Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/HgA_tKLG5N3ASR5gcHl20EupVRE.roa
File:                     HgA_tKLG5N3ASR5gcHl20EupVRE.roa (raw, json)
Hash identifier:          DRYtmqvkH/s26hespCVF8HpGzgqR1cL88tvUFROmz9s=
Subject key identifier:   1E:00:3F:B4:A2:C6:E4:DD:C0:49:1E:60:70:79:76:D0:4B:A9:55:11
Certificate issuer:       /CN=752b0d72bf0743bf2cdc78ba1f53e9a988f9af1e
Certificate serial:       019427487E1A566EFD04A27F0FA87375130A
Authority key identifier: 75:2B:0D:72:BF:07:43:BF:2C:DC:78:BA:1F:53:E9:A9:88:F9:AF:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/HgA_tKLG5N3ASR5gcHl20EupVRE.roa
Signing time:             Thu 02 Jan 2025 13:50:49 +0000
ROA not before:           Thu 02 Jan 2025 13:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205913
IP address blocks:        185.202.76.0/24 maxlen: 24
                          185.202.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7e:1a:56:6e:fd:04:a2:7f:0f:a8:73:75:13:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=752b0d72bf0743bf2cdc78ba1f53e9a988f9af1e
        Validity
            Not Before: Jan  2 13:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e003fb4a2c6e4ddc0491e60707976d04ba95511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:63:f6:57:d9:de:37:d9:0d:b6:a2:93:7a:02:
                    ac:45:77:7f:39:c1:7e:44:13:19:8f:6e:4f:17:65:
                    fe:c5:58:fc:5c:c5:0e:4f:92:f5:a4:a7:15:09:05:
                    50:c0:f1:ae:3a:05:70:52:0c:c9:e5:b9:ac:25:4f:
                    c7:91:60:03:ec:b7:e0:40:5b:5c:ab:16:56:37:ae:
                    5f:69:ec:9c:51:13:7c:1e:7c:eb:7b:71:d9:1a:e4:
                    0c:b1:1d:b1:27:fa:4b:02:32:d5:35:6c:1b:3b:51:
                    fd:0a:7f:4b:14:e3:72:c7:2f:02:c0:1c:e2:4b:61:
                    da:ce:1b:18:c0:14:14:62:66:9e:ed:7a:6e:ba:d9:
                    35:5e:1f:79:95:26:26:a2:11:2e:9f:f0:4c:69:ce:
                    6d:d2:80:74:6b:ac:9f:ea:16:23:d9:02:ec:5c:7d:
                    f3:e5:63:80:ac:93:31:cc:0b:b1:1c:40:92:40:f3:
                    a6:bb:68:b0:33:9c:79:fc:9d:af:7e:b9:47:05:2f:
                    d0:19:9a:e8:48:90:f9:94:b4:f6:86:a2:6a:ab:25:
                    31:78:c9:98:86:85:30:a5:29:bd:43:80:22:86:5e:
                    9c:ee:64:ee:5d:18:4d:34:a6:8e:5f:fc:bc:be:a1:
                    65:ee:62:79:5e:73:5a:6a:c5:9e:fc:ca:56:af:b9:
                    e2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:00:3F:B4:A2:C6:E4:DD:C0:49:1E:60:70:79:76:D0:4B:A9:55:11
            X509v3 Authority Key Identifier:
                keyid:75:2B:0D:72:BF:07:43:BF:2C:DC:78:BA:1F:53:E9:A9:88:F9:AF:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/HgA_tKLG5N3ASR5gcHl20EupVRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/3aba7e-1d50-472f-8db7-6912192134e9/1/dSsNcr8HQ78s3Hi6H1PpqYj5rx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.202.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:bc:ed:1d:a9:aa:c9:c2:6c:bc:f8:46:49:b4:0b:ac:4d:97:
         1f:3a:dd:ad:ba:48:a2:73:ef:74:6a:ec:fa:0d:56:9d:ca:8b:
         46:2b:d1:19:8f:38:f7:3a:f8:15:7b:c3:da:01:b4:31:a5:56:
         fb:af:e6:8f:a6:cb:e9:29:81:48:d9:97:60:67:6d:ff:21:4f:
         01:d7:74:81:df:b5:bb:d5:77:00:cf:75:ba:ea:52:bf:d4:db:
         35:c6:e7:54:17:e8:71:8d:47:1d:9f:24:c8:d6:f6:3c:b4:11:
         8a:cd:37:4d:6b:0f:03:bd:4a:89:43:e5:b2:7c:70:ad:23:35:
         2e:4d:0d:57:6a:7d:3c:77:e6:14:e8:13:e9:c0:b3:b8:ad:f1:
         36:60:25:5b:32:cb:51:35:06:6c:3c:3c:ba:95:11:b7:fb:ec:
         02:9c:97:72:7c:60:5e:13:97:ec:9c:8c:7b:b8:0d:2c:f7:cb:
         75:9a:77:f8:3f:b3:2b:42:a9:5f:ba:7f:54:a4:71:72:58:b9:
         30:38:0c:a1:e2:57:bc:88:51:88:d5:52:f5:e4:00:fb:ac:29:
         72:f8:4e:9e:7f:9f:d3:c7:3d:b5:2f:76:2d:9b:1f:35:f9:28:
         18:3a:3a:df:db:92:c9:da:35:e1:9d:2a:b7:70:2b:f7:01:0b:
         19:6f:ee:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSH4aVm79BKJ/D6hzdRMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MmIwZDcyYmYwNzQzYmYyY2RjNzhiYTFmNTNlOWE5ODhm
OWFmMWUwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAwM2ZiNGEyYzZlNGRkYzA0OTFlNjA3MDc5NzZkMDRiYTk1NTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGP2V9neN9kNtqKTegKsRXd/OcF+
RBMZj25PF2X+xVj8XMUOT5L1pKcVCQVQwPGuOgVwUgzJ5bmsJU/HkWAD7LfgQFtc
qxZWN65faeycURN8Hnzre3HZGuQMsR2xJ/pLAjLVNWwbO1H9Cn9LFONyxy8CwBzi
S2HazhsYwBQUYmae7Xpuutk1Xh95lSYmohEun/BMac5t0oB0a6yf6hYj2QLsXH3z
5WOArJMxzAuxHECSQPOmu2iwM5x5/J2vfrlHBS/QGZroSJD5lLT2hqJqqyUxeMmY
hoUwpSm9Q4Aihl6c7mTuXRhNNKaOX/y8vqFl7mJ5XnNaasWe/MpWr7nigwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4AP7SixuTdwEkeYHB5dtBLqVURMB8GA1UdIwQY
MBaAFHUrDXK/B0O/LNx4uh9T6amI+a8eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFNzTmNyOEhRNzhzM0hpNkgxUHBxWWo1cng0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zYWJhN2UtMWQ1MC00NzJmLThkYjct
NjkxMjE5MjEzNGU5LzEvSGdBX3RLTEc1TjNBU1I1Z2NIbDIwRXVwVlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zYWJhN2UtMWQ1MC00NzJmLThkYjctNjkxMjE5MjEzNGU5
LzEvZFNzTmNyOEhRNzhzM0hpNkgxUHBxWWo1cng0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucpMMA0G
CSqGSIb3DQEBCwUAA4IBAQC0vO0dqarJwmy8+EZJtAusTZcfOt2tukiic+90auz6
DVadyotGK9EZjzj3OvgVe8PaAbQxpVb7r+aPpsvpKYFI2ZdgZ23/IU8B13SB37W7
1XcAz3W66lK/1Ns1xudUF+hxjUcdnyTI1vY8tBGKzTdNaw8DvUqJQ+WyfHCtIzUu
TQ1Xan08d+YU6BPpwLO4rfE2YCVbMstRNQZsPDy6lRG3++wCnJdyfGBeE5fsnIx7
uA0s98t1mnf4P7MrQqlfun9UpHFyWLkwOAyh4le8iFGI1VL15AD7rCly+E6ef5/T
xz21L3Ytmx81+SgYOjrf25LJ2jXhnSq3cCv3AQsZb+6D
-----END CERTIFICATE-----