Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/HIdYT19grrvIrsLvbv9c-RyNoYM.roa
File:                     HIdYT19grrvIrsLvbv9c-RyNoYM.roa (raw, json)
Hash identifier:          gMWRLPsAhHALB5C0CyTnC2YpfuJ8OqfVcPAvIC+/69E=
Subject key identifier:   1C:87:58:4F:5F:60:AE:BB:C8:AE:C2:EF:6E:FF:5C:F9:1C:8D:A1:83
Certificate issuer:       /CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
Certificate serial:       01942368F6B0EBB55E1A0C271DA332E7A697
Authority key identifier: B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/HIdYT19grrvIrsLvbv9c-RyNoYM.roa
Signing time:             Wed 01 Jan 2025 19:47:49 +0000
ROA not before:           Wed 01 Jan 2025 19:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202984
IP address blocks:        92.63.199.0/24 maxlen: 24
                          92.63.203.0/24 maxlen: 24
                          185.176.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:f6:b0:eb:b5:5e:1a:0c:27:1d:a3:32:e7:a6:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1af12f5ca75c922a4aa5dacb49c04a93237f4ed
        Validity
            Not Before: Jan  1 19:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c87584f5f60aebbc8aec2ef6eff5cf91c8da183
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5c:8e:05:b2:b3:9f:25:ab:2e:c3:c1:ef:dc:
                    f4:ad:ab:e3:da:49:3a:d9:10:36:44:e4:1e:b7:2a:
                    b6:4e:ca:23:7b:6f:f2:26:05:6a:de:9c:38:c9:d1:
                    bb:6a:57:9e:e1:a2:6f:54:88:75:10:96:25:53:0d:
                    5c:ce:4c:67:ef:11:d8:ee:72:99:c7:e3:42:34:91:
                    76:56:cb:43:8a:ae:0d:ec:d4:00:02:c8:17:39:9b:
                    cd:35:0d:0e:6d:ed:1d:25:1a:bf:53:a7:86:80:05:
                    48:eb:00:a9:5e:1f:bc:6e:0a:83:c2:74:ad:5c:af:
                    dd:fb:66:86:11:68:ab:b8:5c:40:11:bd:a7:b9:11:
                    a0:b2:91:f5:87:11:da:bc:dd:42:45:54:79:90:19:
                    16:5e:c4:1e:3e:64:3c:de:cb:44:cf:53:af:15:dd:
                    57:68:50:df:9d:49:0c:79:95:52:44:76:a1:c2:2f:
                    70:a1:80:5f:d8:41:6b:99:2a:68:48:21:4d:8b:65:
                    eb:d3:2c:5b:91:da:be:30:59:37:64:e3:5e:9e:e3:
                    68:18:94:94:27:af:7e:a0:16:79:4f:12:47:59:f5:
                    8a:6f:7b:b6:19:ca:ce:35:7f:34:13:e7:11:d6:2b:
                    38:42:3a:9d:0b:d7:72:d3:39:19:2a:e5:00:ed:85:
                    b2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:87:58:4F:5F:60:AE:BB:C8:AE:C2:EF:6E:FF:5C:F9:1C:8D:A1:83
            X509v3 Authority Key Identifier:
                keyid:B1:AF:12:F5:CA:75:C9:22:A4:AA:5D:AC:B4:9C:04:A9:32:37:F4:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sa8S9cp1ySKkql2stJwEqTI39O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/HIdYT19grrvIrsLvbv9c-RyNoYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cbcf68-7cbf-47f0-82ee-5760efbcc654/1/sa8S9cp1ySKkql2stJwEqTI39O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.199.0/24
                  92.63.203.0/24
                  185.176.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:50:41:3f:17:56:66:ca:96:3f:da:b1:69:3c:63:22:5a:19:
         99:1f:30:a6:d6:4d:d6:b0:d0:a4:a9:78:50:22:e8:15:c9:62:
         62:be:3e:97:4f:01:7e:74:8b:a6:ad:a1:91:13:0e:c8:3e:7f:
         db:f5:03:6f:a7:b5:66:30:29:3e:a4:d5:df:57:8a:4d:e8:c1:
         75:87:6b:a1:9e:23:e0:74:f6:6c:f1:ce:12:e0:a1:48:b6:47:
         24:a4:a0:7c:96:4d:99:2d:3c:92:f4:a3:29:56:69:db:d5:65:
         75:89:9e:7e:ec:c0:ee:ae:f9:8a:fe:f9:7a:f4:37:bf:a6:dc:
         1a:02:9e:cf:eb:1b:60:db:0e:7d:7e:1e:db:a0:24:28:ea:9a:
         dc:82:f1:d3:79:93:08:16:73:fd:f4:c6:ec:db:b8:5c:31:4f:
         33:f2:90:97:a7:aa:d4:51:f7:77:3c:b8:d2:52:78:ea:79:09:
         c9:f3:f2:e4:09:97:47:08:80:2d:2c:3e:dc:c9:b8:2e:b5:b9:
         eb:7c:9d:2a:d8:11:a1:8b:2e:95:df:0e:c9:68:19:55:9e:b2:
         5c:06:dd:b2:c1:14:6f:54:53:82:65:ab:44:4a:b3:a4:22:f5:
         e7:0d:29:b0:7c:75:e1:0f:5c:df:24:7f:02:2a:a6:03:f3:25:
         2d:84:76:f4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaPaw67VeGgwnHaMy56aXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYWYxMmY1Y2E3NWM5MjJhNGFhNWRhY2I0OWMwNGE5MzIz
N2Y0ZWQwHhcNMjUwMTAxMTk0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg3NTg0ZjVmNjBhZWJiYzhhZWMyZWY2ZWZmNWNmOTFjOGRhMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1yOBbKznyWrLsPB79z0ravj2kk6
2RA2ROQetyq2Tsoje2/yJgVq3pw4ydG7alee4aJvVIh1EJYlUw1czkxn7xHY7nKZ
x+NCNJF2VstDiq4N7NQAAsgXOZvNNQ0Obe0dJRq/U6eGgAVI6wCpXh+8bgqDwnSt
XK/d+2aGEWiruFxAEb2nuRGgspH1hxHavN1CRVR5kBkWXsQePmQ83stEz1OvFd1X
aFDfnUkMeZVSRHahwi9woYBf2EFrmSpoSCFNi2Xr0yxbkdq+MFk3ZONenuNoGJSU
J69+oBZ5TxJHWfWKb3u2GcrONX80E+cR1is4QjqdC9dy0zkZKuUA7YWyEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFByHWE9fYK67yK7C727/XPkcjaGDMB8GA1UdIwQY
MBaAFLGvEvXKdckipKpdrLScBKkyN/TtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUt
NTc2MGVmYmNjNjU0LzEvSElkWVQxOWdycnZJcnNMdmJ2OWMtUnlOb1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYmNmNjgtN2NiZi00N2YwLTgyZWUtNTc2MGVmYmNjNjU0
LzEvc2E4UzljcDF5U0trcWwyc3RKd0VxVEkzOU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXD/HAwQA
XD/LAwQAubAZMA0GCSqGSIb3DQEBCwUAA4IBAQCdUEE/F1ZmypY/2rFpPGMiWhmZ
HzCm1k3WsNCkqXhQIugVyWJivj6XTwF+dIumraGREw7IPn/b9QNvp7VmMCk+pNXf
V4pN6MF1h2uhniPgdPZs8c4S4KFItkckpKB8lk2ZLTyS9KMpVmnb1WV1iZ5+7MDu
rvmK/vl69De/ptwaAp7P6xtg2w59fh7boCQo6prcgvHTeZMIFnP99Mbs27hcMU8z
8pCXp6rUUfd3PLjSUnjqeQnJ8/LkCZdHCIAtLD7cybgutbnrfJ0q2BGhiy6V3w7J
aBlVnrJcBt2ywRRvVFOCZatESrOkIvXnDSmwfHXhD1zfJH8CKqYD8yUthHb0
-----END CERTIFICATE-----