Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/hbh5Ds4ohpn76W5XFNA1EpZYK-k.roa
File:                     hbh5Ds4ohpn76W5XFNA1EpZYK-k.roa (raw, json)
Hash identifier:          X768VujiAIQdAScTmVTsfLDxtLEh62PYguVqQimz1XI=
Subject key identifier:   85:B8:79:0E:CE:28:86:99:FB:E9:6E:57:14:D0:35:12:96:58:2B:E9
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748523EE2F13E5AB29E77FDFD6BDAEC
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/hbh5Ds4ohpn76W5XFNA1EpZYK-k.roa
Signing time:             Thu 02 Jan 2025 13:50:38 +0000
ROA not before:           Thu 02 Jan 2025 13:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     271968
IP address blocks:        217.76.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:52:3e:e2:f1:3e:5a:b2:9e:77:fd:fd:6b:da:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85b8790ece288699fbe96e5714d0351296582be9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:96:e5:67:1e:1c:e9:77:b6:4e:13:e7:87:24:
                    f5:28:ae:9e:c5:c2:37:64:f7:e0:35:49:23:3a:9b:
                    76:27:ca:5c:37:02:ac:60:9f:01:97:14:8a:04:7e:
                    08:a5:b0:ef:e4:a3:4e:74:44:80:31:a6:e5:ca:49:
                    44:64:1a:3a:43:3d:d5:e6:4d:37:58:56:72:e7:d3:
                    0a:1e:5c:69:98:8e:51:c4:d2:5b:26:b7:ab:73:9f:
                    d8:99:62:56:49:98:59:fa:9f:85:03:f4:ec:df:5c:
                    84:1c:90:8d:43:e2:af:98:00:39:9e:53:03:34:12:
                    be:23:60:30:96:00:76:89:e9:0a:fc:0a:69:df:6d:
                    47:bc:da:8f:87:8f:24:6b:35:b4:46:88:f2:55:3e:
                    32:43:6b:1c:77:f8:e9:28:00:8e:54:44:28:fb:bb:
                    07:68:d1:0b:4c:a3:a7:7f:0d:d6:de:32:0e:6b:f4:
                    9c:0d:77:89:cd:d3:20:ff:91:71:8f:81:09:10:f4:
                    42:88:e4:e8:16:8f:39:a6:d9:0d:06:ab:44:f7:2d:
                    df:d5:da:6e:9f:62:85:ae:b6:6d:d8:26:a2:08:93:
                    b3:cb:20:aa:f3:dc:d7:96:9c:24:24:4a:aa:d9:5d:
                    1e:b0:2d:03:24:ee:ea:64:5e:ad:cb:73:58:92:3f:
                    e4:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B8:79:0E:CE:28:86:99:FB:E9:6E:57:14:D0:35:12:96:58:2B:E9
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/hbh5Ds4ohpn76W5XFNA1EpZYK-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.76.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:fc:a4:dd:c1:c1:ff:5f:25:70:22:78:57:9d:7d:b5:80:c5:
         50:19:58:e5:70:04:fe:11:d6:db:e6:3a:35:e9:48:af:d2:dd:
         e1:e1:77:12:db:a0:18:60:55:91:63:6f:92:89:ab:77:d6:bd:
         90:f1:fb:46:be:0d:ce:fb:11:ec:ee:1b:2a:64:b4:82:bf:7c:
         66:9c:7b:e9:a6:c7:fe:91:cc:28:d8:7a:95:29:3f:c1:00:de:
         69:a1:94:06:95:e8:8b:2f:3a:0e:13:c6:ff:1f:00:9f:14:42:
         84:ed:12:20:f0:3e:e7:d1:c5:8c:3d:5e:6f:f9:62:b4:4e:82:
         7f:d4:d6:3e:3b:26:ca:47:26:8a:a9:7b:4a:7e:bc:b4:39:28:
         b7:8a:04:fd:41:27:cb:9d:10:dd:42:22:3d:08:2e:02:b1:f1:
         43:f2:e1:87:79:a8:62:f5:7a:2b:ff:18:55:54:7d:8b:bb:a2:
         9b:f3:ed:e3:4c:99:dc:16:50:c4:84:33:98:14:2c:02:ca:16:
         12:1d:b9:8c:50:a8:30:c9:40:f4:17:8f:24:57:76:b0:ed:9b:
         e5:24:c9:31:72:81:15:90:ca:3b:ad:dc:08:1b:ae:14:1e:02:
         33:32:1c:c4:7c:bb:d0:82:67:75:69:cd:2d:45:b7:70:c3:31:
         b3:4b:ad:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFI+4vE+WrKed/39a9rsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI4NzkwZWNlMjg4Njk5ZmJlOTZlNTcxNGQwMzUxMjk2NTgyYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JblZx4c6Xe2ThPnhyT1KK6excI3
ZPfgNUkjOpt2J8pcNwKsYJ8BlxSKBH4IpbDv5KNOdESAMablyklEZBo6Qz3V5k03
WFZy59MKHlxpmI5RxNJbJrerc5/YmWJWSZhZ+p+FA/Ts31yEHJCNQ+KvmAA5nlMD
NBK+I2AwlgB2iekK/App321HvNqPh48kazW0RojyVT4yQ2scd/jpKACOVEQo+7sH
aNELTKOnfw3W3jIOa/ScDXeJzdMg/5Fxj4EJEPRCiOToFo85ptkNBqtE9y3f1dpu
n2KFrrZt2CaiCJOzyyCq89zXlpwkJEqq2V0esC0DJO7qZF6ty3NYkj/kRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW4eQ7OKIaZ++luVxTQNRKWWCvpMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvaGJoNURzNG9ocG43Nlc1WEZOQTFFcFpZSy1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Uz1MA0G
CSqGSIb3DQEBCwUAA4IBAQCr/KTdwcH/XyVwInhXnX21gMVQGVjlcAT+Edbb5jo1
6Uiv0t3h4XcS26AYYFWRY2+Siat31r2Q8ftGvg3O+xHs7hsqZLSCv3xmnHvppsf+
kcwo2HqVKT/BAN5poZQGleiLLzoOE8b/HwCfFEKE7RIg8D7n0cWMPV5v+WK0ToJ/
1NY+OybKRyaKqXtKfry0OSi3igT9QSfLnRDdQiI9CC4CsfFD8uGHeahi9Xor/xhV
VH2Lu6Kb8+3jTJncFlDEhDOYFCwCyhYSHbmMUKgwyUD0F48kV3aw7ZvlJMkxcoEV
kMo7rdwIG64UHgIzMhzEfLvQgmd1ac0tRbdwwzGzS60A
-----END CERTIFICATE-----