Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/hiMcEIjHUWN5FsB7VlVyAr5izXE.roa
File:                     hiMcEIjHUWN5FsB7VlVyAr5izXE.roa (raw, json)
Hash identifier:          6yVp6mlnWSD0tIxqmD2GQ7svu30uQXkMfzEBlI3SWXo=
Subject key identifier:   86:23:1C:10:88:C7:51:63:79:16:C0:7B:56:55:72:02:BE:62:CD:71
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       019428258DA0D9154EB970E2DD25C94D5F8C
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/hiMcEIjHUWN5FsB7VlVyAr5izXE.roa
Signing time:             Thu 02 Jan 2025 17:52:17 +0000
ROA not before:           Thu 02 Jan 2025 17:52:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268624
IP address blocks:        77.246.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:8d:a0:d9:15:4e:b9:70:e2:dd:25:c9:4d:5f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 17:52:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86231c1088c751637916c07b56557202be62cd71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:52:98:6b:cf:fd:a8:89:ca:91:6d:40:5a:f0:
                    9f:67:54:4f:e2:c1:82:ea:42:c2:a6:f1:30:18:1e:
                    67:3d:07:bf:26:20:e6:03:1e:0b:81:94:74:c1:9d:
                    b6:5a:b1:a6:c5:f9:7d:d1:7f:01:91:6d:ec:97:d3:
                    c9:4e:63:f9:58:c3:71:0e:5b:1f:8f:c8:bf:ca:39:
                    59:af:db:52:fa:94:5d:00:7c:eb:d0:38:b6:56:5b:
                    c1:2a:fb:29:b4:87:24:e7:7e:4a:38:45:56:74:a0:
                    a1:97:9c:6c:05:94:4b:2b:98:02:c1:8c:52:7f:55:
                    45:a5:d7:be:33:ee:3e:b1:ba:e5:57:25:61:c2:f0:
                    3c:4e:0f:7c:c2:ae:49:24:85:2c:a0:e8:37:5d:a3:
                    08:df:08:cf:b3:6f:c7:86:ce:fc:88:72:9e:f5:83:
                    15:56:90:5a:2e:b0:41:eb:05:3d:61:ae:87:b1:1a:
                    f7:13:16:64:5c:ff:67:64:a4:55:df:0e:c6:12:8e:
                    a8:99:c4:bb:8c:b6:bc:b5:6e:16:d1:d3:cc:ca:4d:
                    b2:32:a2:eb:22:17:2f:e3:c3:cc:14:5a:e8:f7:74:
                    f2:04:7f:f7:53:57:fd:ea:48:94:6e:ed:d8:93:7a:
                    1e:69:e6:c2:3f:a1:06:88:e1:dc:c2:aa:80:b7:94:
                    ee:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:23:1C:10:88:C7:51:63:79:16:C0:7B:56:55:72:02:BE:62:CD:71
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/hiMcEIjHUWN5FsB7VlVyAr5izXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:fc:8e:19:2a:18:2b:c0:b7:1d:ca:86:8a:bd:a7:9f:e8:f6:
         d7:4d:c8:2a:44:ea:88:54:1b:0d:04:be:2e:ae:2f:42:ed:cc:
         b3:b6:99:42:40:c4:56:7b:61:a4:6f:e3:20:0a:35:1a:54:01:
         3f:09:fe:28:1c:f2:9a:97:9e:01:6e:26:06:b5:52:0d:9e:37:
         53:b4:30:96:0f:64:5e:19:f9:34:27:79:5a:5b:11:d8:cc:c8:
         be:23:2d:86:82:a4:98:f1:ba:67:50:6c:9f:50:c3:a4:27:fc:
         49:05:08:f6:7d:65:21:b9:29:b8:b3:53:01:ff:1f:fe:e0:bc:
         a3:85:3b:95:35:f1:39:79:ca:a3:bf:6e:57:43:31:12:20:0c:
         16:3d:19:f6:6f:29:9c:4d:cc:10:e2:af:ef:c8:39:c2:21:11:
         d5:8f:93:e7:be:4c:01:3f:96:19:cb:bb:47:05:ea:26:f5:e6:
         a5:86:c1:68:fa:06:94:99:a0:2f:8c:49:5f:5a:9f:b3:70:b1:
         8c:55:e5:a7:df:51:11:19:0a:79:1f:72:52:6b:e3:38:99:ba:
         0e:05:d3:e6:1b:1e:6d:ef:87:74:a2:25:f3:8f:07:82:00:38:
         dd:c7:7f:93:45:84:8b:b3:58:33:ab:b4:d7:fe:84:67:ab:d1:
         51:5d:61:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJY2g2RVOuXDi3SXJTV+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjUwMTAyMTc1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjIzMWMxMDg4Yzc1MTYzNzkxNmMwN2I1NjU1NzIwMmJlNjJjZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFKYa8/9qInKkW1AWvCfZ1RP4sGC
6kLCpvEwGB5nPQe/JiDmAx4LgZR0wZ22WrGmxfl90X8BkW3sl9PJTmP5WMNxDlsf
j8i/yjlZr9tS+pRdAHzr0Di2VlvBKvsptIck535KOEVWdKChl5xsBZRLK5gCwYxS
f1VFpde+M+4+sbrlVyVhwvA8Tg98wq5JJIUsoOg3XaMI3wjPs2/Hhs78iHKe9YMV
VpBaLrBB6wU9Ya6HsRr3ExZkXP9nZKRV3w7GEo6omcS7jLa8tW4W0dPMyk2yMqLr
Ihcv48PMFFro93TyBH/3U1f96kiUbu3Yk3oeaebCP6EGiOHcwqqAt5TuSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYjHBCIx1FjeRbAe1ZVcgK+Ys1xMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvaGlNY0VJakhVV041RnNCN1ZsVnlBcjVpelhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfb1MA0G
CSqGSIb3DQEBCwUAA4IBAQBV/I4ZKhgrwLcdyoaKvaef6PbXTcgqROqIVBsNBL4u
ri9C7cyztplCQMRWe2Gkb+MgCjUaVAE/Cf4oHPKal54BbiYGtVINnjdTtDCWD2Re
Gfk0J3laWxHYzMi+Iy2GgqSY8bpnUGyfUMOkJ/xJBQj2fWUhuSm4s1MB/x/+4Lyj
hTuVNfE5ecqjv25XQzESIAwWPRn2bymcTcwQ4q/vyDnCIRHVj5PnvkwBP5YZy7tH
Beom9ealhsFo+gaUmaAvjElfWp+zcLGMVeWn31ERGQp5H3JSa+M4mboOBdPmGx5t
74d0oiXzjweCADjdx3+TRYSLs1gzq7TX/oRnq9FRXWH6
-----END CERTIFICATE-----