Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/hnLlF72Gey1RhDc5w20W5CDAULo.roa
File:                     hnLlF72Gey1RhDc5w20W5CDAULo.roa (raw, json)
Hash identifier:          shW0FHDTxcWsn5y+FQlRP0Y7mcQwz41mLYft4nrAmSI=
Subject key identifier:   86:72:E5:17:BD:86:7B:2D:51:84:37:39:C3:6D:16:E4:20:C0:50:BA
Certificate issuer:       /CN=a1eb60b29252ce185a41636a247b4c0273d374ae
Certificate serial:       019538FDAA220AED9C522681537A6CB834FC
Authority key identifier: A1:EB:60:B2:92:52:CE:18:5A:41:63:6A:24:7B:4C:02:73:D3:74:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oetgspJSzhhaQWNqJHtMAnPTdK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/hnLlF72Gey1RhDc5w20W5CDAULo.roa
Signing time:             Mon 24 Feb 2025 17:25:02 +0000
ROA not before:           Mon 24 Feb 2025 17:25:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62028
IP address blocks:        194.180.249.0/24 maxlen: 24
                          2a13:fcc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/oetgspJSzhhaQWNqJHtMAnPTdK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/oetgspJSzhhaQWNqJHtMAnPTdK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oetgspJSzhhaQWNqJHtMAnPTdK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:38:fd:aa:22:0a:ed:9c:52:26:81:53:7a:6c:b8:34:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1eb60b29252ce185a41636a247b4c0273d374ae
        Validity
            Not Before: Feb 24 17:25:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8672e517bd867b2d51843739c36d16e420c050ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:80:99:d4:9c:ae:4f:e6:0b:bd:a4:5f:13:
                    ec:20:6e:76:22:34:f3:62:04:45:65:0f:37:98:89:
                    05:12:26:f2:cc:0f:ef:66:31:e7:c0:1f:e7:d4:8f:
                    21:e1:c0:98:30:d1:48:fb:32:33:da:2b:e5:71:31:
                    bc:93:31:c4:21:63:47:16:ad:32:30:f6:97:70:f4:
                    49:c6:83:aa:3e:ff:3c:7c:ee:d9:c5:e5:ba:9f:5c:
                    69:1c:7e:89:ef:59:db:43:d2:f0:3e:fd:c1:38:f2:
                    24:ac:28:32:f1:98:c0:f4:06:b6:9f:98:7a:84:e9:
                    88:df:bc:88:cf:98:22:e3:a5:ec:9d:e2:36:1d:63:
                    90:a3:82:ce:6a:1e:d1:54:c5:33:f1:e4:9f:5e:2f:
                    32:6c:49:b4:9e:72:80:a0:36:7c:f8:1b:07:31:2a:
                    0c:18:02:82:22:71:6e:12:fe:5f:57:8f:92:b5:41:
                    ed:bd:8d:70:f9:e4:27:89:58:a5:89:31:0c:6f:2d:
                    ed:e4:ca:64:ec:b9:92:1f:96:34:7d:25:13:21:4d:
                    fd:b9:8f:e0:6b:ef:43:36:3b:eb:00:6e:cc:bd:1d:
                    b7:8b:0e:01:dd:60:a6:cf:85:7f:4a:e7:ea:73:05:
                    ae:ca:3b:e9:17:72:f3:83:9d:46:9a:b6:97:44:0e:
                    e9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:72:E5:17:BD:86:7B:2D:51:84:37:39:C3:6D:16:E4:20:C0:50:BA
            X509v3 Authority Key Identifier:
                keyid:A1:EB:60:B2:92:52:CE:18:5A:41:63:6A:24:7B:4C:02:73:D3:74:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oetgspJSzhhaQWNqJHtMAnPTdK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/hnLlF72Gey1RhDc5w20W5CDAULo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/26b286-d967-4ca6-8f10-d8b0756d82a5/1/oetgspJSzhhaQWNqJHtMAnPTdK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.249.0/24
                IPv6:
                  2a13:fcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c4:be:ae:2d:a2:c6:68:d6:1f:d6:36:a5:e3:ae:63:11:75:ae:
         45:79:92:07:ca:22:4c:53:3d:cd:30:4c:1e:56:79:81:68:01:
         c5:5c:46:0b:e6:7e:eb:ff:82:df:93:96:55:82:31:b5:f1:ab:
         b4:28:16:75:2d:90:15:8d:ca:1f:91:ec:b7:29:28:39:ea:1f:
         16:b5:31:08:49:7b:51:a9:98:78:f4:8c:68:31:28:89:fb:08:
         34:d0:8b:64:5a:9e:b3:a1:0c:41:1d:af:51:b7:4d:40:a9:e8:
         7c:1e:6a:70:26:de:ba:fc:08:36:d9:ab:ee:02:33:e9:5a:31:
         60:c8:c2:bc:71:6a:8c:77:6f:82:e5:f2:16:d1:f7:d2:f9:96:
         9c:c0:26:55:0c:17:6e:be:70:8c:27:00:4b:2f:d9:63:da:a4:
         49:ac:62:fa:e2:5b:80:b5:6d:7d:46:fe:e9:f5:20:5f:4f:87:
         51:3e:23:64:3e:33:4b:7e:6d:f3:b5:74:27:bb:8b:30:7c:64:
         7f:e8:11:17:90:fa:7a:0c:2a:53:8a:16:5c:6c:4b:92:64:d1:
         ab:c4:26:a0:51:79:e7:fd:77:5b:db:e7:af:94:aa:c6:ea:a5:
         59:f1:34:bc:48:94:57:4b:d8:ff:52:d6:28:65:b7:4e:6b:e7:
         12:2c:11:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZU4/aoiCu2cUiaBU3psuDT8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZWI2MGIyOTI1MmNlMTg1YTQxNjM2YTI0N2I0YzAyNzNk
Mzc0YWUwHhcNMjUwMjI0MTcyNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjcyZTUxN2JkODY3YjJkNTE4NDM3MzljMzZkMTZlNDIwYzA1MGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIGAmdScrk/mC72kXxPsIG52IjTz
YgRFZQ83mIkFEibyzA/vZjHnwB/n1I8h4cCYMNFI+zIz2ivlcTG8kzHEIWNHFq0y
MPaXcPRJxoOqPv88fO7ZxeW6n1xpHH6J71nbQ9LwPv3BOPIkrCgy8ZjA9Aa2n5h6
hOmI37yIz5gi46XsneI2HWOQo4LOah7RVMUz8eSfXi8ybEm0nnKAoDZ8+BsHMSoM
GAKCInFuEv5fV4+StUHtvY1w+eQniViliTEMby3t5Mpk7LmSH5Y0fSUTIU39uY/g
a+9DNjvrAG7MvR23iw4B3WCmz4V/SufqcwWuyjvpF3Lzg51GmraXRA7pFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIZy5Re9hnstUYQ3OcNtFuQgwFC6MB8GA1UdIwQY
MBaAFKHrYLKSUs4YWkFjaiR7TAJz03SuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2V0Z3NwSlN6aGhhUVdOcUpIdE1BblBUZEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8yNmIyODYtZDk2Ny00Y2E2LThmMTAt
ZDhiMDc1NmQ4MmE1LzEvaG5MbEY3MkdleTFSaERjNXcyMFc1Q0RBVUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8yNmIyODYtZDk2Ny00Y2E2LThmMTAtZDhiMDc1NmQ4MmE1
LzEvb2V0Z3NwSlN6aGhhUVdOcUpIdE1BblBUZEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwrT5MA0E
AgACMAcDBQMqE/zAMA0GCSqGSIb3DQEBCwUAA4IBAQDEvq4tosZo1h/WNqXjrmMR
da5FeZIHyiJMUz3NMEweVnmBaAHFXEYL5n7r/4Lfk5ZVgjG18au0KBZ1LZAVjcof
key3KSg56h8WtTEISXtRqZh49IxoMSiJ+wg00ItkWp6zoQxBHa9Rt01Aqeh8Hmpw
Jt66/Ag22avuAjPpWjFgyMK8cWqMd2+C5fIW0ffS+ZacwCZVDBduvnCMJwBLL9lj
2qRJrGL64luAtW19Rv7p9SBfT4dRPiNkPjNLfm3ztXQnu4swfGR/6BEXkPp6DCpT
ihZcbEuSZNGrxCagUXnn/Xdb2+evlKrG6qVZ8TS8SJRXS9j/UtYoZbdOa+cSLBHf
-----END CERTIFICATE-----