Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HiXwFWaPzRWDb6Zauf5Z5EdAs3E.roa
File:                     HiXwFWaPzRWDb6Zauf5Z5EdAs3E.roa (raw, json)
Hash identifier:          74lujDzOZ3dVJtH+CV4yLBEU59EeNeO0W4GkJWf9zl0=
Subject key identifier:   1E:25:F0:15:66:8F:CD:15:83:6F:A6:5A:B9:FE:59:E4:47:40:B3:71
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       01941FFA0A31F351B483A9C197999F38522F
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HiXwFWaPzRWDb6Zauf5Z5EdAs3E.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204316
IP address blocks:        185.20.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:0a:31:f3:51:b4:83:a9:c1:97:99:9f:38:52:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e25f015668fcd15836fa65ab9fe59e44740b371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:37:12:14:18:39:dd:21:fc:d4:9b:9a:4c:c8:
                    9f:68:1f:4e:31:6e:1f:11:ea:e3:dc:b9:c3:53:0b:
                    80:e6:2e:e5:fb:b5:6c:10:c0:b6:30:1b:7d:50:17:
                    94:f8:56:ba:e4:ee:a6:74:33:ba:8f:13:01:c7:cd:
                    eb:43:ce:20:6a:73:f2:00:cc:49:02:a3:52:63:d3:
                    c7:b8:d2:ea:1e:43:0f:b6:7a:4b:df:e4:7d:7d:02:
                    ff:fe:4d:28:e6:9e:34:5b:e9:7d:26:fa:39:ef:41:
                    e2:2e:25:af:98:4c:22:de:86:97:59:82:c7:f8:f5:
                    94:af:f1:6b:26:5a:93:93:6f:b9:6f:9e:86:89:a1:
                    e1:67:28:00:3c:38:27:f5:83:13:91:3e:23:71:e9:
                    1c:df:ff:f4:1b:b6:66:a9:ac:fc:e6:06:34:fb:a4:
                    4b:9f:d9:54:e9:17:a2:04:00:4e:14:1b:6f:4f:c9:
                    4d:05:8d:a1:46:13:70:fa:c4:1c:ff:f5:08:9a:f0:
                    e5:49:b0:91:f6:32:50:b6:79:1e:27:59:9d:88:10:
                    a1:af:6d:87:f5:be:d7:3c:a1:3e:49:0c:56:52:aa:
                    95:5c:6a:a0:57:dc:f8:b5:28:ac:6f:22:8d:cf:fa:
                    88:1c:e2:92:b8:30:87:c6:ef:81:4c:61:2b:61:8a:
                    a8:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:25:F0:15:66:8F:CD:15:83:6F:A6:5A:B9:FE:59:E4:47:40:B3:71
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HiXwFWaPzRWDb6Zauf5Z5EdAs3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:e3:27:00:b1:84:e2:27:9b:2b:7c:04:11:e4:19:4e:36:fc:
         ed:df:e7:38:eb:c7:64:c5:c3:32:71:f4:bd:50:8b:7b:65:d0:
         42:09:8b:f6:3c:56:22:74:88:fc:0c:14:05:f5:b4:2f:24:dc:
         52:4c:53:c3:c4:8e:4a:78:e8:7c:da:34:99:b9:05:e5:76:12:
         70:18:cf:46:4e:4f:9c:12:fa:8c:4c:42:b1:49:0b:19:bf:9d:
         3f:92:c6:72:3c:72:55:ed:b6:81:9e:d1:89:29:e1:2d:79:56:
         fe:62:1d:f9:70:58:c6:c9:3f:13:59:b8:57:75:e4:fc:18:64:
         e5:f7:a1:7e:e5:15:49:b7:ae:a7:4e:c0:ee:ea:06:c6:23:43:
         fc:f1:c2:6b:5d:30:a6:63:d7:86:d6:5e:94:e1:64:8c:f6:11:
         0e:3e:ce:37:6b:d4:88:31:da:6f:33:95:6c:ef:b7:8a:2c:58:
         e3:96:61:7f:59:b9:7f:1c:64:26:b0:de:69:b1:6b:95:9f:83:
         3e:fa:ad:a0:ff:5f:92:17:b0:e3:99:4c:0f:1e:55:95:44:c5:
         49:8e:2e:09:ae:6a:7b:95:15:2a:08:88:2e:76:1b:8b:61:1c:
         1e:aa:79:97:5f:95:19:1b:38:f2:31:ac:13:df:31:cd:02:2d:
         ed:78:06:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+gox81G0g6nBl5mfOFIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTI1ZjAxNTY2OGZjZDE1ODM2ZmE2NWFiOWZlNTllNDQ3NDBiMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzcSFBg53SH81JuaTMifaB9OMW4f
Eerj3LnDUwuA5i7l+7VsEMC2MBt9UBeU+Fa65O6mdDO6jxMBx83rQ84ganPyAMxJ
AqNSY9PHuNLqHkMPtnpL3+R9fQL//k0o5p40W+l9Jvo570HiLiWvmEwi3oaXWYLH
+PWUr/FrJlqTk2+5b56GiaHhZygAPDgn9YMTkT4jcekc3//0G7Zmqaz85gY0+6RL
n9lU6ReiBABOFBtvT8lNBY2hRhNw+sQc//UImvDlSbCR9jJQtnkeJ1mdiBChr22H
9b7XPKE+SQxWUqqVXGqgV9z4tSisbyKNz/qIHOKSuDCHxu+BTGErYYqoPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4l8BVmj80Vg2+mWrn+WeRHQLNxMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvSGlYd0ZXYVB6UldEYjZaYXVmNVo1RWRBczNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRT/MA0G
CSqGSIb3DQEBCwUAA4IBAQCL4ycAsYTiJ5srfAQR5BlONvzt3+c468dkxcMycfS9
UIt7ZdBCCYv2PFYidIj8DBQF9bQvJNxSTFPDxI5KeOh82jSZuQXldhJwGM9GTk+c
EvqMTEKxSQsZv50/ksZyPHJV7baBntGJKeEteVb+Yh35cFjGyT8TWbhXdeT8GGTl
96F+5RVJt66nTsDu6gbGI0P88cJrXTCmY9eG1l6U4WSM9hEOPs43a9SIMdpvM5Vs
77eKLFjjlmF/Wbl/HGQmsN5psWuVn4M++q2g/1+SF7DjmUwPHlWVRMVJji4Jrmp7
lRUqCIgudhuLYRweqnmXX5UZGzjyMawT3zHNAi3teAZj
-----END CERTIFICATE-----