Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/hn2vtXI_FxI2fK5snrvER2liYkI.roa
File:                     hn2vtXI_FxI2fK5snrvER2liYkI.roa (raw, json)
Hash identifier:          h1TFBwFQDb6c/MRMsjXSVpwRX890l+6Op+4syOnaFGY=
Subject key identifier:   86:7D:AF:B5:72:3F:17:12:36:7C:AE:6C:9E:BB:C4:47:69:62:62:42
Certificate issuer:       /CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
Certificate serial:       01942067DF0D07465F47AD0D0E4E1A323157
Authority key identifier: E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/hn2vtXI_FxI2fK5snrvER2liYkI.roa
Signing time:             Wed 01 Jan 2025 05:47:45 +0000
ROA not before:           Wed 01 Jan 2025 05:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48314
IP address blocks:        185.237.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:df:0d:07:46:5f:47:ad:0d:0e:4e:1a:32:31:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1856c3082ab2fc8dd1b359a7b3991368538b4d0
        Validity
            Not Before: Jan  1 05:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=867dafb5723f1712367cae6c9ebbc44769626242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6a:fb:df:37:21:e8:2e:04:1c:9f:8f:62:8c:
                    63:18:29:53:96:3b:58:05:50:f1:a3:2a:5d:69:e7:
                    d3:52:17:e9:99:e5:77:11:04:01:62:ce:d9:05:b5:
                    1f:d0:42:1a:85:33:ee:71:dc:ed:7b:8d:21:04:e7:
                    c6:75:25:93:24:da:22:64:69:7e:6d:5a:96:0e:af:
                    03:cf:2b:50:a5:8c:a0:78:a8:a8:21:dc:44:3b:a0:
                    87:9d:f6:f7:39:45:30:9c:bc:c4:cf:90:ce:9b:4f:
                    7a:d2:68:df:a1:4f:e0:3a:3f:6e:4f:e1:a4:9b:e5:
                    0c:2d:06:1b:f5:36:64:cc:d1:a6:c2:95:59:45:bb:
                    ab:bf:8f:b9:6e:4e:45:cb:07:74:e5:e0:2a:38:7f:
                    e5:16:3e:dc:54:9d:f3:12:c7:d3:91:45:c7:3a:61:
                    64:f8:92:ae:68:4e:21:45:61:f2:92:c8:e6:19:0e:
                    c7:eb:ea:d4:fb:97:71:f3:01:7d:a5:bc:48:c6:67:
                    e0:74:0d:0c:52:c9:b5:02:65:d0:be:0c:c1:30:bb:
                    b9:24:d8:dd:3b:3f:45:9f:df:4c:60:96:c5:1b:7e:
                    8c:9b:e3:d7:27:d0:92:af:51:61:e3:64:0e:ac:dc:
                    15:98:d3:fa:74:3b:6a:10:d5:7a:86:4c:a9:f1:6d:
                    ec:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:7D:AF:B5:72:3F:17:12:36:7C:AE:6C:9E:BB:C4:47:69:62:62:42
            X509v3 Authority Key Identifier:
                keyid:E1:85:6C:30:82:AB:2F:C8:DD:1B:35:9A:7B:39:91:36:85:38:B4:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4YVsMIKrL8jdGzWaezmRNoU4tNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/hn2vtXI_FxI2fK5snrvER2liYkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/564bd0-7b52-44dd-b56b-8eaa6bf40357/1/4YVsMIKrL8jdGzWaezmRNoU4tNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:30:99:51:de:df:68:80:84:73:35:5e:d5:0a:0c:d1:fa:5b:
         e7:26:4e:8d:81:cb:08:03:3c:c3:4f:e1:56:15:15:1c:df:c9:
         77:c5:21:22:da:b6:af:d6:7f:93:f4:e3:af:8a:1a:d3:1d:c2:
         6f:f1:df:84:a6:bf:ce:63:43:e6:fd:8e:d8:e2:ad:0e:8e:4a:
         10:e6:15:8f:fa:26:46:43:7b:8c:87:69:86:89:99:dd:e4:e9:
         75:e9:10:69:54:0c:00:46:33:06:1d:11:8e:a4:d6:1f:fb:73:
         3b:04:5a:26:94:11:9f:2e:57:a5:9b:d2:91:ed:82:92:55:7d:
         67:3c:58:c8:52:dc:0a:06:cb:47:0b:29:d0:ae:f6:23:11:30:
         9b:74:e3:41:f8:f3:a1:c2:a5:bd:74:0f:80:1d:8b:3d:68:2a:
         ac:2a:e5:1f:e8:37:96:e1:f8:df:b1:7f:64:b2:cc:2f:94:3e:
         ac:f3:9e:74:f5:13:b4:ad:be:db:4a:eb:a2:db:90:be:a7:f0:
         39:ab:9a:ed:e6:e0:9a:17:52:b0:2b:11:4b:bd:df:68:76:4e:
         bd:7b:2f:9f:59:b6:af:2a:ae:06:80:45:8a:78:69:b2:5f:9d:
         91:df:05:b3:85:a8:67:eb:d3:f0:d0:b6:6e:5c:a8:a5:35:d6:
         53:50:10:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ98NB0ZfR60NDk4aMjFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxODU2YzMwODJhYjJmYzhkZDFiMzU5YTdiMzk5MTM2ODUz
OGI0ZDAwHhcNMjUwMTAxMDU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjdkYWZiNTcyM2YxNzEyMzY3Y2FlNmM5ZWJiYzQ0NzY5NjI2MjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGr73zch6C4EHJ+PYoxjGClTljtY
BVDxoypdaefTUhfpmeV3EQQBYs7ZBbUf0EIahTPucdzte40hBOfGdSWTJNoiZGl+
bVqWDq8DzytQpYygeKioIdxEO6CHnfb3OUUwnLzEz5DOm0960mjfoU/gOj9uT+Gk
m+UMLQYb9TZkzNGmwpVZRburv4+5bk5Fywd05eAqOH/lFj7cVJ3zEsfTkUXHOmFk
+JKuaE4hRWHyksjmGQ7H6+rU+5dx8wF9pbxIxmfgdA0MUsm1AmXQvgzBMLu5JNjd
Oz9Fn99MYJbFG36Mm+PXJ9CSr1Fh42QOrNwVmNP6dDtqENV6hkyp8W3sqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ9r7VyPxcSNnyubJ67xEdpYmJCMB8GA1UdIwQY
MBaAFOGFbDCCqy/I3Rs1mns5kTaFOLTQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmIt
OGVhYTZiZjQwMzU3LzEvaG4ydnRYSV9GeEkyZks1c25ydkVSMmxpWWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC81NjRiZDAtN2I1Mi00NGRkLWI1NmItOGVhYTZiZjQwMzU3
LzEvNFlWc01JS3JMOGpkR3pXYWV6bVJOb1U0dE5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue1eMA0G
CSqGSIb3DQEBCwUAA4IBAQBdMJlR3t9ogIRzNV7VCgzR+lvnJk6NgcsIAzzDT+FW
FRUc38l3xSEi2rav1n+T9OOvihrTHcJv8d+Epr/OY0Pm/Y7Y4q0OjkoQ5hWP+iZG
Q3uMh2mGiZnd5Ol16RBpVAwARjMGHRGOpNYf+3M7BFomlBGfLlelm9KR7YKSVX1n
PFjIUtwKBstHCynQrvYjETCbdONB+POhwqW9dA+AHYs9aCqsKuUf6DeW4fjfsX9k
sswvlD6s85509RO0rb7bSuui25C+p/A5q5rt5uCaF1KwKxFLvd9odk69ey+fWbav
Kq4GgEWKeGmyX52R3wWzhahn69Pw0LZuXKilNdZTUBDJ
-----END CERTIFICATE-----