Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/IppBZHr6rtDZFlGkYGSC_b4iLf8.roa
File:                     IppBZHr6rtDZFlGkYGSC_b4iLf8.roa (raw, json)
Hash identifier:          JW9Kh503AbeAiJw1huy2tMda6a91+tj0zAGKx3bgPiI=
Subject key identifier:   22:9A:41:64:7A:FA:AE:D0:D9:16:51:A4:60:64:82:FD:BE:22:2D:FF
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       019695865364D95D1DA381CF41F40FEE9C6C
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/IppBZHr6rtDZFlGkYGSC_b4iLf8.roa
Signing time:             Sat 03 May 2025 09:42:10 +0000
ROA not before:           Sat 03 May 2025 09:42:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        194.116.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:95:86:53:64:d9:5d:1d:a3:81:cf:41:f4:0f:ee:9c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: May  3 09:42:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=229a41647afaaed0d91651a4606482fdbe222dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1e:ce:73:a6:30:29:75:10:43:9e:5a:b1:d8:
                    53:08:70:4e:dd:f3:d7:b0:24:57:99:55:f4:d1:2d:
                    cd:2b:31:c0:66:39:d4:eb:ff:43:be:04:95:ad:59:
                    95:4a:c6:2e:7a:33:1b:a3:89:d8:36:9b:26:6d:09:
                    85:9b:95:87:9e:ea:da:38:63:cf:5f:44:7d:5e:ae:
                    92:9b:97:c3:da:8d:43:63:e4:63:1f:0f:42:c9:84:
                    6c:e0:b2:e9:c6:95:34:22:5a:28:b9:41:48:36:76:
                    9a:0e:37:cb:45:86:01:6c:fd:0b:ac:f1:d1:c6:de:
                    f8:b7:93:ad:24:f4:e0:93:3c:c6:55:05:3b:6f:8e:
                    04:bf:cf:b6:87:06:91:d3:94:62:52:8e:bc:30:b4:
                    b9:d8:3b:37:ae:31:08:e5:00:75:9e:f9:4c:9e:19:
                    74:3d:f8:fa:f2:00:92:0a:44:c3:ee:52:86:ed:67:
                    2a:f0:bd:c9:80:29:72:47:64:da:fc:28:9f:7a:e5:
                    58:0a:83:22:53:10:1a:2e:9e:e5:20:8d:c8:42:b1:
                    41:fe:27:cc:57:7d:4b:6a:70:a4:27:24:8e:76:a7:
                    79:8f:9f:4d:9d:4a:22:b0:ff:4c:fe:a6:50:cc:9e:
                    36:fb:12:67:b5:56:50:79:d8:01:78:46:6e:e0:4b:
                    ce:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9A:41:64:7A:FA:AE:D0:D9:16:51:A4:60:64:82:FD:BE:22:2D:FF
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/IppBZHr6rtDZFlGkYGSC_b4iLf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ec:dd:a7:13:ff:ac:47:57:27:fe:9b:b7:6e:b1:63:36:51:
         11:59:b9:76:01:8e:64:08:95:8f:c8:d5:cc:d3:4a:ab:39:b2:
         0e:7a:07:6d:4f:46:a0:49:c1:4d:ae:b5:77:70:b0:33:7e:c3:
         fa:1e:06:91:50:f6:bc:db:bd:14:b6:55:ac:39:31:9e:4e:37:
         96:e6:74:ca:67:fd:a6:b4:f9:6a:22:a6:84:8e:09:51:c8:76:
         2b:a4:55:00:7a:05:96:ac:2e:a7:2a:08:11:38:5c:69:58:82:
         08:97:5e:ca:56:08:e2:9a:cd:55:7d:bb:b2:bb:25:f7:52:53:
         b5:8f:e9:8a:76:86:0d:52:96:e1:78:8e:83:01:72:f4:29:7e:
         50:9f:ea:87:45:89:cc:12:82:69:fb:a8:09:3b:18:68:eb:2c:
         7d:1c:89:cf:ad:d9:7f:7f:77:53:63:4e:38:6b:2d:b8:2e:18:
         62:c2:67:aa:1c:50:f7:b1:cb:d7:18:77:dc:99:0d:de:6a:32:
         d5:fb:a4:8a:02:a2:a9:78:b8:2c:db:b7:7b:ae:cf:c2:e1:5e:
         fa:a8:7d:36:f1:8e:ef:07:51:51:b9:4a:f8:a3:a0:af:40:b9:
         c2:33:59:ac:60:ca:9b:da:50:9e:80:28:d1:b4:2a:ae:c9:30:
         2b:d0:5d:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaVhlNk2V0do4HPQfQP7pxsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwNTAzMDk0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjlhNDE2NDdhZmFhZWQwZDkxNjUxYTQ2MDY0ODJmZGJlMjIyZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx7Oc6YwKXUQQ55asdhTCHBO3fPX
sCRXmVX00S3NKzHAZjnU6/9DvgSVrVmVSsYuejMbo4nYNpsmbQmFm5WHnuraOGPP
X0R9Xq6Sm5fD2o1DY+RjHw9CyYRs4LLpxpU0IloouUFINnaaDjfLRYYBbP0LrPHR
xt74t5OtJPTgkzzGVQU7b44Ev8+2hwaR05RiUo68MLS52Ds3rjEI5QB1nvlMnhl0
Pfj68gCSCkTD7lKG7Wcq8L3JgClyR2Ta/CifeuVYCoMiUxAaLp7lII3IQrFB/ifM
V31LanCkJySOdqd5j59NnUoisP9M/qZQzJ42+xJntVZQedgBeEZu4EvOyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKaQWR6+q7Q2RZRpGBkgv2+Ii3/MB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvSXBwQlpIcjZydERaRmxHa1lHU0NfYjRpTGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnTrMA0G
CSqGSIb3DQEBCwUAA4IBAQB87N2nE/+sR1cn/pu3brFjNlERWbl2AY5kCJWPyNXM
00qrObIOegdtT0agScFNrrV3cLAzfsP6HgaRUPa8270UtlWsOTGeTjeW5nTKZ/2m
tPlqIqaEjglRyHYrpFUAegWWrC6nKggROFxpWIIIl17KVgjims1VfbuyuyX3UlO1
j+mKdoYNUpbheI6DAXL0KX5Qn+qHRYnMEoJp+6gJOxho6yx9HInPrdl/f3dTY044
ay24LhhiwmeqHFD3scvXGHfcmQ3eajLV+6SKAqKpeLgs27d7rs/C4V76qH028Y7v
B1FRuUr4o6CvQLnCM1msYMqb2lCegCjRtCquyTAr0F33
-----END CERTIFICATE-----