Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/HUPj7t99Vik7tXOzGNeTWYKboaE.roa
File:                     HUPj7t99Vik7tXOzGNeTWYKboaE.roa (raw, json)
Hash identifier:          eK2aWky1Rv0YN39wuq/IIPctqDaziXaujwaNtYnTwmM=
Subject key identifier:   1D:43:E3:EE:DF:7D:56:29:3B:B5:73:B3:18:D7:93:59:82:9B:A1:A1
Certificate issuer:       /CN=3781babac6925271b179817515e06e6a10acf6b4
Certificate serial:       01942748224585F2F1F1F8514A114DB27104
Authority key identifier: 37:81:BA:BA:C6:92:52:71:B1:79:81:75:15:E0:6E:6A:10:AC:F6:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4G6usaSUnGxeYF1FeBuahCs9rQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/HUPj7t99Vik7tXOzGNeTWYKboaE.roa
Signing time:             Thu 02 Jan 2025 13:50:26 +0000
ROA not before:           Thu 02 Jan 2025 13:50:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204538
IP address blocks:        185.245.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/N4G6usaSUnGxeYF1FeBuahCs9rQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/N4G6usaSUnGxeYF1FeBuahCs9rQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4G6usaSUnGxeYF1FeBuahCs9rQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:22:45:85:f2:f1:f1:f8:51:4a:11:4d:b2:71:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3781babac6925271b179817515e06e6a10acf6b4
        Validity
            Not Before: Jan  2 13:50:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d43e3eedf7d56293bb573b318d79359829ba1a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d4:be:90:9b:0f:5c:89:0d:11:7b:53:f0:10:
                    81:03:57:cf:3c:43:34:db:7e:5e:2b:b3:c4:d4:76:
                    02:c2:90:9b:4b:2f:e7:ae:ef:46:f4:34:9a:58:09:
                    99:ca:95:f8:26:f9:a9:ca:28:6a:6e:93:50:29:bc:
                    70:38:33:80:97:de:29:6d:d4:db:8a:19:6c:d7:ca:
                    04:99:62:50:f5:7b:17:2b:bd:2d:21:09:54:5f:b4:
                    a9:86:95:90:d4:83:a7:b0:e6:a0:9c:4e:cf:05:1b:
                    16:9c:ef:7f:a2:66:8e:db:81:fa:73:96:53:dd:0f:
                    02:f5:fd:e7:5d:08:72:ea:0f:8d:f5:d4:94:89:1d:
                    b2:12:c7:61:14:4b:04:c4:15:3e:39:07:8f:79:c3:
                    6f:4f:87:22:c2:47:44:35:ee:49:81:e1:96:be:63:
                    f0:ee:a9:77:91:50:69:d9:05:4a:da:98:ab:bd:8f:
                    17:36:13:b7:4a:a9:4d:cb:f0:94:ff:90:e6:89:cd:
                    46:f6:29:d9:03:74:24:2d:f9:2b:23:8a:02:56:17:
                    0d:ff:58:83:66:87:b9:2d:8f:39:a7:ae:1e:c0:71:
                    cd:0c:e6:39:83:f8:30:2a:bb:9d:38:22:a3:e3:60:
                    70:c8:a6:10:29:14:fc:78:55:c8:eb:7c:50:fc:e9:
                    77:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:43:E3:EE:DF:7D:56:29:3B:B5:73:B3:18:D7:93:59:82:9B:A1:A1
            X509v3 Authority Key Identifier:
                keyid:37:81:BA:BA:C6:92:52:71:B1:79:81:75:15:E0:6E:6A:10:AC:F6:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4G6usaSUnGxeYF1FeBuahCs9rQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/HUPj7t99Vik7tXOzGNeTWYKboaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/N4G6usaSUnGxeYF1FeBuahCs9rQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:95:a2:3c:2d:30:a7:5f:cb:20:88:05:b1:e7:6f:5a:ec:0b:
         94:99:d9:3e:4d:92:09:52:ed:6e:0a:e7:47:47:c6:af:69:a9:
         14:82:5f:4d:05:55:06:57:05:72:7a:2f:86:ba:99:68:48:2a:
         15:bd:80:d0:66:53:56:11:29:93:65:d5:95:48:cb:ff:02:c7:
         dd:13:51:82:55:46:2b:d8:2f:8e:63:d8:ad:60:4f:0f:dd:16:
         54:72:57:66:d1:7e:a2:56:2f:d5:b9:a2:65:7b:d4:06:37:f0:
         a9:cc:46:98:2f:d5:94:d0:15:ef:17:83:a6:b7:cc:50:8e:a8:
         ca:0e:7c:ff:d2:c4:fb:ac:af:a2:76:f9:9a:11:6b:5b:72:e8:
         86:eb:52:4b:52:83:76:75:1f:85:86:b2:7a:9e:7e:1a:f6:18:
         78:37:b5:5e:ac:c9:e9:63:9d:b3:9c:6c:a6:9c:39:b5:34:55:
         b4:2e:10:10:9d:ca:8f:0e:0a:e7:cf:d2:39:ab:7b:11:6d:32:
         30:7d:c9:a9:6e:5b:7b:4d:92:0b:3a:a2:24:11:e0:e8:22:c7:
         8f:b4:a2:f9:97:be:6e:10:1e:57:d0:91:aa:4c:70:35:61:41:
         9f:7f:1f:e9:49:06:f8:82:13:ef:ee:bd:47:5a:d5:d3:4b:50:
         d1:db:9a:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSCJFhfLx8fhRShFNsnEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ODFiYWJhYzY5MjUyNzFiMTc5ODE3NTE1ZTA2ZTZhMTBh
Y2Y2YjQwHhcNMjUwMTAyMTM1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDQzZTNlZWRmN2Q1NjI5M2JiNTczYjMxOGQ3OTM1OTgyOWJhMWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19S+kJsPXIkNEXtT8BCBA1fPPEM0
235eK7PE1HYCwpCbSy/nru9G9DSaWAmZypX4JvmpyihqbpNQKbxwODOAl94pbdTb
ihls18oEmWJQ9XsXK70tIQlUX7SphpWQ1IOnsOagnE7PBRsWnO9/omaO24H6c5ZT
3Q8C9f3nXQhy6g+N9dSUiR2yEsdhFEsExBU+OQePecNvT4ciwkdENe5JgeGWvmPw
7ql3kVBp2QVK2pirvY8XNhO3SqlNy/CU/5Dmic1G9inZA3QkLfkrI4oCVhcN/1iD
Zoe5LY85p64ewHHNDOY5g/gwKrudOCKj42BwyKYQKRT8eFXI63xQ/Ol3tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1D4+7ffVYpO7VzsxjXk1mCm6GhMB8GA1UdIwQY
MBaAFDeBurrGklJxsXmBdRXgbmoQrPa0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRHNnVzYVNVbkd4ZVlGMUZlQnVhaENzOXJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS84ZjgzYzItM2JiMy00ZDQ3LTgwMzEt
ZGU1NzFiODk2MThkLzEvSFVQajd0OTlWaWs3dFhPekdOZVRXWUtib2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS84ZjgzYzItM2JiMy00ZDQ3LTgwMzEtZGU1NzFiODk2MThk
LzEvTjRHNnVzYVNVbkd4ZVlGMUZlQnVhaENzOXJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufXMMA0G
CSqGSIb3DQEBCwUAA4IBAQANlaI8LTCnX8sgiAWx529a7AuUmdk+TZIJUu1uCudH
R8avaakUgl9NBVUGVwVyei+GuploSCoVvYDQZlNWESmTZdWVSMv/AsfdE1GCVUYr
2C+OY9itYE8P3RZUcldm0X6iVi/VuaJle9QGN/CpzEaYL9WU0BXvF4Omt8xQjqjK
Dnz/0sT7rK+idvmaEWtbcuiG61JLUoN2dR+FhrJ6nn4a9hh4N7VerMnpY52znGym
nDm1NFW0LhAQncqPDgrnz9I5q3sRbTIwfcmpblt7TZILOqIkEeDoIsePtKL5l75u
EB5X0JGqTHA1YUGffx/pSQb4ghPv7r1HWtXTS1DR25pS
-----END CERTIFICATE-----