Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/hfNN3XiVLhZTBEzmZ9kxsFWjtgU.roa
File:                     hfNN3XiVLhZTBEzmZ9kxsFWjtgU.roa (raw, json)
Hash identifier:          rdvuWCnmeSdDSQrFfaBCbjsr2zsTzqKaLeEHczQ6fHw=
Subject key identifier:   85:F3:4D:DD:78:95:2E:16:53:04:4C:E6:67:D9:31:B0:55:A3:B6:05
Certificate issuer:       /CN=30d66b66a3982d20a81ef201dc755ed3353b16a4
Certificate serial:       019427B5D6BDA0DDCE34511AE44EE56DB438
Authority key identifier: 30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/hfNN3XiVLhZTBEzmZ9kxsFWjtgU.roa
Signing time:             Thu 02 Jan 2025 15:50:15 +0000
ROA not before:           Thu 02 Jan 2025 15:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197770
IP address blocks:        194.9.58.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 12:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d6:bd:a0:dd:ce:34:51:1a:e4:4e:e5:6d:b4:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d66b66a3982d20a81ef201dc755ed3353b16a4
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85f34ddd78952e1653044ce667d931b055a3b605
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:dd:5c:88:47:2c:ed:89:03:0c:b6:62:96:b8:
                    64:77:0c:29:39:43:35:f1:fc:38:70:0f:e4:33:40:
                    83:ab:06:d4:75:85:df:d8:73:c1:0e:d3:d3:01:6d:
                    24:af:41:db:88:0c:1e:0a:af:c7:0f:09:a0:5b:e1:
                    ff:6d:10:5d:05:c7:d4:c4:e3:c7:f2:da:74:18:6b:
                    7f:3b:20:eb:0f:bc:71:08:00:d6:c6:72:94:88:93:
                    6e:68:7b:97:c2:6f:77:53:d2:dc:2d:02:cb:35:0c:
                    ab:76:fd:36:38:da:ac:1d:90:83:30:65:36:86:39:
                    df:7d:e2:68:3e:7e:bb:80:aa:10:72:28:3f:2f:d6:
                    c9:2b:60:e6:5c:3d:0b:6a:50:94:da:e0:41:a2:62:
                    15:27:d1:d1:fc:dd:aa:69:eb:ad:a5:93:c2:67:66:
                    b8:9f:83:09:42:20:4b:6f:15:98:1c:8b:f4:3b:00:
                    ea:b9:f6:bf:fd:53:dc:fc:6d:52:4c:6a:d7:53:9e:
                    a7:78:16:2c:4f:62:91:87:9f:bd:e8:80:76:2b:b4:
                    ca:5c:d2:2b:b7:68:4d:97:9e:bb:64:d0:13:6a:d5:
                    97:a9:9a:6b:9e:58:2b:89:26:1e:f6:b9:bd:51:f9:
                    4a:70:d2:e9:84:0b:ff:7b:ea:ac:1e:40:b4:b1:77:
                    65:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F3:4D:DD:78:95:2E:16:53:04:4C:E6:67:D9:31:B0:55:A3:B6:05
            X509v3 Authority Key Identifier:
                keyid:30:D6:6B:66:A3:98:2D:20:A8:1E:F2:01:DC:75:5E:D3:35:3B:16:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/hfNN3XiVLhZTBEzmZ9kxsFWjtgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/88e482-8277-4280-9f5b-8144b140edf9/1/MNZrZqOYLSCoHvIB3HVe0zU7FqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:4f:b7:c5:a1:06:e1:ee:10:ec:3b:4f:89:7c:db:15:1c:bd:
         86:7d:c0:a0:f2:1e:ea:34:b8:3c:24:1a:b8:4a:d5:f0:b1:67:
         1a:65:61:78:bb:a6:19:3d:fe:72:e1:10:d6:55:5e:6d:8f:c6:
         aa:be:14:9e:06:fc:fe:69:79:3a:ac:73:16:bc:9d:3e:d7:5b:
         d1:66:e0:99:cf:fe:46:07:16:d2:a4:31:fc:83:72:ac:c4:b4:
         14:5d:d8:a4:f6:a4:e9:5e:88:9c:c1:77:e6:50:fb:cd:52:5e:
         80:f4:dd:a3:d5:bb:ea:74:e4:1c:e2:62:29:d9:98:cb:0d:39:
         61:f4:7d:29:39:35:22:73:20:51:c1:e7:99:70:87:c9:ae:88:
         e6:a5:02:c6:70:0d:89:eb:a8:b1:50:98:bc:ee:b7:12:89:04:
         ff:52:89:a7:f6:17:2a:9a:c8:98:80:c6:83:7d:b0:8c:ba:95:
         e0:f9:c7:ab:67:ca:c8:ea:2e:18:5b:c2:1c:41:9b:4c:b9:38:
         3c:e7:82:69:cc:c0:f3:ea:dc:3b:f4:23:27:13:82:8d:13:90:
         e9:41:0b:49:42:84:fd:fc:d3:5f:f2:e3:75:6d:ab:a3:8e:66:
         cd:8e:d1:b4:2d:ae:36:32:a6:c6:82:81:b6:e4:87:11:1c:b3:
         0c:5d:cf:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntda9oN3ONFEa5E7lbbQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDY2YjY2YTM5ODJkMjBhODFlZjIwMWRjNzU1ZWQzMzUz
YjE2YTQwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWYzNGRkZDc4OTUyZTE2NTMwNDRjZTY2N2Q5MzFiMDU1YTNiNjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyd1ciEcs7YkDDLZilrhkdwwpOUM1
8fw4cA/kM0CDqwbUdYXf2HPBDtPTAW0kr0HbiAweCq/HDwmgW+H/bRBdBcfUxOPH
8tp0GGt/OyDrD7xxCADWxnKUiJNuaHuXwm93U9LcLQLLNQyrdv02ONqsHZCDMGU2
hjnffeJoPn67gKoQcig/L9bJK2DmXD0LalCU2uBBomIVJ9HR/N2qaeutpZPCZ2a4
n4MJQiBLbxWYHIv0OwDqufa//VPc/G1STGrXU56neBYsT2KRh5+96IB2K7TKXNIr
t2hNl567ZNATatWXqZprnlgriSYe9rm9UflKcNLphAv/e+qsHkC0sXdlkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXzTd14lS4WUwRM5mfZMbBVo7YFMB8GA1UdIwQY
MBaAFDDWa2ajmC0gqB7yAdx1XtM1OxakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5aclpxT1lMU0NvSHZJQjNIVmUwelU3RnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC84OGU0ODItODI3Ny00MjgwLTlmNWIt
ODE0NGIxNDBlZGY5LzEvaGZOTjNYaVZMaFpUQkV6bVo5a3hzRldqdGdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC84OGU0ODItODI3Ny00MjgwLTlmNWItODE0NGIxNDBlZGY5
LzEvTU5aclpxT1lMU0NvSHZJQjNIVmUwelU3RnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwgk6MA0G
CSqGSIb3DQEBCwUAA4IBAQA+T7fFoQbh7hDsO0+JfNsVHL2GfcCg8h7qNLg8JBq4
StXwsWcaZWF4u6YZPf5y4RDWVV5tj8aqvhSeBvz+aXk6rHMWvJ0+11vRZuCZz/5G
BxbSpDH8g3KsxLQUXdik9qTpXoicwXfmUPvNUl6A9N2j1bvqdOQc4mIp2ZjLDTlh
9H0pOTUicyBRweeZcIfJrojmpQLGcA2J66ixUJi87rcSiQT/Uomn9hcqmsiYgMaD
fbCMupXg+cerZ8rI6i4YW8IcQZtMuTg854JpzMDz6tw79CMnE4KNE5DpQQtJQoT9
/NNf8uN1baujjmbNjtG0La42MqbGgoG25IcRHLMMXc+M
-----END CERTIFICATE-----