Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/hnM5W0U-Qj_uQRhaO3TbcAuM76o.roa
File:                     hnM5W0U-Qj_uQRhaO3TbcAuM76o.roa (raw, json)
Hash identifier:          4rFXrF5OPsxPLyOZLu+yOTZUft5NKdXEPlgvLrZwpqk=
Subject key identifier:   86:73:39:5B:45:3E:42:3F:EE:41:18:5A:3B:74:DB:70:0B:8C:EF:AA
Certificate issuer:       /CN=90f64b12108d9b366779afbacf482f79f8c0e31a
Certificate serial:       0194548555733C7771B0073A77EF738AFE54
Authority key identifier: 90:F6:4B:12:10:8D:9B:36:67:79:AF:BA:CF:48:2F:79:F8:C0:E3:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPZLEhCNmzZnea-6z0gvefjA4xo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/hnM5W0U-Qj_uQRhaO3TbcAuM76o.roa
Signing time:             Sat 11 Jan 2025 08:40:11 +0000
ROA not before:           Sat 11 Jan 2025 08:40:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29242
IP address blocks:        185.102.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/kPZLEhCNmzZnea-6z0gvefjA4xo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/kPZLEhCNmzZnea-6z0gvefjA4xo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPZLEhCNmzZnea-6z0gvefjA4xo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:54:85:55:73:3c:77:71:b0:07:3a:77:ef:73:8a:fe:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f64b12108d9b366779afbacf482f79f8c0e31a
        Validity
            Not Before: Jan 11 08:40:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8673395b453e423fee41185a3b74db700b8cefaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:eb:67:15:9a:72:7c:f9:9f:2b:6e:54:db:06:
                    28:68:c0:a3:72:b8:3b:6f:92:2f:c3:9b:25:98:0f:
                    41:b4:cf:75:60:59:32:69:86:68:cd:64:4b:c9:72:
                    20:4d:2f:2d:35:79:8f:4a:fd:6a:c5:c4:65:9f:78:
                    e0:8b:e6:e6:97:38:8c:ff:e9:05:4f:8b:f1:c6:47:
                    69:8a:12:62:5e:2d:c6:ea:1b:b3:53:0a:1b:ad:bf:
                    d6:ae:35:d5:fd:79:8f:78:d2:a9:b6:00:85:ac:81:
                    79:42:a2:40:ae:49:48:dc:d6:af:0f:32:cd:92:49:
                    68:5d:a4:b3:5e:f5:65:aa:c3:5c:12:f2:b0:3f:36:
                    3e:f2:4e:39:f5:fa:b0:f3:d7:87:68:6c:c8:f7:c5:
                    1b:82:7a:54:13:a3:0c:89:23:fe:05:49:59:98:e4:
                    d4:36:34:99:a8:90:9a:f2:be:1c:18:7e:a4:b8:df:
                    2f:da:b6:cc:3c:7c:76:81:ac:68:80:13:40:71:1f:
                    1b:76:76:9d:ba:75:17:3f:e2:22:ee:b1:2b:12:3a:
                    1a:c8:54:e5:65:56:ff:4f:be:1b:75:9a:6e:a5:66:
                    72:e0:01:2f:32:fe:1d:1c:a9:2f:c5:64:16:52:f4:
                    71:2c:af:ca:f4:54:d0:8f:9d:3a:c4:7f:f1:40:02:
                    aa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:73:39:5B:45:3E:42:3F:EE:41:18:5A:3B:74:DB:70:0B:8C:EF:AA
            X509v3 Authority Key Identifier:
                keyid:90:F6:4B:12:10:8D:9B:36:67:79:AF:BA:CF:48:2F:79:F8:C0:E3:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPZLEhCNmzZnea-6z0gvefjA4xo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/hnM5W0U-Qj_uQRhaO3TbcAuM76o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f19f62-cade-42c9-a757-1dcb0bc7a96a/1/kPZLEhCNmzZnea-6z0gvefjA4xo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:39:97:96:57:02:68:b2:30:ad:37:41:97:c1:ed:5c:c1:de:
         9d:0d:0b:04:6c:cc:ac:ab:92:54:9e:06:a1:d0:2f:94:71:95:
         cf:93:a1:c7:26:4a:2c:f7:1b:92:02:77:40:a4:a9:b0:cc:98:
         c3:30:32:b4:c5:fb:80:f1:1a:9b:22:13:27:7e:6d:49:a0:5c:
         6c:0c:d1:c4:e6:0f:93:3c:d7:d0:9b:43:0b:b1:05:b1:74:97:
         80:43:4a:9c:55:f3:72:8a:49:ee:0a:1b:2f:8e:90:a7:5c:c7:
         8d:c7:b5:04:84:c8:e6:78:56:02:6d:a9:5e:9d:24:84:0b:43:
         bd:3c:67:f9:9b:cd:ad:0f:4d:4c:2b:e9:0b:7a:76:4d:f5:8f:
         02:93:d4:63:10:34:75:82:88:d8:18:88:04:e5:54:75:88:a0:
         f1:1e:1e:a6:64:32:6b:ea:6e:13:70:f7:e4:aa:6a:04:16:d5:
         5c:c9:a1:7c:b1:8d:81:9b:02:8b:4f:f9:45:ed:f0:77:0c:8b:
         37:dc:be:86:9d:b7:95:75:28:8e:51:62:87:fe:05:d9:5e:55:
         59:1f:45:cc:e9:56:6b:30:ea:7c:71:21:4e:7b:01:1b:e1:0e:
         b6:a5:8f:f7:de:62:23:33:76:ce:85:83:a5:54:16:4d:e5:ad:
         63:2b:19:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRUhVVzPHdxsAc6d+9ziv5UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjY0YjEyMTA4ZDliMzY2Nzc5YWZiYWNmNDgyZjc5Zjhj
MGUzMWEwHhcNMjUwMTExMDg0MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjczMzk1YjQ1M2U0MjNmZWU0MTE4NWEzYjc0ZGI3MDBiOGNlZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApetnFZpyfPmfK25U2wYoaMCjcrg7
b5Ivw5slmA9BtM91YFkyaYZozWRLyXIgTS8tNXmPSv1qxcRln3jgi+bmlziM/+kF
T4vxxkdpihJiXi3G6huzUwobrb/WrjXV/XmPeNKptgCFrIF5QqJArklI3NavDzLN
kkloXaSzXvVlqsNcEvKwPzY+8k459fqw89eHaGzI98UbgnpUE6MMiSP+BUlZmOTU
NjSZqJCa8r4cGH6kuN8v2rbMPHx2gaxogBNAcR8bdnadunUXP+Ii7rErEjoayFTl
ZVb/T74bdZpupWZy4AEvMv4dHKkvxWQWUvRxLK/K9FTQj506xH/xQAKq2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZzOVtFPkI/7kEYWjt023ALjO+qMB8GA1UdIwQY
MBaAFJD2SxIQjZs2Z3mvus9IL3n4wOMaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BaTEVoQ05telpuZWEtNnowZ3ZlZmpBNHhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mMTlmNjItY2FkZS00MmM5LWE3NTct
MWRjYjBiYzdhOTZhLzEvaG5NNVcwVS1Ral91UVJoYU8zVGJjQXVNNzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mMTlmNjItY2FkZS00MmM5LWE3NTctMWRjYjBiYzdhOTZh
LzEva1BaTEVoQ05telpuZWEtNnowZ3ZlZmpBNHhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWakMA0G
CSqGSIb3DQEBCwUAA4IBAQBFOZeWVwJosjCtN0GXwe1cwd6dDQsEbMysq5JUngah
0C+UcZXPk6HHJkos9xuSAndApKmwzJjDMDK0xfuA8RqbIhMnfm1JoFxsDNHE5g+T
PNfQm0MLsQWxdJeAQ0qcVfNyiknuChsvjpCnXMeNx7UEhMjmeFYCbalenSSEC0O9
PGf5m82tD01MK+kLenZN9Y8Ck9RjEDR1gojYGIgE5VR1iKDxHh6mZDJr6m4TcPfk
qmoEFtVcyaF8sY2BmwKLT/lF7fB3DIs33L6GnbeVdSiOUWKH/gXZXlVZH0XM6VZr
MOp8cSFOewEb4Q62pY/33mIjM3bOhYOlVBZN5a1jKxnU
-----END CERTIFICATE-----