Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/ffc623-b6f6-4ffc-9a11-a74c06c232d6/1/hrzuIDRF15oBIKXIQfgIQbF1zzc.roa
File:                     hrzuIDRF15oBIKXIQfgIQbF1zzc.roa (raw, json)
Hash identifier:          JpHqRzFezYOCJs0/enWH8I+qI+ye32fJxiyuYohDsJo=
Subject key identifier:   86:BC:EE:20:34:45:D7:9A:01:20:A5:C8:41:F8:08:41:B1:75:CF:37
Certificate issuer:       /CN=4b6cff7467533410b9fda2f700208c1a8f0c0423
Certificate serial:       0194228D36E48B3A6E2A533C0723C52D3839
Authority key identifier: 4B:6C:FF:74:67:53:34:10:B9:FD:A2:F7:00:20:8C:1A:8F:0C:04:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S2z_dGdTNBC5_aL3ACCMGo8MBCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/ffc623-b6f6-4ffc-9a11-a74c06c232d6/1/hrzuIDRF15oBIKXIQfgIQbF1zzc.roa
Signing time:             Wed 01 Jan 2025 15:47:47 +0000
ROA not before:           Wed 01 Jan 2025 15:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208851
IP address blocks:        185.142.21.0/24 maxlen: 24
                          185.142.22.0/24 maxlen: 24
                          185.142.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/ffc623-b6f6-4ffc-9a11-a74c06c232d6/1/S2z_dGdTNBC5_aL3ACCMGo8MBCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/ffc623-b6f6-4ffc-9a11-a74c06c232d6/1/S2z_dGdTNBC5_aL3ACCMGo8MBCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S2z_dGdTNBC5_aL3ACCMGo8MBCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:36:e4:8b:3a:6e:2a:53:3c:07:23:c5:2d:38:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b6cff7467533410b9fda2f700208c1a8f0c0423
        Validity
            Not Before: Jan  1 15:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86bcee203445d79a0120a5c841f80841b175cf37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ce:bf:07:4d:1f:a3:12:1e:90:47:81:e7:9c:
                    fc:e8:79:be:fe:db:57:2a:63:c2:94:c5:bd:12:87:
                    b4:0e:6a:d8:cf:dc:26:65:75:d0:6f:1d:d1:a5:7b:
                    4a:5e:a7:e0:6e:fb:d8:e9:d2:2c:b2:5a:02:ce:f0:
                    af:53:58:28:fb:26:30:b2:45:0a:3d:7d:cf:e4:7c:
                    43:ef:f3:bb:81:69:f4:f3:85:4d:2b:37:8e:22:70:
                    62:f9:8c:2e:32:d5:1e:21:25:e5:5a:f0:07:03:18:
                    42:36:fb:eb:9e:1a:2c:32:43:e7:2d:e1:e0:a3:97:
                    fe:29:90:91:ea:b8:30:12:dd:ba:9a:42:de:5e:eb:
                    c9:d4:d0:a0:17:a5:0c:2d:70:42:6e:7f:7e:45:a4:
                    30:6b:d8:41:46:81:2d:95:28:d0:7b:18:3e:6a:49:
                    27:f9:f5:d3:19:20:72:5e:55:45:ca:f3:d4:da:4c:
                    38:29:97:cc:f2:93:b1:02:08:04:92:3f:08:9b:3a:
                    7f:2a:6f:bc:64:a8:fe:1e:95:e6:f6:a8:ee:74:74:
                    c1:0e:1f:9d:03:2b:25:67:69:ab:7d:3b:2d:ac:f2:
                    35:83:65:95:c9:d1:28:dc:c7:a7:70:2b:16:9e:07:
                    86:58:74:aa:10:0b:63:8c:b5:4e:e8:ea:d8:c4:a9:
                    68:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BC:EE:20:34:45:D7:9A:01:20:A5:C8:41:F8:08:41:B1:75:CF:37
            X509v3 Authority Key Identifier:
                keyid:4B:6C:FF:74:67:53:34:10:B9:FD:A2:F7:00:20:8C:1A:8F:0C:04:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S2z_dGdTNBC5_aL3ACCMGo8MBCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/ffc623-b6f6-4ffc-9a11-a74c06c232d6/1/hrzuIDRF15oBIKXIQfgIQbF1zzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/ffc623-b6f6-4ffc-9a11-a74c06c232d6/1/S2z_dGdTNBC5_aL3ACCMGo8MBCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.21.0-185.142.23.255

    Signature Algorithm: sha256WithRSAEncryption
         ca:fa:0a:30:9e:dd:e6:9d:67:f0:8d:56:77:9e:2a:c2:e6:a1:
         5a:25:15:3e:06:be:d8:4f:e0:61:39:92:80:99:68:bc:d1:ed:
         10:a0:c9:e0:f7:22:ca:93:03:18:86:71:63:32:05:46:2c:88:
         14:ef:c9:3b:fc:4e:ab:24:65:a7:e3:04:78:bd:b6:b8:5d:ed:
         17:a2:be:01:47:53:81:23:a6:b4:3e:f0:31:72:ee:75:21:8e:
         ca:a9:32:0d:6e:73:07:48:06:29:29:db:96:de:40:98:25:18:
         dc:bf:2d:e6:36:ad:2b:df:8d:e4:c1:ef:74:87:15:97:ba:80:
         29:0a:f7:59:7d:46:8c:ce:1a:76:9b:71:51:10:70:33:9a:4a:
         44:3b:39:b9:23:fd:7c:07:c3:fd:93:c0:37:3f:9c:e0:0d:ce:
         5e:7d:bb:65:ab:09:0c:6d:ae:ad:76:33:d5:41:6a:4a:1e:17:
         33:98:e1:a2:49:a3:4d:57:3e:17:8e:ce:87:7a:a9:d2:4d:f2:
         c6:7e:2b:dc:a6:aa:ae:84:11:b1:7f:9c:12:1c:51:aa:65:69:
         9c:47:84:06:0e:ce:71:d7:2f:26:85:5c:a2:3d:f2:e4:cf:d4:
         9a:73:01:36:39:e9:72:42:57:9b:45:91:0d:4f:d4:c2:85:02:
         94:f7:c8:73
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQijTbkizpuKlM8ByPFLTg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNmNmZjc0Njc1MzM0MTBiOWZkYTJmNzAwMjA4YzFhOGYw
YzA0MjMwHhcNMjUwMTAxMTU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmJjZWUyMDM0NDVkNzlhMDEyMGE1Yzg0MWY4MDg0MWIxNzVjZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA286/B00foxIekEeB55z86Hm+/ttX
KmPClMW9Eoe0DmrYz9wmZXXQbx3RpXtKXqfgbvvY6dIssloCzvCvU1go+yYwskUK
PX3P5HxD7/O7gWn084VNKzeOInBi+YwuMtUeISXlWvAHAxhCNvvrnhosMkPnLeHg
o5f+KZCR6rgwEt26mkLeXuvJ1NCgF6UMLXBCbn9+RaQwa9hBRoEtlSjQexg+akkn
+fXTGSByXlVFyvPU2kw4KZfM8pOxAggEkj8Imzp/Km+8ZKj+HpXm9qjudHTBDh+d
AyslZ2mrfTstrPI1g2WVydEo3MencCsWngeGWHSqEAtjjLVO6OrYxKlo6wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIa87iA0RdeaASClyEH4CEGxdc83MB8GA1UdIwQY
MBaAFEts/3RnUzQQuf2i9wAgjBqPDAQjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzJ6X2RHZFROQkM1X2FMM0FDQ01HbzhNQkNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9mZmM2MjMtYjZmNi00ZmZjLTlhMTEt
YTc0YzA2YzIzMmQ2LzEvaHJ6dUlEUkYxNW9CSUtYSVFmZ0lRYkYxenpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9mZmM2MjMtYjZmNi00ZmZjLTlhMTEtYTc0YzA2YzIzMmQ2
LzEvUzJ6X2RHZFROQkM1X2FMM0FDQ01HbzhNQkNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5jhUD
BAO5jhAwDQYJKoZIhvcNAQELBQADggEBAMr6CjCe3eadZ/CNVneeKsLmoVolFT4G
vthP4GE5koCZaLzR7RCgyeD3IsqTAxiGcWMyBUYsiBTvyTv8TqskZafjBHi9trhd
7ReivgFHU4EjprQ+8DFy7nUhjsqpMg1ucwdIBikp25beQJglGNy/LeY2rSvfjeTB
73SHFZe6gCkK91l9RozOGnabcVEQcDOaSkQ7Obkj/XwHw/2TwDc/nOANzl59u2Wr
CQxtrq12M9VBakoeFzOY4aJJo01XPheOzod6qdJN8sZ+K9ymqq6EEbF/nBIcUapl
aZxHhAYOznHXLyaFXKI98uTP1JpzATY56XJCV5tFkQ1P1MKFApT3yHM=
-----END CERTIFICATE-----