/bfKTIS0l1IY-OGucSA3cm-c4Ek8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/bfKTIS0l1IY-OGucSA3cm-c4Ek8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bfKTIS0l1IY-OGucSA3cm-c4Ek8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d6:b4:59:82:ce:fa:e5:00:73:ba:1f:b9:8d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6df293212d25d4863e386b9c480ddc9be738124f
        Validity
            Not Before: Jan  1 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e83201227c3a5543ae401ea045082c7feee3281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b5:dc:c4:c1:12:b4:a9:ca:bb:2e:b8:23:5f:
                    ef:33:ca:29:ed:77:b2:5c:7f:01:5b:d6:6d:67:0e:
                    6d:d9:00:f6:c1:e9:8e:3c:36:ee:5b:7e:98:be:96:
                    49:f2:12:8e:34:f7:06:78:cb:34:94:c7:9f:b9:c1:
                    c0:20:ed:6f:2f:0b:6d:b8:cb:a0:21:59:2c:30:10:
                    89:bd:cd:35:87:51:a5:ba:8d:54:d5:dd:8d:33:8f:
                    b3:49:06:11:07:07:cb:de:c7:1a:94:46:83:8f:4c:
                    dc:96:14:cb:14:48:24:12:11:59:2c:02:f9:7c:1f:
                    b6:56:fe:71:df:98:5b:79:4f:61:86:f6:62:9e:04:
                    80:e1:a4:e3:f3:18:c0:5e:42:2b:0a:21:06:45:40:
                    2d:b5:d8:7b:09:3d:75:ff:b6:97:d2:57:78:a6:22:
                    c5:44:bb:f3:b5:21:cb:ff:10:10:9a:38:92:b3:46:
                    7d:4b:4a:c1:b1:aa:80:11:13:d6:33:5b:b3:ca:3f:
                    ce:25:f3:87:e3:24:c9:65:ff:2d:9f:df:b2:71:1e:
                    35:3f:5e:a9:e3:86:d8:11:bb:5a:78:db:00:c1:57:
                    ca:61:d9:42:0a:4a:33:0f:3b:bb:aa:03:d9:64:0e:
                    7a:08:d1:d7:f1:6a:c7:23:e0:2b:11:36:2d:f9:e1:
                    0c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:83:20:12:27:C3:A5:54:3A:E4:01:EA:04:50:82:C7:FE:EE:32:81
            X509v3 Authority Key Identifier:
                keyid:6D:F2:93:21:2D:25:D4:86:3E:38:6B:9C:48:0D:DC:9B:E7:38:12:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bfKTIS0l1IY-OGucSA3cm-c4Ek8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/HoMgEifDpVQ65AHqBFCCx_7uMoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aecb8a-d763-4642-8036-f400402b536c/1/bfKTIS0l1IY-OGucSA3cm-c4Ek8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.81.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:eb:10:9e:1b:c9:95:1d:3b:a9:c8:ee:c7:4e:51:5c:76:47:
         d5:d1:0a:ca:5b:b1:53:51:b5:8c:50:0a:3a:be:d1:04:c5:6d:
         2e:b5:1a:2b:ea:95:ed:19:a7:c8:f3:d1:fa:76:cf:56:49:ff:
         1f:01:fb:9f:7c:30:db:cd:13:56:0e:08:85:30:46:da:ea:ea:
         5e:15:5c:ba:09:64:61:be:0e:86:dd:9c:15:44:43:1f:88:e9:
         ff:57:78:c6:d8:aa:97:a6:29:d0:b4:33:1a:4d:b7:c7:80:70:
         67:72:07:9f:49:43:bc:ad:ad:3c:a0:a5:a8:26:3d:76:1a:60:
         a4:9b:fd:c9:0f:7d:94:d5:09:92:bf:91:76:d3:0c:be:66:53:
         72:d1:ab:91:1e:54:d8:5f:12:5c:91:7d:da:94:ec:2f:bb:30:
         da:03:bd:77:7d:32:09:4d:55:26:7a:fd:71:d0:ab:8f:9a:19:
         35:b4:78:95:4b:11:2c:35:91:4a:ae:a3:90:07:7f:63:da:44:
         14:be:a7:f9:ae:e0:02:2a:77:3d:c5:c4:c4:e3:0a:ec:be:da:
         b1:8d:be:40:8d:2b:a8:65:a4:fe:4b:27:af:14:d0:a0:6d:54:
         5f:04:ab:c2:ac:b2:e9:2a:22:2c:2a:4a:90:58:88:42:60:be:
         3b:94:1d:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9a0WYLO+uUAc7ofuY0CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZjI5MzIxMmQyNWQ0ODYzZTM4NmI5YzQ4MGRkYzliZTcz
ODEyNGYwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTgzMjAxMjI3YzNhNTU0M2FlNDAxZWEwNDUwODJjN2ZlZWUzMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLXcxMEStKnKuy64I1/vM8op7Xey
XH8BW9ZtZw5t2QD2wemOPDbuW36YvpZJ8hKONPcGeMs0lMefucHAIO1vLwttuMug
IVksMBCJvc01h1Gluo1U1d2NM4+zSQYRBwfL3scalEaDj0zclhTLFEgkEhFZLAL5
fB+2Vv5x35hbeU9hhvZingSA4aTj8xjAXkIrCiEGRUAttdh7CT11/7aX0ld4piLF
RLvztSHL/xAQmjiSs0Z9S0rBsaqAERPWM1uzyj/OJfOH4yTJZf8tn9+ycR41P16p
44bYEbtaeNsAwVfKYdlCCkozDzu7qgPZZA56CNHX8WrHI+ArETYt+eEMvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6DIBInw6VUOuQB6gRQgsf+7jKBMB8GA1UdIwQY
MBaAFG3ykyEtJdSGPjhrnEgN3JvnOBJPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmZLVElTMGwxSVktT0d1Y1NBM2NtLWM0RWs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hZWNiOGEtZDc2My00NjQyLTgwMzYt
ZjQwMDQwMmI1MzZjLzEvSG9NZ0VpZkRwVlE2NUFIcUJGQ0N4Xzd1TW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hZWNiOGEtZDc2My00NjQyLTgwMzYtZjQwMDQwMmI1MzZj
LzEvYmZLVElTMGwxSVktT0d1Y1NBM2NtLWM0RWs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwFF5MA0G
CSqGSIb3DQEBCwUAA4IBAQA96xCeG8mVHTupyO7HTlFcdkfV0QrKW7FTUbWMUAo6
vtEExW0utRor6pXtGafI89H6ds9WSf8fAfuffDDbzRNWDgiFMEba6upeFVy6CWRh
vg6G3ZwVREMfiOn/V3jG2KqXpinQtDMaTbfHgHBncgefSUO8ra08oKWoJj12GmCk
m/3JD32U1QmSv5F20wy+ZlNy0auRHlTYXxJckX3alOwvuzDaA713fTIJTVUmev1x
0KuPmhk1tHiVSxEsNZFKrqOQB39j2kQUvqf5ruACKnc9xcTE4wrsvtqxjb5AjSuo
ZaT+SyevFNCgbVRfBKvCrLLpKiIsKkqQWIhCYL47lB3O
-----END CERTIFICATE-----