Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/hYaFKrnyaSEueE3Nclhbcrh7WLk.roa
File:                     hYaFKrnyaSEueE3Nclhbcrh7WLk.roa (raw, json)
Hash identifier:          R76xSs8UDOZAunK5fmzFUA+tV4VngZVYGVoMB8QO7xc=
Subject key identifier:   85:86:85:2A:B9:F2:69:21:2E:78:4D:CD:72:58:5B:72:B8:7B:58:B9
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       0195C9291DD65B73C82312676131683E2574
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/hYaFKrnyaSEueE3Nclhbcrh7WLk.roa
Signing time:             Mon 24 Mar 2025 17:17:49 +0000
ROA not before:           Mon 24 Mar 2025 17:17:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208949
IP address blocks:        94.154.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c9:29:1d:d6:5b:73:c8:23:12:67:61:31:68:3e:25:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Mar 24 17:17:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8586852ab9f269212e784dcd72585b72b87b58b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:05:c9:c4:f3:8f:cd:a1:8e:80:10:ab:fd:3e:
                    3e:83:8f:2e:20:ce:9d:fb:a0:cf:69:56:3f:ab:77:
                    02:ef:d9:3f:8d:a0:1f:6d:43:ae:5a:2c:31:2a:1a:
                    1f:1a:84:b0:d7:90:f3:cb:06:2f:cc:a4:5b:6f:cc:
                    6a:6c:f6:c0:78:43:7a:4a:3d:68:91:52:89:af:57:
                    ec:01:d1:f9:c5:ad:65:b1:30:f7:c1:67:50:ed:96:
                    50:7a:6d:3a:cc:af:9d:93:23:10:ab:7d:d5:2f:da:
                    e5:eb:50:28:79:3e:a7:e2:95:1b:4f:7f:a9:54:e6:
                    30:26:09:89:19:fb:b4:30:19:08:1c:df:47:96:e4:
                    d6:9c:8b:92:36:9f:72:ec:88:75:e7:10:0d:0e:39:
                    cc:24:b1:94:97:02:7c:1c:9d:5c:22:6f:16:e8:73:
                    c9:46:59:39:a1:a2:8c:c6:77:a4:a8:2b:5f:00:b9:
                    f9:d0:dd:77:6b:4d:e2:3c:03:4e:66:87:16:33:30:
                    a6:6e:e8:fa:0b:50:09:ee:a3:0b:e3:99:e2:76:5f:
                    c8:71:c1:93:0f:7e:ab:19:15:18:45:c1:d0:ce:fa:
                    57:2d:da:2f:c6:65:61:73:76:d3:48:77:c3:3d:61:
                    80:33:83:06:64:e3:d9:81:7c:ef:ab:05:72:e3:d1:
                    9e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:86:85:2A:B9:F2:69:21:2E:78:4D:CD:72:58:5B:72:B8:7B:58:B9
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/hYaFKrnyaSEueE3Nclhbcrh7WLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:66:7f:b4:10:5c:7a:a1:2c:da:31:38:28:74:7c:99:55:ad:
         da:b7:12:0d:0d:78:e6:38:7c:1a:8e:63:25:d9:a1:c7:f7:5b:
         9e:65:d2:11:83:b5:28:f1:aa:02:65:82:a1:6d:5f:da:1f:fa:
         fe:05:bf:4f:02:c2:95:00:24:5d:47:34:82:3d:e8:9a:3b:ec:
         80:c3:bd:62:26:b6:92:c7:4a:6b:33:34:0e:64:d0:62:27:e4:
         ee:3c:5c:cb:9e:55:c1:73:68:4d:2d:ee:bc:c6:2b:13:ef:be:
         57:26:4b:fb:40:5b:80:ff:09:86:fd:16:5f:fd:d1:f3:43:d3:
         82:4f:db:0f:4c:69:24:aa:89:a0:59:8d:aa:ab:66:4f:d9:56:
         a8:a0:05:a8:1c:e0:32:80:06:3f:25:3d:4e:93:20:f4:e4:07:
         6a:1e:60:be:4c:ac:55:80:34:f9:e1:ef:df:3d:9f:9f:4f:f4:
         cc:96:a4:61:92:3a:ad:04:c2:93:a0:85:ff:1e:d9:84:8b:5c:
         cf:88:f4:67:f2:ef:44:5b:c9:83:ad:8e:32:4e:32:64:d9:6f:
         e9:86:16:3e:d9:4a:3a:20:04:52:e4:ff:f4:49:14:b5:a7:8f:
         66:33:69:83:b2:be:4c:6d:92:54:49:de:96:09:5c:74:9a:e3:
         ff:ac:d3:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXJKR3WW3PIIxJnYTFoPiV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwMzI0MTcxNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTg2ODUyYWI5ZjI2OTIxMmU3ODRkY2Q3MjU4NWI3MmI4N2I1OGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wXJxPOPzaGOgBCr/T4+g48uIM6d
+6DPaVY/q3cC79k/jaAfbUOuWiwxKhofGoSw15DzywYvzKRbb8xqbPbAeEN6Sj1o
kVKJr1fsAdH5xa1lsTD3wWdQ7ZZQem06zK+dkyMQq33VL9rl61AoeT6n4pUbT3+p
VOYwJgmJGfu0MBkIHN9HluTWnIuSNp9y7Ih15xANDjnMJLGUlwJ8HJ1cIm8W6HPJ
Rlk5oaKMxnekqCtfALn50N13a03iPANOZocWMzCmbuj6C1AJ7qML45nidl/IccGT
D36rGRUYRcHQzvpXLdovxmVhc3bTSHfDPWGAM4MGZOPZgXzvqwVy49GeEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWGhSq58mkhLnhNzXJYW3K4e1i5MB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvaFlhRktybnlhU0V1ZUUzTmNsaGJjcmg3V0xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpohMA0G
CSqGSIb3DQEBCwUAA4IBAQCYZn+0EFx6oSzaMTgodHyZVa3atxINDXjmOHwajmMl
2aHH91ueZdIRg7Uo8aoCZYKhbV/aH/r+Bb9PAsKVACRdRzSCPeiaO+yAw71iJraS
x0prMzQOZNBiJ+TuPFzLnlXBc2hNLe68xisT775XJkv7QFuA/wmG/RZf/dHzQ9OC
T9sPTGkkqomgWY2qq2ZP2VaooAWoHOAygAY/JT1OkyD05AdqHmC+TKxVgDT54e/f
PZ+fT/TMlqRhkjqtBMKToIX/HtmEi1zPiPRn8u9EW8mDrY4yTjJk2W/phhY+2Uo6
IARS5P/0SRS1p49mM2mDsr5MbZJUSd6WCVx0muP/rNPU
-----END CERTIFICATE-----