Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/hnsA4cHOijPoNwlf0ddWoTOuP4M.roa
File:                     hnsA4cHOijPoNwlf0ddWoTOuP4M.roa (raw, json)
Hash identifier:          VpkjEz6V4+QhZq7fIhlT9s7HZODrWhTnFk36Jz3+dtQ=
Subject key identifier:   86:7B:00:E1:C1:CE:8A:33:E8:37:09:5F:D1:D7:56:A1:33:AE:3F:83
Certificate issuer:       /CN=6b60412823a0224a5d00e4963d6b23d22504997d
Certificate serial:       019427B541B7CDE0B2310310C1A030589165
Authority key identifier: 6B:60:41:28:23:A0:22:4A:5D:00:E4:96:3D:6B:23:D2:25:04:99:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/hnsA4cHOijPoNwlf0ddWoTOuP4M.roa
Signing time:             Thu 02 Jan 2025 15:49:37 +0000
ROA not before:           Thu 02 Jan 2025 15:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212656
IP address blocks:        185.178.50.0/24 maxlen: 24
                          194.164.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 06:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:41:b7:cd:e0:b2:31:03:10:c1:a0:30:58:91:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b60412823a0224a5d00e4963d6b23d22504997d
        Validity
            Not Before: Jan  2 15:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=867b00e1c1ce8a33e837095fd1d756a133ae3f83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b2:18:85:96:3e:e5:5b:eb:74:eb:aa:5a:1f:
                    eb:fb:61:d9:db:95:89:f7:ee:70:91:eb:8c:d2:fd:
                    d8:c7:80:48:90:3f:2c:ff:d4:bc:07:38:1d:07:9a:
                    54:36:e0:23:29:b9:7a:c2:34:49:0f:9c:40:95:de:
                    1c:04:7a:d8:9d:f6:96:06:94:2c:3a:74:88:ad:0d:
                    77:45:cb:7a:fc:e3:c3:b8:d5:ce:bc:80:5d:38:d8:
                    4e:8f:e9:b9:97:7b:07:3d:b1:1d:f1:92:1d:c7:8c:
                    3e:65:b2:af:ff:5f:9c:97:4d:cf:01:53:86:88:66:
                    9c:a5:96:e3:06:64:8b:1e:66:9b:18:e8:69:4a:2c:
                    f6:48:88:d8:6f:f0:e4:61:ec:d1:5c:57:c3:9c:d9:
                    26:7d:f6:46:fd:46:0a:8b:33:d6:1c:37:92:cf:68:
                    95:08:22:6c:b7:aa:e7:6b:45:80:11:37:a0:2a:65:
                    d4:03:79:32:3a:87:56:af:fd:a9:92:ab:99:03:94:
                    e8:d0:c5:ec:9c:bd:5c:af:da:99:38:a3:e6:be:62:
                    0e:f0:f7:cd:1e:29:09:05:30:d7:ac:2e:ba:66:94:
                    9a:f2:e4:db:5d:1a:92:c1:44:36:ae:7e:f6:bc:9f:
                    99:91:5d:af:47:e4:34:2d:5c:b9:ba:83:e6:f2:1a:
                    bd:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:7B:00:E1:C1:CE:8A:33:E8:37:09:5F:D1:D7:56:A1:33:AE:3F:83
            X509v3 Authority Key Identifier:
                keyid:6B:60:41:28:23:A0:22:4A:5D:00:E4:96:3D:6B:23:D2:25:04:99:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2BBKCOgIkpdAOSWPWsj0iUEmX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/hnsA4cHOijPoNwlf0ddWoTOuP4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/275a74-b3ef-44cf-8220-6a3342b95af1/1/a2BBKCOgIkpdAOSWPWsj0iUEmX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.50.0/24
                  194.164.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:4a:62:d4:4b:61:41:1a:4e:1e:49:a7:a4:e0:ab:84:3f:65:
         41:90:c2:ac:f9:56:ac:04:f8:ae:6d:9c:12:91:29:68:71:68:
         da:d1:2b:47:83:35:ce:6d:98:f0:fe:44:b7:59:dd:5a:b0:a2:
         f1:b8:23:2e:9b:b7:5e:ec:a2:14:22:12:95:46:31:2b:cf:2c:
         d4:d6:b8:d1:d2:7b:0a:52:84:7c:cc:32:59:8d:d1:76:c3:ab:
         1e:2f:f3:dc:16:bc:09:31:79:1c:38:c5:28:d5:a4:84:e6:90:
         ef:19:97:3e:ec:1a:4a:d7:3c:2b:22:e6:a2:ae:8a:8c:01:3a:
         59:7f:c4:4e:65:f9:fa:a7:39:c3:f5:1c:56:aa:25:ca:d9:14:
         4d:d0:6d:61:a4:d5:66:01:d7:6b:af:1b:91:cf:5c:98:97:82:
         06:5a:86:3d:af:39:46:4c:46:18:b0:6c:61:74:62:2e:ba:cf:
         d3:3d:ab:12:4b:ce:06:cd:8e:30:c6:5c:93:6e:11:ef:9d:e4:
         c9:ad:55:61:cd:34:5e:0a:9c:ac:99:f7:53:b2:5f:14:bd:b7:
         2e:84:80:3f:d9:eb:b1:81:36:ab:74:41:e7:5d:8b:9d:c4:1e:
         09:27:81:e2:a7:6f:41:9e:c0:0c:ca:c6:45:97:fb:1d:a9:35:
         f3:5b:26:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntUG3zeCyMQMQwaAwWJFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNjA0MTI4MjNhMDIyNGE1ZDAwZTQ5NjNkNmIyM2QyMjUw
NDk5N2QwHhcNMjUwMTAyMTU0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjdiMDBlMWMxY2U4YTMzZTgzNzA5NWZkMWQ3NTZhMTMzYWUzZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrIYhZY+5VvrdOuqWh/r+2HZ25WJ
9+5wkeuM0v3Yx4BIkD8s/9S8BzgdB5pUNuAjKbl6wjRJD5xAld4cBHrYnfaWBpQs
OnSIrQ13Rct6/OPDuNXOvIBdONhOj+m5l3sHPbEd8ZIdx4w+ZbKv/1+cl03PAVOG
iGacpZbjBmSLHmabGOhpSiz2SIjYb/DkYezRXFfDnNkmffZG/UYKizPWHDeSz2iV
CCJst6rna0WAETegKmXUA3kyOodWr/2pkquZA5To0MXsnL1cr9qZOKPmvmIO8PfN
HikJBTDXrC66ZpSa8uTbXRqSwUQ2rn72vJ+ZkV2vR+Q0LVy5uoPm8hq9rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIZ7AOHBzooz6DcJX9HXVqEzrj+DMB8GA1UdIwQY
MBaAFGtgQSgjoCJKXQDklj1rI9IlBJl9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJCQktDT2dJa3BkQU9TV1BXc2owaVVFbVgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yNzVhNzQtYjNlZi00NGNmLTgyMjAt
NmEzMzQyYjk1YWYxLzEvaG5zQTRjSE9palBvTndsZjBkZFdvVE91UDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yNzVhNzQtYjNlZi00NGNmLTgyMjAtNmEzMzQyYjk1YWYx
LzEvYTJCQktDT2dJa3BkQU9TV1BXc2owaVVFbVgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubIyAwQA
wqTtMA0GCSqGSIb3DQEBCwUAA4IBAQBkSmLUS2FBGk4eSaek4KuEP2VBkMKs+Vas
BPiubZwSkSlocWja0StHgzXObZjw/kS3Wd1asKLxuCMum7de7KIUIhKVRjErzyzU
1rjR0nsKUoR8zDJZjdF2w6seL/PcFrwJMXkcOMUo1aSE5pDvGZc+7BpK1zwrIuai
roqMATpZf8ROZfn6pznD9RxWqiXK2RRN0G1hpNVmAddrrxuRz1yYl4IGWoY9rzlG
TEYYsGxhdGIuus/TPasSS84GzY4wxlyTbhHvneTJrVVhzTReCpysmfdTsl8Uvbcu
hIA/2euxgTardEHnXYudxB4JJ4Hip29BnsAMysZFl/sdqTXzWya4
-----END CERTIFICATE-----