Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/hUje3HFTF6f1DLkrPmJro0BJv84.roa
File:                     hUje3HFTF6f1DLkrPmJro0BJv84.roa (raw, json)
Hash identifier:          kR65nTDvmrqvVF+VEljMTGu7vMzX0EU8UFNtyZDk3w8=
Subject key identifier:   85:48:DE:DC:71:53:17:A7:F5:0C:B9:2B:3E:62:6B:A3:40:49:BF:CE
Certificate issuer:       /CN=3c2c854011140a10947da7b53bbb350f3c54b33e
Certificate serial:       019425221061EC8BC8DD33CE51169CD51EE2
Authority key identifier: 3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/hUje3HFTF6f1DLkrPmJro0BJv84.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211010
IP address blocks:        193.35.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:10:61:ec:8b:c8:dd:33:ce:51:16:9c:d5:1e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c2c854011140a10947da7b53bbb350f3c54b33e
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8548dedc715317a7f50cb92b3e626ba34049bfce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:aa:81:1b:bc:0d:1f:a9:0f:15:5a:a2:20:6d:
                    b9:fa:2a:73:09:05:a7:5f:7a:a8:8c:fb:33:60:5c:
                    ae:c0:3e:69:7d:5a:16:2b:f3:30:6f:1e:68:7a:e5:
                    d2:90:86:5a:2a:44:de:5c:3a:56:e7:90:6a:73:c3:
                    90:0d:58:7d:fa:2c:a1:17:2d:6c:e0:51:bd:b5:75:
                    be:bd:48:f8:41:59:f4:5f:5e:84:4d:99:8d:38:41:
                    10:c4:62:d9:5e:46:fe:a0:ee:81:ba:6f:24:3c:5f:
                    5f:2c:2d:19:77:57:c8:1b:e5:31:de:90:e1:a4:a8:
                    15:8f:4b:d9:87:65:b6:2c:95:08:0e:21:d3:c5:75:
                    5e:7a:5c:2e:f7:0b:ea:26:f4:42:7c:ae:8c:d4:3b:
                    4a:bd:3f:fe:2b:5c:73:46:75:e8:96:01:bb:d4:b6:
                    b3:af:36:a3:a2:96:79:c6:41:45:68:1a:6f:af:3d:
                    5b:a9:0d:0c:f2:6b:77:aa:6a:84:89:b0:4d:54:20:
                    5d:86:79:09:f7:d7:de:c6:28:87:64:c7:52:bf:67:
                    04:c0:a8:22:ee:5b:ea:98:98:a7:d8:f2:7f:f9:67:
                    e8:5f:69:00:ee:42:25:43:2e:d3:2f:aa:80:f6:94:
                    a0:fa:57:ef:32:3b:5d:21:71:45:88:05:d6:d0:39:
                    2d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:48:DE:DC:71:53:17:A7:F5:0C:B9:2B:3E:62:6B:A3:40:49:BF:CE
            X509v3 Authority Key Identifier:
                keyid:3C:2C:85:40:11:14:0A:10:94:7D:A7:B5:3B:BB:35:0F:3C:54:B3:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PCyFQBEUChCUfae1O7s1DzxUsz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/hUje3HFTF6f1DLkrPmJro0BJv84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/e0580d-048a-4e6d-bec6-b5bbd0b5e0aa/1/PCyFQBEUChCUfae1O7s1DzxUsz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:79:b8:08:c0:21:c4:3e:1f:a8:4a:a9:ba:71:89:b5:96:d8:
         37:5b:63:a4:3c:cd:6f:9a:91:dc:1e:4f:4c:74:40:56:95:2d:
         c7:ea:4f:5e:9d:65:e3:8c:77:25:41:37:2b:bc:ed:1f:16:c7:
         b0:43:aa:1d:e5:02:46:ef:24:4c:f8:86:a7:aa:21:05:9f:70:
         87:ba:53:49:b4:6a:02:54:43:a5:3a:7c:ef:77:e6:fe:d9:11:
         e3:c3:7e:a8:8c:8a:bd:4f:01:ec:5a:2f:27:63:83:a0:15:af:
         d3:b4:20:2a:2a:d5:b3:18:f8:22:26:5a:01:40:ef:d2:a9:c0:
         0c:d1:bf:99:da:7c:4d:f8:3d:ce:59:2c:d3:88:53:6c:75:ea:
         9f:53:2d:72:a2:85:6c:79:a9:a8:cb:f9:9e:33:00:08:3e:8d:
         8b:8a:52:16:63:ea:d9:7a:3a:5f:6b:c9:1e:b7:d1:6e:08:5e:
         f9:21:84:a0:57:06:a7:4b:8f:4a:40:11:9b:20:68:c4:90:7c:
         92:eb:6d:cb:75:e8:e7:4a:bf:3f:cd:10:58:12:99:a0:9e:c8:
         37:c8:a2:fb:37:9b:d7:bb:46:8a:a9:24:ea:be:df:68:fb:ec:
         5f:f6:b9:78:1e:63:c3:8d:74:86:93:c3:a8:9f:ce:aa:74:d6:
         b7:a4:fe:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIhBh7IvI3TPOURac1R7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMmM4NTQwMTExNDBhMTA5NDdkYTdiNTNiYmIzNTBmM2M1
NGIzM2UwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ4ZGVkYzcxNTMxN2E3ZjUwY2I5MmIzZTYyNmJhMzQwNDliZmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6qBG7wNH6kPFVqiIG25+ipzCQWn
X3qojPszYFyuwD5pfVoWK/Mwbx5oeuXSkIZaKkTeXDpW55Bqc8OQDVh9+iyhFy1s
4FG9tXW+vUj4QVn0X16ETZmNOEEQxGLZXkb+oO6Bum8kPF9fLC0Zd1fIG+Ux3pDh
pKgVj0vZh2W2LJUIDiHTxXVeelwu9wvqJvRCfK6M1DtKvT/+K1xzRnXolgG71Laz
rzajopZ5xkFFaBpvrz1bqQ0M8mt3qmqEibBNVCBdhnkJ99fexiiHZMdSv2cEwKgi
7lvqmJin2PJ/+WfoX2kA7kIlQy7TL6qA9pSg+lfvMjtdIXFFiAXW0DktfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVI3txxUxen9Qy5Kz5ia6NASb/OMB8GA1UdIwQY
MBaAFDwshUARFAoQlH2ntTu7NQ88VLM+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYt
YjViYmQwYjVlMGFhLzEvaFVqZTNIRlRGNmYxRExrclBtSnJvMEJKdjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lMDU4MGQtMDQ4YS00ZTZkLWJlYzYtYjViYmQwYjVlMGFh
LzEvUEN5RlFCRVVDaENVZmFlMU83czFEenhVc3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSM/MA0G
CSqGSIb3DQEBCwUAA4IBAQAHebgIwCHEPh+oSqm6cYm1ltg3W2OkPM1vmpHcHk9M
dEBWlS3H6k9enWXjjHclQTcrvO0fFsewQ6od5QJG7yRM+IanqiEFn3CHulNJtGoC
VEOlOnzvd+b+2RHjw36ojIq9TwHsWi8nY4OgFa/TtCAqKtWzGPgiJloBQO/SqcAM
0b+Z2nxN+D3OWSzTiFNsdeqfUy1yooVseamoy/meMwAIPo2LilIWY+rZejpfa8ke
t9FuCF75IYSgVwanS49KQBGbIGjEkHyS623LdejnSr8/zRBYEpmgnsg3yKL7N5vX
u0aKqSTqvt9o++xf9rl4HmPDjXSGk8Oon86qdNa3pP76
-----END CERTIFICATE-----