Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/hrEzN0ov7R8-CBntuFI6TOZ5J3k.roa
File:                     hrEzN0ov7R8-CBntuFI6TOZ5J3k.roa (raw, json)
Hash identifier:          F4t//75g9YseMJLav5TNry1YdPvomuVlb22mZdbwTXk=
Subject key identifier:   86:B1:33:37:4A:2F:ED:1F:3E:08:19:ED:B8:52:3A:4C:E6:79:27:79
Certificate issuer:       /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial:       0195AE9A698B0DDA4E82EC35593F1D84889B
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/hrEzN0ov7R8-CBntuFI6TOZ5J3k.roa
Signing time:             Wed 19 Mar 2025 13:31:49 +0000
ROA not before:           Wed 19 Mar 2025 13:31:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139648
IP address blocks:        194.156.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ae:9a:69:8b:0d:da:4e:82:ec:35:59:3f:1d:84:88:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
        Validity
            Not Before: Mar 19 13:31:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86b133374a2fed1f3e0819edb8523a4ce6792779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5a:cb:c7:41:35:79:84:ee:cf:18:d1:d2:4c:
                    5f:7e:ed:2b:60:b1:35:fa:09:45:b6:72:79:01:3c:
                    01:59:5e:2f:57:d6:38:d0:4e:68:93:8e:2e:0e:ff:
                    07:7e:46:22:e8:db:4d:4d:ca:2f:f1:a7:71:4c:ce:
                    ee:a3:a5:ab:9b:65:a4:1b:4d:3a:eb:a4:f3:43:1b:
                    69:4f:d9:09:6b:91:66:2a:ed:0f:54:bc:64:63:c0:
                    ac:89:4e:77:ad:e5:f5:4f:4c:a5:db:19:b9:2c:52:
                    07:a8:7a:0f:55:6c:60:ef:01:f3:ed:c1:98:d0:bb:
                    a1:4f:79:f2:29:eb:1e:4b:3f:98:67:7c:2c:86:c5:
                    80:1c:4b:cb:7c:53:e6:53:92:d3:de:46:9f:3a:76:
                    2e:31:5e:f3:dd:15:8a:d2:bb:13:0b:54:c5:6c:95:
                    db:72:98:51:ca:7d:6f:f0:fd:5e:f1:d3:23:a0:ac:
                    7a:82:15:34:6a:a0:26:74:d0:b8:ba:9e:08:57:e0:
                    52:f3:c6:65:4b:ed:f7:e6:d6:58:d0:1d:df:77:1f:
                    2f:a8:bc:cf:66:ce:97:b8:c3:ae:58:01:d9:c1:01:
                    14:14:43:22:bf:f0:7e:71:fd:fe:1c:6d:af:61:22:
                    63:d8:78:a3:d8:3c:38:1d:77:4d:2d:cc:ab:ba:7e:
                    59:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B1:33:37:4A:2F:ED:1F:3E:08:19:ED:B8:52:3A:4C:E6:79:27:79
            X509v3 Authority Key Identifier:
                keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/hrEzN0ov7R8-CBntuFI6TOZ5J3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:40:eb:4a:73:fe:0c:53:2e:53:72:91:26:b7:1b:16:9e:43:
         ba:f8:7f:d2:ec:76:91:c3:3d:5b:9c:45:61:f7:6d:3d:24:72:
         58:a8:4f:f5:06:fb:68:e9:cc:ef:d8:87:1a:de:ff:f9:8e:b8:
         5b:1e:1d:24:c5:41:3a:20:5a:f2:a5:76:1a:f1:ee:5f:ec:78:
         e0:49:ee:79:d9:1b:a3:28:13:2c:c5:5b:39:f0:7a:b8:8a:a1:
         ad:0d:48:0d:96:c8:09:09:c9:04:4b:85:5f:12:d8:d5:02:a2:
         7d:61:f1:ce:2d:29:8d:00:48:22:92:25:0c:4d:20:10:54:b7:
         52:67:6f:76:2f:e3:f8:03:30:85:f5:8c:d8:f7:e9:da:ee:93:
         97:8c:07:53:50:d0:25:2a:5c:d4:4e:11:2d:a7:8f:26:1d:28:
         db:f2:3e:6b:73:d5:82:33:0c:db:38:89:67:50:aa:79:54:b9:
         b1:41:3f:f1:82:c3:7d:3f:c9:34:e7:37:46:de:f1:6f:89:da:
         99:c4:44:63:41:db:60:84:c0:1b:7b:03:12:79:f5:bf:96:0c:
         af:24:ed:1b:18:2a:57:40:91:3f:de:3c:b9:24:aa:88:9b:f0:
         96:c4:89:a8:24:51:e6:89:bc:de:3b:1b:94:3b:dc:36:85:96:
         6b:61:31:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWummmLDdpOguw1WT8dhIibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjUwMzE5MTMzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIxMzMzNzRhMmZlZDFmM2UwODE5ZWRiODUyM2E0Y2U2NzkyNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVrLx0E1eYTuzxjR0kxffu0rYLE1
+glFtnJ5ATwBWV4vV9Y40E5ok44uDv8HfkYi6NtNTcov8adxTM7uo6Wrm2WkG006
66TzQxtpT9kJa5FmKu0PVLxkY8CsiU53reX1T0yl2xm5LFIHqHoPVWxg7wHz7cGY
0LuhT3nyKeseSz+YZ3wshsWAHEvLfFPmU5LT3kafOnYuMV7z3RWK0rsTC1TFbJXb
cphRyn1v8P1e8dMjoKx6ghU0aqAmdNC4up4IV+BS88ZlS+335tZY0B3fdx8vqLzP
Zs6XuMOuWAHZwQEUFEMiv/B+cf3+HG2vYSJj2Hij2Dw4HXdNLcyrun5ZbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaxMzdKL+0fPggZ7bhSOkzmeSd5MB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvaHJFek4wb3Y3UjgtQ0JudHVGSTZUT1o1SjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpznMA0G
CSqGSIb3DQEBCwUAA4IBAQCaQOtKc/4MUy5TcpEmtxsWnkO6+H/S7HaRwz1bnEVh
9209JHJYqE/1Bvto6czv2Ica3v/5jrhbHh0kxUE6IFrypXYa8e5f7HjgSe552Ruj
KBMsxVs58Hq4iqGtDUgNlsgJCckES4VfEtjVAqJ9YfHOLSmNAEgikiUMTSAQVLdS
Z292L+P4AzCF9YzY9+na7pOXjAdTUNAlKlzUThEtp48mHSjb8j5rc9WCMwzbOIln
UKp5VLmxQT/xgsN9P8k05zdG3vFvidqZxERjQdtghMAbewMSefW/lgyvJO0bGCpX
QJE/3jy5JKqIm/CWxImoJFHmibzeOxuUO9w2hZZrYTF6
-----END CERTIFICATE-----