Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/_hcAKZ9Rlwo19weMs6Swq188ePE.roa
File:                     _hcAKZ9Rlwo19weMs6Swq188ePE.roa (raw, json)
Hash identifier:          Y66JbaTRqDcxPjnoFMPZ0bWBf5qCwdTDkeUZq42NBUE=
Subject key identifier:   FE:17:00:29:9F:51:97:0A:35:F7:07:8C:B3:A4:B0:AB:5F:3C:78:F1
Certificate issuer:       /CN=7e904bd71d6fe74a67168fd913e828722755b494
Certificate serial:       019426D9EC0749E9A96A628EA6AE99C1CE55
Authority key identifier: 7E:90:4B:D7:1D:6F:E7:4A:67:16:8F:D9:13:E8:28:72:27:55:B4:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fpBL1x1v50pnFo_ZE-gocidVtJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/_hcAKZ9Rlwo19weMs6Swq188ePE.roa
Signing time:             Thu 02 Jan 2025 11:50:03 +0000
ROA not before:           Thu 02 Jan 2025 11:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62159
IP address blocks:        185.133.56.0/22 maxlen: 24
                          2a06:e3c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/fpBL1x1v50pnFo_ZE-gocidVtJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/fpBL1x1v50pnFo_ZE-gocidVtJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fpBL1x1v50pnFo_ZE-gocidVtJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:ec:07:49:e9:a9:6a:62:8e:a6:ae:99:c1:ce:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e904bd71d6fe74a67168fd913e828722755b494
        Validity
            Not Before: Jan  2 11:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe1700299f51970a35f7078cb3a4b0ab5f3c78f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6b:d2:43:30:5e:a2:28:82:f7:64:b0:d2:12:
                    57:9d:45:c4:54:68:35:67:5c:fc:d6:8f:d3:ac:cb:
                    d8:d5:47:21:53:ab:0b:26:4b:be:3b:ca:e6:6a:9d:
                    5f:6c:96:80:4d:7c:ad:b6:eb:5e:69:24:eb:15:94:
                    c9:b2:bd:bc:83:1d:4c:c6:7f:54:8a:33:94:c5:0d:
                    45:18:f0:33:a8:b8:41:d4:a9:6a:11:c2:a6:88:46:
                    52:82:45:17:cb:a3:4c:3f:df:2d:b6:cd:0c:28:5e:
                    5e:9c:82:af:51:37:af:cc:27:a9:74:70:b5:75:0d:
                    f8:fb:f4:a6:41:07:d4:ba:3d:73:48:13:9b:9f:a9:
                    1f:6a:aa:4d:9c:83:82:e3:a9:6b:67:12:e1:a1:18:
                    d6:2e:7d:61:ec:8b:0b:d8:83:5f:0d:02:d9:6d:d8:
                    02:ee:7e:85:e6:f6:47:48:55:56:e2:bd:d0:58:94:
                    6a:d9:9a:56:8d:aa:27:1d:25:e7:23:57:ec:62:1c:
                    95:ef:94:34:d7:26:a8:53:6d:c1:76:a9:ab:9a:81:
                    b5:d6:9d:4d:ad:d9:1d:e1:94:3f:83:6d:eb:db:c3:
                    04:2c:cf:a8:c2:6d:3a:1c:dd:7f:64:13:d1:2c:f6:
                    d5:33:d2:b9:ce:60:9d:f2:e2:77:73:2a:7f:f9:5d:
                    c1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:17:00:29:9F:51:97:0A:35:F7:07:8C:B3:A4:B0:AB:5F:3C:78:F1
            X509v3 Authority Key Identifier:
                keyid:7E:90:4B:D7:1D:6F:E7:4A:67:16:8F:D9:13:E8:28:72:27:55:B4:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fpBL1x1v50pnFo_ZE-gocidVtJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/_hcAKZ9Rlwo19weMs6Swq188ePE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2f1264-23e8-42e0-8364-4f382cbb59f2/1/fpBL1x1v50pnFo_ZE-gocidVtJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.56.0/22
                IPv6:
                  2a06:e3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         61:d1:53:0a:61:4a:28:e2:7e:8b:f3:b0:a1:b2:30:49:16:2a:
         6f:67:01:ea:c7:ca:08:7f:52:b6:36:85:56:b8:65:c8:13:91:
         9f:d0:f9:89:f9:1d:84:c9:84:3c:ae:ef:e8:54:5d:d2:d9:c8:
         b3:09:bb:5f:4b:ce:14:a1:9d:b8:e8:2e:7e:09:1a:f8:98:0a:
         b5:97:98:8e:12:92:38:48:13:1e:e3:a5:30:50:a3:27:39:3e:
         c1:1d:df:d6:2c:63:c6:cc:62:ea:9d:5a:11:f7:98:b5:3e:a0:
         48:1e:ee:ee:57:1a:e1:31:d9:a9:7c:fb:4a:ef:a0:ca:2c:47:
         39:d5:c8:c9:35:aa:3f:ff:33:45:a6:bc:59:c8:8a:88:23:7d:
         06:2a:37:d3:5c:8b:f2:d5:27:f7:ec:f7:5e:5b:1f:fb:be:63:
         f3:d4:8f:40:ea:b2:ba:02:c6:97:2e:8c:88:12:b4:c7:9f:7c:
         ce:ea:6a:e7:1c:0d:8d:3c:83:e2:f7:7c:80:f9:8a:05:dc:cd:
         f9:8a:c9:d0:57:19:05:06:26:95:ba:4d:a4:d7:fc:33:8a:f3:
         ad:41:a2:13:67:47:77:7b:1b:86:3f:15:f1:15:ef:ec:2f:97:
         25:c1:46:e9:a1:9e:8b:46:4b:30:4a:40:5d:2e:11:fe:10:22:
         45:db:a8:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2ewHSempamKOpq6Zwc5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlOTA0YmQ3MWQ2ZmU3NGE2NzE2OGZkOTEzZTgyODcyMjc1
NWI0OTQwHhcNMjUwMTAyMTE1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTE3MDAyOTlmNTE5NzBhMzVmNzA3OGNiM2E0YjBhYjVmM2M3OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2vSQzBeoiiC92Sw0hJXnUXEVGg1
Z1z81o/TrMvY1UchU6sLJku+O8rmap1fbJaATXyttuteaSTrFZTJsr28gx1Mxn9U
ijOUxQ1FGPAzqLhB1KlqEcKmiEZSgkUXy6NMP98tts0MKF5enIKvUTevzCepdHC1
dQ34+/SmQQfUuj1zSBObn6kfaqpNnIOC46lrZxLhoRjWLn1h7IsL2INfDQLZbdgC
7n6F5vZHSFVW4r3QWJRq2ZpWjaonHSXnI1fsYhyV75Q01yaoU23BdqmrmoG11p1N
rdkd4ZQ/g23r28MELM+owm06HN1/ZBPRLPbVM9K5zmCd8uJ3cyp/+V3BLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP4XACmfUZcKNfcHjLOksKtfPHjxMB8GA1UdIwQY
MBaAFH6QS9cdb+dKZxaP2RPoKHInVbSUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnBCTDF4MXY1MHBuRm9fWkUtZ29jaWRWdEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yZjEyNjQtMjNlOC00MmUwLTgzNjQt
NGYzODJjYmI1OWYyLzEvX2hjQUtaOVJsd28xOXdlTXM2U3dxMTg4ZVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yZjEyNjQtMjNlOC00MmUwLTgzNjQtNGYzODJjYmI1OWYy
LzEvZnBCTDF4MXY1MHBuRm9fWkUtZ29jaWRWdEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYU4MA0E
AgACMAcDBQMqBuPAMA0GCSqGSIb3DQEBCwUAA4IBAQBh0VMKYUoo4n6L87ChsjBJ
FipvZwHqx8oIf1K2NoVWuGXIE5Gf0PmJ+R2EyYQ8ru/oVF3S2cizCbtfS84UoZ24
6C5+CRr4mAq1l5iOEpI4SBMe46UwUKMnOT7BHd/WLGPGzGLqnVoR95i1PqBIHu7u
VxrhMdmpfPtK76DKLEc51cjJNao//zNFprxZyIqII30GKjfTXIvy1Sf37PdeWx/7
vmPz1I9A6rK6AsaXLoyIErTHn3zO6mrnHA2NPIPi93yA+YoF3M35isnQVxkFBiaV
uk2k1/wzivOtQaITZ0d3exuGPxXxFe/sL5clwUbpoZ6LRkswSkBdLhH+ECJF26g9
-----END CERTIFICATE-----