Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/HLDNFWkuJcNgdo6hg9VxhnyuwV8.roa
File:                     HLDNFWkuJcNgdo6hg9VxhnyuwV8.roa (raw, json)
Hash identifier:          D2sJe98MgUvUY6C+atRM3lBUL52hMoDfDkBxTMZABLw=
Subject key identifier:   1C:B0:CD:15:69:2E:25:C3:60:76:8E:A1:83:D5:71:86:7C:AE:C1:5F
Certificate issuer:       /CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
Certificate serial:       01958A1D48FE31DDB38175C21D90D69B8531
Authority key identifier: 16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/HLDNFWkuJcNgdo6hg9VxhnyuwV8.roa
Signing time:             Wed 12 Mar 2025 11:28:49 +0000
ROA not before:           Wed 12 Mar 2025 11:28:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        178.210.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8a:1d:48:fe:31:dd:b3:81:75:c2:1d:90:d6:9b:85:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=166afc51c922fd842fec5b0cbbd26ebdbd1a161e
        Validity
            Not Before: Mar 12 11:28:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cb0cd15692e25c360768ea183d571867caec15f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bf:2a:14:fc:65:60:1f:12:c6:93:aa:ed:4a:
                    08:81:c8:5b:18:b8:65:8f:bb:53:07:76:aa:38:ef:
                    e6:b8:df:75:83:1a:a4:47:57:a1:3d:d7:22:9c:54:
                    44:44:5b:ed:71:0e:4c:c4:dd:0b:a5:f4:9f:c9:eb:
                    b6:f8:82:80:9d:15:a2:7c:3f:12:a9:ea:3a:4e:0f:
                    d9:3b:0d:3b:20:9b:a9:dd:dd:2c:9a:36:4d:c8:0e:
                    10:4a:63:a3:e0:e3:1f:ee:52:ed:ce:df:ba:cf:32:
                    75:11:4d:b3:6f:57:83:f4:af:0b:16:93:2c:16:19:
                    b3:5e:98:73:2d:f5:77:8e:1b:26:2e:12:c4:be:11:
                    56:f2:50:0c:f9:24:e5:3e:39:f0:d3:65:91:f8:99:
                    c3:53:6b:26:2f:59:af:55:f8:c7:ae:e2:0f:aa:95:
                    4d:1f:7b:61:71:75:b9:d3:46:a6:1f:dc:3d:f0:39:
                    d3:82:95:1d:f9:93:af:de:66:a8:09:75:55:b7:5a:
                    f5:e0:6f:ee:8f:e3:28:a3:d4:cf:84:67:77:6b:0e:
                    f7:ed:d2:ff:14:cb:6b:80:98:a4:37:f6:e3:56:50:
                    65:3b:e8:d4:27:4d:09:28:40:61:c5:87:a6:92:a7:
                    e2:06:88:34:6f:70:62:a7:5a:12:19:75:75:05:fd:
                    4d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B0:CD:15:69:2E:25:C3:60:76:8E:A1:83:D5:71:86:7C:AE:C1:5F
            X509v3 Authority Key Identifier:
                keyid:16:6A:FC:51:C9:22:FD:84:2F:EC:5B:0C:BB:D2:6E:BD:BD:1A:16:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/HLDNFWkuJcNgdo6hg9VxhnyuwV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/88c454-cbaa-43fd-b3c1-13b9110ce20c/1/Fmr8Ucki_YQv7FsMu9Juvb0aFh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.210.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:c2:cf:57:84:92:fd:5c:0d:99:69:c2:44:fd:ad:be:a5:c6:
         d8:dc:e5:d6:80:11:e6:19:5c:b8:87:53:a7:62:57:e3:b6:3f:
         25:5e:59:73:1f:c4:53:1a:88:44:9e:9a:89:10:9a:89:47:cc:
         8c:e5:4a:06:b6:e1:3e:7c:7a:fb:06:d9:42:a8:40:52:a2:4e:
         09:31:43:05:9d:5d:ce:e4:0a:64:ef:9c:eb:f5:f3:f4:7b:77:
         cd:7d:e9:c5:ed:c2:f4:87:02:1d:58:0d:e6:67:64:dd:77:23:
         c3:52:c9:ec:0f:4b:3e:76:d6:1e:bd:bb:ae:03:3f:7a:19:2f:
         cb:d3:5c:b1:b1:0d:aa:db:d3:2a:f1:da:76:7a:54:a8:32:d9:
         24:32:8f:fa:a5:4d:47:0a:7a:39:c0:ca:61:c8:7c:27:22:b7:
         28:b2:a0:1f:84:fd:77:f5:f1:be:e7:21:f6:8c:87:4b:11:b3:
         08:ba:1a:39:01:4b:2a:66:c9:88:48:b9:d8:b0:5b:55:ac:7d:
         96:a4:75:52:fe:26:e3:63:60:06:d7:df:3d:48:66:f6:eb:e6:
         a2:e3:4e:ff:73:12:3f:ee:d3:51:96:70:f7:f9:8e:9a:d2:70:
         8f:46:15:18:f9:76:9d:77:e1:f5:2a:2e:61:74:44:62:ec:e2:
         d2:5c:0d:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWKHUj+Md2zgXXCHZDWm4UxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NmFmYzUxYzkyMmZkODQyZmVjNWIwY2JiZDI2ZWJkYmQx
YTE2MWUwHhcNMjUwMzEyMTEyODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2IwY2QxNTY5MmUyNWMzNjA3NjhlYTE4M2Q1NzE4NjdjYWVjMTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb8qFPxlYB8SxpOq7UoIgchbGLhl
j7tTB3aqOO/muN91gxqkR1ehPdcinFRERFvtcQ5MxN0LpfSfyeu2+IKAnRWifD8S
qeo6Tg/ZOw07IJup3d0smjZNyA4QSmOj4OMf7lLtzt+6zzJ1EU2zb1eD9K8LFpMs
FhmzXphzLfV3jhsmLhLEvhFW8lAM+STlPjnw02WR+JnDU2smL1mvVfjHruIPqpVN
H3thcXW500amH9w98DnTgpUd+ZOv3maoCXVVt1r14G/uj+Moo9TPhGd3aw737dL/
FMtrgJikN/bjVlBlO+jUJ00JKEBhxYemkqfiBog0b3Bip1oSGXV1Bf1NgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBywzRVpLiXDYHaOoYPVcYZ8rsFfMB8GA1UdIwQY
MBaAFBZq/FHJIv2EL+xbDLvSbr29GhYeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEt
MTNiOTExMGNlMjBjLzEvSExETkZXa3VKY05nZG82aGc5Vnhobnl1d1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84OGM0NTQtY2JhYS00M2ZkLWIzYzEtMTNiOTExMGNlMjBj
LzEvRm1yOFVja2lfWVF2N0ZzTXU5SnV2YjBhRmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstL0MA0G
CSqGSIb3DQEBCwUAA4IBAQCMws9XhJL9XA2ZacJE/a2+pcbY3OXWgBHmGVy4h1On
Ylfjtj8lXllzH8RTGohEnpqJEJqJR8yM5UoGtuE+fHr7BtlCqEBSok4JMUMFnV3O
5Apk75zr9fP0e3fNfenF7cL0hwIdWA3mZ2TddyPDUsnsD0s+dtYevbuuAz96GS/L
01yxsQ2q29Mq8dp2elSoMtkkMo/6pU1HCno5wMphyHwnIrcosqAfhP139fG+5yH2
jIdLEbMIuho5AUsqZsmISLnYsFtVrH2WpHVS/ibjY2AG1989SGb26+ai407/cxI/
7tNRlnD3+Y6a0nCPRhUY+Xadd+H1Ki5hdERi7OLSXA20
-----END CERTIFICATE-----