Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/r0HBNY563rOMQY1RRtJOow6ZQJ0.roa
File:                     r0HBNY563rOMQY1RRtJOow6ZQJ0.roa (raw, json)
Hash identifier:          4VPkMTPtW9jPI7XQb3FDvnbozDKnEhd86wjTZ1AcbNc=
Subject key identifier:   AF:41:C1:35:8E:7A:DE:B3:8C:41:8D:51:46:D2:4E:A3:0E:99:40:9D
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CC61E2AD5FCDCCB1C699033CF628E
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/r0HBNY563rOMQY1RRtJOow6ZQJ0.roa
Signing time:             Wed 01 Jan 2025 01:48:26 +0000
ROA not before:           Wed 01 Jan 2025 01:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210225
IP address blocks:        193.32.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:c6:1e:2a:d5:fc:dc:cb:1c:69:90:33:cf:62:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af41c1358e7adeb38c418d5146d24ea30e99409d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ea:f1:cd:f1:d1:a3:0c:88:85:d1:67:c0:dd:
                    98:90:e0:ae:a2:e8:3a:c4:95:b8:23:fe:02:d7:71:
                    81:65:f6:15:16:41:32:f1:66:a6:1e:8e:81:bf:18:
                    87:3e:f9:11:be:6c:30:56:fc:ce:b0:7d:f0:35:5b:
                    54:f3:ce:cf:0c:a7:8d:01:79:f1:2f:ba:18:3a:32:
                    b5:ba:64:05:ad:61:70:34:23:30:23:3c:02:f4:d2:
                    3b:09:b3:73:3e:18:76:b2:ee:9d:a4:3a:dc:08:6b:
                    f9:35:8b:b1:65:53:f9:e7:58:bb:d6:64:81:85:d9:
                    1d:59:3d:b3:97:f6:c9:5d:e6:f5:fa:6c:ef:0d:5e:
                    d9:9f:ed:74:ec:52:02:86:7c:6e:61:1f:da:73:2f:
                    85:af:7f:26:9a:d5:dd:cb:47:9c:11:62:db:cb:55:
                    f9:b0:d6:45:0b:8e:6f:55:c8:42:64:36:27:e3:2a:
                    fa:3c:86:4d:ba:2c:0c:af:5f:e2:14:1f:80:5c:d1:
                    57:ae:b1:c8:24:a9:ac:5f:ad:56:f4:de:fe:f8:67:
                    b6:c4:6f:80:c8:57:1d:db:a1:99:b9:7c:77:92:4a:
                    e9:59:ec:4a:23:8c:f6:d0:61:86:58:6b:b7:97:a2:
                    17:4a:62:4f:96:a5:19:69:e0:e7:b7:fc:7b:96:cb:
                    07:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:41:C1:35:8E:7A:DE:B3:8C:41:8D:51:46:D2:4E:A3:0E:99:40:9D
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/r0HBNY563rOMQY1RRtJOow6ZQJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:26:7f:2a:0e:58:f2:28:fe:16:fa:8e:60:44:e2:ee:3d:a4:
         f7:5b:07:33:06:5c:9b:cd:1f:2b:79:1a:ab:4c:f5:50:dc:c0:
         c2:bf:3e:3d:d1:bd:0c:5d:5f:19:7d:c0:23:d7:77:ba:7e:9d:
         34:be:7c:09:8c:0f:d4:53:15:85:b4:06:ae:81:3f:da:84:b1:
         a2:5c:01:2f:ac:8d:8e:1a:cf:f5:7a:a9:d1:39:13:c4:08:d6:
         19:00:5a:d4:89:f6:29:47:00:b5:81:9a:b3:99:29:82:bc:f5:
         5b:ab:cc:1a:96:0c:31:04:58:01:37:2f:a4:48:6e:81:90:4a:
         44:2a:18:61:34:4e:7a:aa:19:4c:71:9f:fd:71:b9:49:fd:fe:
         46:5d:83:4d:26:dc:35:79:a2:61:f9:bf:e2:7e:2f:92:05:10:
         75:e3:53:fb:6d:45:42:d9:8e:21:d4:6f:42:44:80:65:27:b9:
         0b:55:17:35:26:d5:98:7f:9f:f5:f7:8d:0f:59:c0:11:81:18:
         f0:49:74:88:3f:0e:d2:e7:73:9e:e8:d9:33:e1:a8:38:0d:b8:
         ff:86:c0:8c:59:fa:ea:ca:8f:4e:27:47:f8:7a:d3:c0:02:57:
         43:21:b4:46:79:03:cf:1f:e8:db:95:53:15:cc:47:70:b5:3e:
         8a:be:24:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjMYeKtX83MscaZAzz2KOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQxYzEzNThlN2FkZWIzOGM0MThkNTE0NmQyNGVhMzBlOTk0MDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+rxzfHRowyIhdFnwN2YkOCuoug6
xJW4I/4C13GBZfYVFkEy8WamHo6BvxiHPvkRvmwwVvzOsH3wNVtU887PDKeNAXnx
L7oYOjK1umQFrWFwNCMwIzwC9NI7CbNzPhh2su6dpDrcCGv5NYuxZVP551i71mSB
hdkdWT2zl/bJXeb1+mzvDV7Zn+107FIChnxuYR/acy+Fr38mmtXdy0ecEWLby1X5
sNZFC45vVchCZDYn4yr6PIZNuiwMr1/iFB+AXNFXrrHIJKmsX61W9N7++Ge2xG+A
yFcd26GZuXx3kkrpWexKI4z20GGGWGu3l6IXSmJPlqUZaeDnt/x7lssHVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9BwTWOet6zjEGNUUbSTqMOmUCdMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvcjBIQk5ZNTYzck9NUVkxUlJ0Sk9vdzZaUUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwSDsMA0G
CSqGSIb3DQEBCwUAA4IBAQB1Jn8qDljyKP4W+o5gROLuPaT3WwczBlybzR8reRqr
TPVQ3MDCvz490b0MXV8ZfcAj13e6fp00vnwJjA/UUxWFtAaugT/ahLGiXAEvrI2O
Gs/1eqnRORPECNYZAFrUifYpRwC1gZqzmSmCvPVbq8walgwxBFgBNy+kSG6BkEpE
KhhhNE56qhlMcZ/9cblJ/f5GXYNNJtw1eaJh+b/ifi+SBRB141P7bUVC2Y4h1G9C
RIBlJ7kLVRc1JtWYf5/1940PWcARgRjwSXSIPw7S53Oe6Nkz4ag4Dbj/hsCMWfrq
yo9OJ0f4etPAAldDIbRGeQPPH+jblVMVzEdwtT6KviQZ
-----END CERTIFICATE-----