Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/HnblzgjRhv7ohFCku2dgX5Jr7vw.roa
File:                     HnblzgjRhv7ohFCku2dgX5Jr7vw.roa (raw, json)
Hash identifier:          o9K0gGCxUA0R4sGgN9lj9M6IzHoNtSXBjdq46DJlaa4=
Subject key identifier:   1E:76:E5:CE:08:D1:86:FE:E8:84:50:A4:BB:67:60:5F:92:6B:EE:FC
Certificate issuer:       /CN=ca5220e53e4f81ca258ccfea187280280f5f621a
Certificate serial:       01942445A46BE7BAB15FAB9B8499DDCE4239
Authority key identifier: CA:52:20:E5:3E:4F:81:CA:25:8C:CF:EA:18:72:80:28:0F:5F:62:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ylIg5T5PgcoljM_qGHKAKA9fYho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/HnblzgjRhv7ohFCku2dgX5Jr7vw.roa
Signing time:             Wed 01 Jan 2025 23:48:51 +0000
ROA not before:           Wed 01 Jan 2025 23:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8560
IP address blocks:        185.5.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/ylIg5T5PgcoljM_qGHKAKA9fYho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/ylIg5T5PgcoljM_qGHKAKA9fYho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ylIg5T5PgcoljM_qGHKAKA9fYho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a4:6b:e7:ba:b1:5f:ab:9b:84:99:dd:ce:42:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca5220e53e4f81ca258ccfea187280280f5f621a
        Validity
            Not Before: Jan  1 23:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e76e5ce08d186fee88450a4bb67605f926beefc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:64:a5:6e:e5:3c:23:d0:c4:50:ad:af:61:91:
                    46:31:c3:07:c1:45:04:05:82:01:7e:68:0e:d6:26:
                    14:b7:46:06:43:25:da:38:78:70:22:f3:3c:73:d3:
                    df:d6:9e:ad:ff:a7:7c:17:0f:10:db:cb:e0:44:89:
                    b5:6f:97:30:13:e9:34:dd:65:82:03:8f:3e:39:d6:
                    79:1d:ac:3a:2b:ef:5b:05:13:20:b0:95:07:ea:8b:
                    cd:99:bd:e7:86:50:50:9d:87:33:70:41:38:ab:cc:
                    92:c1:3e:c1:95:34:9a:fb:14:5f:26:fe:d4:43:e0:
                    74:c4:9a:ec:4a:80:33:07:09:a9:50:05:b5:57:85:
                    e4:81:83:e8:58:30:2a:11:71:70:6d:76:4c:49:24:
                    e7:44:62:3f:59:78:4a:af:0e:cf:7e:ce:68:21:ee:
                    5d:6f:2b:4d:e4:c5:93:a6:45:19:8b:dd:94:a8:49:
                    16:f8:c4:2d:8a:be:48:8e:4e:dd:42:1c:31:0d:89:
                    06:6b:54:b1:2f:a6:73:fe:c9:d1:51:8f:23:9a:db:
                    f4:eb:f0:f9:d2:1b:5e:97:2c:67:48:39:90:48:8d:
                    4f:72:23:6b:5b:5f:6f:34:8f:b8:76:93:8b:53:7b:
                    15:4b:cc:23:e0:45:fe:fa:cc:d1:ae:28:15:25:ec:
                    27:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:76:E5:CE:08:D1:86:FE:E8:84:50:A4:BB:67:60:5F:92:6B:EE:FC
            X509v3 Authority Key Identifier:
                keyid:CA:52:20:E5:3E:4F:81:CA:25:8C:CF:EA:18:72:80:28:0F:5F:62:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ylIg5T5PgcoljM_qGHKAKA9fYho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/HnblzgjRhv7ohFCku2dgX5Jr7vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/424947-1c6a-48e9-b289-f23c5a531823/1/ylIg5T5PgcoljM_qGHKAKA9fYho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d8:f8:a8:53:87:a6:bd:8e:65:8a:f5:02:a5:44:e5:1e:2a:
         dc:1a:c9:69:2d:48:cf:8e:22:a8:28:a2:4a:27:9c:6c:fe:49:
         b7:99:f7:a2:56:8a:49:f1:f9:5a:ae:d7:e5:5e:e3:da:0f:f2:
         ac:13:53:2b:0d:cf:2e:be:41:24:08:72:4d:e1:32:00:50:d7:
         2f:34:7c:fb:c6:55:12:60:7b:63:ec:6f:1b:73:9c:31:ff:a3:
         dc:e7:1a:a6:3b:22:02:99:54:96:e9:80:ff:d0:75:76:b5:a0:
         f4:eb:3e:01:1d:ce:2a:a4:31:de:74:aa:42:5b:03:7e:04:97:
         f9:c3:b0:d5:d8:18:38:0e:cf:ed:fe:a1:e2:f3:88:76:8b:bf:
         55:d6:ee:d1:a5:ea:c1:da:b4:ef:7f:0a:67:34:c2:6d:d0:2a:
         db:d4:1c:07:3e:15:e6:ac:13:25:47:6b:dd:c4:5e:06:1d:d6:
         6a:10:03:65:76:3e:2d:c4:0e:8e:43:67:14:9b:29:81:ed:de:
         b5:29:6e:1a:34:96:3e:0c:83:e6:48:9f:86:fb:7a:44:cb:14:
         4e:1c:91:cd:b6:4b:cc:8e:20:01:95:c1:d0:99:03:ce:8d:ca:
         92:2f:b9:b9:d8:75:d4:1e:fd:b2:2c:8e:a8:e0:d2:a0:6a:ac:
         3b:fd:20:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRaRr57qxX6ubhJndzkI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNTIyMGU1M2U0ZjgxY2EyNThjY2ZlYTE4NzI4MDI4MGY1
ZjYyMWEwHhcNMjUwMTAxMjM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc2ZTVjZTA4ZDE4NmZlZTg4NDUwYTRiYjY3NjA1ZjkyNmJlZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WSlbuU8I9DEUK2vYZFGMcMHwUUE
BYIBfmgO1iYUt0YGQyXaOHhwIvM8c9Pf1p6t/6d8Fw8Q28vgRIm1b5cwE+k03WWC
A48+OdZ5Haw6K+9bBRMgsJUH6ovNmb3nhlBQnYczcEE4q8ySwT7BlTSa+xRfJv7U
Q+B0xJrsSoAzBwmpUAW1V4XkgYPoWDAqEXFwbXZMSSTnRGI/WXhKrw7Pfs5oIe5d
bytN5MWTpkUZi92UqEkW+MQtir5Ijk7dQhwxDYkGa1SxL6Zz/snRUY8jmtv06/D5
0htelyxnSDmQSI1PciNrW19vNI+4dpOLU3sVS8wj4EX++szRrigVJewnxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB525c4I0Yb+6IRQpLtnYF+Sa+78MB8GA1UdIwQY
MBaAFMpSIOU+T4HKJYzP6hhygCgPX2IaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWxJZzVUNVBnY29sak1fcUdIS0FLQTlmWWhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80MjQ5NDctMWM2YS00OGU5LWIyODkt
ZjIzYzVhNTMxODIzLzEvSG5ibHpnalJodjdvaEZDa3UyZGdYNUpyN3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80MjQ5NDctMWM2YS00OGU5LWIyODktZjIzYzVhNTMxODIz
LzEveWxJZzVUNVBnY29sak1fcUdIS0FLQTlmWWhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQUaMA0G
CSqGSIb3DQEBCwUAA4IBAQAv2PioU4emvY5livUCpUTlHircGslpLUjPjiKoKKJK
J5xs/km3mfeiVopJ8flartflXuPaD/KsE1MrDc8uvkEkCHJN4TIAUNcvNHz7xlUS
YHtj7G8bc5wx/6Pc5xqmOyICmVSW6YD/0HV2taD06z4BHc4qpDHedKpCWwN+BJf5
w7DV2Bg4Ds/t/qHi84h2i79V1u7RperB2rTvfwpnNMJt0Crb1BwHPhXmrBMlR2vd
xF4GHdZqEANldj4txA6OQ2cUmymB7d61KW4aNJY+DIPmSJ+G+3pEyxROHJHNtkvM
jiABlcHQmQPOjcqSL7m52HXUHv2yLI6o4NKgaqw7/SDe
-----END CERTIFICATE-----