Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/231a4a-83de-42fd-9691-8062f241dd96/1/hUJ0JgMLTl6DaNpa_6-3XqSGCm4.roa
File:                     hUJ0JgMLTl6DaNpa_6-3XqSGCm4.roa (raw, json)
Hash identifier:          5zuqR91vkYspzPXhPdWjldTSLonIqkx5t3d++X9qoRQ=
Subject key identifier:   85:42:74:26:03:0B:4E:5E:83:68:DA:5A:FF:AF:B7:5E:A4:86:0A:6E
Certificate issuer:       /CN=10a9650d7217ddb99f3bc00ebddd6bb2028512e7
Certificate serial:       019420D5B7DD46CF4BF75CBF9D702935732A
Authority key identifier: 10:A9:65:0D:72:17:DD:B9:9F:3B:C0:0E:BD:DD:6B:B2:02:85:12:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EKllDXIX3bmfO8AOvd1rsgKFEuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/231a4a-83de-42fd-9691-8062f241dd96/1/hUJ0JgMLTl6DaNpa_6-3XqSGCm4.roa
Signing time:             Wed 01 Jan 2025 07:47:44 +0000
ROA not before:           Wed 01 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58027
IP address blocks:        192.94.233.0/24 maxlen: 24
                          2001:67c:1b00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/231a4a-83de-42fd-9691-8062f241dd96/1/EKllDXIX3bmfO8AOvd1rsgKFEuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/231a4a-83de-42fd-9691-8062f241dd96/1/EKllDXIX3bmfO8AOvd1rsgKFEuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EKllDXIX3bmfO8AOvd1rsgKFEuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b7:dd:46:cf:4b:f7:5c:bf:9d:70:29:35:73:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10a9650d7217ddb99f3bc00ebddd6bb2028512e7
        Validity
            Not Before: Jan  1 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85427426030b4e5e8368da5affafb75ea4860a6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:4b:db:b9:0d:e7:00:b2:89:c0:86:e5:fe:22:
                    fe:36:c5:f9:72:93:88:b5:6d:75:55:23:63:be:37:
                    f5:55:92:de:14:75:d1:27:6b:a8:cc:03:a8:d4:c6:
                    0d:fe:91:c2:fe:4b:25:be:4a:73:f5:c5:cc:20:34:
                    ab:7e:5a:04:01:ff:67:6c:55:77:10:4d:1e:c7:e3:
                    d6:e5:af:28:63:a3:a0:81:e1:58:77:99:25:c0:52:
                    54:c4:7b:e4:92:cb:a0:3b:21:c3:23:0e:97:c4:17:
                    2f:2b:1d:e2:79:0c:0b:76:5d:f1:e9:38:6d:4d:c4:
                    7e:cb:92:43:50:5e:6f:46:bc:a1:df:5f:e9:e2:45:
                    54:a2:00:84:f8:5e:ae:3d:b9:81:c7:28:d5:a6:10:
                    d8:7f:da:7f:87:85:66:4a:79:78:60:99:e6:96:b7:
                    65:ec:b6:24:b5:25:78:a0:b2:18:59:5d:3f:8d:a1:
                    3d:b3:80:06:43:ad:e4:1b:77:71:15:27:37:17:24:
                    02:38:04:0e:ea:3c:7f:19:6f:1c:e1:d1:f3:52:e9:
                    54:17:4f:e3:d6:b6:47:a4:b3:73:55:1d:cd:c1:9a:
                    4f:89:74:1c:2b:9f:f5:13:2c:69:68:c1:a4:98:7d:
                    c2:9e:ef:0d:1d:e6:96:89:43:88:3b:97:6d:75:b7:
                    5d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:42:74:26:03:0B:4E:5E:83:68:DA:5A:FF:AF:B7:5E:A4:86:0A:6E
            X509v3 Authority Key Identifier:
                keyid:10:A9:65:0D:72:17:DD:B9:9F:3B:C0:0E:BD:DD:6B:B2:02:85:12:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EKllDXIX3bmfO8AOvd1rsgKFEuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/231a4a-83de-42fd-9691-8062f241dd96/1/hUJ0JgMLTl6DaNpa_6-3XqSGCm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/231a4a-83de-42fd-9691-8062f241dd96/1/EKllDXIX3bmfO8AOvd1rsgKFEuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.94.233.0/24
                IPv6:
                  2001:67c:1b00::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:39:84:f9:9b:7f:65:10:8d:3d:b6:5d:f2:d8:7f:0f:3b:6b:
         06:f6:c8:1d:e2:64:ca:35:15:78:b3:b8:a1:0b:80:15:8e:e7:
         2c:9d:99:17:c8:ef:d2:fa:c0:46:c2:fc:86:73:74:e7:70:5b:
         20:ee:6f:fb:f8:3a:7c:f2:fb:c9:98:19:90:80:b8:ef:86:b4:
         13:8d:00:1c:34:1c:54:4e:bc:bc:4a:f9:9d:4e:37:9d:e1:66:
         8e:7e:c7:55:2d:62:bd:a4:01:1b:73:19:92:14:37:50:6c:35:
         5c:91:9b:bb:f6:e4:05:de:08:42:63:9c:d7:79:bd:d2:80:1c:
         2f:36:fa:8a:a2:88:1d:f4:e7:1a:ad:af:90:6b:5c:18:2a:33:
         c9:ef:96:c2:71:c5:13:ac:5b:5d:94:26:d7:85:d2:28:df:e4:
         1d:d4:e8:1f:39:b9:15:df:a1:fe:aa:f1:dc:fb:58:2e:7e:5a:
         b9:05:22:94:7d:c5:bf:21:a8:78:eb:3a:79:cc:56:da:d9:f8:
         d4:c6:8c:8a:8a:4e:7f:e2:36:f9:12:e8:18:eb:48:a9:17:54:
         5d:57:64:cb:01:74:55:22:6f:17:22:e1:88:e4:c9:0a:14:ee:
         dd:d5:96:df:a6:32:31:e5:36:24:17:74:39:01:81:49:99:1b:
         05:ff:ee:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1bfdRs9L91y/nXApNXMqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwYTk2NTBkNzIxN2RkYjk5ZjNiYzAwZWJkZGQ2YmIyMDI4
NTEyZTcwHhcNMjUwMTAxMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQyNzQyNjAzMGI0ZTVlODM2OGRhNWFmZmFmYjc1ZWE0ODYwYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUvbuQ3nALKJwIbl/iL+NsX5cpOI
tW11VSNjvjf1VZLeFHXRJ2uozAOo1MYN/pHC/kslvkpz9cXMIDSrfloEAf9nbFV3
EE0ex+PW5a8oY6OggeFYd5klwFJUxHvkksugOyHDIw6XxBcvKx3ieQwLdl3x6Tht
TcR+y5JDUF5vRryh31/p4kVUogCE+F6uPbmBxyjVphDYf9p/h4VmSnl4YJnmlrdl
7LYktSV4oLIYWV0/jaE9s4AGQ63kG3dxFSc3FyQCOAQO6jx/GW8c4dHzUulUF0/j
1rZHpLNzVR3NwZpPiXQcK5/1EyxpaMGkmH3Cnu8NHeaWiUOIO5dtdbdd4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIVCdCYDC05eg2jaWv+vt16khgpuMB8GA1UdIwQY
MBaAFBCpZQ1yF925nzvADr3da7IChRLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUtsbERYSVgzYm1mTzhBT3ZkMXJzZ0tGRXVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8yMzFhNGEtODNkZS00MmZkLTk2OTEt
ODA2MmYyNDFkZDk2LzEvaFVKMEpnTUxUbDZEYU5wYV82LTNYcVNHQ200LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8yMzFhNGEtODNkZS00MmZkLTk2OTEtODA2MmYyNDFkZDk2
LzEvRUtsbERYSVgzYm1mTzhBT3ZkMXJzZ0tGRXVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwF7pMA8E
AgACMAkDBwAgAQZ8GwAwDQYJKoZIhvcNAQELBQADggEBAHc5hPmbf2UQjT22XfLY
fw87awb2yB3iZMo1FXizuKELgBWO5yydmRfI79L6wEbC/IZzdOdwWyDub/v4Onzy
+8mYGZCAuO+GtBONABw0HFROvLxK+Z1ON53hZo5+x1UtYr2kARtzGZIUN1BsNVyR
m7v25AXeCEJjnNd5vdKAHC82+oqiiB305xqtr5BrXBgqM8nvlsJxxROsW12UJteF
0ijf5B3U6B85uRXfof6q8dz7WC5+WrkFIpR9xb8hqHjrOnnMVtrZ+NTGjIqKTn/i
NvkS6BjrSKkXVF1XZMsBdFUibxci4YjkyQoU7t3Vlt+mMjHlNiQXdDkBgUmZGwX/
7r0=
-----END CERTIFICATE-----