Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/f2bdc8-79e7-48cd-a994-ad495858b32c/1/hw2W04D1is42TOmflaN39hcxH9E.roa
File:                     hw2W04D1is42TOmflaN39hcxH9E.roa (raw, json)
Hash identifier:          fNZHjDeAyo42LcaysmyiDifSO0kt6UxDpr+XhWr9MzU=
Subject key identifier:   87:0D:96:D3:80:F5:8A:CE:36:4C:E9:9F:95:A3:77:F6:17:31:1F:D1
Certificate issuer:       /CN=877dfcf91569d8156226fc2790e67906763a2b03
Certificate serial:       0194244547280D64BFF1AF6FA5E31861C43C
Authority key identifier: 87:7D:FC:F9:15:69:D8:15:62:26:FC:27:90:E6:79:06:76:3A:2B:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h338-RVp2BViJvwnkOZ5BnY6KwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/f2bdc8-79e7-48cd-a994-ad495858b32c/1/hw2W04D1is42TOmflaN39hcxH9E.roa
Signing time:             Wed 01 Jan 2025 23:48:27 +0000
ROA not before:           Wed 01 Jan 2025 23:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24786
IP address blocks:        81.93.112.0/20 maxlen: 20
                          193.28.192.0/21 maxlen: 21
                          2a06:7500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/f2bdc8-79e7-48cd-a994-ad495858b32c/1/h338-RVp2BViJvwnkOZ5BnY6KwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/f2bdc8-79e7-48cd-a994-ad495858b32c/1/h338-RVp2BViJvwnkOZ5BnY6KwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h338-RVp2BViJvwnkOZ5BnY6KwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:47:28:0d:64:bf:f1:af:6f:a5:e3:18:61:c4:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=877dfcf91569d8156226fc2790e67906763a2b03
        Validity
            Not Before: Jan  1 23:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=870d96d380f58ace364ce99f95a377f617311fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:47:f1:eb:b2:ba:77:85:d2:5a:d5:c1:16:cd:
                    de:31:be:ad:72:50:ad:30:49:9b:57:c7:0e:3b:36:
                    81:86:2c:9d:da:c7:43:ae:f7:dd:40:c9:59:82:54:
                    72:4c:68:9b:21:9c:67:77:80:83:0d:e5:83:27:e5:
                    4b:80:6d:bc:60:ae:e2:ab:f2:2c:b1:92:08:46:9f:
                    09:1a:bc:e1:8f:98:58:6d:3c:43:17:49:46:d7:1c:
                    5f:a5:de:87:c8:e5:4c:20:fc:fb:e9:3a:b5:52:97:
                    dd:85:99:64:a0:b8:2e:0a:59:93:72:d7:f8:37:58:
                    c6:4f:51:5e:d0:29:65:bf:44:13:f3:41:b4:94:6c:
                    c0:1e:23:a1:e6:60:28:ae:4c:40:12:77:4e:49:d5:
                    3b:30:54:2c:a0:14:23:1b:4e:cf:47:2d:e9:0b:61:
                    4b:42:dd:98:4a:97:74:62:ce:31:45:66:b7:1d:9c:
                    53:57:80:e3:89:6f:72:6a:9b:fd:26:39:59:c1:61:
                    cd:c7:ee:2d:06:93:b5:19:bb:ce:53:ae:05:37:50:
                    73:fb:2b:8f:f3:a4:c9:ff:88:4e:ec:e7:22:08:12:
                    b6:a7:a7:16:40:88:6b:0f:32:a5:30:49:9f:3d:03:
                    97:75:4d:e0:47:bb:83:a3:21:d9:8d:c9:81:88:46:
                    e6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:0D:96:D3:80:F5:8A:CE:36:4C:E9:9F:95:A3:77:F6:17:31:1F:D1
            X509v3 Authority Key Identifier:
                keyid:87:7D:FC:F9:15:69:D8:15:62:26:FC:27:90:E6:79:06:76:3A:2B:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h338-RVp2BViJvwnkOZ5BnY6KwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f2bdc8-79e7-48cd-a994-ad495858b32c/1/hw2W04D1is42TOmflaN39hcxH9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f2bdc8-79e7-48cd-a994-ad495858b32c/1/h338-RVp2BViJvwnkOZ5BnY6KwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.93.112.0/20
                  193.28.192.0/21
                IPv6:
                  2a06:7500::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:2a:ca:c7:05:9f:96:9c:00:d9:33:6a:12:7c:6f:81:25:c0:
         a4:06:66:c4:c9:4e:b9:dd:8a:c7:3f:13:12:f9:2a:03:1a:f0:
         98:13:c9:b9:b3:74:30:e1:96:ec:82:58:92:4b:2e:bf:55:5c:
         1a:60:44:17:fc:01:05:d5:f7:29:73:12:cd:ef:ef:08:3a:73:
         96:b6:e4:53:68:3a:f3:0e:da:72:00:a3:7e:3d:92:f1:61:74:
         94:a8:4f:41:ec:6f:4f:59:f7:cc:89:db:26:c6:5a:a7:bd:68:
         a8:9c:7e:a9:93:1b:eb:34:97:a8:47:fe:ec:57:e2:44:f0:7c:
         63:53:a5:3f:9d:9b:c5:2e:3f:af:28:43:5c:f3:72:eb:0a:18:
         8c:98:eb:b1:55:35:c5:26:b2:ca:40:50:9f:20:d4:7e:27:69:
         65:b6:21:6d:c4:12:7e:fb:48:c6:26:d8:dc:81:d7:2d:e7:fc:
         00:04:18:1d:4a:30:2f:ff:f8:19:65:79:51:67:6f:38:c7:77:
         a5:59:41:95:de:07:52:56:a4:f2:96:81:4d:92:5a:5a:66:f6:
         d3:8e:af:49:bb:c1:ea:83:56:11:37:77:66:31:15:44:9e:3e:
         a1:dd:51:1e:77:d7:70:46:e5:56:ff:73:b5:82:2c:83:36:79:
         8b:36:e0:dd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRUcoDWS/8a9vpeMYYcQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3N2RmY2Y5MTU2OWQ4MTU2MjI2ZmMyNzkwZTY3OTA2NzYz
YTJiMDMwHhcNMjUwMTAxMjM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzBkOTZkMzgwZjU4YWNlMzY0Y2U5OWY5NWEzNzdmNjE3MzExZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Efx67K6d4XSWtXBFs3eMb6tclCt
MEmbV8cOOzaBhiyd2sdDrvfdQMlZglRyTGibIZxnd4CDDeWDJ+VLgG28YK7iq/Is
sZIIRp8JGrzhj5hYbTxDF0lG1xxfpd6HyOVMIPz76Tq1UpfdhZlkoLguClmTctf4
N1jGT1Fe0Cllv0QT80G0lGzAHiOh5mAorkxAEndOSdU7MFQsoBQjG07PRy3pC2FL
Qt2YSpd0Ys4xRWa3HZxTV4DjiW9yapv9JjlZwWHNx+4tBpO1GbvOU64FN1Bz+yuP
86TJ/4hO7OciCBK2p6cWQIhrDzKlMEmfPQOXdU3gR7uDoyHZjcmBiEbmlQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIcNltOA9YrONkzpn5Wjd/YXMR/RMB8GA1UdIwQY
MBaAFId9/PkVadgVYib8J5DmeQZ2OisDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDMzOC1SVnAyQlZpSnZ3bmtPWjVCblk2S3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9mMmJkYzgtNzllNy00OGNkLWE5OTQt
YWQ0OTU4NThiMzJjLzEvaHcyVzA0RDFpczQyVE9tZmxhTjM5aGN4SDlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9mMmJkYzgtNzllNy00OGNkLWE5OTQtYWQ0OTU4NThiMzJj
LzEvaDMzOC1SVnAyQlZpSnZ3bmtPWjVCblk2S3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUV1wAwQD
wRzAMA0EAgACMAcDBQMqBnUAMA0GCSqGSIb3DQEBCwUAA4IBAQBIKsrHBZ+WnADZ
M2oSfG+BJcCkBmbEyU653YrHPxMS+SoDGvCYE8m5s3Qw4ZbsgliSSy6/VVwaYEQX
/AEF1fcpcxLN7+8IOnOWtuRTaDrzDtpyAKN+PZLxYXSUqE9B7G9PWffMidsmxlqn
vWionH6pkxvrNJeoR/7sV+JE8HxjU6U/nZvFLj+vKENc83LrChiMmOuxVTXFJrLK
QFCfINR+J2lltiFtxBJ++0jGJtjcgdct5/wABBgdSjAv//gZZXlRZ284x3elWUGV
3gdSVqTyloFNklpaZvbTjq9Ju8Hqg1YRN3dmMRVEnj6h3VEed9dwRuVW/3O1giyD
NnmLNuDd
-----END CERTIFICATE-----