Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/h-kICo84mpPHXctcS-vW02QdJxQ.roa
File:                     h-kICo84mpPHXctcS-vW02QdJxQ.roa (raw, json)
Hash identifier:          YChUhS+6HZvQd+Isg9GWQNzRMqXToTsR0vsksCA2uaY=
Subject key identifier:   87:E9:08:0A:8F:38:9A:93:C7:5D:CB:5C:4B:EB:D6:D3:64:1D:27:14
Certificate issuer:       /CN=6283b6d1d86102e9edf2abddaa7c9347aac717c7
Certificate serial:       01942067EECE85213DF456F9852D57BAC4D9
Authority key identifier: 62:83:B6:D1:D8:61:02:E9:ED:F2:AB:DD:AA:7C:93:47:AA:C7:17:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/h-kICo84mpPHXctcS-vW02QdJxQ.roa
Signing time:             Wed 01 Jan 2025 05:47:49 +0000
ROA not before:           Wed 01 Jan 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.226.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ee:ce:85:21:3d:f4:56:f9:85:2d:57:ba:c4:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6283b6d1d86102e9edf2abddaa7c9347aac717c7
        Validity
            Not Before: Jan  1 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87e9080a8f389a93c75dcb5c4bebd6d3641d2714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:16:20:9a:cf:42:56:04:e5:e5:54:00:7f:6f:
                    92:95:ef:52:7e:4b:26:37:c7:93:d3:bf:d6:0a:3f:
                    6c:89:84:bf:91:8f:0d:ae:a5:34:33:56:e7:c2:19:
                    8b:df:cd:e2:61:e4:1f:cc:11:ae:42:95:43:73:34:
                    4e:02:4e:68:85:ee:22:f9:c6:1f:c2:bb:92:ba:df:
                    78:68:12:6a:87:46:47:17:b7:8d:91:ee:32:d0:da:
                    f2:de:77:0d:cb:20:1a:f5:b0:f7:a3:f7:00:b9:28:
                    28:50:a9:14:de:7d:5f:2f:a2:db:39:b3:95:3f:b0:
                    e9:2e:bc:f1:22:67:71:74:ae:00:ca:48:80:7f:0c:
                    60:7b:85:ca:d2:8c:d7:67:7d:fb:1d:87:be:14:19:
                    b6:67:90:cf:aa:63:a4:61:d2:2d:5a:8d:bd:65:20:
                    07:15:2b:88:18:f3:f3:c7:83:62:fd:cc:33:88:5f:
                    b2:9e:ef:72:e7:c7:29:ba:b3:2e:18:67:cc:e5:1a:
                    8c:47:17:79:98:d7:be:9f:f0:97:f1:c9:de:b9:2a:
                    1f:64:4d:e0:12:7f:20:33:a1:90:1c:e3:69:e6:6b:
                    c3:de:93:0e:ef:c4:40:f4:50:00:6d:7b:2f:52:fe:
                    65:a0:2f:4b:3f:49:70:48:6f:9a:e7:eb:ea:33:e5:
                    9d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E9:08:0A:8F:38:9A:93:C7:5D:CB:5C:4B:EB:D6:D3:64:1D:27:14
            X509v3 Authority Key Identifier:
                keyid:62:83:B6:D1:D8:61:02:E9:ED:F2:AB:DD:AA:7C:93:47:AA:C7:17:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YoO20dhhAunt8qvdqnyTR6rHF8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/h-kICo84mpPHXctcS-vW02QdJxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/bd4317-b9ef-4b23-80ad-914e4881eea8/1/YoO20dhhAunt8qvdqnyTR6rHF8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:fe:a4:15:d6:79:55:9d:64:7e:44:22:22:da:32:1d:aa:94:
         90:1b:60:3c:3b:a7:df:66:51:87:16:7c:74:db:f6:f7:49:4f:
         5a:a6:dc:18:f6:60:7b:eb:b4:5f:58:64:d4:b9:d2:f5:b4:17:
         ce:b4:08:fd:84:46:db:0f:b8:17:90:dc:70:c7:a2:8b:9f:61:
         77:90:4f:7c:ed:9b:a0:36:a3:8d:3a:a9:55:b0:c1:40:6b:7a:
         8a:45:93:44:41:03:c6:3f:9a:f8:4d:12:a1:67:43:a4:3c:8c:
         92:18:dc:c0:09:cc:19:32:be:48:87:ee:25:33:49:d0:81:0c:
         58:65:0c:26:2e:38:6a:1a:a5:53:a1:5b:9b:77:ef:ff:6b:7a:
         ce:dd:7a:94:5d:52:aa:96:53:bf:51:f6:76:9e:73:fe:a3:de:
         0e:24:5e:a1:e1:a2:f7:ab:fb:63:df:4e:0e:33:6f:c3:42:79:
         b2:7c:0f:49:14:5a:79:6b:ac:59:97:ba:b2:70:d9:98:24:6b:
         32:0b:e0:d0:36:fe:1b:04:fa:44:c9:25:24:18:e2:f4:a8:98:
         03:cc:de:78:dc:db:f3:9a:c8:3f:b2:e4:ba:ba:80:1b:91:80:
         8b:68:ed:34:e7:e3:0c:f4:0b:2b:d8:55:db:4d:da:5d:60:af:
         22:ae:40:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+7OhSE99Fb5hS1XusTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyODNiNmQxZDg2MTAyZTllZGYyYWJkZGFhN2M5MzQ3YWFj
NzE3YzcwHhcNMjUwMTAxMDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U5MDgwYThmMzg5YTkzYzc1ZGNiNWM0YmViZDZkMzY0MWQyNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYgms9CVgTl5VQAf2+Sle9Sfksm
N8eT07/WCj9siYS/kY8NrqU0M1bnwhmL383iYeQfzBGuQpVDczROAk5ohe4i+cYf
wruSut94aBJqh0ZHF7eNke4y0Nry3ncNyyAa9bD3o/cAuSgoUKkU3n1fL6LbObOV
P7DpLrzxImdxdK4AykiAfwxge4XK0ozXZ337HYe+FBm2Z5DPqmOkYdItWo29ZSAH
FSuIGPPzx4Ni/cwziF+ynu9y58cpurMuGGfM5RqMRxd5mNe+n/CX8cneuSofZE3g
En8gM6GQHONp5mvD3pMO78RA9FAAbXsvUv5loC9LP0lwSG+a5+vqM+WduwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfpCAqPOJqTx13LXEvr1tNkHScUMB8GA1UdIwQY
MBaAFGKDttHYYQLp7fKr3ap8k0eqxxfHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW9PMjBkaGhBdW50OHF2ZHFueVRSNnJIRjhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iZDQzMTctYjllZi00YjIzLTgwYWQt
OTE0ZTQ4ODFlZWE4LzEvaC1rSUNvODRtcFBIWGN0Y1MtdlcwMlFkSnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iZDQzMTctYjllZi00YjIzLTgwYWQtOTE0ZTQ4ODFlZWE4
LzEvWW9PMjBkaGhBdW50OHF2ZHFueVRSNnJIRjhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueKmMA0G
CSqGSIb3DQEBCwUAA4IBAQBc/qQV1nlVnWR+RCIi2jIdqpSQG2A8O6ffZlGHFnx0
2/b3SU9aptwY9mB767RfWGTUudL1tBfOtAj9hEbbD7gXkNxwx6KLn2F3kE987Zug
NqONOqlVsMFAa3qKRZNEQQPGP5r4TRKhZ0OkPIySGNzACcwZMr5Ih+4lM0nQgQxY
ZQwmLjhqGqVToVubd+//a3rO3XqUXVKqllO/UfZ2nnP+o94OJF6h4aL3q/tj304O
M2/DQnmyfA9JFFp5a6xZl7qycNmYJGsyC+DQNv4bBPpEySUkGOL0qJgDzN543Nvz
msg/suS6uoAbkYCLaO005+MM9Asr2FXbTdpdYK8irkDv
-----END CERTIFICATE-----