Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hAGkRGghsMu88D_64y2I2rKtUUA.roa
File:                     hAGkRGghsMu88D_64y2I2rKtUUA.roa (raw, json)
Hash identifier:          2W41IP//3Zk/KbINF1gu9Mc2eZ0UaBy9JxFTNaSh7/Q=
Subject key identifier:   84:01:A4:44:68:21:B0:CB:BC:F0:3F:FA:E3:2D:88:DA:B2:AD:51:40
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC15F06BFEA5509273BCF3752F53A6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hAGkRGghsMu88D_64y2I2rKtUUA.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202822
IP address blocks:        185.147.50.0/24 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:15:f0:6b:fe:a5:50:92:73:bc:f3:75:2f:53:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8401a4446821b0cbbcf03ffae32d88dab2ad5140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:93:58:2e:9b:d0:7d:1b:86:54:3d:b9:6b:a7:
                    78:a4:97:64:4f:f7:83:01:18:1c:28:1a:09:f7:71:
                    39:31:63:29:a7:4b:38:1f:23:72:1f:27:47:4f:93:
                    fd:e1:eb:f9:86:37:b5:d4:00:f5:35:92:0b:af:a6:
                    fe:bf:d0:25:36:15:e3:98:70:ec:65:ac:9e:34:8a:
                    45:71:8d:a6:3e:7b:e2:56:53:cb:a7:c7:8c:c4:65:
                    44:3e:76:65:ae:c8:36:2f:4a:c9:ab:5f:e5:31:e7:
                    30:f8:47:43:29:9e:2b:f2:7f:ef:e8:24:87:a9:99:
                    09:85:31:da:c7:89:af:ce:32:c7:20:74:82:79:f7:
                    33:96:af:2f:a0:0b:48:43:74:6c:26:ca:09:ce:49:
                    dc:9d:76:32:fa:72:3b:80:42:4f:b0:f2:a5:b8:14:
                    d7:00:c3:eb:1b:bf:e8:e8:ac:e3:97:fd:17:9e:d6:
                    a0:75:05:52:3e:34:b9:93:2f:2d:24:6f:ea:af:3f:
                    3c:ac:17:6c:7f:6d:87:35:9d:ce:97:e0:47:df:b8:
                    e8:5b:1b:0c:14:21:89:b8:ff:00:03:6b:fe:16:f2:
                    89:eb:5a:60:c8:28:df:b4:a2:36:ec:34:19:eb:4c:
                    ff:b8:4a:51:b0:10:81:9b:88:a9:59:08:3e:64:ee:
                    e1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:01:A4:44:68:21:B0:CB:BC:F0:3F:FA:E3:2D:88:DA:B2:AD:51:40
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hAGkRGghsMu88D_64y2I2rKtUUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:e2:50:5f:12:b8:01:33:91:51:17:64:6f:d7:ce:e2:a8:3b:
         1f:b5:70:74:a9:81:76:6f:c9:e3:6d:4a:4b:0f:92:c5:29:d8:
         02:5b:35:6f:23:fc:0c:06:9b:1c:92:b2:59:d9:25:c2:74:e6:
         de:4a:58:54:5a:b9:32:a5:9f:a5:c6:21:22:7c:8c:42:4f:fc:
         fc:67:56:53:02:83:3d:a4:45:a1:1e:9b:07:76:57:34:b1:9a:
         b1:62:37:58:fb:31:16:02:ae:6b:76:f2:0f:35:b0:21:4c:2c:
         b4:2a:6e:4b:05:c3:69:58:6a:ae:17:f1:b7:92:f2:30:be:b2:
         e8:77:7c:34:b1:5d:b4:1e:ac:39:b6:63:97:e6:e2:38:f4:e1:
         fe:ef:2e:f3:c8:fb:34:25:06:72:7c:b4:ab:8a:26:6f:4b:7c:
         00:9c:0f:4c:2a:91:90:24:4b:45:6a:cd:0b:ef:3d:e8:1f:e6:
         d7:95:e6:2a:5a:d2:7c:9e:48:3e:f4:71:ff:b9:0c:d0:24:a0:
         6d:91:4f:ce:66:7e:6d:7b:d6:f9:85:eb:16:40:a4:8e:2d:a7:
         7b:01:83:7c:17:f7:23:f6:dc:b1:3d:b3:ea:db:47:a3:c2:c1:
         c3:da:df:76:c3:00:ad:02:be:a6:4c:d3:fe:65:27:fd:79:34:
         c7:76:96:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BXwa/6lUJJzvPN1L1OmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDAxYTQ0NDY4MjFiMGNiYmNmMDNmZmFlMzJkODhkYWIyYWQ1MTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJNYLpvQfRuGVD25a6d4pJdkT/eD
ARgcKBoJ93E5MWMpp0s4HyNyHydHT5P94ev5hje11AD1NZILr6b+v9AlNhXjmHDs
ZayeNIpFcY2mPnviVlPLp8eMxGVEPnZlrsg2L0rJq1/lMecw+EdDKZ4r8n/v6CSH
qZkJhTHax4mvzjLHIHSCefczlq8voAtIQ3RsJsoJzkncnXYy+nI7gEJPsPKluBTX
AMPrG7/o6Kzjl/0XntagdQVSPjS5ky8tJG/qrz88rBdsf22HNZ3Ol+BH37joWxsM
FCGJuP8AA2v+FvKJ61pgyCjftKI27DQZ60z/uEpRsBCBm4ipWQg+ZO7h0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQBpERoIbDLvPA/+uMtiNqyrVFAMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaEFHa1JHZ2hzTXU4OERfNjR5Mkkyckt0VVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZMyMA0G
CSqGSIb3DQEBCwUAA4IBAQBL4lBfErgBM5FRF2Rv187iqDsftXB0qYF2b8njbUpL
D5LFKdgCWzVvI/wMBpsckrJZ2SXCdObeSlhUWrkypZ+lxiEifIxCT/z8Z1ZTAoM9
pEWhHpsHdlc0sZqxYjdY+zEWAq5rdvIPNbAhTCy0Km5LBcNpWGquF/G3kvIwvrLo
d3w0sV20Hqw5tmOX5uI49OH+7y7zyPs0JQZyfLSriiZvS3wAnA9MKpGQJEtFas0L
7z3oH+bXleYqWtJ8nkg+9HH/uQzQJKBtkU/OZn5te9b5hesWQKSOLad7AYN8F/cj
9tyxPbPq20ejwsHD2t92wwCtAr6mTNP+ZSf9eTTHdpbg
-----END CERTIFICATE-----