Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/Hg9K5nZYj4y2LREbfAkkrFG5Zls.roa
File:                     Hg9K5nZYj4y2LREbfAkkrFG5Zls.roa (raw, json)
Hash identifier:          F2au21rdmN5JT8fnaZxO8lAlqsDmX3/SHMl+Sh2h2I8=
Subject key identifier:   1E:0F:4A:E6:76:58:8F:8C:B6:2D:11:1B:7C:09:24:AC:51:B9:66:5B
Certificate issuer:       /CN=9923812a1597e9605e2a9bf49acf8d638981a5f4
Certificate serial:       019422FC21C3D2663A2D0449F6AC536FE99C
Authority key identifier: 99:23:81:2A:15:97:E9:60:5E:2A:9B:F4:9A:CF:8D:63:89:81:A5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/Hg9K5nZYj4y2LREbfAkkrFG5Zls.roa
Signing time:             Wed 01 Jan 2025 17:48:56 +0000
ROA not before:           Wed 01 Jan 2025 17:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197882
IP address blocks:        185.254.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:21:c3:d2:66:3a:2d:04:49:f6:ac:53:6f:e9:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9923812a1597e9605e2a9bf49acf8d638981a5f4
        Validity
            Not Before: Jan  1 17:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e0f4ae676588f8cb62d111b7c0924ac51b9665b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:09:3c:28:7a:77:2e:66:77:23:67:f6:83:b3:
                    54:8e:3d:74:5a:52:51:3c:ae:53:fd:98:9d:9f:70:
                    0c:dd:19:85:60:37:2d:96:6d:d9:75:49:88:9c:77:
                    c9:3d:f1:e2:05:88:fc:4c:96:df:be:c2:a9:f2:ff:
                    e1:69:98:e1:40:61:97:17:66:4b:79:e1:61:d2:51:
                    7d:62:25:b3:c2:e8:9d:14:dc:f1:4d:87:2c:6c:65:
                    8c:cd:45:19:6b:f4:47:bd:73:f4:13:60:c3:68:58:
                    c5:b3:ee:0f:b9:66:db:0c:30:3f:1e:45:d9:16:0d:
                    e4:16:0b:2e:3c:e9:db:00:07:e3:e5:8a:2d:6b:db:
                    9d:7f:e3:7b:0d:e9:7c:b7:3f:7c:0c:c8:cb:13:e6:
                    f7:ec:4c:46:e1:13:b6:c8:fd:aa:57:c7:45:26:e6:
                    e8:52:60:6a:64:bc:66:44:04:61:6b:19:a3:14:47:
                    88:4c:b1:1a:c1:77:0a:21:70:45:24:74:ce:2a:92:
                    31:3a:83:25:ca:b8:8f:26:96:48:ee:02:ea:28:99:
                    e1:98:8c:24:96:f0:31:d3:80:f8:43:b4:ae:3b:5d:
                    b4:f5:e0:32:f9:d0:20:a5:8d:16:ad:d9:1b:bd:1b:
                    25:50:64:49:5b:ee:0d:53:2c:20:76:1f:42:52:62:
                    53:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:0F:4A:E6:76:58:8F:8C:B6:2D:11:1B:7C:09:24:AC:51:B9:66:5B
            X509v3 Authority Key Identifier:
                keyid:99:23:81:2A:15:97:E9:60:5E:2A:9B:F4:9A:CF:8D:63:89:81:A5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/Hg9K5nZYj4y2LREbfAkkrFG5Zls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/c3ceef-d755-4355-9304-6b16c788a90f/1/mSOBKhWX6WBeKpv0ms-NY4mBpfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:6b:65:0b:d4:c0:0c:c0:a0:c4:aa:c8:0f:04:ef:0e:f3:31:
         cb:81:3a:11:1c:7c:44:13:33:d2:f3:d5:2b:40:1a:83:c7:2f:
         b3:a3:10:72:64:43:fa:a8:71:30:f7:95:02:04:4c:90:52:42:
         67:3a:39:80:a5:18:30:83:cf:e5:8c:d6:33:72:b7:20:f8:b3:
         e6:78:a1:cb:81:17:c1:f2:30:17:f1:74:4d:8a:da:a1:e9:fb:
         ff:9f:7b:96:79:c7:2d:a0:0f:42:07:37:25:a1:71:80:84:e5:
         b8:73:33:e1:2c:e1:d8:08:df:3e:0e:fa:ec:09:1b:f0:9e:a9:
         a6:62:a5:cd:8f:31:37:d6:83:81:29:5f:4d:2d:c3:24:26:27:
         15:7f:09:43:f5:52:6c:d8:d0:4d:c5:d5:af:78:93:91:4c:71:
         4a:02:8b:c2:1a:2f:32:81:36:20:2e:f6:3e:80:d4:e5:5a:fd:
         f9:1a:1e:2a:46:08:5d:a3:7e:dd:67:45:95:2f:c2:15:54:c7:
         44:d3:d0:43:ff:c2:d8:45:52:f3:ee:f0:28:27:33:ac:f3:de:
         d0:52:5e:e2:6e:c8:f4:78:73:36:8b:c3:0d:b3:e9:3a:22:3c:
         63:20:0d:55:13:dc:93:a0:41:f9:b6:77:57:66:88:85:5a:91:
         14:f1:87:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CHD0mY6LQRJ9qxTb+mcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjM4MTJhMTU5N2U5NjA1ZTJhOWJmNDlhY2Y4ZDYzODk4
MWE1ZjQwHhcNMjUwMTAxMTc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTBmNGFlNjc2NTg4ZjhjYjYyZDExMWI3YzA5MjRhYzUxYjk2NjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngk8KHp3LmZ3I2f2g7NUjj10WlJR
PK5T/Zidn3AM3RmFYDctlm3ZdUmInHfJPfHiBYj8TJbfvsKp8v/haZjhQGGXF2ZL
eeFh0lF9YiWzwuidFNzxTYcsbGWMzUUZa/RHvXP0E2DDaFjFs+4PuWbbDDA/HkXZ
Fg3kFgsuPOnbAAfj5Yota9udf+N7Del8tz98DMjLE+b37ExG4RO2yP2qV8dFJubo
UmBqZLxmRARhaxmjFEeITLEawXcKIXBFJHTOKpIxOoMlyriPJpZI7gLqKJnhmIwk
lvAx04D4Q7SuO1209eAy+dAgpY0WrdkbvRslUGRJW+4NUywgdh9CUmJTPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4PSuZ2WI+Mti0RG3wJJKxRuWZbMB8GA1UdIwQY
MBaAFJkjgSoVl+lgXiqb9JrPjWOJgaX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNPQktoV1g2V0JlS3B2MG1zLU5ZNG1CcGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9jM2NlZWYtZDc1NS00MzU1LTkzMDQt
NmIxNmM3ODhhOTBmLzEvSGc5SzVuWllqNHkyTFJFYmZBa2tyRkc1WmxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9jM2NlZWYtZDc1NS00MzU1LTkzMDQtNmIxNmM3ODhhOTBm
LzEvbVNPQktoV1g2V0JlS3B2MG1zLU5ZNG1CcGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf5UMA0G
CSqGSIb3DQEBCwUAA4IBAQATa2UL1MAMwKDEqsgPBO8O8zHLgToRHHxEEzPS89Ur
QBqDxy+zoxByZEP6qHEw95UCBEyQUkJnOjmApRgwg8/ljNYzcrcg+LPmeKHLgRfB
8jAX8XRNitqh6fv/n3uWecctoA9CBzcloXGAhOW4czPhLOHYCN8+DvrsCRvwnqmm
YqXNjzE31oOBKV9NLcMkJicVfwlD9VJs2NBNxdWveJORTHFKAovCGi8ygTYgLvY+
gNTlWv35Gh4qRghdo37dZ0WVL8IVVMdE09BD/8LYRVLz7vAoJzOs897QUl7ibsj0
eHM2i8MNs+k6IjxjIA1VE9yToEH5tndXZoiFWpEU8Ye+
-----END CERTIFICATE-----