Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5e6ac6-edef-495e-b6a2-9cf040574765/1/he_LtNesHB3yhhLeem_GRg_44MQ.roa
File:                     he_LtNesHB3yhhLeem_GRg_44MQ.roa (raw, json)
Hash identifier:          evnQ8oB4iSjxmSj6Kbjo2AeseAHFfPXeoG38g6RTNyE=
Subject key identifier:   85:EF:CB:B4:D7:AC:1C:1D:F2:86:12:DE:7A:6F:C6:46:0F:F8:E0:C4
Certificate issuer:       /CN=6fc5c473f9b7b01e9c2485c46bf569cce0816f02
Certificate serial:       0194221FD2066CD60F18AE8D73612E9E1FD2
Authority key identifier: 6F:C5:C4:73:F9:B7:B0:1E:9C:24:85:C4:6B:F5:69:CC:E0:81:6F:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8XEc_m3sB6cJIXEa_VpzOCBbwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5e6ac6-edef-495e-b6a2-9cf040574765/1/he_LtNesHB3yhhLeem_GRg_44MQ.roa
Signing time:             Wed 01 Jan 2025 13:48:18 +0000
ROA not before:           Wed 01 Jan 2025 13:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29056
IP address blocks:        194.110.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5e6ac6-edef-495e-b6a2-9cf040574765/1/b8XEc_m3sB6cJIXEa_VpzOCBbwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5e6ac6-edef-495e-b6a2-9cf040574765/1/b8XEc_m3sB6cJIXEa_VpzOCBbwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8XEc_m3sB6cJIXEa_VpzOCBbwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d2:06:6c:d6:0f:18:ae:8d:73:61:2e:9e:1f:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc5c473f9b7b01e9c2485c46bf569cce0816f02
        Validity
            Not Before: Jan  1 13:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85efcbb4d7ac1c1df28612de7a6fc6460ff8e0c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b2:3e:a2:c1:77:f0:a9:76:2e:cd:f5:df:ab:
                    54:62:ba:5a:b8:df:a3:32:b6:97:a1:59:31:7f:4a:
                    c8:c5:26:84:3d:bf:36:4b:ab:f0:65:e6:31:ca:1c:
                    36:74:0a:b2:5d:b4:b9:91:6c:4a:78:f1:64:79:d6:
                    d1:be:db:6f:86:e4:d2:2b:8a:a7:b6:61:61:2d:04:
                    bc:23:aa:c2:d4:f0:a7:b7:d5:57:ab:d6:cb:95:ad:
                    4f:24:a4:95:61:82:da:e9:aa:e9:84:74:20:4a:64:
                    b7:32:f5:fd:94:23:e0:0d:a3:1e:d8:e3:25:8f:6e:
                    64:e6:f3:c1:df:e9:62:ac:01:4b:56:15:81:a9:39:
                    5c:e7:a7:52:b7:07:09:31:9b:e5:8a:96:5a:4e:71:
                    9c:dc:5a:7f:50:b6:d2:ad:ce:8f:c1:c7:b1:3c:7e:
                    6e:20:c0:06:00:3c:84:19:56:c7:28:61:1f:9a:66:
                    2b:11:e8:92:ae:ea:83:2d:74:8e:b5:ec:6a:e6:f3:
                    6e:56:64:7e:70:da:c3:b5:8e:be:3b:de:06:e0:fe:
                    f4:94:96:cd:39:04:7b:bd:1c:00:4e:22:17:36:ce:
                    a6:17:da:71:59:16:d6:62:99:c8:4b:8b:73:ba:53:
                    c1:3c:b0:59:df:55:8f:a4:b4:be:b3:74:f7:01:80:
                    99:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:EF:CB:B4:D7:AC:1C:1D:F2:86:12:DE:7A:6F:C6:46:0F:F8:E0:C4
            X509v3 Authority Key Identifier:
                keyid:6F:C5:C4:73:F9:B7:B0:1E:9C:24:85:C4:6B:F5:69:CC:E0:81:6F:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8XEc_m3sB6cJIXEa_VpzOCBbwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5e6ac6-edef-495e-b6a2-9cf040574765/1/he_LtNesHB3yhhLeem_GRg_44MQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5e6ac6-edef-495e-b6a2-9cf040574765/1/b8XEc_m3sB6cJIXEa_VpzOCBbwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d9:78:aa:cf:45:fe:a0:6e:65:b6:b2:9e:a3:f3:70:ea:6b:
         92:41:67:37:11:ca:52:85:e1:82:cf:c9:5b:b0:36:a5:a4:c8:
         d9:20:f8:85:07:33:2d:5c:c7:f8:cf:6c:b5:e8:aa:7a:2a:f9:
         79:b3:6d:d4:18:47:da:a7:95:f0:96:24:5c:46:4f:47:17:32:
         1d:36:21:48:f5:0e:b3:8b:18:af:73:af:0a:e4:99:8a:81:e1:
         48:86:08:93:fb:cb:26:68:6c:17:b5:29:6b:1e:15:8d:73:d5:
         64:7a:26:45:81:ac:66:b5:3a:29:a9:7a:38:97:63:d3:68:e7:
         37:0f:cc:67:4e:08:61:50:96:8b:df:fe:ac:04:bb:57:6c:67:
         89:40:7a:a1:bb:91:d9:22:ff:7a:fb:43:bd:e6:d5:0f:16:4e:
         e6:49:63:89:c0:2f:2e:78:9f:ed:7f:2c:56:d9:39:75:b7:2c:
         0a:64:b3:86:24:72:f4:66:98:7d:3a:47:b6:e4:65:5e:85:b9:
         7c:87:8c:50:3d:dc:3e:70:cc:de:b6:a9:45:5b:d7:e2:82:53:
         11:81:7c:da:e1:8f:ce:6f:19:39:04:8f:32:e5:28:cb:b3:16:
         79:52:cd:e8:15:4b:7c:93:2d:99:98:ef:1c:95:36:bd:82:37:
         3d:b9:c3:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9IGbNYPGK6Nc2Eunh/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzVjNDczZjliN2IwMWU5YzI0ODVjNDZiZjU2OWNjZTA4
MTZmMDIwHhcNMjUwMTAxMTM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWVmY2JiNGQ3YWMxYzFkZjI4NjEyZGU3YTZmYzY0NjBmZjhlMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbI+osF38Kl2Ls3136tUYrpauN+j
MraXoVkxf0rIxSaEPb82S6vwZeYxyhw2dAqyXbS5kWxKePFkedbRvttvhuTSK4qn
tmFhLQS8I6rC1PCnt9VXq9bLla1PJKSVYYLa6arphHQgSmS3MvX9lCPgDaMe2OMl
j25k5vPB3+lirAFLVhWBqTlc56dStwcJMZvlipZaTnGc3Fp/ULbSrc6PwcexPH5u
IMAGADyEGVbHKGEfmmYrEeiSruqDLXSOtexq5vNuVmR+cNrDtY6+O94G4P70lJbN
OQR7vRwATiIXNs6mF9pxWRbWYpnIS4tzulPBPLBZ31WPpLS+s3T3AYCZIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXvy7TXrBwd8oYS3npvxkYP+ODEMB8GA1UdIwQY
MBaAFG/FxHP5t7AenCSFxGv1aczggW8CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhYRWNfbTNzQjZjSklYRWFfVnB6T0NCYndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZTZhYzYtZWRlZi00OTVlLWI2YTIt
OWNmMDQwNTc0NzY1LzEvaGVfTHROZXNIQjN5aGhMZWVtX0dSZ180NE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZTZhYzYtZWRlZi00OTVlLWI2YTItOWNmMDQwNTc0NzY1
LzEvYjhYRWNfbTNzQjZjSklYRWFfVnB6T0NCYndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm5OMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ2Xiqz0X+oG5ltrKeo/Nw6muSQWc3EcpSheGCz8lb
sDalpMjZIPiFBzMtXMf4z2y16Kp6Kvl5s23UGEfap5XwliRcRk9HFzIdNiFI9Q6z
ixivc68K5JmKgeFIhgiT+8smaGwXtSlrHhWNc9VkeiZFgaxmtTopqXo4l2PTaOc3
D8xnTghhUJaL3/6sBLtXbGeJQHqhu5HZIv96+0O95tUPFk7mSWOJwC8ueJ/tfyxW
2Tl1tywKZLOGJHL0Zph9Oke25GVehbl8h4xQPdw+cMzetqlFW9figlMRgXza4Y/O
bxk5BI8y5SjLsxZ5Us3oFUt8ky2ZmO8clTa9gjc9ucOx
-----END CERTIFICATE-----