Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/HrSCIGhI5pLFciUXIMT4CnC-hSs.roa
File:                     HrSCIGhI5pLFciUXIMT4CnC-hSs.roa (raw, json)
Hash identifier:          eWiCHygAovdf0PgGIUiCzBDgPi+OqepoXf9QONvD3xk=
Subject key identifier:   1E:B4:82:20:68:48:E6:92:C5:72:25:17:20:C4:F8:0A:70:BE:85:2B
Certificate issuer:       /CN=86623a8458eff347d424348588829ee137b45a3f
Certificate serial:       01942143FDD7A85AC812CA1418FE7F6A7394
Authority key identifier: 86:62:3A:84:58:EF:F3:47:D4:24:34:85:88:82:9E:E1:37:B4:5A:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hmI6hFjv80fUJDSFiIKe4Te0Wj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/HrSCIGhI5pLFciUXIMT4CnC-hSs.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43754
IP address blocks:        91.207.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/hmI6hFjv80fUJDSFiIKe4Te0Wj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/hmI6hFjv80fUJDSFiIKe4Te0Wj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hmI6hFjv80fUJDSFiIKe4Te0Wj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fd:d7:a8:5a:c8:12:ca:14:18:fe:7f:6a:73:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86623a8458eff347d424348588829ee137b45a3f
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eb482206848e692c572251720c4f80a70be852b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ce:84:7f:ad:c0:94:2b:8e:20:7e:11:8d:9b:
                    44:72:25:f2:1e:f5:57:44:f7:a6:64:22:c7:d1:97:
                    a2:bf:02:69:c7:bc:c3:a1:9b:5d:9d:e2:cc:a0:90:
                    98:a8:d5:53:84:25:74:89:f4:57:dc:8a:42:02:c9:
                    e5:eb:81:9d:c2:44:af:26:89:32:61:37:54:ce:50:
                    27:30:00:66:6d:9b:2c:a4:53:84:65:22:3e:a3:c4:
                    01:e7:88:3f:8c:32:f1:24:d5:1f:1b:7b:8a:c0:92:
                    d2:1e:76:5c:0d:fd:bb:bd:62:ca:3e:d5:bf:7f:0d:
                    c3:5e:e6:45:85:f7:6a:58:e8:d3:e5:1d:9d:c5:cb:
                    13:a1:07:6e:84:72:8b:53:70:28:0c:fd:62:f9:62:
                    a2:95:32:19:07:f9:8b:a3:d8:fa:ee:27:6c:17:3b:
                    01:1c:0c:15:76:0c:0e:9d:c3:5c:24:69:55:2e:27:
                    10:d6:cc:0d:df:b3:43:1f:dc:ee:82:de:10:56:a0:
                    23:3e:bb:7c:cf:16:dd:75:6e:54:52:7f:fd:f9:86:
                    c4:00:54:26:28:64:ed:7e:2f:a5:76:4f:4f:2b:9f:
                    8f:dc:02:b6:eb:e8:77:62:1e:72:2e:18:94:e9:3e:
                    ef:47:46:ac:ff:7d:1b:6b:40:6e:40:39:d1:74:b4:
                    0a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B4:82:20:68:48:E6:92:C5:72:25:17:20:C4:F8:0A:70:BE:85:2B
            X509v3 Authority Key Identifier:
                keyid:86:62:3A:84:58:EF:F3:47:D4:24:34:85:88:82:9E:E1:37:B4:5A:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hmI6hFjv80fUJDSFiIKe4Te0Wj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/HrSCIGhI5pLFciUXIMT4CnC-hSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/39db4d-e93f-4139-aad8-6c28bb40d52e/1/hmI6hFjv80fUJDSFiIKe4Te0Wj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a8:74:c9:a8:01:a8:86:02:01:bc:df:5c:97:29:55:2b:68:
         22:c9:5a:ef:ca:be:a9:a7:56:ff:f5:7b:32:69:97:dc:0b:b8:
         b5:88:8d:ca:d8:0b:c9:14:33:f1:27:1d:a9:a6:6a:67:61:9b:
         49:82:63:a3:e9:fa:59:2c:3d:0d:1d:b0:97:22:63:68:26:3e:
         0e:41:63:c8:a3:3e:1b:54:41:2d:67:f0:ef:e8:e9:80:ca:98:
         11:62:60:f1:26:e6:9f:96:16:40:25:03:a0:4f:17:a6:9f:96:
         01:d8:c5:75:c7:02:30:c0:8d:e6:5c:e8:b8:4e:ad:5d:cf:c3:
         14:af:5a:63:a8:f1:b3:89:a9:73:98:99:3f:af:3e:0a:ca:b1:
         c6:ff:b8:e7:60:e6:bc:4c:76:9a:f6:34:35:91:79:b6:cd:48:
         56:de:3e:bb:9f:f3:68:29:ec:85:97:44:0e:23:2a:91:65:4c:
         39:f6:21:d0:f8:e0:38:37:31:8c:02:f1:f7:8a:b6:d9:34:e6:
         9a:22:12:08:19:9e:01:3c:a8:e7:d0:47:94:6b:bd:2f:3a:0c:
         ba:07:65:7c:3c:91:7e:71:2b:6a:ae:51:8e:8e:38:e5:10:ab:
         0c:82:10:15:fe:32:fd:33:7a:eb:77:2f:75:fe:b9:85:68:d4:
         7a:03:00:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/3XqFrIEsoUGP5/anOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NjIzYTg0NThlZmYzNDdkNDI0MzQ4NTg4ODI5ZWUxMzdi
NDVhM2YwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWI0ODIyMDY4NDhlNjkyYzU3MjI1MTcyMGM0ZjgwYTcwYmU4NTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM6Ef63AlCuOIH4RjZtEciXyHvVX
RPemZCLH0ZeivwJpx7zDoZtdneLMoJCYqNVThCV0ifRX3IpCAsnl64GdwkSvJoky
YTdUzlAnMABmbZsspFOEZSI+o8QB54g/jDLxJNUfG3uKwJLSHnZcDf27vWLKPtW/
fw3DXuZFhfdqWOjT5R2dxcsToQduhHKLU3AoDP1i+WKilTIZB/mLo9j67idsFzsB
HAwVdgwOncNcJGlVLicQ1swN37NDH9zugt4QVqAjPrt8zxbddW5UUn/9+YbEAFQm
KGTtfi+ldk9PK5+P3AK26+h3Yh5yLhiU6T7vR0as/30ba0BuQDnRdLQK+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB60giBoSOaSxXIlFyDE+ApwvoUrMB8GA1UdIwQY
MBaAFIZiOoRY7/NH1CQ0hYiCnuE3tFo/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG1JNmhGanY4MGZVSkRTRmlJS2U0VGUwV2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8zOWRiNGQtZTkzZi00MTM5LWFhZDgt
NmMyOGJiNDBkNTJlLzEvSHJTQ0lHaEk1cExGY2lVWElNVDRDbkMtaFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8zOWRiNGQtZTkzZi00MTM5LWFhZDgtNmMyOGJiNDBkNTJl
LzEvaG1JNmhGanY4MGZVSkRTRmlJS2U0VGUwV2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8/NMA0G
CSqGSIb3DQEBCwUAA4IBAQAAqHTJqAGohgIBvN9clylVK2giyVrvyr6pp1b/9Xsy
aZfcC7i1iI3K2AvJFDPxJx2ppmpnYZtJgmOj6fpZLD0NHbCXImNoJj4OQWPIoz4b
VEEtZ/Dv6OmAypgRYmDxJuaflhZAJQOgTxemn5YB2MV1xwIwwI3mXOi4Tq1dz8MU
r1pjqPGzialzmJk/rz4KyrHG/7jnYOa8THaa9jQ1kXm2zUhW3j67n/NoKeyFl0QO
IyqRZUw59iHQ+OA4NzGMAvH3irbZNOaaIhIIGZ4BPKjn0EeUa70vOgy6B2V8PJF+
cStqrlGOjjjlEKsMghAV/jL9M3rrdy91/rmFaNR6AwBx
-----END CERTIFICATE-----