Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/JsHUF9nO0Ubmx66NjwjSoa2db5s.roa
File:                     JsHUF9nO0Ubmx66NjwjSoa2db5s.roa (raw, json)
Hash identifier:          5Bntxxf/DOq1AqaoIFJIGiKuLbRTvnWBZ2d4WFO6pPY=
Subject key identifier:   26:C1:D4:17:D9:CE:D1:46:E6:C7:AE:8D:8F:08:D2:A1:AD:9D:6F:9B
Certificate issuer:       /CN=b79220a805e4378547e43bac731ce86fe01145c7
Certificate serial:       0194236A0775FE0DF53C81C2067B37E3E7FA
Authority key identifier: B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/JsHUF9nO0Ubmx66NjwjSoa2db5s.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6707
IP address blocks:        185.92.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:07:75:fe:0d:f5:3c:81:c2:06:7b:37:e3:e7:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79220a805e4378547e43bac731ce86fe01145c7
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26c1d417d9ced146e6c7ae8d8f08d2a1ad9d6f9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4b:a7:39:42:e8:3c:28:13:58:2f:c4:92:2a:
                    84:16:3a:03:37:b4:ff:67:e1:4d:f9:6a:53:9f:0c:
                    42:f8:62:1e:dd:2b:b2:fe:90:f0:15:c4:a7:c4:59:
                    f8:ac:6e:53:54:11:cf:7e:62:53:03:79:e4:56:42:
                    69:a9:f5:c2:7d:0d:89:c1:92:98:f4:d4:19:b1:23:
                    69:7c:b4:43:f1:66:84:54:4c:22:e3:e5:3a:12:18:
                    3f:f4:ee:86:01:67:da:c9:86:e6:a6:10:6e:49:0b:
                    70:54:cb:c4:ff:7b:e6:6a:02:1f:0c:13:dd:85:00:
                    4a:3c:3c:80:59:86:22:5c:a7:25:2b:62:55:9f:de:
                    f9:95:33:7d:c8:52:b2:fc:b0:40:d0:ad:8b:16:b0:
                    9d:3e:f3:ba:6f:12:d8:c2:44:bf:d9:c4:64:36:01:
                    b8:85:21:83:22:5f:b7:0b:ea:0b:ee:f5:15:25:a7:
                    ed:8d:21:d1:7a:56:70:3c:3f:91:17:ad:f5:58:a0:
                    41:c6:4b:8e:6d:6c:95:7d:74:80:7c:c8:22:38:6c:
                    11:ac:30:6f:a5:8b:08:15:73:66:c6:2d:45:30:6f:
                    51:2a:9f:91:8d:9b:a9:c3:30:ea:0d:71:da:22:41:
                    dd:14:af:29:e5:33:9a:27:14:88:d1:f7:61:1f:59:
                    97:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C1:D4:17:D9:CE:D1:46:E6:C7:AE:8D:8F:08:D2:A1:AD:9D:6F:9B
            X509v3 Authority Key Identifier:
                keyid:B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/JsHUF9nO0Ubmx66NjwjSoa2db5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:f5:29:0e:65:7d:cf:cd:4f:ee:72:29:1d:fe:ae:95:2f:6f:
         f2:70:e8:8b:54:4d:3c:4c:5c:7c:b2:45:49:7f:92:da:cc:02:
         86:8d:52:02:20:94:24:55:3a:78:57:3e:34:1c:b6:cf:b5:a2:
         10:35:a6:47:57:ce:39:11:e9:ef:b2:8c:ae:e6:24:d3:69:6e:
         d1:45:3f:d8:b0:13:e4:45:b4:37:2f:e4:d8:75:43:06:2a:1e:
         f7:ed:3a:d5:e4:18:ea:62:1f:ee:39:bd:f2:ae:0e:cb:bd:ed:
         84:ef:fa:cf:f3:ef:fa:b1:e1:be:d6:b0:f0:4e:30:b5:6a:62:
         d1:52:70:08:a2:8b:b6:f9:8b:68:73:21:6c:1a:36:ea:ab:e5:
         c9:0e:eb:9b:d9:b4:72:24:c4:e5:88:80:ef:3d:29:ca:f1:f2:
         fd:b3:5e:c5:fc:f9:a2:84:aa:6d:dd:5b:bd:16:2d:91:e3:90:
         33:1c:5c:89:38:81:0f:b7:66:10:6a:e1:08:70:a7:b3:67:23:
         e7:0b:4e:40:e1:e9:54:07:61:ff:49:2c:bd:3a:20:50:d8:fe:
         a2:e7:f9:ea:ae:d7:01:d2:33:e2:7a:5f:92:1a:70:3e:ab:64:
         33:62:6f:47:aa:f0:8e:5d:6c:d0:0b:be:6f:41:fa:2f:b2:fb:
         46:1f:92:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagd1/g31PIHCBns34+f6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTIyMGE4MDVlNDM3ODU0N2U0M2JhYzczMWNlODZmZTAx
MTQ1YzcwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmMxZDQxN2Q5Y2VkMTQ2ZTZjN2FlOGQ4ZjA4ZDJhMWFkOWQ2ZjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EunOULoPCgTWC/EkiqEFjoDN7T/
Z+FN+WpTnwxC+GIe3Suy/pDwFcSnxFn4rG5TVBHPfmJTA3nkVkJpqfXCfQ2JwZKY
9NQZsSNpfLRD8WaEVEwi4+U6Ehg/9O6GAWfayYbmphBuSQtwVMvE/3vmagIfDBPd
hQBKPDyAWYYiXKclK2JVn975lTN9yFKy/LBA0K2LFrCdPvO6bxLYwkS/2cRkNgG4
hSGDIl+3C+oL7vUVJaftjSHRelZwPD+RF631WKBBxkuObWyVfXSAfMgiOGwRrDBv
pYsIFXNmxi1FMG9RKp+RjZupwzDqDXHaIkHdFK8p5TOaJxSI0fdhH1mXewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbB1BfZztFG5seujY8I0qGtnW+bMB8GA1UdIwQY
MBaAFLeSIKgF5DeFR+Q7rHMc6G/gEUXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDkt
NDIzYWZjMmI2OGI4LzEvSnNIVUY5bk8wVWJteDY2Tmp3alNvYTJkYjVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDktNDIzYWZjMmI2OGI4
LzEvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVzVMA0G
CSqGSIb3DQEBCwUAA4IBAQBj9SkOZX3PzU/ucikd/q6VL2/ycOiLVE08TFx8skVJ
f5LazAKGjVICIJQkVTp4Vz40HLbPtaIQNaZHV845Eenvsoyu5iTTaW7RRT/YsBPk
RbQ3L+TYdUMGKh737TrV5BjqYh/uOb3yrg7Lve2E7/rP8+/6seG+1rDwTjC1amLR
UnAIoou2+YtocyFsGjbqq+XJDuub2bRyJMTliIDvPSnK8fL9s17F/PmihKpt3Vu9
Fi2R45AzHFyJOIEPt2YQauEIcKezZyPnC05A4elUB2H/SSy9OiBQ2P6i5/nqrtcB
0jPiel+SGnA+q2QzYm9HqvCOXWzQC75vQfovsvtGH5Lp
-----END CERTIFICATE-----