Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/Hu3G8484fKZTgdfl16c2pwBVLzw.roa
File:                     Hu3G8484fKZTgdfl16c2pwBVLzw.roa (raw, json)
Hash identifier:          3SfpQQtf4mcFv0Cl8RORRLy8kXw31wWhyAgb5576Kg0=
Subject key identifier:   1E:ED:C6:F3:8F:38:7C:A6:53:81:D7:E5:D7:A7:36:A7:00:55:2F:3C
Certificate issuer:       /CN=2cc25ff32918f0b49306259d483afb9e381a3915
Certificate serial:       019421B219E0E29DCFF9DA06AF062E8AECEA
Authority key identifier: 2C:C2:5F:F3:29:18:F0:B4:93:06:25:9D:48:3A:FB:9E:38:1A:39:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/Hu3G8484fKZTgdfl16c2pwBVLzw.roa
Signing time:             Wed 01 Jan 2025 11:48:27 +0000
ROA not before:           Wed 01 Jan 2025 11:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48147
IP address blocks:        185.158.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:19:e0:e2:9d:cf:f9:da:06:af:06:2e:8a:ec:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cc25ff32918f0b49306259d483afb9e381a3915
        Validity
            Not Before: Jan  1 11:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eedc6f38f387ca65381d7e5d7a736a700552f3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:cf:f4:b2:43:a2:2f:3d:d1:da:91:e0:c1:6a:
                    50:3e:3e:03:66:dd:86:5b:33:57:2d:98:d6:a0:20:
                    8e:19:18:aa:a7:e1:59:46:26:07:4f:1f:9d:4a:b3:
                    2a:7e:66:3b:eb:70:25:24:86:35:32:34:98:46:32:
                    a8:5b:0e:1e:52:db:16:7f:ff:b2:c5:da:e1:8f:ad:
                    af:7c:23:07:e1:b9:bf:e0:3b:90:66:17:93:22:ac:
                    3f:60:f3:47:25:0b:50:4d:28:eb:56:75:83:b2:4b:
                    ae:99:49:5f:23:36:a1:9c:5b:e6:1f:a3:0e:06:3c:
                    07:50:01:4a:1a:a2:54:a0:a7:11:b4:2c:0a:68:6c:
                    8c:24:b7:a4:a1:7a:ae:19:43:5e:42:93:2a:06:0b:
                    27:22:aa:e2:e6:3f:72:a3:58:80:cf:b8:97:5f:75:
                    1e:1e:e7:49:e1:2f:21:f2:5e:c9:ae:64:d6:cb:f4:
                    74:77:a3:4e:e2:b4:d0:f4:5d:31:20:ac:6a:92:7f:
                    75:c2:82:73:95:0e:05:7e:4a:54:c8:b4:7b:75:9c:
                    ca:1f:a8:90:15:59:9c:7b:ba:8a:b1:5b:e7:ee:4a:
                    ca:fd:a2:1c:cb:db:26:77:a1:98:55:7a:c4:43:69:
                    87:84:fa:2d:7f:5b:23:d2:6e:39:d6:a5:b0:49:e1:
                    c0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:ED:C6:F3:8F:38:7C:A6:53:81:D7:E5:D7:A7:36:A7:00:55:2F:3C
            X509v3 Authority Key Identifier:
                keyid:2C:C2:5F:F3:29:18:F0:B4:93:06:25:9D:48:3A:FB:9E:38:1A:39:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/Hu3G8484fKZTgdfl16c2pwBVLzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:81:e4:1e:80:bd:22:ed:0d:2c:e4:6e:d9:27:f8:72:d2:a4:
         48:91:93:2f:57:4a:f8:0f:93:34:50:ee:c2:3b:99:fb:b8:48:
         29:d1:c3:ce:37:cc:1e:49:7c:9a:69:e5:a1:ce:a9:fa:e4:5d:
         07:c0:d5:34:d9:d3:7b:eb:78:0b:f9:45:98:78:65:59:ea:cf:
         83:a5:88:1e:c2:03:c7:18:98:71:01:67:93:95:64:fe:18:d8:
         8a:dd:87:39:6e:c0:5a:61:ad:2a:11:4d:cf:d7:18:c5:32:fe:
         07:5d:95:2a:37:ee:7f:92:3d:3f:3c:84:e7:a9:9c:04:83:87:
         d4:d7:ae:03:57:be:30:00:af:cc:11:bb:91:45:06:a8:23:c7:
         b7:01:f6:13:f0:f6:c1:c9:8c:22:24:da:dd:e6:cf:12:46:23:
         83:c3:f9:b5:57:e9:d9:64:c9:27:7a:6f:3f:bb:75:dd:c9:a0:
         20:f6:49:28:d4:c2:6d:fb:05:18:c9:9a:4e:7b:f7:9f:ea:49:
         67:79:43:68:5d:01:93:aa:b7:55:96:0b:3a:b5:1c:42:a5:fb:
         48:15:6e:ab:74:cb:ad:5e:a3:f3:4c:a2:79:b9:1c:2d:77:8b:
         10:9a:23:ae:4d:af:81:91:16:09:4a:cd:1b:88:e9:83:04:2a:
         41:cc:a7:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshng4p3P+doGrwYuiuzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYzI1ZmYzMjkxOGYwYjQ5MzA2MjU5ZDQ4M2FmYjllMzgx
YTM5MTUwHhcNMjUwMTAxMTE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWVkYzZmMzhmMzg3Y2E2NTM4MWQ3ZTVkN2E3MzZhNzAwNTUyZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28/0skOiLz3R2pHgwWpQPj4DZt2G
WzNXLZjWoCCOGRiqp+FZRiYHTx+dSrMqfmY763AlJIY1MjSYRjKoWw4eUtsWf/+y
xdrhj62vfCMH4bm/4DuQZheTIqw/YPNHJQtQTSjrVnWDskuumUlfIzahnFvmH6MO
BjwHUAFKGqJUoKcRtCwKaGyMJLekoXquGUNeQpMqBgsnIqri5j9yo1iAz7iXX3Ue
HudJ4S8h8l7JrmTWy/R0d6NO4rTQ9F0xIKxqkn91woJzlQ4FfkpUyLR7dZzKH6iQ
FVmce7qKsVvn7krK/aIcy9smd6GYVXrEQ2mHhPotf1sj0m451qWwSeHAWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7txvOPOHymU4HX5denNqcAVS88MB8GA1UdIwQY
MBaAFCzCX/MpGPC0kwYlnUg6+544GjkVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE1KZjh5a1k4TFNUQmlXZFNEcjduamdhT1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8xMjc3ZWMtMTU2YS00NmM0LTlmMDMt
ZTI1NzUxYjNmZmQ1LzEvSHUzRzg0ODRmS1pUZ2RmbDE2YzJwd0JWTHp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8xMjc3ZWMtMTU2YS00NmM0LTlmMDMtZTI1NzUxYjNmZmQ1
LzEvTE1KZjh5a1k4TFNUQmlXZFNEcjduamdhT1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ6vMA0G
CSqGSIb3DQEBCwUAA4IBAQALgeQegL0i7Q0s5G7ZJ/hy0qRIkZMvV0r4D5M0UO7C
O5n7uEgp0cPON8weSXyaaeWhzqn65F0HwNU02dN763gL+UWYeGVZ6s+DpYgewgPH
GJhxAWeTlWT+GNiK3Yc5bsBaYa0qEU3P1xjFMv4HXZUqN+5/kj0/PITnqZwEg4fU
164DV74wAK/MEbuRRQaoI8e3AfYT8PbByYwiJNrd5s8SRiODw/m1V+nZZMknem8/
u3XdyaAg9kko1MJt+wUYyZpOe/ef6klneUNoXQGTqrdVlgs6tRxCpftIFW6rdMut
XqPzTKJ5uRwtd4sQmiOuTa+BkRYJSs0biOmDBCpBzKfH
-----END CERTIFICATE-----