Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ho1k2yRdFnPmCNRpB2Tg5O2wzJ4.roa
File:                     ho1k2yRdFnPmCNRpB2Tg5O2wzJ4.roa (raw, json)
Hash identifier:          ZebGpLK3Trfbb3V8wN+nAw9FGpAAWr9NeNzXmkfHzVM=
Subject key identifier:   86:8D:64:DB:24:5D:16:73:E6:08:D4:69:07:64:E0:E4:ED:B0:CC:9E
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019427B55313E456D06A7AF32C63005BE89D
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ho1k2yRdFnPmCNRpB2Tg5O2wzJ4.roa
Signing time:             Thu 02 Jan 2025 15:49:42 +0000
ROA not before:           Thu 02 Jan 2025 15:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29604
IP address blocks:        188.255.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:53:13:e4:56:d0:6a:7a:f3:2c:63:00:5b:e8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  2 15:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=868d64db245d1673e608d4690764e0e4edb0cc9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:70:ad:be:0e:21:8c:43:7e:d0:4f:80:63:16:
                    88:44:43:6e:9e:d0:fa:03:7f:a3:56:c2:21:05:19:
                    70:d5:05:6f:62:6c:6a:5d:da:30:57:49:27:11:2e:
                    fc:ae:3f:74:38:97:d4:94:3d:12:9f:b1:ba:26:5c:
                    ee:3f:39:6b:44:95:b7:0c:cd:9c:1b:4d:72:fc:47:
                    bb:52:bd:b8:e7:96:34:6b:bb:ec:4e:8b:6d:bb:b7:
                    58:ae:92:bb:84:dd:21:3e:68:8a:23:c3:7b:65:5f:
                    84:fd:10:f9:45:96:17:9e:2a:86:e4:33:77:48:ef:
                    5a:b0:08:ec:6d:ce:05:73:b5:d2:b3:21:e8:ee:24:
                    c9:3b:b6:77:b6:64:22:aa:09:f7:c9:c7:ce:0a:91:
                    20:92:8a:7f:75:8c:a3:fe:7b:4d:4a:40:ca:e5:d9:
                    dd:c9:e5:0c:cc:33:2f:34:45:2c:3f:b9:70:13:66:
                    b6:8c:01:8a:6c:70:e0:25:47:1c:ae:14:8b:92:33:
                    8f:4f:27:1e:f9:50:bf:90:9c:c1:52:fc:63:c4:97:
                    33:41:c2:a2:7f:5a:db:1e:de:b3:0f:2f:48:e6:5e:
                    d9:e6:37:c4:62:00:b1:28:36:cc:42:af:e5:14:8c:
                    9c:aa:16:1f:29:1a:d2:2f:42:92:13:e8:69:25:a6:
                    30:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:8D:64:DB:24:5D:16:73:E6:08:D4:69:07:64:E0:E4:ED:B0:CC:9E
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/ho1k2yRdFnPmCNRpB2Tg5O2wzJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:17:07:0a:aa:71:3b:6e:8f:5c:e6:c1:6a:1c:ab:e4:c7:ed:
         95:6d:33:56:07:00:b1:15:ad:88:23:b6:55:22:25:5c:31:7f:
         f1:ea:d1:32:89:8c:dc:b8:e9:35:91:44:73:0d:09:f2:8c:fd:
         ac:f2:31:e5:5d:83:5c:84:60:a6:2d:a3:f4:19:21:0b:e9:66:
         9f:7d:d0:04:12:a8:87:c1:b3:b5:44:09:55:24:a2:81:40:c2:
         4d:dd:ce:57:6f:71:54:9c:9d:94:66:aa:57:ba:b5:3d:51:aa:
         03:ae:1f:cc:3d:3c:ce:82:d5:6f:1a:46:29:92:97:27:8e:07:
         57:d9:09:83:41:3a:dc:71:82:54:35:f4:5f:5b:99:52:a3:1b:
         f1:57:56:59:16:72:ab:bb:5d:a9:27:9a:52:9f:98:45:62:ca:
         fa:16:10:08:9b:aa:34:24:ab:69:bd:5d:fc:19:1f:8a:fa:ad:
         86:3f:10:b6:5c:18:9a:db:c6:df:46:fc:e0:0d:c6:08:29:e4:
         4a:8a:b8:eb:32:5c:12:2a:87:3e:3b:db:91:71:33:9e:cd:8b:
         6d:cb:c3:5c:57:15:dd:d3:0d:29:c6:34:66:2c:50:11:7d:3d:
         ad:be:05:88:b9:56:69:95:87:71:e5:fe:91:29:da:b1:64:1a:
         67:55:7a:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVMT5FbQanrzLGMAW+idMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMTAyMTU0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjhkNjRkYjI0NWQxNjczZTYwOGQ0NjkwNzY0ZTBlNGVkYjBjYzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHCtvg4hjEN+0E+AYxaIRENuntD6
A3+jVsIhBRlw1QVvYmxqXdowV0knES78rj90OJfUlD0Sn7G6JlzuPzlrRJW3DM2c
G01y/Ee7Ur2455Y0a7vsTottu7dYrpK7hN0hPmiKI8N7ZV+E/RD5RZYXniqG5DN3
SO9asAjsbc4Fc7XSsyHo7iTJO7Z3tmQiqgn3ycfOCpEgkop/dYyj/ntNSkDK5dnd
yeUMzDMvNEUsP7lwE2a2jAGKbHDgJUccrhSLkjOPTyce+VC/kJzBUvxjxJczQcKi
f1rbHt6zDy9I5l7Z5jfEYgCxKDbMQq/lFIycqhYfKRrSL0KSE+hpJaYwbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaNZNskXRZz5gjUaQdk4OTtsMyeMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvaG8xazJ5UmRGblBtQ05ScEIyVGc1TzJ3eko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/SMA0G
CSqGSIb3DQEBCwUAA4IBAQAWFwcKqnE7bo9c5sFqHKvkx+2VbTNWBwCxFa2II7ZV
IiVcMX/x6tEyiYzcuOk1kURzDQnyjP2s8jHlXYNchGCmLaP0GSEL6WaffdAEEqiH
wbO1RAlVJKKBQMJN3c5Xb3FUnJ2UZqpXurU9UaoDrh/MPTzOgtVvGkYpkpcnjgdX
2QmDQTrccYJUNfRfW5lSoxvxV1ZZFnKru12pJ5pSn5hFYsr6FhAIm6o0JKtpvV38
GR+K+q2GPxC2XBia28bfRvzgDcYIKeRKirjrMlwSKoc+O9uRcTOezYtty8NcVxXd
0w0pxjRmLFARfT2tvgWIuVZplYdx5f6RKdqxZBpnVXp5
-----END CERTIFICATE-----