Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/2GrFuxyxyHkqumdayYRyftHOCCA.roa
File:                     2GrFuxyxyHkqumdayYRyftHOCCA.roa (raw, json)
Hash identifier:          58WfiupeF7jv1/JuV3+ZtSw5ZmglbAvhKCWRK1cfUPw=
Subject key identifier:   D8:6A:C5:BB:1C:B1:C8:79:2A:BA:67:5A:C9:84:72:7E:D1:CE:08:20
Certificate issuer:       /CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
Certificate serial:       0194206855B80C190E17761CB604D7BCFC2E
Authority key identifier: 04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/2GrFuxyxyHkqumdayYRyftHOCCA.roa
Signing time:             Wed 01 Jan 2025 05:48:16 +0000
ROA not before:           Wed 01 Jan 2025 05:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15695
IP address blocks:        185.86.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:55:b8:0c:19:0e:17:76:1c:b6:04:d7:bc:fc:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04732b985f8f63ff8ae8eac7c70832b30cee80ad
        Validity
            Not Before: Jan  1 05:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d86ac5bb1cb1c8792aba675ac984727ed1ce0820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:03:9d:bb:90:53:41:86:4d:f0:62:b4:f4:06:
                    40:5b:f7:71:4e:de:7d:bc:6e:27:6d:aa:e2:0b:94:
                    58:4a:37:b5:83:57:4f:f5:23:98:45:42:9a:0c:51:
                    cf:16:ee:c5:53:46:01:d2:9c:4f:2c:ce:78:c4:b9:
                    81:5f:5d:e1:1e:47:07:b6:61:5f:f3:0f:5a:19:dd:
                    c9:bf:ad:62:40:2c:f8:4d:1a:24:05:ca:96:e0:d6:
                    c9:90:b4:e2:2e:3b:d9:b9:70:43:a6:da:37:79:22:
                    05:b7:48:35:4f:9b:32:0d:8e:35:f4:de:b9:c7:3d:
                    36:04:8b:77:d9:d7:3a:98:b6:ed:e8:9e:c9:19:59:
                    bf:4a:61:6f:c0:51:7c:b8:30:bb:a1:63:a4:ae:72:
                    57:47:46:20:b8:d7:cb:13:06:b4:19:de:81:98:56:
                    86:ec:a9:08:05:26:b7:44:84:18:00:95:45:0e:3c:
                    69:a0:4d:b1:79:db:3b:b6:67:c3:8e:b4:88:c1:95:
                    c3:4a:1e:91:51:b1:c7:fe:a9:31:c5:bf:6b:99:cb:
                    2d:7d:25:32:37:8c:da:53:56:77:5c:fc:0d:31:9d:
                    ec:ce:e5:c8:2c:b1:f3:fb:a5:6e:ef:3c:a9:ec:43:
                    1b:3e:fe:bc:71:91:a6:55:93:a7:af:d9:99:82:58:
                    93:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:6A:C5:BB:1C:B1:C8:79:2A:BA:67:5A:C9:84:72:7E:D1:CE:08:20
            X509v3 Authority Key Identifier:
                keyid:04:73:2B:98:5F:8F:63:FF:8A:E8:EA:C7:C7:08:32:B3:0C:EE:80:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BHMrmF-PY_-K6OrHxwgyswzugK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/2GrFuxyxyHkqumdayYRyftHOCCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6da0aa-1327-4fa6-a947-ada270825218/1/BHMrmF-PY_-K6OrHxwgyswzugK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:f8:58:72:a8:bd:e8:6c:6e:fc:c3:10:05:8f:be:22:51:10:
         f5:10:97:6e:e7:6d:5c:8f:75:52:64:3c:0b:f2:47:2c:66:8c:
         94:4b:ec:d9:27:bb:c4:f1:a5:cd:d2:1a:df:7f:38:c2:05:a8:
         2b:d8:24:c2:7e:7d:2b:0c:25:e8:37:38:c7:fd:b5:a1:3e:99:
         18:4b:63:73:d6:63:c8:96:03:0d:e4:09:9a:60:fe:c9:b0:4e:
         0b:45:33:82:1b:e2:b8:e8:d7:2e:a8:11:cb:fd:d9:37:d5:31:
         73:b3:b1:2e:17:ed:de:d6:68:26:0d:ff:03:02:05:68:e9:dc:
         91:31:d2:73:e2:29:a3:ad:ee:8f:a8:2a:1b:53:6e:21:58:6b:
         0f:01:ea:0b:75:a9:23:87:4c:3f:41:78:f7:ad:dd:e8:74:40:
         37:f9:f5:5c:01:dd:86:1d:4a:52:02:67:e3:a1:66:ad:38:1c:
         2c:2a:a7:37:3a:bd:dc:48:16:63:cb:f4:d5:4f:03:55:32:96:
         78:1f:f4:e4:d8:e9:e6:f2:c1:c5:6a:ed:72:a4:5a:11:4e:d4:
         83:fd:35:70:1d:12:b6:ef:cb:a3:6b:a6:df:c5:11:ab:be:df:
         e4:ee:2e:87:00:1a:4b:07:56:b0:e4:2f:20:43:70:1e:85:6d:
         84:75:45:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFW4DBkOF3YctgTXvPwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NzMyYjk4NWY4ZjYzZmY4YWU4ZWFjN2M3MDgzMmIzMGNl
ZTgwYWQwHhcNMjUwMTAxMDU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODZhYzViYjFjYjFjODc5MmFiYTY3NWFjOTg0NzI3ZWQxY2UwODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gOdu5BTQYZN8GK09AZAW/dxTt59
vG4nbariC5RYSje1g1dP9SOYRUKaDFHPFu7FU0YB0pxPLM54xLmBX13hHkcHtmFf
8w9aGd3Jv61iQCz4TRokBcqW4NbJkLTiLjvZuXBDpto3eSIFt0g1T5syDY419N65
xz02BIt32dc6mLbt6J7JGVm/SmFvwFF8uDC7oWOkrnJXR0YguNfLEwa0Gd6BmFaG
7KkIBSa3RIQYAJVFDjxpoE2xeds7tmfDjrSIwZXDSh6RUbHH/qkxxb9rmcstfSUy
N4zaU1Z3XPwNMZ3szuXILLHz+6Vu7zyp7EMbPv68cZGmVZOnr9mZgliTcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhqxbscsch5KrpnWsmEcn7RzgggMB8GA1UdIwQY
MBaAFARzK5hfj2P/iujqx8cIMrMM7oCtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDct
YWRhMjcwODI1MjE4LzEvMkdyRnV4eXh5SGtxdW1kYXlZUnlmdEhPQ0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82ZGEwYWEtMTMyNy00ZmE2LWE5NDctYWRhMjcwODI1MjE4
LzEvQkhNcm1GLVBZXy1LNk9ySHh3Z3lzd3p1Z0swLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVY3MA0G
CSqGSIb3DQEBCwUAA4IBAQAf+FhyqL3obG78wxAFj74iURD1EJdu521cj3VSZDwL
8kcsZoyUS+zZJ7vE8aXN0hrffzjCBagr2CTCfn0rDCXoNzjH/bWhPpkYS2Nz1mPI
lgMN5AmaYP7JsE4LRTOCG+K46NcuqBHL/dk31TFzs7EuF+3e1mgmDf8DAgVo6dyR
MdJz4imjre6PqCobU24hWGsPAeoLdakjh0w/QXj3rd3odEA3+fVcAd2GHUpSAmfj
oWatOBwsKqc3Or3cSBZjy/TVTwNVMpZ4H/Tk2Onm8sHFau1ypFoRTtSD/TVwHRK2
78uja6bfxRGrvt/k7i6HABpLB1aw5C8gQ3AehW2EdUV7
-----END CERTIFICATE-----