Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/HxSDF3RSnEvi55r0ntqSFgDhGUI.roa
File:                     HxSDF3RSnEvi55r0ntqSFgDhGUI.roa (raw, json)
Hash identifier:          NLofzV7uwWNcSKkUAvo8Nc2AOY4OLfgQGuve63ilrNk=
Subject key identifier:   1F:14:83:17:74:52:9C:4B:E2:E7:9A:F4:9E:DA:92:16:00:E1:19:42
Certificate issuer:       /CN=b262bf21de51385859416c4c608001e2025a5d25
Certificate serial:       019424B3775E90F041DC2C8F88D822ABB946
Authority key identifier: B2:62:BF:21:DE:51:38:58:59:41:6C:4C:60:80:01:E2:02:5A:5D:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/smK_Id5ROFhZQWxMYIAB4gJaXSU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/HxSDF3RSnEvi55r0ntqSFgDhGUI.roa
Signing time:             Thu 02 Jan 2025 01:48:48 +0000
ROA not before:           Thu 02 Jan 2025 01:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215000
IP address blocks:        185.19.151.0/24 maxlen: 24
                          185.61.112.0/24 maxlen: 24
                          185.61.113.0/24 maxlen: 24
                          185.61.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/smK_Id5ROFhZQWxMYIAB4gJaXSU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/smK_Id5ROFhZQWxMYIAB4gJaXSU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/smK_Id5ROFhZQWxMYIAB4gJaXSU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:77:5e:90:f0:41:dc:2c:8f:88:d8:22:ab:b9:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b262bf21de51385859416c4c608001e2025a5d25
        Validity
            Not Before: Jan  2 01:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f14831774529c4be2e79af49eda921600e11942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:cf:45:a8:e3:21:6b:f5:09:67:d2:98:91:36:
                    e7:8d:e9:ea:b5:c3:f0:ff:00:97:e7:ce:7e:a8:5f:
                    b0:fa:52:9f:e6:8b:ac:63:43:d1:b4:9c:3a:af:1c:
                    f5:1c:64:56:8d:7e:68:61:78:e2:82:f3:be:35:8e:
                    4c:df:3c:bb:49:17:9a:4e:3d:a2:2a:a6:ac:11:05:
                    4d:23:b5:bd:30:98:fd:df:49:a9:36:14:ee:e4:c8:
                    ce:b2:7e:0c:7a:90:87:96:d3:02:70:f0:d4:0a:9f:
                    6c:ee:66:11:53:68:c9:07:01:c9:75:e7:8e:3a:d7:
                    96:db:12:67:fe:2d:46:94:72:a3:cd:2b:2d:66:5c:
                    ac:b5:27:e0:f5:5b:08:03:30:86:76:fe:af:7d:73:
                    39:86:14:6c:f7:3e:0d:79:28:f1:47:4a:8f:78:a4:
                    e4:11:ee:22:6b:62:2a:ac:7b:c9:1e:80:00:36:56:
                    16:91:0c:c0:d0:b7:34:f2:47:ea:d8:3d:72:b2:ca:
                    d3:ac:8e:bb:b0:ca:67:46:8c:8d:17:93:1c:93:7d:
                    46:94:63:32:b9:64:61:d2:d6:26:c3:16:d2:4d:87:
                    c0:28:c4:1c:13:0a:fc:6a:f1:8e:69:54:b2:63:37:
                    0e:ca:25:d8:cd:aa:3a:c2:ef:3d:48:16:e4:d3:e6:
                    ff:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:14:83:17:74:52:9C:4B:E2:E7:9A:F4:9E:DA:92:16:00:E1:19:42
            X509v3 Authority Key Identifier:
                keyid:B2:62:BF:21:DE:51:38:58:59:41:6C:4C:60:80:01:E2:02:5A:5D:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/smK_Id5ROFhZQWxMYIAB4gJaXSU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/HxSDF3RSnEvi55r0ntqSFgDhGUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/863093-5ed6-43b2-bbda-14c6c5055f88/1/smK_Id5ROFhZQWxMYIAB4gJaXSU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.151.0/24
                  185.61.112.0-185.61.114.255

    Signature Algorithm: sha256WithRSAEncryption
         77:0f:80:0e:d8:83:ab:3e:85:bf:61:d2:56:a9:d7:c0:47:a7:
         64:37:9e:8a:be:94:c5:17:c0:47:66:97:ff:a8:51:d9:61:d2:
         03:13:7d:bf:01:85:15:72:f5:b5:06:e3:3b:05:33:fa:75:b1:
         2a:3f:bf:f2:61:b7:74:35:e7:b9:b8:d1:ce:af:b9:12:ba:f9:
         ac:8b:27:cc:42:e6:cc:86:0d:79:05:37:d7:36:89:50:b7:d5:
         e4:a2:0f:9b:bf:a4:80:35:64:13:e4:65:b6:02:ef:5f:43:07:
         8d:81:d6:84:f2:81:16:cb:8f:74:c6:35:ac:1f:e0:c5:9c:48:
         86:4f:e9:ec:2b:45:53:9a:75:da:0a:5a:7e:27:46:f7:53:f6:
         41:73:f7:61:a5:26:67:b8:07:a7:8e:f8:9c:83:70:dd:c1:06:
         f2:ad:66:7b:bb:fd:19:26:a6:a1:8a:76:d2:7c:84:09:af:5c:
         4b:5b:d7:96:ac:14:7d:3c:fc:90:a7:b7:5e:e7:26:83:98:48:
         c8:cf:92:50:b8:05:30:0f:39:36:e1:b0:cf:b5:af:24:0e:5b:
         ed:98:4b:64:2e:f5:7b:ea:c4:3a:d8:eb:0f:6f:c1:86:1b:1c:
         77:78:5c:c0:91:fc:78:24:e3:b7:a5:18:70:bc:aa:cb:d3:51:
         ab:4f:5d:67
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQks3dekPBB3CyPiNgiq7lGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNjJiZjIxZGU1MTM4NTg1OTQxNmM0YzYwODAwMWUyMDI1
YTVkMjUwHhcNMjUwMTAyMDE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjE0ODMxNzc0NTI5YzRiZTJlNzlhZjQ5ZWRhOTIxNjAwZTExOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq89FqOMha/UJZ9KYkTbnjenqtcPw
/wCX585+qF+w+lKf5ousY0PRtJw6rxz1HGRWjX5oYXjigvO+NY5M3zy7SReaTj2i
KqasEQVNI7W9MJj930mpNhTu5MjOsn4MepCHltMCcPDUCp9s7mYRU2jJBwHJdeeO
OteW2xJn/i1GlHKjzSstZlystSfg9VsIAzCGdv6vfXM5hhRs9z4NeSjxR0qPeKTk
Ee4ia2IqrHvJHoAANlYWkQzA0Lc08kfq2D1yssrTrI67sMpnRoyNF5Mck31GlGMy
uWRh0tYmwxbSTYfAKMQcEwr8avGOaVSyYzcOyiXYzao6wu89SBbk0+b/8wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFB8Ugxd0UpxL4uea9J7akhYA4RlCMB8GA1UdIwQY
MBaAFLJivyHeUThYWUFsTGCAAeICWl0lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc21LX0lkNVJPRmhaUVd4TVlJQUI0Z0phWFNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi84NjMwOTMtNWVkNi00M2IyLWJiZGEt
MTRjNmM1MDU1Zjg4LzEvSHhTREYzUlNuRXZpNTVyMG50cVNGZ0RoR1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi84NjMwOTMtNWVkNi00M2IyLWJiZGEtMTRjNmM1MDU1Zjg4
LzEvc21LX0lkNVJPRmhaUVd4TVlJQUI0Z0phWFNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAuROXMAwD
BAS5PXADBAC5PXIwDQYJKoZIhvcNAQELBQADggEBAHcPgA7Yg6s+hb9h0lap18BH
p2Q3noq+lMUXwEdml/+oUdlh0gMTfb8BhRVy9bUG4zsFM/p1sSo/v/Jht3Q157m4
0c6vuRK6+ayLJ8xC5syGDXkFN9c2iVC31eSiD5u/pIA1ZBPkZbYC719DB42B1oTy
gRbLj3TGNawf4MWcSIZP6ewrRVOaddoKWn4nRvdT9kFz92GlJme4B6eO+JyDcN3B
BvKtZnu7/RkmpqGKdtJ8hAmvXEtb15asFH08/JCnt17nJoOYSMjPklC4BTAPOTbh
sM+1ryQOW+2YS2Qu9XvqxDrY6w9vwYYbHHd4XMCR/Hgk47elGHC8qsvTUatPXWc=
-----END CERTIFICATE-----