Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/hAuohYiSHygUFUxTjuX1SWN5QDE.roa
File:                     hAuohYiSHygUFUxTjuX1SWN5QDE.roa (raw, json)
Hash identifier:          MotGMSUysnMBdzXEwoyDH1EBq/l4jrQRez7lyisrMeA=
Subject key identifier:   84:0B:A8:85:88:92:1F:28:14:15:4C:53:8E:E5:F5:49:63:79:40:31
Certificate issuer:       /CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
Certificate serial:       019421B1D637B43E8B6640924FCA44D2AD1B
Authority key identifier: 66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/hAuohYiSHygUFUxTjuX1SWN5QDE.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3281
IP address blocks:        92.63.91.0/24 maxlen: 24
                          185.129.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d6:37:b4:3e:8b:66:40:92:4f:ca:44:d2:ad:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66104e4f7d9f38d8e22a2d32be019031930c1a47
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=840ba88588921f2814154c538ee5f54963794031
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:2c:fb:85:f8:b9:68:3d:66:29:a3:01:1d:42:
                    3c:e2:8e:00:d2:63:37:3d:a1:73:fe:11:e6:63:ba:
                    84:e8:af:c8:3f:85:1f:36:0a:cc:b4:9c:5d:91:0e:
                    c5:08:e2:74:f3:64:ea:ba:ae:68:07:cb:b5:65:dd:
                    3e:21:0d:d8:1c:8e:25:de:90:8f:23:bb:69:a3:be:
                    5f:c6:25:66:9f:40:1b:82:e3:44:6e:b0:21:9e:df:
                    36:73:03:89:b4:1e:be:0b:c2:1c:f3:6e:ac:4d:4a:
                    72:82:27:87:c1:7a:19:4d:bb:ff:a6:0c:d7:9a:7b:
                    70:98:a2:be:3a:4c:a6:6b:19:db:20:51:d9:d6:b1:
                    90:04:ea:13:e8:8e:6b:0a:a1:63:87:a3:22:85:91:
                    ba:59:58:47:fd:18:cc:7b:7b:39:f2:17:ed:e4:c7:
                    b1:c5:41:b8:85:62:3b:ee:bf:fb:23:1d:5e:99:24:
                    4f:f2:1d:f0:0e:a5:ca:1b:d2:9b:dc:28:78:8f:03:
                    e7:c3:da:17:bd:d6:51:21:20:02:13:08:72:7f:42:
                    ea:c4:07:e6:d4:f9:95:34:a8:11:ed:db:d5:36:e1:
                    e1:01:73:cf:3e:e6:2d:29:26:a2:74:10:da:fe:bc:
                    f5:a4:a7:16:ac:3c:b4:ba:5d:f2:39:db:2d:18:cb:
                    70:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:0B:A8:85:88:92:1F:28:14:15:4C:53:8E:E5:F5:49:63:79:40:31
            X509v3 Authority Key Identifier:
                keyid:66:10:4E:4F:7D:9F:38:D8:E2:2A:2D:32:BE:01:90:31:93:0C:1A:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhBOT32fONjiKi0yvgGQMZMMGkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/hAuohYiSHygUFUxTjuX1SWN5QDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/82d222-2202-45f2-b904-47472ed3becb/1/ZhBOT32fONjiKi0yvgGQMZMMGkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.63.91.0/24
                  185.129.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:4b:5a:48:28:6f:8f:d4:ab:7c:69:30:de:59:25:e8:12:ad:
         1a:1b:bf:fe:23:54:38:bd:05:ca:f1:08:67:99:4e:a3:45:0a:
         a9:d3:df:c7:86:ca:5b:c3:e8:90:1d:a7:d3:0b:86:8c:5f:e1:
         3c:95:18:e6:eb:ec:ef:12:36:f4:4c:0b:2a:d3:e5:90:b3:6b:
         a3:5c:d3:88:39:b1:de:5b:22:46:9f:69:23:98:d5:a6:5d:10:
         86:03:78:92:7b:e6:6b:02:7d:0a:f2:dc:fb:23:43:de:e1:e0:
         b9:47:a2:17:d1:e9:65:bc:1d:9a:df:64:80:50:6d:32:51:c2:
         6e:25:45:2d:1c:2f:08:c1:d5:1f:d7:fe:9f:4c:da:5b:1b:f5:
         0f:88:16:07:30:f1:98:9f:cd:31:7e:cf:23:c2:83:46:09:26:
         4f:b1:23:ac:f3:22:95:fb:36:36:3f:8b:8d:ea:b8:e5:fa:b5:
         93:78:98:1d:1c:3f:bc:e8:87:91:cd:3f:ea:2c:d2:ee:e0:00:
         eb:a9:7e:a4:06:05:d9:cf:55:34:5c:f8:a8:37:a9:52:77:5c:
         07:1f:76:dd:59:7e:4e:c9:69:04:98:d8:42:24:0d:19:e1:60:
         f1:8e:bf:30:38:18:6d:2b:75:03:79:a5:5b:d0:d6:1f:c7:ed:
         d1:95:46:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsdY3tD6LZkCST8pE0q0bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTA0ZTRmN2Q5ZjM4ZDhlMjJhMmQzMmJlMDE5MDMxOTMw
YzFhNDcwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDBiYTg4NTg4OTIxZjI4MTQxNTRjNTM4ZWU1ZjU0OTYzNzk0MDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyz7hfi5aD1mKaMBHUI84o4A0mM3
PaFz/hHmY7qE6K/IP4UfNgrMtJxdkQ7FCOJ082Tquq5oB8u1Zd0+IQ3YHI4l3pCP
I7tpo75fxiVmn0AbguNEbrAhnt82cwOJtB6+C8Ic826sTUpygieHwXoZTbv/pgzX
mntwmKK+OkymaxnbIFHZ1rGQBOoT6I5rCqFjh6MihZG6WVhH/RjMe3s58hft5Mex
xUG4hWI77r/7Ix1emSRP8h3wDqXKG9Kb3Ch4jwPnw9oXvdZRISACEwhyf0LqxAfm
1PmVNKgR7dvVNuHhAXPPPuYtKSaidBDa/rz1pKcWrDy0ul3yOdstGMtwuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIQLqIWIkh8oFBVMU47l9UljeUAxMB8GA1UdIwQY
MBaAFGYQTk99nzjY4iotMr4BkDGTDBpHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQt
NDc0NzJlZDNiZWNiLzEvaEF1b2hZaVNIeWdVRlV4VGp1WDFTV041UURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS84MmQyMjItMjIwMi00NWYyLWI5MDQtNDc0NzJlZDNiZWNi
LzEvWmhCT1QzMmZPTmppS2kweXZnR1FNWk1NR2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXD9bAwQA
uYGXMA0GCSqGSIb3DQEBCwUAA4IBAQCaS1pIKG+P1Kt8aTDeWSXoEq0aG7/+I1Q4
vQXK8QhnmU6jRQqp09/Hhspbw+iQHafTC4aMX+E8lRjm6+zvEjb0TAsq0+WQs2uj
XNOIObHeWyJGn2kjmNWmXRCGA3iSe+ZrAn0K8tz7I0Pe4eC5R6IX0ellvB2a32SA
UG0yUcJuJUUtHC8IwdUf1/6fTNpbG/UPiBYHMPGYn80xfs8jwoNGCSZPsSOs8yKV
+zY2P4uN6rjl+rWTeJgdHD+86IeRzT/qLNLu4ADrqX6kBgXZz1U0XPioN6lSd1wH
H3bdWX5OyWkEmNhCJA0Z4WDxjr8wOBhtK3UDeaVb0NYfx+3RlUZ6
-----END CERTIFICATE-----