Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/hok1h3DBZfbszYTqi9gXzI5jkqU.roa
File:                     hok1h3DBZfbszYTqi9gXzI5jkqU.roa (raw, json)
Hash identifier:          Rrp79AM7R2rghKYLAtKfPleubz/8AHn7KNcJJOJ8/Y0=
Subject key identifier:   86:89:35:87:70:C1:65:F6:EC:CD:84:EA:8B:D8:17:CC:8E:63:92:A5
Certificate issuer:       /CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
Certificate serial:       0197FEAF93AC194BB6EEB3934EE95707A3C0
Authority key identifier: A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/hok1h3DBZfbszYTqi9gXzI5jkqU.roa
Signing time:             Sat 12 Jul 2025 12:50:08 +0000
ROA not before:           Sat 12 Jul 2025 12:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210392
IP address blocks:        185.180.128.0/24 maxlen: 24
                          185.180.129.0/24 maxlen: 24
                          185.180.130.0/24 maxlen: 24
                          185.180.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:fe:af:93:ac:19:4b:b6:ee:b3:93:4e:e9:57:07:a3:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60cee7582e9759be016c931ab34d9285d2fc8b4
        Validity
            Not Before: Jul 12 12:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8689358770c165f6eccd84ea8bd817cc8e6392a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:df:ef:d6:34:91:78:77:5e:25:ef:52:88:22:
                    25:07:64:40:8b:de:1a:fd:cc:46:ed:2f:72:b7:e3:
                    b1:a7:d6:ff:af:a9:ac:f1:ae:dd:22:92:01:91:3b:
                    21:16:4f:74:8d:11:48:95:d2:3e:4a:1b:31:1c:7b:
                    42:30:86:f0:8d:a2:c8:12:29:27:f9:7d:ac:17:24:
                    1c:0f:3f:ec:8d:1b:c5:8b:3d:b8:00:a2:c6:88:16:
                    41:b5:e2:95:46:72:43:56:62:de:be:09:4e:c4:fd:
                    00:68:fa:b7:91:82:c5:ca:e8:1a:d9:63:7b:24:67:
                    6f:a0:c2:4d:f1:3d:68:14:12:41:90:1a:a7:2f:be:
                    95:5b:58:de:d4:4e:89:4c:80:97:89:1d:5e:3c:45:
                    a8:7f:c9:a9:7c:cb:9b:85:34:aa:8c:6a:03:ac:27:
                    11:be:bb:ab:6a:26:7b:29:5f:8d:70:2f:2e:63:f2:
                    c7:d4:62:53:1f:44:36:b6:38:c0:79:a4:76:dc:c0:
                    f6:ae:15:fe:a3:59:55:bf:5f:2c:6d:12:c9:89:1c:
                    56:b1:00:22:56:c8:7e:05:12:71:05:6d:ab:f3:7e:
                    6f:fd:83:bf:5c:6b:62:9e:9c:52:13:61:21:19:f5:
                    3f:94:7a:b5:df:a9:45:c0:ea:90:15:84:1e:d7:07:
                    b9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:89:35:87:70:C1:65:F6:EC:CD:84:EA:8B:D8:17:CC:8E:63:92:A5
            X509v3 Authority Key Identifier:
                keyid:A6:0C:EE:75:82:E9:75:9B:E0:16:C9:31:AB:34:D9:28:5D:2F:C8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgzudYLpdZvgFskxqzTZKF0vyLQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/hok1h3DBZfbszYTqi9gXzI5jkqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/decad0-26da-4b9a-b1a7-d3b38ce9dc34/1/pgzudYLpdZvgFskxqzTZKF0vyLQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:86:d1:ba:e5:fb:bb:1d:91:6d:fc:4f:a2:ef:af:11:40:2e:
         b9:ed:e1:ec:c7:d2:3b:30:5c:8d:d1:7f:d7:3c:e7:c2:ad:cb:
         4d:2b:e5:b7:e2:29:ff:12:5e:64:3b:26:58:31:e8:c1:dc:05:
         1a:5a:23:b3:82:5f:2e:e9:78:55:b2:50:14:73:fa:1f:33:c8:
         a5:50:ec:dd:1f:c5:32:b9:55:26:9d:62:59:5b:14:bb:d2:66:
         54:2e:fd:62:8e:6c:be:44:2d:0b:c3:f8:36:dd:9f:cf:fc:44:
         10:01:98:77:9c:f3:d4:7b:1e:f1:a8:16:b8:3f:2d:24:0d:92:
         d5:ff:0c:97:56:4c:81:8e:59:1b:56:ca:6b:28:6e:0c:cc:e8:
         07:cb:d2:22:f5:22:87:89:e6:4d:81:cd:61:80:af:91:f1:f0:
         3d:bd:ba:2f:15:ad:7a:21:8b:a4:ad:d5:b1:60:54:42:a5:7a:
         f0:c6:9a:2a:f0:46:95:39:fb:7d:02:9f:56:e7:2c:0f:53:e0:
         ec:89:e8:21:b5:77:c6:1d:c3:c6:04:74:f7:9b:2b:a6:8b:24:
         df:e8:9b:49:f4:90:cd:4f:5d:72:62:41:c2:40:dd:d0:29:03:
         c3:ab:e7:5c:5c:99:46:cc:76:2a:f2:13:0f:2c:d0:38:4e:e6:
         af:69:69:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf+r5OsGUu27rOTTulXB6PAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGNlZTc1ODJlOTc1OWJlMDE2YzkzMWFiMzRkOTI4NWQy
ZmM4YjQwHhcNMjUwNzEyMTI1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njg5MzU4NzcwYzE2NWY2ZWNjZDg0ZWE4YmQ4MTdjYzhlNjM5MmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt/v1jSReHdeJe9SiCIlB2RAi94a
/cxG7S9yt+Oxp9b/r6ms8a7dIpIBkTshFk90jRFIldI+ShsxHHtCMIbwjaLIEikn
+X2sFyQcDz/sjRvFiz24AKLGiBZBteKVRnJDVmLevglOxP0AaPq3kYLFyuga2WN7
JGdvoMJN8T1oFBJBkBqnL76VW1je1E6JTICXiR1ePEWof8mpfMubhTSqjGoDrCcR
vruraiZ7KV+NcC8uY/LH1GJTH0Q2tjjAeaR23MD2rhX+o1lVv18sbRLJiRxWsQAi
Vsh+BRJxBW2r835v/YO/XGtinpxSE2EhGfU/lHq136lFwOqQFYQe1we5MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaJNYdwwWX27M2E6ovYF8yOY5KlMB8GA1UdIwQY
MBaAFKYM7nWC6XWb4BbJMas02ShdL8i0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTct
ZDNiMzhjZTlkYzM0LzEvaG9rMWgzREJaZmJzellUcWk5Z1h6STVqa3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9kZWNhZDAtMjZkYS00YjlhLWIxYTctZDNiMzhjZTlkYzM0
LzEvcGd6dWRZTHBkWnZnRnNreHF6VFpLRjB2eUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubSAMA0G
CSqGSIb3DQEBCwUAA4IBAQAIhtG65fu7HZFt/E+i768RQC657eHsx9I7MFyN0X/X
POfCrctNK+W34in/El5kOyZYMejB3AUaWiOzgl8u6XhVslAUc/ofM8ilUOzdH8Uy
uVUmnWJZWxS70mZULv1ijmy+RC0Lw/g23Z/P/EQQAZh3nPPUex7xqBa4Py0kDZLV
/wyXVkyBjlkbVsprKG4MzOgHy9Ii9SKHieZNgc1hgK+R8fA9vbovFa16IYukrdWx
YFRCpXrwxpoq8EaVOft9Ap9W5ywPU+DsieghtXfGHcPGBHT3myumiyTf6JtJ9JDN
T11yYkHCQN3QKQPDq+dcXJlGzHYq8hMPLNA4TuavaWnP
-----END CERTIFICATE-----