Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/HOzDSyhci1oqkFYg_HbCSVURV70.roa
File:                     HOzDSyhci1oqkFYg_HbCSVURV70.roa (raw, json)
Hash identifier:          nhIbLdZhFO91+DXj7DSINlsbz0bS+HiCo4ktiLJuf1I=
Subject key identifier:   1C:EC:C3:4B:28:5C:8B:5A:2A:90:56:20:FC:76:C2:49:55:11:57:BD
Certificate issuer:       /CN=f7aa039b886b226578bdb6a42781bf59044bb138
Certificate serial:       019424B334F6A1077A0E859BA09D7433FA38
Authority key identifier: F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/HOzDSyhci1oqkFYg_HbCSVURV70.roa
Signing time:             Thu 02 Jan 2025 01:48:31 +0000
ROA not before:           Thu 02 Jan 2025 01:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203703
IP address blocks:        185.124.188.0/22 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:34:f6:a1:07:7a:0e:85:9b:a0:9d:74:33:fa:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7aa039b886b226578bdb6a42781bf59044bb138
        Validity
            Not Before: Jan  2 01:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cecc34b285c8b5a2a905620fc76c249551157bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:36:83:78:cc:a1:ce:97:d4:a9:66:3c:e2:b4:
                    a9:76:64:80:c3:7b:11:c4:3a:69:58:2f:f3:ab:ae:
                    c4:93:5e:1c:fd:e8:c7:72:4f:ba:63:59:54:30:d1:
                    d6:6e:67:9d:37:f0:86:8e:a2:ab:dc:6d:b2:60:5d:
                    1a:d4:1e:36:b3:bf:bf:86:18:9b:08:2d:05:20:fb:
                    4c:88:10:25:0a:4a:39:96:3d:29:06:e3:6c:c8:97:
                    c4:58:60:83:1c:52:50:fd:fc:8c:4e:2d:ba:81:a0:
                    27:b0:cc:31:3c:bc:62:a4:b2:41:31:40:a4:61:72:
                    f2:35:38:05:ee:6a:45:41:bd:ff:cc:9b:2d:18:ea:
                    3a:20:6a:ae:52:90:9e:85:07:73:dc:d8:d1:b0:65:
                    66:c6:76:29:7f:34:3a:b6:5d:fd:29:30:57:ce:b7:
                    e5:a1:d2:7c:d8:95:58:03:2d:40:13:15:dc:65:8e:
                    a9:5b:b3:d5:d0:5d:d6:17:65:5a:7e:a1:08:2b:7f:
                    8f:df:e2:e2:ae:8d:68:c2:6e:33:d8:82:64:ce:29:
                    ce:cb:2b:c3:11:6a:bb:d4:92:b5:16:d4:70:e8:70:
                    c4:a3:fc:97:b2:2f:4c:43:6c:43:e8:de:0b:2b:5f:
                    31:02:22:d5:51:d6:b2:ea:21:ce:16:45:b7:05:48:
                    a9:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:EC:C3:4B:28:5C:8B:5A:2A:90:56:20:FC:76:C2:49:55:11:57:BD
            X509v3 Authority Key Identifier:
                keyid:F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/HOzDSyhci1oqkFYg_HbCSVURV70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:7b:33:69:a9:cf:87:70:8f:20:ac:67:bc:f1:15:11:ea:74:
         a7:39:ff:92:6f:58:b2:19:40:47:97:a0:05:0a:ad:be:9c:be:
         b5:85:4a:a4:a3:3e:84:54:3b:88:92:43:71:49:51:3c:3a:d9:
         ba:ea:52:d2:59:ac:0b:3b:b1:14:9a:38:9d:69:99:9f:cc:95:
         16:73:e9:9c:b0:16:56:6c:f0:33:47:20:21:c4:a0:1e:fa:7c:
         13:e7:60:ce:05:15:c8:8a:83:15:31:62:cb:69:d6:b0:7e:1c:
         3c:70:d7:1c:2d:99:92:31:7a:d1:cb:1a:10:14:17:a4:00:0b:
         e0:23:de:b3:16:4c:80:18:af:3f:40:23:f3:47:d8:39:5a:c9:
         df:fc:55:fc:06:8d:49:14:c6:92:0e:52:19:59:65:35:f3:fa:
         30:53:09:86:c6:2c:df:3b:cb:e8:28:34:e4:46:cc:bd:5c:8c:
         a7:64:f5:8c:3e:7d:37:c6:31:42:a2:cb:a0:94:ad:5d:42:bb:
         e3:c5:be:a5:a7:90:2b:d2:04:f6:8b:da:f8:69:31:ae:12:2c:
         c1:8d:ae:7c:e2:c2:9c:2d:76:06:d3:9a:9e:ab:51:67:ba:33:
         be:26:34:8d:65:28:df:22:26:00:e0:91:9d:84:9d:b2:44:42:
         e4:3b:a0:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkszT2oQd6DoWboJ10M/o4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YWEwMzliODg2YjIyNjU3OGJkYjZhNDI3ODFiZjU5MDQ0
YmIxMzgwHhcNMjUwMTAyMDE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2VjYzM0YjI4NWM4YjVhMmE5MDU2MjBmYzc2YzI0OTU1MTE1N2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jaDeMyhzpfUqWY84rSpdmSAw3sR
xDppWC/zq67Ek14c/ejHck+6Y1lUMNHWbmedN/CGjqKr3G2yYF0a1B42s7+/hhib
CC0FIPtMiBAlCko5lj0pBuNsyJfEWGCDHFJQ/fyMTi26gaAnsMwxPLxipLJBMUCk
YXLyNTgF7mpFQb3/zJstGOo6IGquUpCehQdz3NjRsGVmxnYpfzQ6tl39KTBXzrfl
odJ82JVYAy1AExXcZY6pW7PV0F3WF2VafqEIK3+P3+Liro1owm4z2IJkzinOyyvD
EWq71JK1FtRw6HDEo/yXsi9MQ2xD6N4LK18xAiLVUday6iHOFkW3BUipCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzsw0soXItaKpBWIPx2wklVEVe9MB8GA1UdIwQY
MBaAFPeqA5uIayJleL22pCeBv1kES7E4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWIt
NmY2MjFkNzM2YWZmLzEvSE96RFN5aGNpMW9xa0ZZZ19IYkNTVlVSVjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWItNmY2MjFkNzM2YWZm
LzEvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXy8MA0G
CSqGSIb3DQEBCwUAA4IBAQBpezNpqc+HcI8grGe88RUR6nSnOf+Sb1iyGUBHl6AF
Cq2+nL61hUqkoz6EVDuIkkNxSVE8Otm66lLSWawLO7EUmjidaZmfzJUWc+mcsBZW
bPAzRyAhxKAe+nwT52DOBRXIioMVMWLLadawfhw8cNccLZmSMXrRyxoQFBekAAvg
I96zFkyAGK8/QCPzR9g5Wsnf/FX8Bo1JFMaSDlIZWWU18/owUwmGxizfO8voKDTk
Rsy9XIynZPWMPn03xjFCosuglK1dQrvjxb6lp5Ar0gT2i9r4aTGuEizBja584sKc
LXYG05qeq1FnujO+JjSNZSjfIiYA4JGdhJ2yRELkO6Dg
-----END CERTIFICATE-----