Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/hy_b_CLF0gjwTvb480me2nPqxL8.roa
File:                     hy_b_CLF0gjwTvb480me2nPqxL8.roa (raw, json)
Hash identifier:          EAu5vgl/03EK2B5mmRo4ew+mHmc1IziDDQ2bL2kVt9M=
Subject key identifier:   87:2F:DB:FC:22:C5:D2:08:F0:4E:F6:F8:F3:49:9E:DA:73:EA:C4:BF
Certificate issuer:       /CN=670e60779f3cd4d03d5e507840f5fa2a31a6ab8d
Certificate serial:       0194221F4FE74D8797C4C33388642316638F
Authority key identifier: 67:0E:60:77:9F:3C:D4:D0:3D:5E:50:78:40:F5:FA:2A:31:A6:AB:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zw5gd5881NA9XlB4QPX6KjGmq40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/hy_b_CLF0gjwTvb480me2nPqxL8.roa
Signing time:             Wed 01 Jan 2025 13:47:44 +0000
ROA not before:           Wed 01 Jan 2025 13:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32787
IP address blocks:        185.78.246.0/24 maxlen: 24
                          185.78.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Zw5gd5881NA9XlB4QPX6KjGmq40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Zw5gd5881NA9XlB4QPX6KjGmq40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zw5gd5881NA9XlB4QPX6KjGmq40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:4f:e7:4d:87:97:c4:c3:33:88:64:23:16:63:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=670e60779f3cd4d03d5e507840f5fa2a31a6ab8d
        Validity
            Not Before: Jan  1 13:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=872fdbfc22c5d208f04ef6f8f3499eda73eac4bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:96:43:62:66:a4:85:dc:35:36:c6:32:95:bf:
                    d9:12:b9:88:84:dd:03:7a:d6:ec:bc:7c:80:76:3a:
                    1e:6a:a3:3a:22:dc:03:24:16:4c:53:64:a1:42:99:
                    66:c9:98:2f:4f:b2:29:51:9d:c1:05:31:e1:b0:c2:
                    dd:8d:31:c7:82:18:71:2c:6d:d5:9c:43:75:54:44:
                    f8:be:a8:e1:ad:c6:13:1a:2c:be:06:49:5d:f1:f4:
                    9c:2c:c3:a3:2e:0c:50:b4:6e:2e:ad:55:6d:69:99:
                    6d:73:b2:ff:46:63:87:cf:ac:42:d2:ae:43:f3:e7:
                    28:e1:50:71:7a:3c:c7:28:a7:f4:76:b5:ee:7c:72:
                    13:ca:bc:f9:32:a8:f0:99:a8:44:ec:ab:27:76:4c:
                    d6:83:39:7a:88:89:86:70:f1:9a:3c:b4:32:cf:9e:
                    84:59:7b:3f:3f:78:4f:19:f1:77:87:c8:8a:76:91:
                    e4:58:16:23:f4:00:51:8c:bc:a0:77:c3:04:69:30:
                    b6:df:6d:a9:0d:79:ab:90:4f:f4:73:36:20:4e:f0:
                    ce:67:cb:0d:68:ea:2a:58:76:b3:f8:a1:ae:df:7d:
                    4a:d2:93:1e:b6:a8:6d:e0:3e:48:ab:b6:fd:40:99:
                    90:bc:8a:97:97:6c:f9:3d:5b:78:07:6a:65:27:a4:
                    4c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2F:DB:FC:22:C5:D2:08:F0:4E:F6:F8:F3:49:9E:DA:73:EA:C4:BF
            X509v3 Authority Key Identifier:
                keyid:67:0E:60:77:9F:3C:D4:D0:3D:5E:50:78:40:F5:FA:2A:31:A6:AB:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zw5gd5881NA9XlB4QPX6KjGmq40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/hy_b_CLF0gjwTvb480me2nPqxL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/f5951a-b0ff-4a3c-88ae-35004a671eb3/1/Zw5gd5881NA9XlB4QPX6KjGmq40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:91:ef:48:73:10:19:97:2e:96:96:5e:26:07:38:94:b9:65:
         56:d8:75:7b:0b:82:a1:ed:f9:67:83:eb:96:62:4f:b1:6e:83:
         df:28:45:3f:9e:f3:9c:f5:98:fa:e0:7e:62:d6:2b:3e:db:85:
         93:c6:a5:49:b3:92:74:5d:6d:44:35:e8:69:43:06:ba:99:6a:
         5e:32:93:90:1b:9a:bf:81:d6:c2:7a:e4:0a:44:f5:a6:fe:d7:
         47:3c:6a:4d:43:41:3a:56:93:0b:39:0e:5a:2f:4a:97:f1:32:
         79:2d:95:95:53:9d:c4:84:ec:4e:93:0a:dc:f7:7a:a6:38:e5:
         51:c9:8c:79:6d:5e:5b:e3:c0:b6:f3:97:49:13:4e:3c:c1:dc:
         c5:43:8f:8d:e2:59:21:d4:ec:33:1f:be:e8:1c:aa:22:74:fa:
         20:1d:5e:3c:e2:46:6e:8d:3e:bd:74:02:79:23:a0:7b:40:e7:
         94:ff:a7:06:db:e7:11:e0:e2:08:2e:d7:05:e8:47:4e:12:75:
         55:20:05:90:05:d4:e0:6a:07:d3:08:39:1b:54:aa:11:06:08:
         c0:b2:c1:3f:38:cb:22:d3:34:5f:fb:5d:b1:06:53:20:4d:91:
         2b:b7:e5:77:88:e5:48:86:af:68:08:f7:5b:02:8e:e1:7a:df:
         1d:90:d7:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH0/nTYeXxMMziGQjFmOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MGU2MDc3OWYzY2Q0ZDAzZDVlNTA3ODQwZjVmYTJhMzFh
NmFiOGQwHhcNMjUwMTAxMTM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJmZGJmYzIyYzVkMjA4ZjA0ZWY2ZjhmMzQ5OWVkYTczZWFjNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6pZDYmakhdw1NsYylb/ZErmIhN0D
etbsvHyAdjoeaqM6ItwDJBZMU2ShQplmyZgvT7IpUZ3BBTHhsMLdjTHHghhxLG3V
nEN1VET4vqjhrcYTGiy+Bkld8fScLMOjLgxQtG4urVVtaZltc7L/RmOHz6xC0q5D
8+co4VBxejzHKKf0drXufHITyrz5MqjwmahE7KsndkzWgzl6iImGcPGaPLQyz56E
WXs/P3hPGfF3h8iKdpHkWBYj9ABRjLygd8MEaTC2322pDXmrkE/0czYgTvDOZ8sN
aOoqWHaz+KGu331K0pMetqht4D5Iq7b9QJmQvIqXl2z5PVt4B2plJ6RMQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcv2/wixdII8E72+PNJntpz6sS/MB8GA1UdIwQY
MBaAFGcOYHefPNTQPV5QeED1+ioxpquNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnc1Z2Q1ODgxTkE5WGxCNFFQWDZLakdtcTQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9mNTk1MWEtYjBmZi00YTNjLTg4YWUt
MzUwMDRhNjcxZWIzLzEvaHlfYl9DTEYwZ2p3VHZiNDgwbWUyblBxeEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9mNTk1MWEtYjBmZi00YTNjLTg4YWUtMzUwMDRhNjcxZWIz
LzEvWnc1Z2Q1ODgxTkE5WGxCNFFQWDZLakdtcTQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuU72MA0G
CSqGSIb3DQEBCwUAA4IBAQAGke9IcxAZly6Wll4mBziUuWVW2HV7C4Kh7flng+uW
Yk+xboPfKEU/nvOc9Zj64H5i1is+24WTxqVJs5J0XW1ENehpQwa6mWpeMpOQG5q/
gdbCeuQKRPWm/tdHPGpNQ0E6VpMLOQ5aL0qX8TJ5LZWVU53EhOxOkwrc93qmOOVR
yYx5bV5b48C285dJE048wdzFQ4+N4lkh1OwzH77oHKoidPogHV484kZujT69dAJ5
I6B7QOeU/6cG2+cR4OIILtcF6EdOEnVVIAWQBdTgagfTCDkbVKoRBgjAssE/OMsi
0zRf+12xBlMgTZErt+V3iOVIhq9oCPdbAo7het8dkNcj
-----END CERTIFICATE-----