Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/hyarknq8b7RuIBM-YBqseStGpbs.roa
File:                     hyarknq8b7RuIBM-YBqseStGpbs.roa (raw, json)
Hash identifier:          Q8UycgtcBXykUE11/kKCtnDO8tk0NFq+ACIXZD0W+5A=
Subject key identifier:   87:26:AB:92:7A:BC:6F:B4:6E:20:13:3E:60:1A:AC:79:2B:46:A5:BB
Certificate issuer:       /CN=74b4cd3edf521df8ec0a151111272d3fb91b99c3
Certificate serial:       0195914BA95DAF1DFEA42C119AFE2EAD7565
Authority key identifier: 74:B4:CD:3E:DF:52:1D:F8:EC:0A:15:11:11:27:2D:3F:B9:1B:99:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dLTNPt9SHfjsChURESctP7kbmcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/hyarknq8b7RuIBM-YBqseStGpbs.roa
Signing time:             Thu 13 Mar 2025 20:56:49 +0000
ROA not before:           Thu 13 Mar 2025 20:56:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211703
IP address blocks:        45.144.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/dLTNPt9SHfjsChURESctP7kbmcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/dLTNPt9SHfjsChURESctP7kbmcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dLTNPt9SHfjsChURESctP7kbmcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:91:4b:a9:5d:af:1d:fe:a4:2c:11:9a:fe:2e:ad:75:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b4cd3edf521df8ec0a151111272d3fb91b99c3
        Validity
            Not Before: Mar 13 20:56:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8726ab927abc6fb46e20133e601aac792b46a5bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a9:7f:84:fd:e1:ed:27:f7:36:9e:7e:96:bc:
                    b7:f6:fa:30:3f:71:de:19:56:db:fe:a4:fe:0c:82:
                    d2:8b:05:cc:4d:30:ac:3a:c4:7e:11:f9:d6:55:df:
                    99:95:90:f7:66:9c:e1:ae:41:e4:65:01:af:a3:74:
                    24:55:7f:16:78:a7:5a:91:06:e6:a8:2b:c1:ec:3f:
                    26:5c:d9:f0:69:2e:ef:ea:80:f6:fa:b0:2a:20:67:
                    86:54:e4:bf:8d:99:74:42:80:d9:c7:09:54:d5:06:
                    d5:7d:c1:fb:ae:51:18:12:a1:b3:5d:18:da:b3:80:
                    2a:98:6b:a0:72:c2:98:9f:95:85:ba:eb:0f:0a:9e:
                    8d:3f:72:2d:06:d9:94:80:24:6a:b1:d0:fe:56:3b:
                    09:0c:ee:40:59:94:1c:3e:6f:4d:cc:63:8d:39:5f:
                    c5:3e:7c:56:d4:4a:79:a9:ce:e8:65:aa:e6:c5:9d:
                    35:94:e1:bf:c9:be:79:4a:de:8b:08:90:dd:76:99:
                    a1:30:26:f0:31:8d:6e:53:a1:b0:45:12:8f:4a:62:
                    1a:82:72:3e:ff:b5:a4:cd:67:28:4e:b4:95:ca:96:
                    67:98:55:f7:38:3d:87:7e:65:c2:bc:92:7b:5d:b6:
                    f8:f9:cc:e4:d2:5c:53:e1:95:71:82:13:0d:a3:8c:
                    92:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:26:AB:92:7A:BC:6F:B4:6E:20:13:3E:60:1A:AC:79:2B:46:A5:BB
            X509v3 Authority Key Identifier:
                keyid:74:B4:CD:3E:DF:52:1D:F8:EC:0A:15:11:11:27:2D:3F:B9:1B:99:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dLTNPt9SHfjsChURESctP7kbmcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/hyarknq8b7RuIBM-YBqseStGpbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/9e47e9-3281-4d17-a6bc-e2a7fb848318/1/dLTNPt9SHfjsChURESctP7kbmcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:bd:5e:e5:33:83:c1:31:50:bd:6c:be:54:6e:cd:67:f1:04:
         7a:1a:dc:ef:d1:57:e8:02:e7:08:25:ef:2b:fc:d9:90:a0:19:
         d7:be:51:ce:48:fe:c0:e4:9f:eb:da:55:1f:14:69:1b:79:ef:
         40:23:85:df:89:f9:67:13:27:e2:1d:d9:d4:a8:81:25:ba:ce:
         a4:62:16:9f:d9:12:e8:97:73:a1:e6:7c:bc:8b:c8:b4:ba:c8:
         13:d6:1e:79:e5:80:8b:a5:12:1f:f5:e8:91:66:d5:8d:90:5c:
         df:fe:09:88:a4:f0:65:17:0e:1b:cb:f7:98:10:5d:12:37:28:
         b5:0e:5c:c3:87:bb:e8:0f:a2:66:c6:d0:ca:2d:cc:b5:56:6d:
         97:1a:50:85:98:f4:c1:30:98:d1:72:f5:0d:7b:8d:d2:51:9e:
         07:26:09:df:fe:0d:a1:e4:8c:f0:51:79:b0:c3:06:e5:64:67:
         77:80:d9:5c:62:4c:9b:4d:1d:24:70:29:13:51:21:83:bb:ad:
         a8:2e:23:2c:a4:ac:f5:b8:d6:dd:71:e3:82:82:7b:5e:6c:d2:
         6f:f1:43:69:93:66:61:2e:66:33:3f:84:f4:13:92:5a:54:01:
         84:63:77:1f:66:43:b2:65:24:90:bb:00:7e:f4:ad:3e:d3:5f:
         6d:ca:d8:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWRS6ldrx3+pCwRmv4urXVlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YjRjZDNlZGY1MjFkZjhlYzBhMTUxMTExMjcyZDNmYjkx
Yjk5YzMwHhcNMjUwMzEzMjA1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI2YWI5MjdhYmM2ZmI0NmUyMDEzM2U2MDFhYWM3OTJiNDZhNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKl/hP3h7Sf3Np5+lry39vowP3He
GVbb/qT+DILSiwXMTTCsOsR+EfnWVd+ZlZD3ZpzhrkHkZQGvo3QkVX8WeKdakQbm
qCvB7D8mXNnwaS7v6oD2+rAqIGeGVOS/jZl0QoDZxwlU1QbVfcH7rlEYEqGzXRja
s4AqmGugcsKYn5WFuusPCp6NP3ItBtmUgCRqsdD+VjsJDO5AWZQcPm9NzGONOV/F
PnxW1Ep5qc7oZarmxZ01lOG/yb55St6LCJDddpmhMCbwMY1uU6GwRRKPSmIagnI+
/7WkzWcoTrSVypZnmFX3OD2HfmXCvJJ7Xbb4+czk0lxT4ZVxghMNo4yS3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcmq5J6vG+0biATPmAarHkrRqW7MB8GA1UdIwQY
MBaAFHS0zT7fUh347AoVEREnLT+5G5nDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZExUTlB0OVNIZmpzQ2hVUkVTY3RQN2tibWNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85ZTQ3ZTktMzI4MS00ZDE3LWE2YmMt
ZTJhN2ZiODQ4MzE4LzEvaHlhcmtucThiN1J1SUJNLVlCcXNlU3RHcGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85ZTQ3ZTktMzI4MS00ZDE3LWE2YmMtZTJhN2ZiODQ4MzE4
LzEvZExUTlB0OVNIZmpzQ2hVUkVTY3RQN2tibWNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZASMA0G
CSqGSIb3DQEBCwUAA4IBAQCtvV7lM4PBMVC9bL5Ubs1n8QR6Gtzv0VfoAucIJe8r
/NmQoBnXvlHOSP7A5J/r2lUfFGkbee9AI4XfiflnEyfiHdnUqIElus6kYhaf2RLo
l3Oh5ny8i8i0usgT1h555YCLpRIf9eiRZtWNkFzf/gmIpPBlFw4by/eYEF0SNyi1
DlzDh7voD6JmxtDKLcy1Vm2XGlCFmPTBMJjRcvUNe43SUZ4HJgnf/g2h5IzwUXmw
wwblZGd3gNlcYkybTR0kcCkTUSGDu62oLiMspKz1uNbdceOCgntebNJv8UNpk2Zh
LmYzP4T0E5JaVAGEY3cfZkOyZSSQuwB+9K0+019tytjC
-----END CERTIFICATE-----