Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/HXhO_18q8VmsYILWwBiZvYW-qoM.roa
File:                     HXhO_18q8VmsYILWwBiZvYW-qoM.roa (raw, json)
Hash identifier:          RmOl477zZkwk4tcus7JtD7o5GaGmutjB84E68UmsNVc=
Subject key identifier:   1D:78:4E:FF:5F:2A:F1:59:AC:60:82:D6:C0:18:99:BD:85:BE:AA:83
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C244540520F94F236F5F885F6F17B
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/HXhO_18q8VmsYILWwBiZvYW-qoM.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44106
IP address blocks:        85.121.56.0/24 maxlen: 24
                          85.121.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:24:45:40:52:0f:94:f2:36:f5:f8:85:f6:f1:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d784eff5f2af159ac6082d6c01899bd85beaa83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:07:27:2d:11:3b:b7:60:50:46:00:92:70:cf:
                    0b:bc:1a:49:36:1f:15:00:7c:0e:e0:29:f4:79:53:
                    67:a1:5f:af:f3:6e:5c:1c:9a:7f:9f:22:6c:91:61:
                    96:8c:6a:16:00:40:2d:da:2f:d4:86:78:10:6e:5b:
                    c7:47:bc:1b:2f:b0:e4:38:8b:75:28:e1:b7:10:ce:
                    21:cd:9a:f3:31:64:ac:d2:14:19:29:ca:e4:bf:c5:
                    79:4f:e3:d7:58:e5:2c:50:5c:22:ab:d8:6e:fd:ac:
                    f4:68:1c:0b:ac:8f:32:70:79:65:a7:94:93:d6:fa:
                    ab:ee:92:4a:81:a5:dc:ec:ef:61:d6:71:93:75:81:
                    98:9e:fd:6b:79:53:b1:04:26:31:bb:e0:94:94:15:
                    1b:41:8c:02:a0:20:41:5a:b7:21:23:1e:4a:71:e4:
                    c8:c2:00:7f:4a:21:44:ab:15:6e:86:c8:ea:03:54:
                    02:6d:cb:2b:f7:13:8b:6c:56:51:33:d3:80:11:b3:
                    78:e0:97:02:15:8f:83:21:3c:62:a1:ec:e7:77:68:
                    a1:79:5f:2d:5c:e1:2d:25:26:3c:df:37:7e:57:1d:
                    87:f0:7e:8f:39:f2:55:c5:50:a2:26:48:76:98:29:
                    40:b3:b3:27:59:bd:69:eb:7e:01:da:9b:fd:d0:1b:
                    74:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:78:4E:FF:5F:2A:F1:59:AC:60:82:D6:C0:18:99:BD:85:BE:AA:83
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/HXhO_18q8VmsYILWwBiZvYW-qoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.121.56.0/24
                  85.121.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:9d:71:d3:b4:c1:02:46:10:6f:06:6e:3e:c0:4a:c0:24:c8:
         be:99:22:e4:7a:86:6e:d5:3c:d3:f3:01:ff:e2:53:46:0a:25:
         49:de:3f:f0:34:7e:4f:36:32:ef:6d:c7:84:39:38:98:b7:3e:
         e5:2c:a4:a5:d2:eb:18:fc:0d:b4:77:e6:51:12:a1:19:df:05:
         a9:d9:d0:cf:7b:88:9c:96:a4:5f:02:08:eb:41:7d:b8:ba:8f:
         ce:28:0b:0c:db:9e:dc:ca:1c:c8:5c:eb:2a:f1:c1:89:a9:31:
         d2:e2:d9:cc:52:07:5c:66:0b:53:28:7a:50:54:b0:1e:27:4b:
         7c:f0:e6:7c:4d:88:31:07:9a:5e:aa:46:c4:bb:6c:94:83:89:
         fe:d4:03:ab:8e:9b:c0:1c:10:e0:64:4d:5c:d5:c0:0c:25:9b:
         11:33:6c:ee:c8:e3:99:6a:19:73:b2:0b:43:71:6a:f7:20:cd:
         95:7c:71:27:85:97:a4:cf:a6:73:ab:97:41:e7:76:a8:82:cb:
         ee:66:72:85:95:50:95:d8:07:73:e5:46:f0:dc:95:55:d4:83:
         d3:45:d6:3a:c4:97:20:c9:c2:b8:ec:7b:e7:54:1d:7b:2e:ec:
         3a:06:d8:fb:28:f1:b9:1f:5e:aa:f6:55:76:d1:15:10:81:10:
         db:e3:7e:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjCRFQFIPlPI29fiF9vF7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDc4NGVmZjVmMmFmMTU5YWM2MDgyZDZjMDE4OTliZDg1YmVhYTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAcnLRE7t2BQRgCScM8LvBpJNh8V
AHwO4Cn0eVNnoV+v825cHJp/nyJskWGWjGoWAEAt2i/UhngQblvHR7wbL7DkOIt1
KOG3EM4hzZrzMWSs0hQZKcrkv8V5T+PXWOUsUFwiq9hu/az0aBwLrI8ycHllp5ST
1vqr7pJKgaXc7O9h1nGTdYGYnv1reVOxBCYxu+CUlBUbQYwCoCBBWrchIx5KceTI
wgB/SiFEqxVuhsjqA1QCbcsr9xOLbFZRM9OAEbN44JcCFY+DITxioeznd2iheV8t
XOEtJSY83zd+Vx2H8H6POfJVxVCiJkh2mClAs7MnWb1p634B2pv90Bt0SQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB14Tv9fKvFZrGCC1sAYmb2FvqqDMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvSFhoT18xOHE4Vm1zWUlMV3dCaVp2WVctcW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVXk4AwQC
VXnIMA0GCSqGSIb3DQEBCwUAA4IBAQC/nXHTtMECRhBvBm4+wErAJMi+mSLkeoZu
1TzT8wH/4lNGCiVJ3j/wNH5PNjLvbceEOTiYtz7lLKSl0usY/A20d+ZREqEZ3wWp
2dDPe4iclqRfAgjrQX24uo/OKAsM257cyhzIXOsq8cGJqTHS4tnMUgdcZgtTKHpQ
VLAeJ0t88OZ8TYgxB5peqkbEu2yUg4n+1AOrjpvAHBDgZE1c1cAMJZsRM2zuyOOZ
ahlzsgtDcWr3IM2VfHEnhZekz6Zzq5dB53aogsvuZnKFlVCV2Adz5Ubw3JVV1IPT
RdY6xJcgycK47HvnVB17Luw6Btj7KPG5H16q9lV20RUQgRDb435L
-----END CERTIFICATE-----