Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/0e49a1-73a9-4581-b88c-f10486e60a53/1/HaT6DXZ4LF2lc652Plm-kzzODow.roa
File:                     HaT6DXZ4LF2lc652Plm-kzzODow.roa (raw, json)
Hash identifier:          VZ7qodJDKPgUVh1pa0yajPCZJZwGY0+Ucvcj6Tjkgzc=
Subject key identifier:   1D:A4:FA:0D:76:78:2C:5D:A5:73:AE:76:3E:59:BE:93:3C:CE:0E:8C
Certificate issuer:       /CN=3deb5817bbe7e5a1c5fb130551b84ab488016f92
Certificate serial:       0194236A3948A85A363AF4EDF21F1C554D81
Authority key identifier: 3D:EB:58:17:BB:E7:E5:A1:C5:FB:13:05:51:B8:4A:B4:88:01:6F:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PetYF7vn5aHF-xMFUbhKtIgBb5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/0e49a1-73a9-4581-b88c-f10486e60a53/1/HaT6DXZ4LF2lc652Plm-kzzODow.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61128
IP address blocks:        185.16.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/0e49a1-73a9-4581-b88c-f10486e60a53/1/PetYF7vn5aHF-xMFUbhKtIgBb5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/0e49a1-73a9-4581-b88c-f10486e60a53/1/PetYF7vn5aHF-xMFUbhKtIgBb5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PetYF7vn5aHF-xMFUbhKtIgBb5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:39:48:a8:5a:36:3a:f4:ed:f2:1f:1c:55:4d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3deb5817bbe7e5a1c5fb130551b84ab488016f92
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1da4fa0d76782c5da573ae763e59be933cce0e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:90:5d:f7:79:fe:66:11:fe:b2:57:76:b5:9c:
                    5c:88:6f:2b:47:c2:8a:22:1e:9f:e7:c3:01:15:50:
                    03:08:f8:22:ee:50:0d:3c:44:d7:68:b9:6d:eb:2f:
                    47:c8:ab:ac:35:86:c1:ae:b9:93:4a:70:91:0f:af:
                    66:f0:b4:17:13:37:ec:58:4b:f1:1a:65:e7:84:75:
                    62:2b:38:5b:a2:a5:b6:e2:f4:87:ca:e6:41:4a:92:
                    b7:38:a8:41:83:c2:b3:ca:cc:2b:37:78:67:b7:4e:
                    5c:f0:b4:64:c7:8f:b5:d5:29:0c:fd:47:26:1f:7e:
                    9f:07:ea:bd:01:6d:96:8f:b7:a4:a9:54:41:4c:6a:
                    19:c6:c7:59:3f:9c:58:0b:a6:81:df:75:e7:ff:93:
                    53:75:11:3f:ae:0b:60:e9:a1:4b:9b:39:b3:17:8b:
                    c3:a3:d6:0b:5e:9d:47:ec:ea:83:e3:1a:a7:f0:8c:
                    f3:d5:df:16:69:0f:36:f4:ba:6d:0d:c4:76:16:65:
                    12:7e:07:28:6f:f9:0e:07:de:1d:04:17:49:9d:65:
                    87:52:46:ee:fd:0c:ab:4a:fe:31:2c:28:22:ff:a4:
                    d2:ab:77:8e:83:5f:5a:f5:21:46:ed:00:fb:77:08:
                    45:dc:7b:df:56:cc:4a:60:a0:89:5b:75:6b:ac:bb:
                    23:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:A4:FA:0D:76:78:2C:5D:A5:73:AE:76:3E:59:BE:93:3C:CE:0E:8C
            X509v3 Authority Key Identifier:
                keyid:3D:EB:58:17:BB:E7:E5:A1:C5:FB:13:05:51:B8:4A:B4:88:01:6F:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PetYF7vn5aHF-xMFUbhKtIgBb5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0e49a1-73a9-4581-b88c-f10486e60a53/1/HaT6DXZ4LF2lc652Plm-kzzODow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/0e49a1-73a9-4581-b88c-f10486e60a53/1/PetYF7vn5aHF-xMFUbhKtIgBb5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f9:c1:5f:af:8f:aa:34:7a:bf:99:13:80:4e:9f:23:72:94:
         c9:8e:2d:21:f8:c5:d1:0a:c6:f4:22:20:76:31:1c:6a:8c:0d:
         2c:b9:f7:a7:d8:d2:f4:7b:df:6f:40:e9:9c:2b:01:9d:d4:e1:
         76:d9:09:cb:03:d7:45:6a:e1:56:a9:a2:f1:9a:b7:dc:be:2a:
         2c:87:a2:43:6d:7f:94:e5:e7:5b:26:0c:8b:a3:55:0b:f9:a7:
         47:c2:14:54:fb:f8:c4:df:b1:de:1b:03:1d:e5:b1:cd:39:53:
         40:27:dd:72:f4:77:e0:59:1a:43:95:58:d4:99:9a:8e:e7:c3:
         77:2a:33:92:75:45:14:4b:e8:d1:63:f2:f1:a6:f0:14:00:3e:
         9d:2c:67:6e:ef:2a:db:32:5f:79:da:c0:f4:cc:04:52:dc:31:
         b3:bb:61:34:cb:75:82:79:33:2e:27:e5:aa:bf:72:0a:72:e3:
         41:9d:cc:6e:67:30:51:86:eb:e3:7a:bc:51:c4:19:7b:5a:68:
         d8:44:2b:67:63:b7:62:c9:85:38:63:9c:2c:74:62:57:78:82:
         51:74:62:20:b9:bf:58:ea:cd:7c:e1:2d:60:12:5d:75:ba:66:
         91:0d:17:da:a8:84:3d:96:a8:c0:5c:08:61:ae:cb:33:7c:61:
         82:0a:e2:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajlIqFo2OvTt8h8cVU2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWI1ODE3YmJlN2U1YTFjNWZiMTMwNTUxYjg0YWI0ODgw
MTZmOTIwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGE0ZmEwZDc2NzgyYzVkYTU3M2FlNzYzZTU5YmU5MzNjY2UwZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJBd93n+ZhH+sld2tZxciG8rR8KK
Ih6f58MBFVADCPgi7lANPETXaLlt6y9HyKusNYbBrrmTSnCRD69m8LQXEzfsWEvx
GmXnhHViKzhboqW24vSHyuZBSpK3OKhBg8KzyswrN3hnt05c8LRkx4+11SkM/Ucm
H36fB+q9AW2Wj7ekqVRBTGoZxsdZP5xYC6aB33Xn/5NTdRE/rgtg6aFLmzmzF4vD
o9YLXp1H7OqD4xqn8Izz1d8WaQ829LptDcR2FmUSfgcob/kOB94dBBdJnWWHUkbu
/QyrSv4xLCgi/6TSq3eOg19a9SFG7QD7dwhF3HvfVsxKYKCJW3VrrLsjDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2k+g12eCxdpXOudj5ZvpM8zg6MMB8GA1UdIwQY
MBaAFD3rWBe75+WhxfsTBVG4SrSIAW+SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGV0WUY3dm41YUhGLXhNRlViaEt0SWdCYjVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8wZTQ5YTEtNzNhOS00NTgxLWI4OGMt
ZjEwNDg2ZTYwYTUzLzEvSGFUNkRYWjRMRjJsYzY1MlBsbS1renpPRG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8wZTQ5YTEtNzNhOS00NTgxLWI4OGMtZjEwNDg2ZTYwYTUz
LzEvUGV0WUY3dm41YUhGLXhNRlViaEt0SWdCYjVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRCdMA0G
CSqGSIb3DQEBCwUAA4IBAQAR+cFfr4+qNHq/mROATp8jcpTJji0h+MXRCsb0IiB2
MRxqjA0sufen2NL0e99vQOmcKwGd1OF22QnLA9dFauFWqaLxmrfcviosh6JDbX+U
5edbJgyLo1UL+adHwhRU+/jE37HeGwMd5bHNOVNAJ91y9HfgWRpDlVjUmZqO58N3
KjOSdUUUS+jRY/LxpvAUAD6dLGdu7yrbMl952sD0zARS3DGzu2E0y3WCeTMuJ+Wq
v3IKcuNBncxuZzBRhuvjerxRxBl7WmjYRCtnY7diyYU4Y5wsdGJXeIJRdGIgub9Y
6s184S1gEl11umaRDRfaqIQ9lqjAXAhhrsszfGGCCuJu
-----END CERTIFICATE-----