Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/iCdHueFJzoeCEXGqlVVm5ScVPLc.roa
File:                     iCdHueFJzoeCEXGqlVVm5ScVPLc.roa (raw, json)
Hash identifier:          WO+D1FK6ZZiW8oMD1xh3ZGMyihQtIz38YWI4KrXD8lM=
Subject key identifier:   88:27:47:B9:E1:49:CE:87:82:11:71:AA:95:55:66:E5:27:15:3C:B7
Certificate issuer:       /CN=984b690d6dd3b0faece03bf208f0030e338c2216
Certificate serial:       0194221FF5506BAF4E85DDDB3D98BFE44B19
Authority key identifier: 98:4B:69:0D:6D:D3:B0:FA:EC:E0:3B:F2:08:F0:03:0E:33:8C:22:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mEtpDW3TsPrs4DvyCPADDjOMIhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/iCdHueFJzoeCEXGqlVVm5ScVPLc.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        193.58.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/mEtpDW3TsPrs4DvyCPADDjOMIhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/mEtpDW3TsPrs4DvyCPADDjOMIhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mEtpDW3TsPrs4DvyCPADDjOMIhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f5:50:6b:af:4e:85:dd:db:3d:98:bf:e4:4b:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=984b690d6dd3b0faece03bf208f0030e338c2216
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=882747b9e149ce87821171aa955566e527153cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:88:df:a2:90:28:83:90:a0:ea:a2:18:9f:30:
                    47:2a:0a:3a:fe:bb:0a:b4:2d:12:01:2e:f9:ea:d3:
                    1c:f6:1d:ff:64:1f:e6:83:4d:78:71:e7:63:3e:30:
                    52:f1:53:ec:5c:76:60:08:ac:7e:c7:af:c7:ff:ab:
                    4e:36:7d:13:8f:be:2e:3f:53:5a:06:0f:88:42:44:
                    11:18:18:43:dd:64:c1:06:e2:15:10:35:73:65:d7:
                    5e:88:65:eb:ae:f1:de:a0:55:d2:37:5a:4c:c9:4c:
                    8a:4f:b8:eb:0f:e0:78:48:c9:54:29:97:09:da:b9:
                    f5:e4:57:0e:7c:b8:ca:a5:ca:cf:5f:65:14:5a:ef:
                    bb:2f:6e:68:51:86:7f:b6:ba:22:48:48:6a:87:84:
                    8d:cc:33:7a:a7:d6:04:f1:ef:ba:9a:9a:ca:38:97:
                    50:ae:cc:0f:2f:9d:09:81:3d:9e:75:9f:ae:13:0f:
                    8b:69:55:76:63:ce:33:33:0f:de:82:04:89:78:7d:
                    3a:b2:3b:aa:13:4d:da:1c:4a:a9:7c:b1:f0:72:46:
                    1c:4d:57:23:d4:3e:e6:e5:de:4d:91:ea:0b:4d:ff:
                    1e:90:55:f3:49:96:17:04:98:93:7e:7b:1a:52:7a:
                    69:80:e5:8e:34:2b:a2:2a:09:67:48:8e:49:cc:ec:
                    8a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:27:47:B9:E1:49:CE:87:82:11:71:AA:95:55:66:E5:27:15:3C:B7
            X509v3 Authority Key Identifier:
                keyid:98:4B:69:0D:6D:D3:B0:FA:EC:E0:3B:F2:08:F0:03:0E:33:8C:22:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mEtpDW3TsPrs4DvyCPADDjOMIhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/iCdHueFJzoeCEXGqlVVm5ScVPLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/34ffe7-9bf4-452b-9199-1255da04d986/1/mEtpDW3TsPrs4DvyCPADDjOMIhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:52:40:49:ca:a0:ad:f1:eb:d2:03:49:70:a3:79:0f:f2:9a:
         1d:11:e0:5f:b2:6d:c3:67:73:15:bb:eb:3b:57:97:f7:ff:14:
         42:97:86:e0:12:64:97:81:88:9d:95:9f:eb:8b:23:8b:d6:30:
         dc:32:d7:2e:be:3b:88:12:a3:f3:b8:94:d5:bc:a1:a9:5b:89:
         a8:d8:6f:da:2f:91:57:05:41:f5:f7:7d:5b:74:7c:7e:ef:7b:
         82:39:5c:ec:e7:d6:6b:c5:35:c1:e2:a0:21:42:2d:24:7c:a4:
         9f:6e:5f:fa:3c:c5:94:1c:a5:cc:3e:56:40:82:1a:fb:0d:2e:
         8e:88:18:0b:53:32:91:8f:6a:e0:b0:92:0b:98:2a:64:2c:9a:
         6e:07:e0:d8:3d:b1:c9:bd:12:5f:79:20:fe:cd:b2:bc:2b:20:
         de:41:47:7e:31:c2:ea:28:a6:4b:27:a6:15:8b:da:3a:26:88:
         4b:11:86:79:66:3f:3b:e4:ff:54:ab:11:cc:d8:61:92:a2:cf:
         c4:0e:0c:a6:5a:64:e6:b1:b8:e1:5a:9b:6e:d4:bc:7c:7e:c6:
         09:21:3e:fc:02:88:40:32:14:fe:d7:f8:44:86:24:42:47:cf:
         74:01:a5:77:bb:b6:0d:2d:f6:2c:a3:4f:ef:44:e8:a4:77:df:
         ad:1e:0e:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/VQa69Ohd3bPZi/5EsZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NGI2OTBkNmRkM2IwZmFlY2UwM2JmMjA4ZjAwMzBlMzM4
YzIyMTYwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI3NDdiOWUxNDljZTg3ODIxMTcxYWE5NTU1NjZlNTI3MTUzY2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoojfopAog5Cg6qIYnzBHKgo6/rsK
tC0SAS756tMc9h3/ZB/mg014cedjPjBS8VPsXHZgCKx+x6/H/6tONn0Tj74uP1Na
Bg+IQkQRGBhD3WTBBuIVEDVzZddeiGXrrvHeoFXSN1pMyUyKT7jrD+B4SMlUKZcJ
2rn15FcOfLjKpcrPX2UUWu+7L25oUYZ/troiSEhqh4SNzDN6p9YE8e+6mprKOJdQ
rswPL50JgT2edZ+uEw+LaVV2Y84zMw/eggSJeH06sjuqE03aHEqpfLHwckYcTVcj
1D7m5d5NkeoLTf8ekFXzSZYXBJiTfnsaUnppgOWONCuiKglnSI5JzOyKCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgnR7nhSc6HghFxqpVVZuUnFTy3MB8GA1UdIwQY
MBaAFJhLaQ1t07D67OA78gjwAw4zjCIWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUV0cERXM1RzUHJzNER2eUNQQUREak9NSWhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8zNGZmZTctOWJmNC00NTJiLTkxOTkt
MTI1NWRhMDRkOTg2LzEvaUNkSHVlRkp6b2VDRVhHcWxWVm01U2NWUExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8zNGZmZTctOWJmNC00NTJiLTkxOTktMTI1NWRhMDRkOTg2
LzEvbUV0cERXM1RzUHJzNER2eUNQQUREak9NSWhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTryMA0G
CSqGSIb3DQEBCwUAA4IBAQCZUkBJyqCt8evSA0lwo3kP8podEeBfsm3DZ3MVu+s7
V5f3/xRCl4bgEmSXgYidlZ/riyOL1jDcMtcuvjuIEqPzuJTVvKGpW4mo2G/aL5FX
BUH1931bdHx+73uCOVzs59ZrxTXB4qAhQi0kfKSfbl/6PMWUHKXMPlZAghr7DS6O
iBgLUzKRj2rgsJILmCpkLJpuB+DYPbHJvRJfeSD+zbK8KyDeQUd+McLqKKZLJ6YV
i9o6JohLEYZ5Zj875P9UqxHM2GGSos/EDgymWmTmsbjhWptu1Lx8fsYJIT78AohA
MhT+1/hEhiRCR890AaV3u7YNLfYso0/vROikd9+tHg4n
-----END CERTIFICATE-----