Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/hApSbA3jzy_s3iVNvrGjhLhy3rU.roa
File:                     hApSbA3jzy_s3iVNvrGjhLhy3rU.roa (raw, json)
Hash identifier:          1X2vbtL7wfNX8hGTI4KlZns0bkwGbPIYpWY571Ew9V0=
Subject key identifier:   84:0A:52:6C:0D:E3:CF:2F:EC:DE:25:4D:BE:B1:A3:84:B8:72:DE:B5
Certificate issuer:       /CN=327557cf22629d058a5114965b2f9df8ef4db690
Certificate serial:       01941F8C677D0A3AE856FE18FACE53341935
Authority key identifier: 32:75:57:CF:22:62:9D:05:8A:51:14:96:5B:2F:9D:F8:EF:4D:B6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MnVXzyJinQWKURSWWy-d-O9NtpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/hApSbA3jzy_s3iVNvrGjhLhy3rU.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15623
IP address blocks:        193.42.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/MnVXzyJinQWKURSWWy-d-O9NtpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/MnVXzyJinQWKURSWWy-d-O9NtpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MnVXzyJinQWKURSWWy-d-O9NtpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:67:7d:0a:3a:e8:56:fe:18:fa:ce:53:34:19:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=327557cf22629d058a5114965b2f9df8ef4db690
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=840a526c0de3cf2fecde254dbeb1a384b872deb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9d:cb:33:34:52:18:2e:6f:90:a3:2e:60:85:
                    a4:af:e9:13:64:fc:03:2a:3b:35:7a:a2:41:30:22:
                    68:2b:1c:e8:06:34:41:af:6c:ba:c8:b8:a7:85:8f:
                    f7:42:bc:88:c2:f4:7c:ba:9c:6a:9f:4d:ad:b8:1e:
                    ab:5e:29:29:71:5b:b6:98:61:53:71:b4:3a:ea:40:
                    9c:43:f1:27:09:f2:eb:cd:55:66:fc:ce:d6:a0:f8:
                    64:50:16:b4:c3:12:c6:84:32:b6:85:ce:ac:09:cb:
                    83:76:d5:fc:c5:ad:ae:7a:1c:05:b5:ad:41:59:09:
                    c5:ae:a7:5d:00:ec:a1:88:b6:a8:66:47:34:ce:62:
                    e0:63:49:10:1b:06:d5:aa:17:76:a4:c5:8f:f1:2e:
                    e2:9f:c0:05:b9:0c:07:04:c3:3a:8f:c2:65:50:2a:
                    80:29:a3:ec:1b:a0:61:fe:1d:00:d8:e1:25:e3:f3:
                    ae:56:e7:f5:b9:a6:21:d7:60:0b:46:39:ab:69:c9:
                    8e:fc:2b:07:29:f1:8e:05:8c:c9:df:d3:71:ab:90:
                    dc:10:c5:0f:06:1e:ea:1f:0a:f5:07:a5:a5:e0:ae:
                    74:21:cd:54:42:8f:ef:4b:9b:d2:4d:77:47:c2:84:
                    b0:77:8a:46:c6:39:53:c2:11:77:f9:ce:3c:43:d4:
                    db:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:0A:52:6C:0D:E3:CF:2F:EC:DE:25:4D:BE:B1:A3:84:B8:72:DE:B5
            X509v3 Authority Key Identifier:
                keyid:32:75:57:CF:22:62:9D:05:8A:51:14:96:5B:2F:9D:F8:EF:4D:B6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MnVXzyJinQWKURSWWy-d-O9NtpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/hApSbA3jzy_s3iVNvrGjhLhy3rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/9cff3d-1168-411c-a065-fd725b825291/1/MnVXzyJinQWKURSWWy-d-O9NtpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:a3:78:2b:4f:d8:36:c3:65:fa:5b:ab:5b:0c:74:4a:e3:e7:
         75:c2:bd:2c:6f:e1:ef:31:8a:f1:84:57:68:80:36:f7:61:7a:
         78:48:3e:e7:ad:77:71:57:23:62:49:aa:53:0b:b6:ea:8f:b3:
         ca:51:5f:19:0f:d7:a5:29:60:a1:eb:f0:f0:e1:e3:fa:0b:ab:
         0d:18:46:59:80:01:09:1b:2a:8e:f3:2f:49:c6:6a:e7:f1:61:
         10:95:dc:69:8c:87:f1:c4:8d:da:d7:53:cc:a0:c8:b4:ff:b3:
         cd:74:fd:d5:b7:fb:74:cf:2d:b1:9a:6e:88:0b:3f:15:4d:6e:
         a1:e6:f2:ab:57:39:12:81:a7:2f:93:16:ed:c8:b2:45:cb:10:
         de:79:02:20:1a:c7:3b:51:18:92:9d:cf:7e:25:da:95:76:09:
         a7:25:c7:21:f8:78:85:4a:ff:25:8d:20:f9:79:a3:ec:01:92:
         57:67:7a:ff:da:b8:89:db:75:6a:af:7e:d1:44:65:e0:8c:d7:
         a4:b1:68:4f:85:c7:06:5e:36:48:92:2f:22:25:c6:57:54:4c:
         79:7d:74:01:3d:28:cc:97:53:07:fc:4a:c8:f3:bf:d6:a1:83:
         6b:75:d3:26:6a:ce:0e:89:37:f1:54:bf:b3:52:c3:17:dd:89:
         ae:51:98:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGd9CjroVv4Y+s5TNBk1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNzU1N2NmMjI2MjlkMDU4YTUxMTQ5NjViMmY5ZGY4ZWY0
ZGI2OTAwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDBhNTI2YzBkZTNjZjJmZWNkZTI1NGRiZWIxYTM4NGI4NzJkZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw53LMzRSGC5vkKMuYIWkr+kTZPwD
Kjs1eqJBMCJoKxzoBjRBr2y6yLinhY/3QryIwvR8upxqn02tuB6rXikpcVu2mGFT
cbQ66kCcQ/EnCfLrzVVm/M7WoPhkUBa0wxLGhDK2hc6sCcuDdtX8xa2uehwFta1B
WQnFrqddAOyhiLaoZkc0zmLgY0kQGwbVqhd2pMWP8S7in8AFuQwHBMM6j8JlUCqA
KaPsG6Bh/h0A2OEl4/OuVuf1uaYh12ALRjmracmO/CsHKfGOBYzJ39Nxq5DcEMUP
Bh7qHwr1B6Wl4K50Ic1UQo/vS5vSTXdHwoSwd4pGxjlTwhF3+c48Q9Tb0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQKUmwN488v7N4lTb6xo4S4ct61MB8GA1UdIwQY
MBaAFDJ1V88iYp0FilEUllsvnfjvTbaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW5WWHp5SmluUVdLVVJTV1d5LWQtTzlOdHBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC85Y2ZmM2QtMTE2OC00MTFjLWEwNjUt
ZmQ3MjViODI1MjkxLzEvaEFwU2JBM2p6eV9zM2lWTnZyR2poTGh5M3JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC85Y2ZmM2QtMTE2OC00MTFjLWEwNjUtZmQ3MjViODI1Mjkx
LzEvTW5WWHp5SmluUVdLVVJTV1d5LWQtTzlOdHBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSqSMA0G
CSqGSIb3DQEBCwUAA4IBAQBBo3grT9g2w2X6W6tbDHRK4+d1wr0sb+HvMYrxhFdo
gDb3YXp4SD7nrXdxVyNiSapTC7bqj7PKUV8ZD9elKWCh6/Dw4eP6C6sNGEZZgAEJ
GyqO8y9Jxmrn8WEQldxpjIfxxI3a11PMoMi0/7PNdP3Vt/t0zy2xmm6ICz8VTW6h
5vKrVzkSgacvkxbtyLJFyxDeeQIgGsc7URiSnc9+JdqVdgmnJcch+HiFSv8ljSD5
eaPsAZJXZ3r/2riJ23Vqr37RRGXgjNeksWhPhccGXjZIki8iJcZXVEx5fXQBPSjM
l1MH/ErI87/WoYNrddMmas4OiTfxVL+zUsMX3YmuUZjh
-----END CERTIFICATE-----