Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hhdJrTeQ6mf77nKfKqU5REshjsI.roa
File:                     hhdJrTeQ6mf77nKfKqU5REshjsI.roa (raw, json)
Hash identifier:          dxBfBe/M/Wv0/XrDNu2MrbDTU7Vqae5uhDl+jlEu1Bw=
Subject key identifier:   86:17:49:AD:37:90:EA:67:FB:EE:72:9F:2A:A5:39:44:4B:21:8E:C2
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B3B2195C07F69F6F154538B91A0C63
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hhdJrTeQ6mf77nKfKqU5REshjsI.roa
Signing time:             Thu 02 Jan 2025 15:47:55 +0000
ROA not before:           Thu 02 Jan 2025 15:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212396
IP address blocks:        45.85.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:b2:19:5c:07:f6:9f:6f:15:45:38:b9:1a:0c:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=861749ad3790ea67fbee729f2aa539444b218ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:68:00:6c:88:73:9f:b0:bf:a5:13:94:66:9c:
                    6c:71:ab:5b:15:99:b1:ca:83:6f:0b:05:da:fb:42:
                    39:5f:ac:72:d1:2b:24:0a:de:ee:52:d2:02:40:6b:
                    76:92:00:3f:05:4c:8d:04:ca:f5:ab:4f:7a:b4:34:
                    5d:87:a7:a2:a2:9c:ba:37:39:fd:d0:2f:a3:c2:3d:
                    33:39:72:f6:35:65:06:ff:9a:ee:19:d1:8a:59:77:
                    b6:5e:dc:af:de:c9:26:c4:ad:05:b4:bd:1f:25:3d:
                    21:17:14:74:fb:98:4f:24:12:24:d9:94:1b:c0:c3:
                    96:28:6a:86:8f:80:2e:2d:2a:93:ad:f9:75:d7:2f:
                    c3:0e:65:0e:81:25:77:0a:74:f4:7e:78:0e:b0:58:
                    5e:7a:18:3e:e1:f7:b6:8a:a7:82:5c:8f:30:79:78:
                    0d:52:a6:40:2e:9b:19:cd:d4:2d:eb:5c:b8:ba:4c:
                    5c:11:96:4d:65:f8:f8:b7:9e:58:cb:3a:21:09:f4:
                    16:25:ba:0c:c5:9d:a9:b0:5f:b5:29:62:2a:73:31:
                    ef:0b:7b:34:a0:f6:df:a3:4e:81:f1:3f:1b:43:d6:
                    83:6f:c0:41:10:09:02:40:87:fd:85:54:a6:54:56:
                    d4:d0:fc:f5:68:89:28:d8:79:b8:46:45:23:27:fd:
                    d8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:17:49:AD:37:90:EA:67:FB:EE:72:9F:2A:A5:39:44:4B:21:8E:C2
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/hhdJrTeQ6mf77nKfKqU5REshjsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:d1:96:fc:51:d9:59:3f:1d:7d:74:90:c9:6e:27:70:87:d2:
         93:2d:21:76:ab:31:97:c0:23:4c:e3:7d:1d:5f:82:c9:5e:38:
         10:8e:01:42:fe:56:47:2f:c5:09:e8:6f:e4:37:8a:6d:77:be:
         23:48:5a:ee:db:22:3a:6d:2f:d2:4d:f3:4a:c5:d3:5b:fc:36:
         53:c0:c8:ec:d0:99:5f:92:2a:21:d5:36:25:12:fd:2f:ee:6e:
         28:db:55:e7:44:1b:36:00:f2:d3:ee:36:c1:1a:a1:91:3e:c5:
         86:dd:35:6b:f3:af:36:98:2e:de:15:87:10:71:88:c6:f7:d2:
         b2:ed:8f:74:ba:fc:4f:92:8e:f3:4d:41:96:95:64:40:8a:67:
         38:3b:6b:0f:32:5b:ef:ba:2d:a8:08:7a:17:a5:8c:16:75:d2:
         81:0c:a6:fb:df:07:9b:6f:a9:85:17:33:d8:52:73:f5:85:44:
         78:25:aa:3b:0c:f0:b1:3c:dc:6b:5b:23:fa:e7:b0:bf:45:da:
         8d:e4:2e:db:2b:3e:14:d2:a0:2a:a5:80:7e:2c:55:df:26:23:
         1c:b1:8e:51:8e:3b:51:bf:a2:f2:fd:00:50:33:43:8a:99:73:
         b2:0c:41:19:90:6e:5b:0e:7b:f5:ef:a9:b8:61:91:f0:0f:63:
         4b:62:fe:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns7IZXAf2n28VRTi5GgxjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjE3NDlhZDM3OTBlYTY3ZmJlZTcyOWYyYWE1Mzk0NDRiMjE4ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumgAbIhzn7C/pROUZpxscatbFZmx
yoNvCwXa+0I5X6xy0SskCt7uUtICQGt2kgA/BUyNBMr1q096tDRdh6eiopy6Nzn9
0C+jwj0zOXL2NWUG/5ruGdGKWXe2Xtyv3skmxK0FtL0fJT0hFxR0+5hPJBIk2ZQb
wMOWKGqGj4AuLSqTrfl11y/DDmUOgSV3CnT0fngOsFheehg+4fe2iqeCXI8weXgN
UqZALpsZzdQt61y4ukxcEZZNZfj4t55YyzohCfQWJboMxZ2psF+1KWIqczHvC3s0
oPbfo06B8T8bQ9aDb8BBEAkCQIf9hVSmVFbU0Pz1aIko2Hm4RkUjJ/3YIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYXSa03kOpn++5ynyqlOURLIY7CMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvaGhkSnJUZVE2bWY3N25LZktxVTVSRXNoanNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVYMA0G
CSqGSIb3DQEBCwUAA4IBAQC50Zb8UdlZPx19dJDJbidwh9KTLSF2qzGXwCNM430d
X4LJXjgQjgFC/lZHL8UJ6G/kN4ptd74jSFru2yI6bS/STfNKxdNb/DZTwMjs0Jlf
kioh1TYlEv0v7m4o21XnRBs2APLT7jbBGqGRPsWG3TVr8682mC7eFYcQcYjG99Ky
7Y90uvxPko7zTUGWlWRAimc4O2sPMlvvui2oCHoXpYwWddKBDKb73webb6mFFzPY
UnP1hUR4Jao7DPCxPNxrWyP657C/RdqN5C7bKz4U0qAqpYB+LFXfJiMcsY5RjjtR
v6Ly/QBQM0OKmXOyDEEZkG5bDnv176m4YZHwD2NLYv5I
-----END CERTIFICATE-----