Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/hFLTgVwi-T4tOA6wOS4qAN2FLxM.roa
File:                     hFLTgVwi-T4tOA6wOS4qAN2FLxM.roa (raw, json)
Hash identifier:          dz5XmeHfe6/lu7MZUkt8y4gu+wWol7zuYfpW+/5fyrM=
Subject key identifier:   84:52:D3:81:5C:22:F9:3E:2D:38:0E:B0:39:2E:2A:00:DD:85:2F:13
Certificate issuer:       /CN=955fcf92798a9dbb30abd2b9fa29bfa8804220f3
Certificate serial:       0194258EE075B3C25124EED764D39F17DDCC
Authority key identifier: 95:5F:CF:92:79:8A:9D:BB:30:AB:D2:B9:FA:29:BF:A8:80:42:20:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/hFLTgVwi-T4tOA6wOS4qAN2FLxM.roa
Signing time:             Thu 02 Jan 2025 05:48:27 +0000
ROA not before:           Thu 02 Jan 2025 05:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43459
IP address blocks:        86.105.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e0:75:b3:c2:51:24:ee:d7:64:d3:9f:17:dd:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955fcf92798a9dbb30abd2b9fa29bfa8804220f3
        Validity
            Not Before: Jan  2 05:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8452d3815c22f93e2d380eb0392e2a00dd852f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:df:58:9f:3e:da:f5:08:c7:48:c5:20:d8:cf:
                    5f:b3:42:b6:bd:3c:3d:ec:5d:ce:80:9c:fb:a4:61:
                    ae:98:44:1c:22:69:32:33:77:e4:ce:e6:67:4e:49:
                    47:f0:f6:4e:b8:a4:a6:1f:5b:4e:61:b6:d2:c8:65:
                    7c:76:f1:89:e3:76:84:f9:62:9c:59:a8:91:7a:79:
                    17:3b:37:66:a7:22:ad:79:a0:b1:80:b6:75:55:ce:
                    20:fa:88:a8:2b:12:1b:00:ef:49:61:6a:d5:7c:d2:
                    ba:b3:9e:7c:7e:19:33:a6:93:41:a3:67:a7:d6:a0:
                    53:43:70:c6:90:57:f4:a5:e0:76:cf:59:a4:1f:58:
                    ee:79:57:7b:ec:05:c2:d0:d9:e6:29:16:ff:4c:f6:
                    5f:5c:64:c1:0c:5f:31:51:93:6e:a7:3b:c9:5d:b5:
                    04:3d:75:11:b5:c0:07:7c:6d:17:e2:5b:b2:7e:5a:
                    e6:1b:aa:5b:97:cb:1d:91:4e:55:8e:84:42:c8:9c:
                    12:a3:d4:12:7a:fc:28:2b:08:1d:fb:d8:e2:49:57:
                    54:a9:59:23:38:43:09:b1:b2:0c:3d:b6:7f:68:6c:
                    c6:8e:c6:78:f8:34:2d:81:05:17:28:75:af:fb:0b:
                    5a:f6:98:ce:a1:ae:d2:41:4b:5b:d3:68:b8:b6:8e:
                    9a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:52:D3:81:5C:22:F9:3E:2D:38:0E:B0:39:2E:2A:00:DD:85:2F:13
            X509v3 Authority Key Identifier:
                keyid:95:5F:CF:92:79:8A:9D:BB:30:AB:D2:B9:FA:29:BF:A8:80:42:20:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lV_PknmKnbswq9K5-im_qIBCIPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/hFLTgVwi-T4tOA6wOS4qAN2FLxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/df140a-0ac3-4105-b83a-051886d0ed4e/1/lV_PknmKnbswq9K5-im_qIBCIPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:16:8f:6e:73:27:f9:a5:ce:d9:7f:2f:de:62:09:14:2a:60:
         2a:ea:02:b9:b9:e6:d6:51:22:dd:51:6b:2c:8e:0a:5d:47:cb:
         db:58:82:91:70:e9:b5:f7:ed:90:01:40:d0:5b:3f:26:ce:e2:
         27:1b:13:6f:20:19:d7:02:32:83:f7:1d:b8:30:e3:5e:14:33:
         08:8c:52:18:9f:3b:82:d0:5d:05:63:b4:5b:2c:cb:83:fb:a4:
         c0:e3:e5:21:9d:d5:6e:2a:62:a1:8c:b4:a5:94:83:12:ec:5b:
         78:11:be:db:97:f8:c5:2c:25:82:c8:85:d6:3d:34:0c:c1:45:
         35:5c:06:9a:83:52:72:37:a6:09:3b:30:ca:bf:1c:ab:27:7e:
         ec:60:0f:e6:61:ee:1f:48:90:f5:97:8c:44:bf:02:7e:28:33:
         73:33:d7:6e:39:9b:4b:49:dd:1b:2a:a0:f4:ce:15:66:98:dc:
         8c:f8:3e:06:20:68:48:fe:4f:f6:64:2d:07:0c:f5:ef:19:0f:
         e1:ae:6f:12:ee:2d:aa:4e:ba:56:99:69:98:33:0b:9a:c9:f3:
         40:1b:69:0f:11:de:ae:7b:f2:d9:1e:ae:4d:88:1a:76:21:08:
         dd:06:43:ba:be:3e:02:90:8f:45:87:30:72:d7:3f:a1:b2:ba:
         ee:d3:2a:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljuB1s8JRJO7XZNOfF93MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NWZjZjkyNzk4YTlkYmIzMGFiZDJiOWZhMjliZmE4ODA0
MjIwZjMwHhcNMjUwMTAyMDU0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDUyZDM4MTVjMjJmOTNlMmQzODBlYjAzOTJlMmEwMGRkODUyZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8d9Ynz7a9QjHSMUg2M9fs0K2vTw9
7F3OgJz7pGGumEQcImkyM3fkzuZnTklH8PZOuKSmH1tOYbbSyGV8dvGJ43aE+WKc
WaiRenkXOzdmpyKteaCxgLZ1Vc4g+oioKxIbAO9JYWrVfNK6s558fhkzppNBo2en
1qBTQ3DGkFf0peB2z1mkH1jueVd77AXC0NnmKRb/TPZfXGTBDF8xUZNupzvJXbUE
PXURtcAHfG0X4luyflrmG6pbl8sdkU5VjoRCyJwSo9QSevwoKwgd+9jiSVdUqVkj
OEMJsbIMPbZ/aGzGjsZ4+DQtgQUXKHWv+wta9pjOoa7SQUtb02i4to6agwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRS04FcIvk+LTgOsDkuKgDdhS8TMB8GA1UdIwQY
MBaAFJVfz5J5ip27MKvSufopv6iAQiDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFZfUGtubUtuYnN3cTlLNS1pbV9xSUJDSVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9kZjE0MGEtMGFjMy00MTA1LWI4M2Et
MDUxODg2ZDBlZDRlLzEvaEZMVGdWd2ktVDR0T0E2d09TNHFBTjJGTHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9kZjE0MGEtMGFjMy00MTA1LWI4M2EtMDUxODg2ZDBlZDRl
LzEvbFZfUGtubUtuYnN3cTlLNS1pbV9xSUJDSVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmnGMA0G
CSqGSIb3DQEBCwUAA4IBAQBxFo9ucyf5pc7Zfy/eYgkUKmAq6gK5uebWUSLdUWss
jgpdR8vbWIKRcOm19+2QAUDQWz8mzuInGxNvIBnXAjKD9x24MONeFDMIjFIYnzuC
0F0FY7RbLMuD+6TA4+UhndVuKmKhjLSllIMS7Ft4Eb7bl/jFLCWCyIXWPTQMwUU1
XAaag1JyN6YJOzDKvxyrJ37sYA/mYe4fSJD1l4xEvwJ+KDNzM9duOZtLSd0bKqD0
zhVmmNyM+D4GIGhI/k/2ZC0HDPXvGQ/hrm8S7i2qTrpWmWmYMwuayfNAG2kPEd6u
e/LZHq5NiBp2IQjdBkO6vj4CkI9FhzBy1z+hsrru0yr1
-----END CERTIFICATE-----