Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/Hg8kBZfVcKLuM_k8GGnGJeVAvdc.roa
File:                     Hg8kBZfVcKLuM_k8GGnGJeVAvdc.roa (raw, json)
Hash identifier:          ziqa3QYWLFKgPT8ZERs4WMz6NaXL6vju070csDXblpM=
Subject key identifier:   1E:0F:24:05:97:D5:70:A2:EE:33:F9:3C:18:69:C6:25:E5:40:BD:D7
Certificate issuer:       /CN=3ed5bcdfe0adb6b94151187ffdac4ae8f311a6f1
Certificate serial:       019420D5DFF494DC345CC6E3378A38291447
Authority key identifier: 3E:D5:BC:DF:E0:AD:B6:B9:41:51:18:7F:FD:AC:4A:E8:F3:11:A6:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PtW83-CttrlBURh__axK6PMRpvE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/Hg8kBZfVcKLuM_k8GGnGJeVAvdc.roa
Signing time:             Wed 01 Jan 2025 07:47:54 +0000
ROA not before:           Wed 01 Jan 2025 07:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2852
IP address blocks:        193.84.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/PtW83-CttrlBURh__axK6PMRpvE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/PtW83-CttrlBURh__axK6PMRpvE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PtW83-CttrlBURh__axK6PMRpvE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:df:f4:94:dc:34:5c:c6:e3:37:8a:38:29:14:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ed5bcdfe0adb6b94151187ffdac4ae8f311a6f1
        Validity
            Not Before: Jan  1 07:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e0f240597d570a2ee33f93c1869c625e540bdd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ba:8d:33:df:87:fa:58:8e:44:34:d5:03:ce:
                    09:98:b4:56:87:26:c1:59:f8:9a:1c:86:a1:0b:d9:
                    b6:52:82:e0:96:ad:6a:54:d3:c4:a2:55:18:c2:7e:
                    47:09:5e:20:31:c7:a2:6d:5a:7d:a3:cb:cf:42:32:
                    1c:be:c0:c5:e1:c5:62:a0:b4:ee:b2:2c:46:29:a4:
                    04:d9:a9:58:ae:fc:5c:2e:66:86:91:89:29:93:ab:
                    3a:90:8d:5b:bd:0b:f4:27:39:9e:d0:7e:c8:e2:8a:
                    86:f9:52:5f:93:ff:50:7e:91:04:8c:97:1d:69:36:
                    17:c6:69:c1:6e:40:54:e3:76:72:d5:b1:a0:7e:3b:
                    05:a9:f9:60:47:b7:11:c3:08:01:57:49:28:c3:80:
                    2a:2e:b7:61:da:e0:a1:7b:2d:6e:7d:1c:bd:9a:3a:
                    74:06:fc:e7:79:0d:08:eb:08:97:9c:c4:75:bb:87:
                    00:7e:ee:6c:6c:4a:6a:84:a3:60:66:bf:46:af:8e:
                    cc:ec:bc:d7:77:0d:d3:0b:2c:f3:44:9d:03:af:e6:
                    69:60:1c:5c:fb:23:84:54:90:8a:c4:c8:2d:eb:8b:
                    a0:e2:b0:e5:01:40:a0:46:8b:00:65:04:58:db:7f:
                    e3:bb:a9:ff:8a:9e:cf:aa:43:9b:10:c2:ab:d1:3e:
                    aa:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:0F:24:05:97:D5:70:A2:EE:33:F9:3C:18:69:C6:25:E5:40:BD:D7
            X509v3 Authority Key Identifier:
                keyid:3E:D5:BC:DF:E0:AD:B6:B9:41:51:18:7F:FD:AC:4A:E8:F3:11:A6:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PtW83-CttrlBURh__axK6PMRpvE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/Hg8kBZfVcKLuM_k8GGnGJeVAvdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/1b8292-86e7-4fb5-a387-2ae90c3fae31/1/PtW83-CttrlBURh__axK6PMRpvE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b2:30:06:96:52:93:98:f5:73:f2:d6:80:40:e3:83:58:65:7e:
         65:46:c8:e8:5e:ea:e9:7a:3c:20:ea:b2:6f:27:dd:1d:84:1d:
         ee:6a:0d:38:f5:90:01:57:0b:10:59:c8:f3:9f:57:aa:85:b7:
         f4:67:16:63:9b:41:e0:56:a0:1d:c3:cd:56:90:56:3d:81:65:
         5c:1c:2c:48:a7:23:d0:be:d7:0d:80:95:ed:06:02:32:de:26:
         cd:1c:48:69:56:fa:c2:6d:68:41:3d:d3:bf:d0:a9:27:88:2d:
         23:a9:7b:ca:d9:8b:20:e5:50:16:e6:0c:7a:51:15:9b:53:5c:
         78:de:80:26:77:3e:eb:fe:14:c5:79:d7:66:45:a7:7a:a3:31:
         ed:c6:68:46:3e:dd:f1:5c:62:d4:1a:ff:34:0c:b8:99:87:14:
         83:1d:cd:58:6c:b2:5f:e3:ba:20:60:eb:5e:bc:a6:89:21:85:
         f8:73:b6:f2:e5:e2:21:9f:a1:7f:cb:65:24:6e:f6:d7:b1:18:
         1b:d5:a0:8c:87:18:24:85:8f:fb:32:67:b1:d4:b9:76:bd:ec:
         a7:75:f6:3d:6d:6c:c1:e9:2e:40:a4:86:db:1a:53:f7:6f:4f:
         00:83:1e:37:07:c0:6c:e0:1f:75:08:5f:bd:6c:0c:54:4b:4f:
         6a:1d:da:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1d/0lNw0XMbjN4o4KRRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZDViY2RmZTBhZGI2Yjk0MTUxMTg3ZmZkYWM0YWU4ZjMx
MWE2ZjEwHhcNMjUwMTAxMDc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTBmMjQwNTk3ZDU3MGEyZWUzM2Y5M2MxODY5YzYyNWU1NDBiZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrqNM9+H+liORDTVA84JmLRWhybB
WfiaHIahC9m2UoLglq1qVNPEolUYwn5HCV4gMceibVp9o8vPQjIcvsDF4cVioLTu
sixGKaQE2alYrvxcLmaGkYkpk6s6kI1bvQv0Jzme0H7I4oqG+VJfk/9QfpEEjJcd
aTYXxmnBbkBU43Zy1bGgfjsFqflgR7cRwwgBV0kow4AqLrdh2uChey1ufRy9mjp0
BvzneQ0I6wiXnMR1u4cAfu5sbEpqhKNgZr9Gr47M7LzXdw3TCyzzRJ0Dr+ZpYBxc
+yOEVJCKxMgt64ug4rDlAUCgRosAZQRY23/ju6n/ip7PqkObEMKr0T6qGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4PJAWX1XCi7jP5PBhpxiXlQL3XMB8GA1UdIwQY
MBaAFD7VvN/grba5QVEYf/2sSujzEabxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHRXODMtQ3R0cmxCVVJoX19heEs2UE1ScHZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy8xYjgyOTItODZlNy00ZmI1LWEzODct
MmFlOTBjM2ZhZTMxLzEvSGc4a0JaZlZjS0x1TV9rOEdHbkdKZVZBdmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy8xYjgyOTItODZlNy00ZmI1LWEzODctMmFlOTBjM2ZhZTMx
LzEvUHRXODMtQ3R0cmxCVVJoX19heEs2UE1ScHZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwVSgMA0G
CSqGSIb3DQEBCwUAA4IBAQCyMAaWUpOY9XPy1oBA44NYZX5lRsjoXurpejwg6rJv
J90dhB3uag049ZABVwsQWcjzn1eqhbf0ZxZjm0HgVqAdw81WkFY9gWVcHCxIpyPQ
vtcNgJXtBgIy3ibNHEhpVvrCbWhBPdO/0KkniC0jqXvK2Ysg5VAW5gx6URWbU1x4
3oAmdz7r/hTFeddmRad6ozHtxmhGPt3xXGLUGv80DLiZhxSDHc1YbLJf47ogYOte
vKaJIYX4c7by5eIhn6F/y2UkbvbXsRgb1aCMhxgkhY/7Mmex1Ll2veyndfY9bWzB
6S5ApIbbGlP3b08Agx43B8Bs4B91CF+9bAxUS09qHdoS
-----END CERTIFICATE-----