Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/hGfJtXirv_T6lir1KXCyNzVXM7c.roa
File:                     hGfJtXirv_T6lir1KXCyNzVXM7c.roa (raw, json)
Hash identifier:          /luhB0eZkPviHFm9uxrYVp34Y+VHr9iED+Nm9m69zEQ=
Subject key identifier:   84:67:C9:B5:78:AB:BF:F4:FA:96:2A:F5:29:70:B2:37:35:57:33:B7
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       019731FA034531343F47578B23FC93FC42BC
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/hGfJtXirv_T6lir1KXCyNzVXM7c.roa
Signing time:             Mon 02 Jun 2025 18:49:17 +0000
ROA not before:           Mon 02 Jun 2025 18:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209604
IP address blocks:        185.23.237.0/24 maxlen: 24
                          185.23.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:31:fa:03:45:31:34:3f:47:57:8b:23:fc:93:fc:42:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jun  2 18:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8467c9b578abbff4fa962af52970b237355733b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9d:8c:2d:44:10:47:40:34:df:48:81:e5:e5:
                    c9:c0:19:c1:77:d5:8b:1b:c3:6f:45:98:a7:1a:6e:
                    2e:79:96:2c:20:8d:26:3d:2f:71:f6:e9:05:2b:ec:
                    bb:15:6a:c1:0a:e7:76:bf:7b:a5:b8:f8:63:f4:d8:
                    90:eb:d1:48:1d:f9:67:6a:e4:41:3c:2c:9c:a9:a3:
                    1a:af:01:dc:5c:63:6a:09:88:5d:de:6b:08:5d:5a:
                    88:09:bb:f7:46:27:9c:61:fe:fd:08:15:d3:40:7e:
                    10:5e:d9:8c:95:fb:98:7f:66:85:7f:4d:08:4a:95:
                    b0:61:73:a3:32:81:37:d8:30:85:5e:2f:6d:be:ad:
                    64:33:bb:fa:a1:f8:a7:d1:7d:ca:85:8e:ee:04:4e:
                    26:02:bb:04:b6:63:06:20:bb:37:00:b1:4a:16:64:
                    c7:e7:15:34:ff:8d:b5:78:0a:3c:f2:2a:d9:5d:07:
                    9d:de:85:ac:17:9b:a8:89:5e:8f:57:66:30:fe:9a:
                    04:d3:74:aa:78:b5:d1:50:0f:9f:b6:94:77:f2:7c:
                    79:31:ef:44:99:f9:3e:1b:11:08:e5:b8:6c:48:cc:
                    cd:6d:ea:31:08:79:c2:b2:66:fa:35:5f:e8:d5:55:
                    fa:08:8e:dc:fa:98:67:f1:bf:8e:5f:4e:cc:b4:c6:
                    1f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:67:C9:B5:78:AB:BF:F4:FA:96:2A:F5:29:70:B2:37:35:57:33:B7
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/hGfJtXirv_T6lir1KXCyNzVXM7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.237.0/24
                  185.23.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:dc:66:0d:a3:bf:08:da:b7:99:85:3c:db:4c:c9:38:8e:fe:
         56:19:a7:27:0a:3d:85:2f:77:54:1d:80:12:a4:32:6e:5f:8b:
         31:63:4c:2d:8c:57:79:f3:c8:5b:92:ff:04:1f:45:91:88:cd:
         52:fe:93:6c:e9:b8:f4:d6:4c:72:4d:5a:aa:6b:d4:1f:d8:69:
         19:31:09:2a:98:39:f8:aa:34:a6:08:44:28:87:cc:4e:e3:ef:
         5e:8c:1f:53:4c:cd:14:36:a2:a5:fd:c0:f1:43:46:47:34:f8:
         6f:32:25:d9:f2:2b:a6:c1:91:de:96:89:26:e3:79:47:bb:65:
         29:fd:73:d6:b2:61:a6:b7:b8:5b:8c:3c:d8:6e:e5:a6:36:4a:
         66:8b:25:c2:fd:15:56:2e:31:29:2e:1d:d7:a0:fc:e7:36:ac:
         cc:93:1c:6f:6e:bb:e0:95:99:4f:4f:7b:0c:84:3f:68:51:ee:
         2d:40:72:a0:c9:cc:80:5d:ce:b5:b8:eb:77:2b:7e:52:78:12:
         5f:4a:eb:29:92:8b:d3:d6:c5:91:f8:af:53:65:7c:72:9d:2f:
         5e:44:6c:9b:65:36:4a:07:80:f8:04:ab:61:f4:47:08:05:ac:
         73:93:33:a9:dc:b3:89:5a:0f:f4:16:74:85:8b:75:6a:c2:9d:
         61:4d:20:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcx+gNFMTQ/R1eLI/yT/EK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwNjAyMTg0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDY3YzliNTc4YWJiZmY0ZmE5NjJhZjUyOTcwYjIzNzM1NTczM2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmp2MLUQQR0A030iB5eXJwBnBd9WL
G8NvRZinGm4ueZYsII0mPS9x9ukFK+y7FWrBCud2v3uluPhj9NiQ69FIHflnauRB
PCycqaMarwHcXGNqCYhd3msIXVqICbv3RiecYf79CBXTQH4QXtmMlfuYf2aFf00I
SpWwYXOjMoE32DCFXi9tvq1kM7v6ofin0X3KhY7uBE4mArsEtmMGILs3ALFKFmTH
5xU0/421eAo88irZXQed3oWsF5uoiV6PV2Yw/poE03SqeLXRUA+ftpR38nx5Me9E
mfk+GxEI5bhsSMzNbeoxCHnCsmb6NV/o1VX6CI7c+phn8b+OX07MtMYfAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIRnybV4q7/0+pYq9Slwsjc1VzO3MB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvaEdmSnRYaXJ2X1Q2bGlyMUtYQ3lOelZYTTdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRftAwQA
uRfvMA0GCSqGSIb3DQEBCwUAA4IBAQCb3GYNo78I2reZhTzbTMk4jv5WGacnCj2F
L3dUHYASpDJuX4sxY0wtjFd588hbkv8EH0WRiM1S/pNs6bj01kxyTVqqa9Qf2GkZ
MQkqmDn4qjSmCEQoh8xO4+9ejB9TTM0UNqKl/cDxQ0ZHNPhvMiXZ8iumwZHelokm
43lHu2Up/XPWsmGmt7hbjDzYbuWmNkpmiyXC/RVWLjEpLh3XoPznNqzMkxxvbrvg
lZlPT3sMhD9oUe4tQHKgycyAXc61uOt3K35SeBJfSuspkovT1sWR+K9TZXxynS9e
RGybZTZKB4D4BKth9EcIBaxzkzOp3LOJWg/0FnSFi3Vqwp1hTSCB
-----END CERTIFICATE-----