Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/a36a22-4955-4090-97d6-3c34a8c28ca1/1/hkjDx-2GOhGp7IPuQmrLBkkB_0U.roa
File:                     hkjDx-2GOhGp7IPuQmrLBkkB_0U.roa (raw, json)
Hash identifier:          4gfS7chtfvvAEHSEdJQzQiuhcE63Qr3QGw7uAtNLDMo=
Subject key identifier:   86:48:C3:C7:ED:86:3A:11:A9:EC:83:EE:42:6A:CB:06:49:01:FF:45
Certificate issuer:       /CN=83d829263b3c5f63968037f9e863fd0fd01e7869
Certificate serial:       01941FFAB875BB56AA252F933864238AA848
Authority key identifier: 83:D8:29:26:3B:3C:5F:63:96:80:37:F9:E8:63:FD:0F:D0:1E:78:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g9gpJjs8X2OWgDf56GP9D9AeeGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/a36a22-4955-4090-97d6-3c34a8c28ca1/1/hkjDx-2GOhGp7IPuQmrLBkkB_0U.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13274
IP address blocks:        185.210.158.0/24 maxlen: 24
                          195.42.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/a36a22-4955-4090-97d6-3c34a8c28ca1/1/g9gpJjs8X2OWgDf56GP9D9AeeGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/a36a22-4955-4090-97d6-3c34a8c28ca1/1/g9gpJjs8X2OWgDf56GP9D9AeeGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g9gpJjs8X2OWgDf56GP9D9AeeGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b8:75:bb:56:aa:25:2f:93:38:64:23:8a:a8:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83d829263b3c5f63968037f9e863fd0fd01e7869
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8648c3c7ed863a11a9ec83ee426acb064901ff45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f4:9d:1d:79:91:4d:46:c7:5f:78:13:1b:48:
                    91:da:b1:34:c3:ee:f9:7a:db:be:95:2b:ae:7b:e8:
                    19:6e:d1:ea:14:99:17:b7:b1:85:b8:0d:30:74:8f:
                    67:02:b7:41:13:bc:22:30:e4:b2:b0:c9:c9:58:36:
                    28:fb:ed:87:32:38:23:c2:55:b8:f7:ac:a4:e7:51:
                    29:83:3f:96:2f:9f:21:c7:54:95:f6:b6:68:02:e5:
                    82:11:6a:38:0e:93:58:14:38:4d:11:a3:3d:e6:d8:
                    e6:12:00:5b:b9:7f:74:e8:60:ff:1f:7e:79:5c:52:
                    dd:5f:eb:12:89:92:b1:06:0c:7e:fe:9c:67:da:a7:
                    9e:c2:44:a3:90:9a:92:50:08:6b:01:bd:5c:08:98:
                    31:ec:bd:2b:1f:52:2c:56:4c:58:c9:93:61:b3:ba:
                    cd:26:07:3a:bd:5f:74:b5:6c:51:60:b2:6b:7a:08:
                    06:0e:da:1e:34:c9:24:ba:c7:a1:ab:8b:07:d9:43:
                    75:f5:60:bb:42:28:92:3b:6b:0c:74:d1:fa:58:ad:
                    c4:4a:05:0c:a5:9f:1e:13:07:88:ec:f1:83:71:8d:
                    a5:a5:5f:fa:13:75:4d:e8:f0:6e:5c:c9:53:8f:f5:
                    79:0d:c6:c3:7e:f1:9f:b1:14:73:20:51:47:3c:e8:
                    d6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:48:C3:C7:ED:86:3A:11:A9:EC:83:EE:42:6A:CB:06:49:01:FF:45
            X509v3 Authority Key Identifier:
                keyid:83:D8:29:26:3B:3C:5F:63:96:80:37:F9:E8:63:FD:0F:D0:1E:78:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g9gpJjs8X2OWgDf56GP9D9AeeGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a36a22-4955-4090-97d6-3c34a8c28ca1/1/hkjDx-2GOhGp7IPuQmrLBkkB_0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/a36a22-4955-4090-97d6-3c34a8c28ca1/1/g9gpJjs8X2OWgDf56GP9D9AeeGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.158.0/24
                  195.42.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:bf:21:28:2c:20:b6:70:7d:b7:24:0e:5e:b0:5d:2b:de:49:
         c3:75:d8:98:c4:13:1d:c5:8c:26:7e:44:4e:1f:08:06:bf:50:
         25:8a:75:13:99:f0:bc:56:23:65:32:7c:90:e5:67:26:db:07:
         10:64:64:75:d1:37:7a:0f:e9:c4:05:40:e1:a0:0e:ce:c4:7b:
         56:b5:bb:a7:62:77:fa:f3:41:db:33:c4:a4:d9:ee:03:1e:c7:
         a7:4d:db:89:51:bd:3e:88:e4:3d:90:ab:3c:b4:c5:d7:cd:96:
         0c:58:7d:a1:64:e0:4d:83:3f:55:2c:5a:a2:7a:78:d7:45:25:
         73:de:66:f9:6b:32:f8:de:a4:5b:47:3e:89:e3:64:d8:20:20:
         ad:fc:21:44:fa:86:c4:07:c4:b3:da:2d:66:bc:97:67:82:9a:
         a9:d2:a4:b3:05:d7:b7:43:78:5e:91:fc:c7:49:3d:a4:d5:36:
         c0:4b:28:bd:42:19:84:f6:fd:9b:1a:05:96:72:95:6b:1d:ad:
         08:6f:cc:65:6d:da:f9:22:c5:37:c7:50:00:85:c9:c2:ed:9a:
         83:6e:b4:37:21:ba:8b:58:01:1a:5d:1e:54:7a:d2:09:ab:87:
         a1:91:74:42:e4:a3:a3:20:fb:57:55:5a:ea:b8:cb:0c:00:6c:
         68:9c:33:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+rh1u1aqJS+TOGQjiqhIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZDgyOTI2M2IzYzVmNjM5NjgwMzdmOWU4NjNmZDBmZDAx
ZTc4NjkwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ4YzNjN2VkODYzYTExYTllYzgzZWU0MjZhY2IwNjQ5MDFmZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofSdHXmRTUbHX3gTG0iR2rE0w+75
etu+lSuue+gZbtHqFJkXt7GFuA0wdI9nArdBE7wiMOSysMnJWDYo++2HMjgjwlW4
96yk51Epgz+WL58hx1SV9rZoAuWCEWo4DpNYFDhNEaM95tjmEgBbuX906GD/H355
XFLdX+sSiZKxBgx+/pxn2qeewkSjkJqSUAhrAb1cCJgx7L0rH1IsVkxYyZNhs7rN
Jgc6vV90tWxRYLJreggGDtoeNMkkusehq4sH2UN19WC7QiiSO2sMdNH6WK3ESgUM
pZ8eEweI7PGDcY2lpV/6E3VN6PBuXMlTj/V5DcbDfvGfsRRzIFFHPOjW1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIZIw8fthjoRqeyD7kJqywZJAf9FMB8GA1UdIwQY
MBaAFIPYKSY7PF9jloA3+ehj/Q/QHnhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzlncEpqczhYMk9XZ0RmNTZHUDlEOUFlZUdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9hMzZhMjItNDk1NS00MDkwLTk3ZDYt
M2MzNGE4YzI4Y2ExLzEvaGtqRHgtMkdPaEdwN0lQdVFtckxCa2tCXzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9hMzZhMjItNDk1NS00MDkwLTk3ZDYtM2MzNGE4YzI4Y2Ex
LzEvZzlncEpqczhYMk9XZ0RmNTZHUDlEOUFlZUdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudKeAwQA
wyr5MA0GCSqGSIb3DQEBCwUAA4IBAQBCvyEoLCC2cH23JA5esF0r3knDddiYxBMd
xYwmfkROHwgGv1AlinUTmfC8ViNlMnyQ5Wcm2wcQZGR10Td6D+nEBUDhoA7OxHtW
tbunYnf680HbM8Sk2e4DHsenTduJUb0+iOQ9kKs8tMXXzZYMWH2hZOBNgz9VLFqi
enjXRSVz3mb5azL43qRbRz6J42TYICCt/CFE+obEB8Sz2i1mvJdngpqp0qSzBde3
Q3hekfzHST2k1TbASyi9QhmE9v2bGgWWcpVrHa0Ib8xlbdr5IsU3x1AAhcnC7ZqD
brQ3IbqLWAEaXR5UetIJq4ehkXRC5KOjIPtXVVrquMsMAGxonDMY
-----END CERTIFICATE-----