Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/JEh62edtGcPK6W4aI6E72di6xCs.roa
File:                     JEh62edtGcPK6W4aI6E72di6xCs.roa (raw, json)
Hash identifier:          PD42vAZ0BIX3jY6yqazrN5UUOFytkMhASMCFsoaVQJg=
Subject key identifier:   24:48:7A:D9:E7:6D:19:C3:CA:E9:6E:1A:23:A1:3B:D9:D8:BA:C4:2B
Certificate issuer:       /CN=c4ddbd9f230919321bf56706f1069377926119f9
Certificate serial:       019427B59B8C702413892F00F18030D531E7
Authority key identifier: C4:DD:BD:9F:23:09:19:32:1B:F5:67:06:F1:06:93:77:92:61:19:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/JEh62edtGcPK6W4aI6E72di6xCs.roa
Signing time:             Thu 02 Jan 2025 15:50:00 +0000
ROA not before:           Thu 02 Jan 2025 15:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3292
IP address blocks:        193.32.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:9b:8c:70:24:13:89:2f:00:f1:80:30:d5:31:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ddbd9f230919321bf56706f1069377926119f9
        Validity
            Not Before: Jan  2 15:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24487ad9e76d19c3cae96e1a23a13bd9d8bac42b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:65:e3:2d:8e:81:8b:9f:f2:9b:18:cf:80:79:
                    d2:3b:8e:1d:b9:6e:96:5e:56:c3:e1:9b:2a:c8:bf:
                    87:3f:01:aa:f1:17:36:16:53:c6:e2:e7:24:da:8f:
                    50:b1:b1:0f:39:36:cb:20:fa:55:be:55:77:81:34:
                    18:45:28:b2:2f:8a:e5:5b:8f:92:8a:21:1e:db:02:
                    75:8f:f1:63:dd:1a:4c:08:94:e6:98:7e:f7:28:95:
                    b7:d0:7b:64:1c:ee:79:a7:29:a4:0d:9c:d9:fd:43:
                    d7:fb:98:ef:cd:c8:a1:1a:ec:d7:0c:ff:42:de:00:
                    7a:71:7f:99:22:d8:2b:0b:56:0e:48:bc:45:76:50:
                    67:88:fe:c9:38:22:da:56:a7:b7:7e:13:64:3c:2a:
                    9a:d1:d7:79:3b:49:12:4a:33:7b:1b:9e:61:21:0b:
                    83:50:6b:05:a5:31:cd:b3:6c:45:7b:02:63:f8:6e:
                    1f:f5:a3:e5:db:64:03:2c:e9:4e:02:ff:bb:b6:82:
                    57:03:e0:e1:8b:c9:be:1c:a8:a6:60:01:00:9e:fe:
                    8f:49:fa:74:51:d2:f5:a2:35:35:b0:b3:b5:cf:60:
                    0f:31:46:28:ab:a6:85:79:dd:e9:b4:d7:64:77:eb:
                    3b:9f:b0:45:60:41:ce:cc:c0:9f:f5:f0:de:80:81:
                    1c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:48:7A:D9:E7:6D:19:C3:CA:E9:6E:1A:23:A1:3B:D9:D8:BA:C4:2B
            X509v3 Authority Key Identifier:
                keyid:C4:DD:BD:9F:23:09:19:32:1B:F5:67:06:F1:06:93:77:92:61:19:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN29nyMJGTIb9WcG8QaTd5JhGfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/JEh62edtGcPK6W4aI6E72di6xCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/e9c8fe-a687-4952-9d88-bfac928bf658/1/xN29nyMJGTIb9WcG8QaTd5JhGfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:c4:57:35:64:61:77:19:76:7f:6a:13:b0:01:4e:28:f1:78:
         9d:f7:19:ac:9b:a8:9e:a7:bc:7a:f8:de:35:fb:0b:b0:bc:40:
         4e:94:61:da:a0:fe:dc:31:af:97:b9:ec:95:bd:d1:e7:3d:c7:
         f7:7a:e8:10:92:7c:25:c0:a7:40:6e:46:fc:b7:84:c6:8b:1c:
         36:39:e9:4d:52:05:69:0e:96:f7:91:93:64:cb:ec:18:12:c2:
         2f:5e:08:99:c3:31:0d:d3:d4:99:9e:38:65:26:27:82:6e:e6:
         c6:f2:bc:ef:00:e4:de:ad:80:46:b0:f8:9e:ca:af:6e:86:e3:
         e7:53:39:e8:4f:da:09:55:c0:03:ff:a0:0c:de:38:c7:f5:40:
         40:d0:13:20:d6:00:c8:13:b7:bd:11:a6:01:63:50:d8:0b:7d:
         e6:52:87:9b:83:7f:44:93:97:34:2c:ca:68:68:e7:73:e1:84:
         11:47:41:b8:14:09:44:b2:b1:a9:84:c8:be:ea:43:20:f3:9f:
         bb:63:80:37:a9:03:68:37:ea:b9:e3:d9:97:30:c7:fc:b6:31:
         3a:2b:34:96:95:cb:64:f3:ac:24:db:a8:cc:c6:d0:a9:40:dd:
         a3:73:41:09:16:82:dc:a8:99:f1:42:66:1e:c7:58:b7:7f:2c:
         45:4b:a1:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZuMcCQTiS8A8YAw1THnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGRiZDlmMjMwOTE5MzIxYmY1NjcwNmYxMDY5Mzc3OTI2
MTE5ZjkwHhcNMjUwMTAyMTU1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDQ4N2FkOWU3NmQxOWMzY2FlOTZlMWEyM2ExM2JkOWQ4YmFjNDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWXjLY6Bi5/ymxjPgHnSO44duW6W
XlbD4ZsqyL+HPwGq8Rc2FlPG4uck2o9QsbEPOTbLIPpVvlV3gTQYRSiyL4rlW4+S
iiEe2wJ1j/Fj3RpMCJTmmH73KJW30HtkHO55pymkDZzZ/UPX+5jvzcihGuzXDP9C
3gB6cX+ZItgrC1YOSLxFdlBniP7JOCLaVqe3fhNkPCqa0dd5O0kSSjN7G55hIQuD
UGsFpTHNs2xFewJj+G4f9aPl22QDLOlOAv+7toJXA+Dhi8m+HKimYAEAnv6PSfp0
UdL1ojU1sLO1z2APMUYoq6aFed3ptNdkd+s7n7BFYEHOzMCf9fDegIEc2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRIetnnbRnDyuluGiOhO9nYusQrMB8GA1UdIwQY
MBaAFMTdvZ8jCRkyG/VnBvEGk3eSYRn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE4yOW55TUpHVEliOVdjRzhRYVRkNUpoR2ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9lOWM4ZmUtYTY4Ny00OTUyLTlkODgt
YmZhYzkyOGJmNjU4LzEvSkVoNjJlZHRHY1BLNlc0YUk2RTcyZGk2eENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9lOWM4ZmUtYTY4Ny00OTUyLTlkODgtYmZhYzkyOGJmNjU4
LzEveE4yOW55TUpHVEliOVdjRzhRYVRkNUpoR2ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBBMA0G
CSqGSIb3DQEBCwUAA4IBAQCExFc1ZGF3GXZ/ahOwAU4o8Xid9xmsm6iep7x6+N41
+wuwvEBOlGHaoP7cMa+XueyVvdHnPcf3eugQknwlwKdAbkb8t4TGixw2OelNUgVp
Dpb3kZNky+wYEsIvXgiZwzEN09SZnjhlJieCbubG8rzvAOTerYBGsPieyq9uhuPn
UznoT9oJVcAD/6AM3jjH9UBA0BMg1gDIE7e9EaYBY1DYC33mUoebg39Ek5c0LMpo
aOdz4YQRR0G4FAlEsrGphMi+6kMg85+7Y4A3qQNoN+q549mXMMf8tjE6KzSWlctk
86wk26jMxtCpQN2jc0EJFoLcqJnxQmYex1i3fyxFS6H3
-----END CERTIFICATE-----