Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/hnTM8e9DDp88O_jCAHz8InVW_vE.roa
File:                     hnTM8e9DDp88O_jCAHz8InVW_vE.roa (raw, json)
Hash identifier:          8skhoEZiI2jfYQ4DDQgvqEaBRoMspiQzmuxF61YcMEA=
Subject key identifier:   86:74:CC:F1:EF:43:0E:9F:3C:3B:F8:C2:00:7C:FC:22:75:56:FE:F1
Certificate issuer:       /CN=695dce5e37a862538a0f66883de206ffb7c93b69
Certificate serial:       019426D95177533D6619E57BEB6443B66CAE
Authority key identifier: 69:5D:CE:5E:37:A8:62:53:8A:0F:66:88:3D:E2:06:FF:B7:C9:3B:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aV3OXjeoYlOKD2aIPeIG_7fJO2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/hnTM8e9DDp88O_jCAHz8InVW_vE.roa
Signing time:             Thu 02 Jan 2025 11:49:23 +0000
ROA not before:           Thu 02 Jan 2025 11:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205073
IP address blocks:        185.231.0.0/24 maxlen: 24
                          185.231.1.0/24 maxlen: 24
                          185.231.2.0/24 maxlen: 24
                          185.231.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/aV3OXjeoYlOKD2aIPeIG_7fJO2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/aV3OXjeoYlOKD2aIPeIG_7fJO2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aV3OXjeoYlOKD2aIPeIG_7fJO2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:51:77:53:3d:66:19:e5:7b:eb:64:43:b6:6c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=695dce5e37a862538a0f66883de206ffb7c93b69
        Validity
            Not Before: Jan  2 11:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8674ccf1ef430e9f3c3bf8c2007cfc227556fef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:aa:55:90:a1:05:fb:c7:14:62:8a:3c:84:c6:
                    51:b1:45:18:92:90:29:5c:e5:e1:a6:a1:10:9a:8f:
                    b9:00:9a:dd:27:e6:aa:4e:70:17:da:d8:3f:6f:6f:
                    46:d1:fd:ca:71:5d:2b:8c:ff:87:9f:7f:3d:e2:a4:
                    e7:4e:c4:c9:39:b7:ed:5e:50:a3:d5:d1:6a:b3:2f:
                    03:3e:c5:b8:ac:02:b6:e6:d7:9c:20:b9:55:90:5b:
                    fa:7b:12:41:29:b7:da:18:bc:37:31:01:d2:c3:90:
                    43:d2:b6:70:ea:30:ac:49:94:3d:77:8f:98:1b:1a:
                    00:af:13:9d:9d:b7:6c:69:1c:a2:cc:38:e8:e9:1c:
                    40:db:e9:5a:45:70:cc:f2:48:67:06:2a:34:16:91:
                    f6:ee:35:b7:2e:0c:2b:1b:1f:3e:1d:24:6e:90:54:
                    df:fe:33:4d:52:98:ed:44:77:45:13:94:b1:8f:4e:
                    f0:91:30:bb:58:79:25:19:11:8b:2e:da:00:00:20:
                    94:28:e7:09:20:f2:10:4c:42:1f:0d:ac:79:30:aa:
                    4f:33:a3:02:7e:e0:99:4a:9f:03:a9:7f:46:11:62:
                    2c:0b:bf:91:2e:83:72:7d:ef:61:01:3c:d6:1f:60:
                    e1:3b:44:ef:02:5f:72:54:6c:c8:9f:24:15:fa:f9:
                    bb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:74:CC:F1:EF:43:0E:9F:3C:3B:F8:C2:00:7C:FC:22:75:56:FE:F1
            X509v3 Authority Key Identifier:
                keyid:69:5D:CE:5E:37:A8:62:53:8A:0F:66:88:3D:E2:06:FF:B7:C9:3B:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aV3OXjeoYlOKD2aIPeIG_7fJO2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/hnTM8e9DDp88O_jCAHz8InVW_vE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/716911-30de-4b74-959b-017dee452ec4/1/aV3OXjeoYlOKD2aIPeIG_7fJO2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:80:42:aa:68:98:60:22:b8:38:b7:ed:cc:e0:fb:30:14:6c:
         42:a2:8c:34:88:8a:74:a7:3f:ec:4a:af:6a:c5:1c:0b:71:b5:
         82:47:cd:fa:d2:8b:af:59:59:0c:20:85:a6:78:bb:e4:aa:eb:
         c5:04:ab:f0:f1:0b:4b:a9:4d:7b:86:0c:b4:bd:a7:1d:1e:04:
         1f:a5:2d:ee:c4:8a:3e:04:fe:df:4e:18:17:7c:f3:d6:55:5e:
         cc:5d:5a:02:1a:76:71:d1:77:1f:a2:f8:72:00:85:26:a7:c5:
         96:34:c5:5f:fa:90:fc:c6:3d:ef:03:a8:64:a4:ca:ec:9c:97:
         3d:d0:9d:3b:ef:82:ac:cc:7a:69:cf:cb:93:9e:11:b7:54:09:
         33:4e:26:07:92:3d:61:0d:b9:98:50:ce:62:f3:e1:62:86:21:
         26:22:5b:ae:41:9c:bf:74:a2:9d:99:37:79:31:63:21:3c:db:
         a8:fe:7f:b5:e5:4e:d4:10:39:d9:c9:de:c0:27:b9:f3:74:56:
         43:40:e1:2d:bc:47:6e:f4:48:70:f0:e5:c0:28:71:1f:dc:b2:
         89:d1:50:f6:5c:1d:bb:62:f7:a2:1a:aa:3a:7a:40:c5:df:a2:
         b0:8f:51:89:6f:d4:e7:c4:06:a5:74:60:b8:9f:71:e2:27:de:
         f8:6c:de:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2VF3Uz1mGeV762RDtmyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NWRjZTVlMzdhODYyNTM4YTBmNjY4ODNkZTIwNmZmYjdj
OTNiNjkwHhcNMjUwMTAyMTE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc0Y2NmMWVmNDMwZTlmM2MzYmY4YzIwMDdjZmMyMjc1NTZmZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qpVkKEF+8cUYoo8hMZRsUUYkpAp
XOXhpqEQmo+5AJrdJ+aqTnAX2tg/b29G0f3KcV0rjP+Hn3894qTnTsTJObftXlCj
1dFqsy8DPsW4rAK25tecILlVkFv6exJBKbfaGLw3MQHSw5BD0rZw6jCsSZQ9d4+Y
GxoArxOdnbdsaRyizDjo6RxA2+laRXDM8khnBio0FpH27jW3LgwrGx8+HSRukFTf
/jNNUpjtRHdFE5Sxj07wkTC7WHklGRGLLtoAACCUKOcJIPIQTEIfDax5MKpPM6MC
fuCZSp8DqX9GEWIsC7+RLoNyfe9hATzWH2DhO0TvAl9yVGzInyQV+vm7RwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ0zPHvQw6fPDv4wgB8/CJ1Vv7xMB8GA1UdIwQY
MBaAFGldzl43qGJTig9miD3iBv+3yTtpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVYzT1hqZW9ZbE9LRDJhSVBlSUdfN2ZKTzJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi83MTY5MTEtMzBkZS00Yjc0LTk1OWIt
MDE3ZGVlNDUyZWM0LzEvaG5UTThlOUREcDg4T19qQ0FIejhJblZXX3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi83MTY5MTEtMzBkZS00Yjc0LTk1OWItMDE3ZGVlNDUyZWM0
LzEvYVYzT1hqZW9ZbE9LRDJhSVBlSUdfN2ZKTzJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuecAMA0G
CSqGSIb3DQEBCwUAA4IBAQBOgEKqaJhgIrg4t+3M4PswFGxCoow0iIp0pz/sSq9q
xRwLcbWCR8360ouvWVkMIIWmeLvkquvFBKvw8QtLqU17hgy0vacdHgQfpS3uxIo+
BP7fThgXfPPWVV7MXVoCGnZx0XcfovhyAIUmp8WWNMVf+pD8xj3vA6hkpMrsnJc9
0J0774KszHppz8uTnhG3VAkzTiYHkj1hDbmYUM5i8+FihiEmIluuQZy/dKKdmTd5
MWMhPNuo/n+15U7UEDnZyd7AJ7nzdFZDQOEtvEdu9Ehw8OXAKHEf3LKJ0VD2XB27
YveiGqo6ekDF36Kwj1GJb9TnxAaldGC4n3HiJ974bN5g
-----END CERTIFICATE-----