Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/eb9402-353a-4967-a314-b775f1ccac6a/1/hyvVkmYmp_Y-JQm2DlccYLeH864.roa
File:                     hyvVkmYmp_Y-JQm2DlccYLeH864.roa (raw, json)
Hash identifier:          VaFEZ5cWbIO/7jTIbMlqrCVV+YCmqTrdOrKl1z8IWMw=
Subject key identifier:   87:2B:D5:92:66:26:A7:F6:3E:25:09:B6:0E:57:1C:60:B7:87:F3:AE
Certificate issuer:       /CN=7e2df24f8577cc048c3c79fb8db1483e7b75e25d
Certificate serial:       01974474C591670CA9CBD91FDD2B7E5F8E9F
Authority key identifier: 7E:2D:F2:4F:85:77:CC:04:8C:3C:79:FB:8D:B1:48:3E:7B:75:E2:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fi3yT4V3zASMPHn7jbFIPnt14l0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/eb9402-353a-4967-a314-b775f1ccac6a/1/hyvVkmYmp_Y-JQm2DlccYLeH864.roa
Signing time:             Fri 06 Jun 2025 08:56:32 +0000
ROA not before:           Fri 06 Jun 2025 08:56:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209003
IP address blocks:        185.186.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/eb9402-353a-4967-a314-b775f1ccac6a/1/fi3yT4V3zASMPHn7jbFIPnt14l0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/eb9402-353a-4967-a314-b775f1ccac6a/1/fi3yT4V3zASMPHn7jbFIPnt14l0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fi3yT4V3zASMPHn7jbFIPnt14l0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:74:c5:91:67:0c:a9:cb:d9:1f:dd:2b:7e:5f:8e:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e2df24f8577cc048c3c79fb8db1483e7b75e25d
        Validity
            Not Before: Jun  6 08:56:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=872bd5926626a7f63e2509b60e571c60b787f3ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:57:ca:4e:1f:46:73:63:b9:92:19:14:e2:c2:
                    39:85:50:79:03:1e:1e:0b:1f:98:b8:59:3a:e2:10:
                    93:5a:8d:51:60:f9:f8:41:08:90:80:5b:49:76:87:
                    6d:bd:42:bb:0e:62:fd:15:bb:9b:20:d4:fa:41:b2:
                    97:72:0c:33:7a:e8:4e:52:e8:0a:2d:d5:f2:bb:16:
                    cf:45:32:fe:3c:5d:dd:47:d7:99:d1:af:1c:6a:20:
                    a1:67:aa:0c:48:af:38:17:7e:7f:3d:40:a8:02:0f:
                    41:f9:49:97:0b:e3:bd:51:d6:59:65:06:53:a7:a3:
                    af:09:32:db:52:ae:a7:87:8c:f9:10:76:90:8a:fe:
                    7a:e1:e1:71:7c:04:09:73:44:30:da:aa:eb:cc:70:
                    51:c2:ed:f0:e5:a7:c3:55:2b:ec:29:e3:a5:3b:5c:
                    59:c5:b2:50:4a:1a:71:d7:2d:e9:52:9a:d6:72:5c:
                    30:37:c3:0b:59:ce:85:4e:03:f7:54:41:ff:ee:a6:
                    9c:c7:a1:5b:d0:47:92:51:60:bd:c5:cc:c6:cd:c2:
                    93:28:88:8d:34:1c:24:b9:5a:cd:bf:af:12:d0:96:
                    0c:19:d2:7e:8a:dd:26:77:91:57:8e:a0:10:46:08:
                    19:59:91:75:15:f1:39:16:65:19:ab:85:e3:8e:fc:
                    11:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2B:D5:92:66:26:A7:F6:3E:25:09:B6:0E:57:1C:60:B7:87:F3:AE
            X509v3 Authority Key Identifier:
                keyid:7E:2D:F2:4F:85:77:CC:04:8C:3C:79:FB:8D:B1:48:3E:7B:75:E2:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fi3yT4V3zASMPHn7jbFIPnt14l0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/eb9402-353a-4967-a314-b775f1ccac6a/1/hyvVkmYmp_Y-JQm2DlccYLeH864.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/eb9402-353a-4967-a314-b775f1ccac6a/1/fi3yT4V3zASMPHn7jbFIPnt14l0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:75:70:a8:bc:81:11:13:b5:b8:e8:44:c1:e3:d7:b8:3b:75:
         1c:17:c3:68:71:2b:d8:2e:e7:d9:fc:c0:6e:b3:54:4a:56:12:
         e9:47:71:15:7e:c3:9e:8a:8b:73:51:fa:ea:49:8f:6d:6e:0c:
         40:a0:0f:e7:8e:03:27:2f:f8:16:64:46:13:6e:13:95:e0:8e:
         0b:b2:9c:a7:f9:10:83:b8:1d:34:0e:13:d6:a5:fd:54:ca:8e:
         45:03:d2:72:54:9e:a1:37:02:5c:a8:8f:1a:59:05:3a:55:1c:
         74:0b:52:75:75:f3:8e:c2:1f:91:1e:07:2b:29:6f:b1:e3:63:
         d7:40:2c:6b:6b:0d:61:b8:2f:f4:b1:de:59:23:92:89:17:81:
         60:34:4c:7d:13:34:b7:de:55:42:6c:3d:f2:8f:a2:24:6f:04:
         f6:ea:25:24:6e:38:eb:46:a5:ff:c1:85:6d:08:7a:f9:2b:04:
         73:93:50:f7:50:fe:1f:93:3d:ec:06:76:aa:2b:c4:a5:7b:5b:
         9d:25:08:0b:af:8f:01:cb:53:91:48:ad:c9:54:43:25:74:d0:
         f1:8e:21:fc:54:ab:98:c8:93:42:50:c9:11:4b:ff:6c:00:37:
         3a:6b:b4:91:4f:b4:f8:0d:84:b9:2e:eb:ec:08:d8:9c:97:4a:
         22:5b:3e:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdEdMWRZwypy9kf3St+X46fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMmRmMjRmODU3N2NjMDQ4YzNjNzlmYjhkYjE0ODNlN2I3
NWUyNWQwHhcNMjUwNjA2MDg1NjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJiZDU5MjY2MjZhN2Y2M2UyNTA5YjYwZTU3MWM2MGI3ODdmM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lfKTh9Gc2O5khkU4sI5hVB5Ax4e
Cx+YuFk64hCTWo1RYPn4QQiQgFtJdodtvUK7DmL9FbubINT6QbKXcgwzeuhOUugK
LdXyuxbPRTL+PF3dR9eZ0a8caiChZ6oMSK84F35/PUCoAg9B+UmXC+O9UdZZZQZT
p6OvCTLbUq6nh4z5EHaQiv564eFxfAQJc0Qw2qrrzHBRwu3w5afDVSvsKeOlO1xZ
xbJQShpx1y3pUprWclwwN8MLWc6FTgP3VEH/7qacx6Fb0EeSUWC9xczGzcKTKIiN
NBwkuVrNv68S0JYMGdJ+it0md5FXjqAQRggZWZF1FfE5FmUZq4XjjvwRMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcr1ZJmJqf2PiUJtg5XHGC3h/OuMB8GA1UdIwQY
MBaAFH4t8k+Fd8wEjDx5+42xSD57deJdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmkzeVQ0VjN6QVNNUEhuN2piRklQbnQxNGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9lYjk0MDItMzUzYS00OTY3LWEzMTQt
Yjc3NWYxY2NhYzZhLzEvaHl2VmttWW1wX1ktSlFtMkRsY2NZTGVIODY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9lYjk0MDItMzUzYS00OTY3LWEzMTQtYjc3NWYxY2NhYzZh
LzEvZmkzeVQ0VjN6QVNNUEhuN2piRklQbnQxNGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubo3MA0G
CSqGSIb3DQEBCwUAA4IBAQBRdXCovIERE7W46ETB49e4O3UcF8NocSvYLufZ/MBu
s1RKVhLpR3EVfsOeiotzUfrqSY9tbgxAoA/njgMnL/gWZEYTbhOV4I4Lspyn+RCD
uB00DhPWpf1Uyo5FA9JyVJ6hNwJcqI8aWQU6VRx0C1J1dfOOwh+RHgcrKW+x42PX
QCxraw1huC/0sd5ZI5KJF4FgNEx9EzS33lVCbD3yj6IkbwT26iUkbjjrRqX/wYVt
CHr5KwRzk1D3UP4fkz3sBnaqK8Sle1udJQgLr48By1ORSK3JVEMldNDxjiH8VKuY
yJNCUMkRS/9sADc6a7SRT7T4DYS5LuvsCNicl0oiWz5Y
-----END CERTIFICATE-----