Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/hRSmm6516V7O9m-dgRCN1dXhmM0.roa
File:                     hRSmm6516V7O9m-dgRCN1dXhmM0.roa (raw, json)
Hash identifier:          s+JGSz7mfrWnjIH/FpqXmM7l8VH4pyNnAOb8PA/Xeww=
Subject key identifier:   85:14:A6:9B:AE:75:E9:5E:CE:F6:6F:9D:81:10:8D:D5:D5:E1:98:CD
Certificate issuer:       /CN=1cbd5746e300091ded1a11a13b16807b4fd0f1fc
Certificate serial:       0194266BB988430142617F0672720435669A
Authority key identifier: 1C:BD:57:46:E3:00:09:1D:ED:1A:11:A1:3B:16:80:7B:4F:D0:F1:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/hRSmm6516V7O9m-dgRCN1dXhmM0.roa
Signing time:             Thu 02 Jan 2025 09:49:41 +0000
ROA not before:           Thu 02 Jan 2025 09:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200132
IP address blocks:        195.95.177.0/24 maxlen: 24
                          2001:67c:dec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/HL1XRuMACR3tGhGhOxaAe0_Q8fw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/HL1XRuMACR3tGhGhOxaAe0_Q8fw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b9:88:43:01:42:61:7f:06:72:72:04:35:66:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cbd5746e300091ded1a11a13b16807b4fd0f1fc
        Validity
            Not Before: Jan  2 09:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8514a69bae75e95ecef66f9d81108dd5d5e198cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:89:74:c9:7e:e1:82:7e:2a:4a:51:a3:6a:53:
                    fa:30:8f:74:3e:be:95:12:31:b8:e4:50:e4:96:60:
                    2d:08:8e:ec:70:f9:7c:a1:5b:74:85:ca:5d:83:a0:
                    61:e4:8d:7e:5c:c1:e6:a2:df:ef:d6:ef:8d:e7:c0:
                    32:c9:d3:4f:8e:8f:84:9a:d0:6d:5a:2e:b0:50:85:
                    2f:6d:a8:6a:e6:5c:d0:50:32:28:2e:f3:61:2f:28:
                    c2:5d:9e:6f:37:53:63:e4:80:a6:90:85:2f:37:dc:
                    f9:6f:2c:e5:05:bd:24:08:27:a7:f4:5b:cf:bf:dc:
                    ba:bc:e4:ff:0e:5e:09:2f:17:c7:de:98:e5:a0:cd:
                    40:23:5f:93:6b:c3:9e:2f:33:81:17:fd:43:a4:7b:
                    07:42:da:f4:a9:4a:b7:9e:27:38:cb:0c:b9:d0:c0:
                    71:e0:bf:ed:ef:3e:27:80:e0:c5:a5:de:4a:be:f6:
                    47:99:f5:d2:d5:a3:92:f3:07:87:13:c6:e8:8b:e0:
                    cc:8f:23:9b:f3:c9:6c:a2:e5:9f:6d:1b:0c:0c:31:
                    d5:b3:b8:69:28:10:bb:2c:d9:3c:4c:c0:33:d7:7b:
                    cd:bf:d3:27:c7:ec:00:b8:c3:0d:21:8f:70:87:b0:
                    4f:10:42:8b:31:fb:e5:54:92:7f:d0:30:bf:aa:7d:
                    37:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:14:A6:9B:AE:75:E9:5E:CE:F6:6F:9D:81:10:8D:D5:D5:E1:98:CD
            X509v3 Authority Key Identifier:
                keyid:1C:BD:57:46:E3:00:09:1D:ED:1A:11:A1:3B:16:80:7B:4F:D0:F1:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/hRSmm6516V7O9m-dgRCN1dXhmM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/HL1XRuMACR3tGhGhOxaAe0_Q8fw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.177.0/24
                IPv6:
                  2001:67c:dec::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:d8:e6:0d:8e:af:57:31:1d:9a:4b:60:b8:6b:96:e3:70:a9:
         62:6d:53:7c:bf:66:3b:43:a7:49:bf:62:f4:79:fe:5d:b0:69:
         0d:3d:8a:ba:c8:3c:64:a7:dd:d3:8c:17:7c:e0:9f:de:4b:f0:
         2e:cc:f6:4a:e0:9e:1c:d5:a7:65:55:6b:91:2f:5e:ea:81:ee:
         f5:6f:29:7b:1c:b6:b0:7d:51:86:8c:1e:91:4c:81:3f:0c:57:
         55:3e:8e:f4:78:5a:4f:be:17:5c:22:5f:1e:83:5d:04:68:dc:
         60:cd:3d:34:7e:26:0f:52:f0:cd:28:13:e7:8a:0f:5c:98:08:
         de:4f:dd:3e:71:7c:15:e6:e7:f5:5b:75:a3:0c:cc:4b:8b:4a:
         17:94:03:4c:59:e3:33:16:92:1b:33:c9:b1:6e:cc:19:a1:04:
         04:bb:15:84:c5:a8:09:68:8e:bf:c4:6b:a2:02:ca:56:55:8a:
         25:dd:06:d1:79:03:91:c3:a0:67:84:99:77:b3:28:2f:a4:9a:
         8f:98:03:79:9a:df:cd:d1:a0:55:49:98:5f:49:7f:79:ef:5a:
         1e:e9:0b:77:11:a8:01:ee:3d:af:9d:85:9a:44:52:b4:c3:76:
         be:73:a5:65:5a:14:e6:bb:5f:89:b4:6a:8f:01:95:08:5d:36:
         fa:ff:fb:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQma7mIQwFCYX8GcnIENWaaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYmQ1NzQ2ZTMwMDA5MWRlZDFhMTFhMTNiMTY4MDdiNGZk
MGYxZmMwHhcNMjUwMTAyMDk0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTE0YTY5YmFlNzVlOTVlY2VmNjZmOWQ4MTEwOGRkNWQ1ZTE5OGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4l0yX7hgn4qSlGjalP6MI90Pr6V
EjG45FDklmAtCI7scPl8oVt0hcpdg6Bh5I1+XMHmot/v1u+N58AyydNPjo+EmtBt
Wi6wUIUvbahq5lzQUDIoLvNhLyjCXZ5vN1Nj5ICmkIUvN9z5byzlBb0kCCen9FvP
v9y6vOT/Dl4JLxfH3pjloM1AI1+Ta8OeLzOBF/1DpHsHQtr0qUq3nic4ywy50MBx
4L/t7z4ngODFpd5KvvZHmfXS1aOS8weHE8boi+DMjyOb88lsouWfbRsMDDHVs7hp
KBC7LNk8TMAz13vNv9Mnx+wAuMMNIY9wh7BPEEKLMfvlVJJ/0DC/qn03+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIUUppuudelezvZvnYEQjdXV4ZjNMB8GA1UdIwQY
MBaAFBy9V0bjAAkd7RoRoTsWgHtP0PH8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEwxWFJ1TUFDUjN0R2hHaE94YUFlMF9ROGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lMzA4NmMtZDcyZi00MWVhLTk0NDQt
YmRlYTYzZTVhN2M0LzEvaFJTbW02NTE2VjdPOW0tZGdSQ04xZFhobU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lMzA4NmMtZDcyZi00MWVhLTk0NDQtYmRlYTYzZTVhN2M0
LzEvSEwxWFJ1TUFDUjN0R2hHaE94YUFlMF9ROGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw1+xMA8E
AgACMAkDBwAgAQZ8DewwDQYJKoZIhvcNAQELBQADggEBALDY5g2Or1cxHZpLYLhr
luNwqWJtU3y/ZjtDp0m/YvR5/l2waQ09irrIPGSn3dOMF3zgn95L8C7M9krgnhzV
p2VVa5EvXuqB7vVvKXsctrB9UYaMHpFMgT8MV1U+jvR4Wk++F1wiXx6DXQRo3GDN
PTR+Jg9S8M0oE+eKD1yYCN5P3T5xfBXm5/VbdaMMzEuLSheUA0xZ4zMWkhszybFu
zBmhBAS7FYTFqAlojr/Ea6ICylZViiXdBtF5A5HDoGeEmXezKC+kmo+YA3ma383R
oFVJmF9Jf3nvWh7pC3cRqAHuPa+dhZpEUrTDdr5zpWVaFOa7X4m0ao8BlQhdNvr/
+8o=
-----END CERTIFICATE-----