Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/1IvUdF6sc26gQi1PrEF2at2Gu_w.roa
File:                     1IvUdF6sc26gQi1PrEF2at2Gu_w.roa (raw, json)
Hash identifier:          v/QlU4UHuYWzg7iCrnrdYQGm1IMje67B6F+Jo7o9yAA=
Subject key identifier:   D4:8B:D4:74:5E:AC:73:6E:A0:42:2D:4F:AC:41:76:6A:DD:86:BB:FC
Certificate issuer:       /CN=8df3df971aa7cb25dfb7cb55b29c87bcbe320829
Certificate serial:       01942521B3D7B8CD59FB7D40E7A4CCC66530
Authority key identifier: 8D:F3:DF:97:1A:A7:CB:25:DF:B7:CB:55:B2:9C:87:BC:BE:32:08:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jfPflxqnyyXft8tVspyHvL4yCCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/1IvUdF6sc26gQi1PrEF2at2Gu_w.roa
Signing time:             Thu 02 Jan 2025 03:49:13 +0000
ROA not before:           Thu 02 Jan 2025 03:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199155
IP address blocks:        193.236.32.0/19 maxlen: 20
                          193.236.64.0/19 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/jfPflxqnyyXft8tVspyHvL4yCCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/jfPflxqnyyXft8tVspyHvL4yCCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jfPflxqnyyXft8tVspyHvL4yCCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b3:d7:b8:cd:59:fb:7d:40:e7:a4:cc:c6:65:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8df3df971aa7cb25dfb7cb55b29c87bcbe320829
        Validity
            Not Before: Jan  2 03:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d48bd4745eac736ea0422d4fac41766add86bbfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:be:8c:d3:a8:82:9c:f9:06:1d:bf:46:e4:49:
                    6e:e0:50:d8:6f:a1:52:c8:fb:8f:1c:61:f9:ca:10:
                    78:dd:a2:b9:ef:86:8e:54:d4:cc:18:89:53:bf:b4:
                    b8:33:a1:06:1d:ff:44:d2:94:66:51:77:97:34:3f:
                    6b:42:fe:8b:dc:6b:fe:48:6b:cd:96:4a:42:2f:61:
                    1a:32:d9:82:f2:13:af:2a:66:b3:cc:7a:7e:44:82:
                    77:da:f3:7e:94:aa:0f:6a:62:0c:a4:40:7a:cf:b1:
                    d7:ed:de:70:cf:c6:6e:2f:ff:3d:b3:80:94:a5:3b:
                    51:3c:d9:ab:c1:dd:bd:53:d3:9f:de:0d:52:71:58:
                    95:2c:f8:2e:13:75:ea:95:1a:bf:ec:63:4b:e5:06:
                    47:90:e4:49:38:14:18:56:24:74:a4:b5:d8:fe:57:
                    4e:82:d7:ab:fd:07:79:ac:7f:34:de:87:ec:43:d7:
                    ed:1d:03:cc:d6:5d:81:ed:f3:b2:c7:55:e4:74:cb:
                    ff:12:0b:66:8c:11:de:23:6d:25:6d:ba:7a:3d:ad:
                    9d:3c:fd:c4:ee:5b:b7:b5:0a:c6:49:19:c2:62:fa:
                    ec:3c:1c:bb:e1:84:c3:27:3f:04:14:85:6d:d1:59:
                    85:c0:56:f1:55:f9:89:ba:6d:b7:2a:c4:ca:b7:01:
                    ac:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:8B:D4:74:5E:AC:73:6E:A0:42:2D:4F:AC:41:76:6A:DD:86:BB:FC
            X509v3 Authority Key Identifier:
                keyid:8D:F3:DF:97:1A:A7:CB:25:DF:B7:CB:55:B2:9C:87:BC:BE:32:08:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jfPflxqnyyXft8tVspyHvL4yCCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/1IvUdF6sc26gQi1PrEF2at2Gu_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ad44-fe7d-46d9-913e-c794b5f87804/1/jfPflxqnyyXft8tVspyHvL4yCCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.236.32.0-193.236.95.255

    Signature Algorithm: sha256WithRSAEncryption
         08:48:d5:b3:aa:ca:de:b8:26:3a:30:e6:35:e1:1e:a0:17:fd:
         90:8f:f7:4b:25:58:15:bd:0e:49:55:23:b9:9c:bb:48:b5:56:
         0e:73:3b:a7:32:4c:45:43:6e:cc:79:41:40:99:12:12:fe:b7:
         b2:47:35:df:a6:f6:7b:ab:51:d4:03:af:da:08:fb:9c:87:7b:
         f0:73:c7:9f:09:3a:91:04:59:5a:ab:00:73:5c:16:a9:f6:c9:
         4c:de:86:54:e5:45:c7:4d:1f:03:08:ad:b4:b6:20:8f:eb:44:
         75:1e:6f:91:cb:42:65:a7:08:64:ab:fd:5a:5f:fa:2c:d2:7b:
         5c:84:46:9c:b5:e6:5c:23:ed:91:26:de:15:fe:ae:7b:07:3d:
         dc:b1:63:b8:f0:9c:5f:60:48:19:02:25:b5:5d:3c:e5:f5:23:
         4f:fd:98:a2:db:d0:9b:ab:17:1b:06:67:bb:39:0b:02:c4:7c:
         2b:73:31:1a:77:fd:d3:4e:74:00:1a:c5:21:dc:06:a4:ef:23:
         87:c4:38:69:f7:eb:4f:ca:87:dc:8a:85:49:c4:da:28:89:44:
         dd:74:0b:9c:16:0e:8d:4b:36:65:bc:dc:a1:6e:15:e0:ff:1e:
         57:dd:b1:c2:1d:3a:86:d4:47:bc:a9:b4:95:0f:58:9b:2b:44:
         29:75:92:fd
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQlIbPXuM1Z+31A56TMxmUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkZjNkZjk3MWFhN2NiMjVkZmI3Y2I1NWIyOWM4N2JjYmUz
MjA4MjkwHhcNMjUwMTAyMDM0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhiZDQ3NDVlYWM3MzZlYTA0MjJkNGZhYzQxNzY2YWRkODZiYmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx76M06iCnPkGHb9G5Elu4FDYb6FS
yPuPHGH5yhB43aK574aOVNTMGIlTv7S4M6EGHf9E0pRmUXeXND9rQv6L3Gv+SGvN
lkpCL2EaMtmC8hOvKmazzHp+RIJ32vN+lKoPamIMpEB6z7HX7d5wz8ZuL/89s4CU
pTtRPNmrwd29U9Of3g1ScViVLPguE3XqlRq/7GNL5QZHkORJOBQYViR0pLXY/ldO
gter/Qd5rH803ofsQ9ftHQPM1l2B7fOyx1XkdMv/EgtmjBHeI20lbbp6Pa2dPP3E
7lu3tQrGSRnCYvrsPBy74YTDJz8EFIVt0VmFwFbxVfmJum23KsTKtwGs1wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNSL1HRerHNuoEItT6xBdmrdhrv8MB8GA1UdIwQY
MBaAFI3z35cap8sl37fLVbKch7y+MggpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamZQZmx4cW55eVhmdDh0VnNweUh2TDR5Q0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jMmFkNDQtZmU3ZC00NmQ5LTkxM2Ut
Yzc5NGI1Zjg3ODA0LzEvMUl2VWRGNnNjMjZnUWkxUHJFRjJhdDJHdV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jMmFkNDQtZmU3ZC00NmQ5LTkxM2UtYzc5NGI1Zjg3ODA0
LzEvamZQZmx4cW55eVhmdDh0VnNweUh2TDR5Q0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAXB7CAD
BAXB7EAwDQYJKoZIhvcNAQELBQADggEBAAhI1bOqyt64Jjow5jXhHqAX/ZCP90sl
WBW9DklVI7mcu0i1Vg5zO6cyTEVDbsx5QUCZEhL+t7JHNd+m9nurUdQDr9oI+5yH
e/Bzx58JOpEEWVqrAHNcFqn2yUzehlTlRcdNHwMIrbS2II/rRHUeb5HLQmWnCGSr
/Vpf+izSe1yERpy15lwj7ZEm3hX+rnsHPdyxY7jwnF9gSBkCJbVdPOX1I0/9mKLb
0JurFxsGZ7s5CwLEfCtzMRp3/dNOdAAaxSHcBqTvI4fEOGn360/Kh9yKhUnE2iiJ
RN10C5wWDo1LNmW83KFuFeD/HlfdscIdOobUR7yptJUPWJsrRCl1kv0=
-----END CERTIFICATE-----