Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/cs1_hnr2v_RESMbUBcnLEeHdvL0.roa
File:                     cs1_hnr2v_RESMbUBcnLEeHdvL0.roa (raw, json)
Hash identifier:          bQIbEK9aQwzm+EgLeePtROO+uC2BmOE2JtvqLImUO3Y=
Subject key identifier:   72:CD:7F:86:7A:F6:BF:F4:44:48:C6:D4:05:C9:CB:11:E1:DD:BC:BD
Certificate issuer:       /CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
Certificate serial:       0194222037C445FFDAD051F5BA8F995AFF28
Authority key identifier: 65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/cs1_hnr2v_RESMbUBcnLEeHdvL0.roa
Signing time:             Wed 01 Jan 2025 13:48:44 +0000
ROA not before:           Wed 01 Jan 2025 13:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31742
IP address blocks:        195.153.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:37:c4:45:ff:da:d0:51:f5:ba:8f:99:5a:ff:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=653f55629121b60fb19c97f99c75dd6f015dd6e8
        Validity
            Not Before: Jan  1 13:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72cd7f867af6bff44448c6d405c9cb11e1ddbcbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:eb:00:b0:f4:e9:12:36:55:1d:b0:c2:79:02:
                    b4:0f:48:48:8a:16:0c:d7:51:d8:22:50:f6:d6:5a:
                    48:40:cf:21:62:3e:fd:2d:4c:d4:00:e4:98:18:48:
                    ae:3d:76:7a:f2:35:67:43:be:2e:bf:81:37:eb:d4:
                    a0:f9:cb:87:f1:f9:78:e3:76:b8:85:fc:06:b4:10:
                    14:40:8f:bb:71:80:f9:67:be:a6:8f:29:6c:80:48:
                    74:76:18:d6:8f:35:62:6f:72:f1:2c:e9:da:22:28:
                    f8:3e:00:8e:25:73:5b:40:92:27:b5:50:5a:e0:cf:
                    17:78:0b:89:17:52:58:b0:18:fd:85:58:39:c4:ba:
                    16:79:c4:8a:23:b4:d9:b0:65:bf:2f:d7:23:cd:25:
                    0c:fe:49:50:6c:cd:4a:37:a8:cb:39:9c:8b:b4:92:
                    94:e7:32:59:d9:6d:72:3b:0c:3c:22:b8:18:f7:17:
                    27:b9:f6:af:9d:6c:87:4a:ca:e7:82:76:0b:99:17:
                    2b:93:4d:56:e8:5f:61:2e:f9:2c:39:b8:ba:60:ce:
                    c9:18:3b:3d:00:9a:c4:2c:9b:f3:e8:fc:9b:57:dd:
                    50:1b:0e:11:96:a3:66:4a:89:a4:16:df:ea:4e:c2:
                    f5:a8:f9:42:55:f1:ab:75:d4:6c:40:59:a7:a1:3c:
                    39:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:CD:7F:86:7A:F6:BF:F4:44:48:C6:D4:05:C9:CB:11:E1:DD:BC:BD
            X509v3 Authority Key Identifier:
                keyid:65:3F:55:62:91:21:B6:0F:B1:9C:97:F9:9C:75:DD:6F:01:5D:D6:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/cs1_hnr2v_RESMbUBcnLEeHdvL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74cf3b-9f5c-4f5e-96c4-2926d281b514/1/ZT9VYpEhtg-xnJf5nHXdbwFd1ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.153.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:12:cc:f4:08:cc:16:32:cc:69:a2:9e:cd:c9:13:98:e1:4e:
         48:28:fa:98:d6:0a:66:9e:d8:89:86:cf:f5:5b:95:df:46:55:
         8f:33:e1:ca:34:1a:58:85:eb:86:55:49:73:f6:bd:6c:81:cf:
         2f:34:31:95:cd:af:f1:a2:96:58:9a:6f:9c:b3:1c:77:71:75:
         39:08:2d:ff:c2:89:83:cf:c1:c4:a3:35:ac:62:f0:3f:6d:70:
         1f:44:a0:3c:2b:fb:92:e3:3f:ef:f7:0f:ce:2f:81:66:94:78:
         da:2b:f8:a8:63:67:7e:cc:63:3d:c2:c4:40:f0:d0:d5:93:a8:
         5e:78:ce:7a:a8:c2:41:e7:88:3d:b1:68:f1:77:98:3e:3a:e1:
         16:78:fa:0b:23:dc:a2:6f:46:1c:42:0b:e2:dc:fc:9d:21:74:
         51:c6:68:e2:a2:67:18:9f:2f:9c:b7:89:2e:3d:71:84:f0:72:
         8a:98:d3:1c:a9:f7:da:b0:70:77:69:51:1d:9d:7b:3f:72:2f:
         7c:b0:10:11:2f:54:16:2a:79:06:7e:24:5a:7e:cb:ef:ff:1f:
         54:07:85:b2:c3:33:4b:18:62:00:e5:74:e6:fa:36:76:5e:28:
         1f:94:d2:49:a0:b1:99:41:6b:e7:1a:b4:ab:96:cc:64:9b:bc:
         9e:cb:31:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDfERf/a0FH1uo+ZWv8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1M2Y1NTYyOTEyMWI2MGZiMTljOTdmOTljNzVkZDZmMDE1
ZGQ2ZTgwHhcNMjUwMTAxMTM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmNkN2Y4NjdhZjZiZmY0NDQ0OGM2ZDQwNWM5Y2IxMWUxZGRiY2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOsAsPTpEjZVHbDCeQK0D0hIihYM
11HYIlD21lpIQM8hYj79LUzUAOSYGEiuPXZ68jVnQ74uv4E369Sg+cuH8fl443a4
hfwGtBAUQI+7cYD5Z76mjylsgEh0dhjWjzVib3LxLOnaIij4PgCOJXNbQJIntVBa
4M8XeAuJF1JYsBj9hVg5xLoWecSKI7TZsGW/L9cjzSUM/klQbM1KN6jLOZyLtJKU
5zJZ2W1yOww8IrgY9xcnufavnWyHSsrngnYLmRcrk01W6F9hLvksObi6YM7JGDs9
AJrELJvz6PybV91QGw4RlqNmSomkFt/qTsL1qPlCVfGrddRsQFmnoTw5cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLNf4Z69r/0REjG1AXJyxHh3by9MB8GA1UdIwQY
MBaAFGU/VWKRIbYPsZyX+Zx13W8BXdboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQt
MjkyNmQyODFiNTE0LzEvY3MxX2hucjJ2X1JFU01iVUJjbkxFZUhkdkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGNmM2ItOWY1Yy00ZjVlLTk2YzQtMjkyNmQyODFiNTE0
LzEvWlQ5VllwRWh0Zy14bkpmNW5IWGRid0ZkMXVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5l8MA0G
CSqGSIb3DQEBCwUAA4IBAQCWEsz0CMwWMsxpop7NyROY4U5IKPqY1gpmntiJhs/1
W5XfRlWPM+HKNBpYheuGVUlz9r1sgc8vNDGVza/xopZYmm+csxx3cXU5CC3/womD
z8HEozWsYvA/bXAfRKA8K/uS4z/v9w/OL4FmlHjaK/ioY2d+zGM9wsRA8NDVk6he
eM56qMJB54g9sWjxd5g+OuEWePoLI9yib0YcQgvi3PydIXRRxmjiomcYny+ct4ku
PXGE8HKKmNMcqffasHB3aVEdnXs/ci98sBARL1QWKnkGfiRafsvv/x9UB4WywzNL
GGIA5XTm+jZ2XigflNJJoLGZQWvnGrSrlsxkm7yeyzEu
-----END CERTIFICATE-----