Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/489576-4dfb-4a03-b0a3-eccdc0ce7d14/1/0HbGWRHIhLcfmf6kLXAQdepQymA.roa
File:                     0HbGWRHIhLcfmf6kLXAQdepQymA.roa (raw, json)
Hash identifier:          RFLCzQy5MXPE72eUiDWdR8f6HUuF1oAdf92PY+ZrIEU=
Subject key identifier:   D0:76:C6:59:11:C8:84:B7:1F:99:FE:A4:2D:70:10:75:EA:50:CA:60
Certificate issuer:       /CN=2895647d9fd16a1694f8026ebe87760cb531eb0e
Certificate serial:       019420D5F47462AF44C282FD65BD67CC8078
Authority key identifier: 28:95:64:7D:9F:D1:6A:16:94:F8:02:6E:BE:87:76:0C:B5:31:EB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KJVkfZ_RahaU-AJuvod2DLUx6w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/489576-4dfb-4a03-b0a3-eccdc0ce7d14/1/0HbGWRHIhLcfmf6kLXAQdepQymA.roa
Signing time:             Wed 01 Jan 2025 07:48:00 +0000
ROA not before:           Wed 01 Jan 2025 07:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206991
IP address blocks:        185.169.64.0/24 maxlen: 24
                          185.169.65.0/24 maxlen: 24
                          185.169.66.0/24 maxlen: 24
                          185.169.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/489576-4dfb-4a03-b0a3-eccdc0ce7d14/1/KJVkfZ_RahaU-AJuvod2DLUx6w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/489576-4dfb-4a03-b0a3-eccdc0ce7d14/1/KJVkfZ_RahaU-AJuvod2DLUx6w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KJVkfZ_RahaU-AJuvod2DLUx6w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:f4:74:62:af:44:c2:82:fd:65:bd:67:cc:80:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2895647d9fd16a1694f8026ebe87760cb531eb0e
        Validity
            Not Before: Jan  1 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d076c65911c884b71f99fea42d701075ea50ca60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:10:35:bf:72:de:71:4e:a5:a0:c7:ec:68:22:
                    68:84:8a:b3:4f:cb:27:18:da:e4:5e:ad:76:69:95:
                    0a:34:40:9a:60:e3:82:64:9e:f5:b7:dc:31:60:80:
                    32:df:d4:87:59:c0:b5:46:d4:a9:a8:73:51:78:ac:
                    19:23:ad:9a:ac:88:48:8e:2d:30:2e:89:fb:d4:eb:
                    d8:a7:5e:32:e9:9e:8c:dd:02:f7:a1:b8:9a:bc:89:
                    e4:b7:32:bb:e2:1e:ae:26:d4:d3:e0:68:b7:b4:f5:
                    dd:23:55:93:08:d1:b5:66:e2:b3:f1:f1:ad:b9:4f:
                    d7:34:51:8c:88:1e:ae:d3:fa:16:5b:42:a7:61:b0:
                    c3:83:a9:da:3a:3c:cc:26:af:44:31:81:3c:5c:c7:
                    7d:bc:05:0d:6f:0f:e9:1f:c1:77:ea:7e:99:25:4c:
                    5f:e2:8c:82:94:d0:3b:bf:bb:2e:0a:5f:11:99:2e:
                    e2:81:91:5e:0f:c6:89:ef:86:37:52:98:ce:02:ad:
                    e5:6a:d2:65:1f:a8:6a:28:5c:5b:1d:93:21:00:c3:
                    86:0a:3e:28:05:cb:f8:5f:3f:b0:db:9b:81:88:f2:
                    73:15:85:d0:ac:90:7b:ae:86:59:0b:48:8b:1c:ab:
                    e4:d8:69:88:f3:9c:90:02:5c:38:5c:1c:4d:4c:8c:
                    9e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:76:C6:59:11:C8:84:B7:1F:99:FE:A4:2D:70:10:75:EA:50:CA:60
            X509v3 Authority Key Identifier:
                keyid:28:95:64:7D:9F:D1:6A:16:94:F8:02:6E:BE:87:76:0C:B5:31:EB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KJVkfZ_RahaU-AJuvod2DLUx6w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/489576-4dfb-4a03-b0a3-eccdc0ce7d14/1/0HbGWRHIhLcfmf6kLXAQdepQymA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/489576-4dfb-4a03-b0a3-eccdc0ce7d14/1/KJVkfZ_RahaU-AJuvod2DLUx6w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:db:6b:0b:cc:87:a8:8a:0c:79:e8:a2:02:3e:a0:fa:a2:b3:
         4f:6c:4f:c3:c9:1e:7e:50:d9:fa:b8:0a:c1:d5:c2:b9:0a:83:
         c9:88:e8:a2:ab:7a:7f:bf:6a:07:6f:75:6a:23:da:83:08:87:
         cd:05:45:7d:c3:45:84:e9:51:fb:df:ee:06:f3:b8:0c:4a:8e:
         63:fc:7c:9e:99:e9:65:61:df:ef:48:1c:1c:e6:c7:ca:53:8d:
         ab:72:9f:b9:b2:14:31:7c:13:43:9f:1c:d4:48:ef:5e:4b:e9:
         d0:16:eb:dd:d6:83:9a:e9:44:1a:45:31:54:0e:cc:2b:d7:14:
         e4:2a:3d:15:de:2e:e1:0f:f8:e8:7d:fe:ff:de:f1:a9:8e:88:
         98:62:a2:a0:5f:9c:25:12:dc:d3:17:d2:1f:08:2d:66:bb:00:
         8a:f9:9e:e8:98:c0:8c:70:7b:d9:51:bc:84:1c:ef:ff:cc:f1:
         8e:1d:00:ba:61:7c:a7:7a:a7:5e:99:39:04:fc:8f:c4:71:06:
         1c:18:13:46:f3:b1:91:22:a4:d4:19:10:4c:05:d9:8c:4c:aa:
         47:4e:7e:ae:27:3f:15:38:29:fd:94:06:d4:f4:f2:f2:5a:d1:
         88:3c:38:42:cc:8b:7d:0b:91:43:01:0e:39:92:a9:44:1c:d3:
         a9:9e:80:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1fR0Yq9EwoL9Zb1nzIB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4OTU2NDdkOWZkMTZhMTY5NGY4MDI2ZWJlODc3NjBjYjUz
MWViMGUwHhcNMjUwMTAxMDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDc2YzY1OTExYzg4NGI3MWY5OWZlYTQyZDcwMTA3NWVhNTBjYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBA1v3LecU6loMfsaCJohIqzT8sn
GNrkXq12aZUKNECaYOOCZJ71t9wxYIAy39SHWcC1RtSpqHNReKwZI62arIhIji0w
Lon71OvYp14y6Z6M3QL3obiavInktzK74h6uJtTT4Gi3tPXdI1WTCNG1ZuKz8fGt
uU/XNFGMiB6u0/oWW0KnYbDDg6naOjzMJq9EMYE8XMd9vAUNbw/pH8F36n6ZJUxf
4oyClNA7v7suCl8RmS7igZFeD8aJ74Y3UpjOAq3latJlH6hqKFxbHZMhAMOGCj4o
Bcv4Xz+w25uBiPJzFYXQrJB7roZZC0iLHKvk2GmI85yQAlw4XBxNTIyefQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNB2xlkRyIS3H5n+pC1wEHXqUMpgMB8GA1UdIwQY
MBaAFCiVZH2f0WoWlPgCbr6Hdgy1MesOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0pWa2ZaX1JhaGFVLUFKdXZvZDJETFV4Nnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80ODk1NzYtNGRmYi00YTAzLWIwYTMt
ZWNjZGMwY2U3ZDE0LzEvMEhiR1dSSEloTGNmbWY2a0xYQVFkZXBReW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80ODk1NzYtNGRmYi00YTAzLWIwYTMtZWNjZGMwY2U3ZDE0
LzEvS0pWa2ZaX1JhaGFVLUFKdXZvZDJETFV4Nnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCualAMA0G
CSqGSIb3DQEBCwUAA4IBAQBE22sLzIeoigx56KICPqD6orNPbE/DyR5+UNn6uArB
1cK5CoPJiOiiq3p/v2oHb3VqI9qDCIfNBUV9w0WE6VH73+4G87gMSo5j/Hyemell
Yd/vSBwc5sfKU42rcp+5shQxfBNDnxzUSO9eS+nQFuvd1oOa6UQaRTFUDswr1xTk
Kj0V3i7hD/joff7/3vGpjoiYYqKgX5wlEtzTF9IfCC1muwCK+Z7omMCMcHvZUbyE
HO//zPGOHQC6YXyneqdemTkE/I/EcQYcGBNG87GRIqTUGRBMBdmMTKpHTn6uJz8V
OCn9lAbU9PLyWtGIPDhCzIt9C5FDAQ45kqlEHNOpnoBI
-----END CERTIFICATE-----