Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/5f6530-1166-4b9d-9dfd-caae0edf69f1/1/hx2ek40oJmiSl7Xgir3mC5VHBV0.roa
File:                     hx2ek40oJmiSl7Xgir3mC5VHBV0.roa (raw, json)
Hash identifier:          cCp67/8pyoc4Gg/vx5QrjhBwzCVOnjb7FAHH3PazwOc=
Subject key identifier:   87:1D:9E:93:8D:28:26:68:92:97:B5:E0:8A:BD:E6:0B:95:47:05:5D
Certificate issuer:       /CN=756c9ebc7ff8759d8a106fffaf335ea346faea57
Certificate serial:       019424B3CC9EA4AFC9C96F7DE94392B9B62C
Authority key identifier: 75:6C:9E:BC:7F:F8:75:9D:8A:10:6F:FF:AF:33:5E:A3:46:FA:EA:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dWyevH_4dZ2KEG__rzNeo0b66lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/5f6530-1166-4b9d-9dfd-caae0edf69f1/1/hx2ek40oJmiSl7Xgir3mC5VHBV0.roa
Signing time:             Thu 02 Jan 2025 01:49:10 +0000
ROA not before:           Thu 02 Jan 2025 01:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34680
IP address blocks:        185.243.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/5f6530-1166-4b9d-9dfd-caae0edf69f1/1/dWyevH_4dZ2KEG__rzNeo0b66lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/5f6530-1166-4b9d-9dfd-caae0edf69f1/1/dWyevH_4dZ2KEG__rzNeo0b66lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dWyevH_4dZ2KEG__rzNeo0b66lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:cc:9e:a4:af:c9:c9:6f:7d:e9:43:92:b9:b6:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=756c9ebc7ff8759d8a106fffaf335ea346faea57
        Validity
            Not Before: Jan  2 01:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=871d9e938d2826689297b5e08abde60b9547055d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fb:c7:71:a1:46:f9:bc:07:d5:7e:35:59:1a:
                    3b:5f:2c:34:20:a4:2c:19:14:3c:b8:e5:cc:23:6a:
                    87:d9:ba:30:98:3b:da:28:44:b2:43:5c:7d:d1:60:
                    0d:63:67:0e:25:d2:bb:c8:54:26:33:b5:16:01:1a:
                    55:b0:b7:69:74:a2:58:a8:78:eb:55:19:ea:9c:2f:
                    ad:54:d0:69:85:3b:5f:49:3e:71:42:f0:4a:0b:6a:
                    be:98:3e:18:e9:7b:f6:b3:09:d5:3e:61:80:76:04:
                    d7:91:44:af:7f:85:b0:5f:23:8b:c6:56:df:28:4a:
                    54:06:bb:88:a6:2c:68:d8:66:9c:56:fa:7b:44:71:
                    d6:49:8c:34:b3:ab:89:0c:ca:4b:e7:6a:c0:c9:23:
                    47:bf:8a:33:19:88:c9:bb:f0:70:f7:46:33:bd:00:
                    68:48:b3:17:83:e5:eb:61:c3:ce:13:38:59:cc:37:
                    f7:1c:e1:55:f0:50:dd:99:4e:46:5b:92:ba:ea:4f:
                    a7:a0:27:2b:6a:05:71:46:b8:47:82:8d:4b:24:cb:
                    aa:1a:a6:1d:c2:ee:9f:10:1c:ea:18:db:13:e4:39:
                    7a:7f:6c:08:b8:50:d6:ec:40:4a:8e:e3:73:e3:34:
                    73:a5:35:98:9f:c5:e5:c6:1b:e9:79:f3:d5:b5:00:
                    bd:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:1D:9E:93:8D:28:26:68:92:97:B5:E0:8A:BD:E6:0B:95:47:05:5D
            X509v3 Authority Key Identifier:
                keyid:75:6C:9E:BC:7F:F8:75:9D:8A:10:6F:FF:AF:33:5E:A3:46:FA:EA:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dWyevH_4dZ2KEG__rzNeo0b66lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5f6530-1166-4b9d-9dfd-caae0edf69f1/1/hx2ek40oJmiSl7Xgir3mC5VHBV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5f6530-1166-4b9d-9dfd-caae0edf69f1/1/dWyevH_4dZ2KEG__rzNeo0b66lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:04:70:45:7d:c5:6f:65:a8:ad:52:36:2a:50:2d:ba:16:7a:
         69:52:e2:9d:23:40:ea:16:9f:ee:62:2a:ef:6f:ea:04:6e:96:
         64:c8:f0:47:97:93:f6:67:8f:11:37:f8:54:43:42:38:13:c6:
         95:66:f2:7f:01:86:50:c0:20:59:f5:01:46:1e:2c:39:c1:69:
         3b:d3:a9:57:b4:e0:29:60:72:ac:35:8b:43:de:40:c3:de:0c:
         84:26:c4:0b:3e:b1:d3:76:74:51:1b:02:41:63:0a:dd:a8:a4:
         7b:ed:26:75:5e:e1:ca:1c:d8:53:ca:da:b3:f2:75:a9:3a:2c:
         bc:b1:4a:aa:3e:e6:00:3c:aa:0a:d4:55:fb:6c:fb:a2:5c:44:
         e6:a5:29:00:be:98:b6:55:4c:c0:f6:33:5c:3d:3c:9b:90:5f:
         5f:b3:89:81:58:fb:59:9b:dc:9d:4d:b4:5e:2d:9d:99:72:07:
         83:be:f5:7d:79:69:62:33:e7:0d:62:bf:e3:9d:3b:d5:4c:91:
         6c:59:9b:53:2b:e7:70:1d:7f:e8:ff:5e:0c:44:4d:25:d2:37:
         ce:18:5d:00:74:b5:9c:ab:74:13:01:74:8a:5e:ea:90:08:69:
         c9:fe:27:43:44:e3:2f:79:be:dc:7e:1c:cb:a8:c6:f0:c8:a4:
         c8:56:a8:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8yepK/JyW996UOSubYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NmM5ZWJjN2ZmODc1OWQ4YTEwNmZmZmFmMzM1ZWEzNDZm
YWVhNTcwHhcNMjUwMTAyMDE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzFkOWU5MzhkMjgyNjY4OTI5N2I1ZTA4YWJkZTYwYjk1NDcwNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvvHcaFG+bwH1X41WRo7Xyw0IKQs
GRQ8uOXMI2qH2bowmDvaKESyQ1x90WANY2cOJdK7yFQmM7UWARpVsLdpdKJYqHjr
VRnqnC+tVNBphTtfST5xQvBKC2q+mD4Y6Xv2swnVPmGAdgTXkUSvf4WwXyOLxlbf
KEpUBruIpixo2GacVvp7RHHWSYw0s6uJDMpL52rAySNHv4ozGYjJu/Bw90YzvQBo
SLMXg+XrYcPOEzhZzDf3HOFV8FDdmU5GW5K66k+noCcragVxRrhHgo1LJMuqGqYd
wu6fEBzqGNsT5Dl6f2wIuFDW7EBKjuNz4zRzpTWYn8XlxhvpefPVtQC9eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcdnpONKCZokpe14Iq95guVRwVdMB8GA1UdIwQY
MBaAFHVsnrx/+HWdihBv/68zXqNG+upXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFd5ZXZIXzRkWjJLRUdfX3J6TmVvMGI2NmxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy81ZjY1MzAtMTE2Ni00YjlkLTlkZmQt
Y2FhZTBlZGY2OWYxLzEvaHgyZWs0MG9KbWlTbDdYZ2lyM21DNVZIQlYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy81ZjY1MzAtMTE2Ni00YjlkLTlkZmQtY2FhZTBlZGY2OWYx
LzEvZFd5ZXZIXzRkWjJLRUdfX3J6TmVvMGI2NmxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufMkMA0G
CSqGSIb3DQEBCwUAA4IBAQBVBHBFfcVvZaitUjYqUC26FnppUuKdI0DqFp/uYirv
b+oEbpZkyPBHl5P2Z48RN/hUQ0I4E8aVZvJ/AYZQwCBZ9QFGHiw5wWk706lXtOAp
YHKsNYtD3kDD3gyEJsQLPrHTdnRRGwJBYwrdqKR77SZ1XuHKHNhTytqz8nWpOiy8
sUqqPuYAPKoK1FX7bPuiXETmpSkAvpi2VUzA9jNcPTybkF9fs4mBWPtZm9ydTbRe
LZ2ZcgeDvvV9eWliM+cNYr/jnTvVTJFsWZtTK+dwHX/o/14MRE0l0jfOGF0AdLWc
q3QTAXSKXuqQCGnJ/idDROMveb7cfhzLqMbwyKTIVqjD
-----END CERTIFICATE-----