Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/hnVCR69RVtD6DOQtKUfA66di3v8.roa
File:                     hnVCR69RVtD6DOQtKUfA66di3v8.roa (raw, json)
Hash identifier:          tMJ65Uy32W65OI2kXkCrStjDFzn3a6wfoxc74YD8CGM=
Subject key identifier:   86:75:42:47:AF:51:56:D0:FA:0C:E4:2D:29:47:C0:EB:A7:62:DE:FF
Certificate issuer:       /CN=2cc25ff32918f0b49306259d483afb9e381a3915
Certificate serial:       019421B21C167F3A1DC11D36706B71A38A59
Authority key identifier: 2C:C2:5F:F3:29:18:F0:B4:93:06:25:9D:48:3A:FB:9E:38:1A:39:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/hnVCR69RVtD6DOQtKUfA66di3v8.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        185.158.172.0/24 maxlen: 24
                          185.158.173.0/24 maxlen: 24
                          185.158.174.0/24 maxlen: 24
                          185.158.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1c:16:7f:3a:1d:c1:1d:36:70:6b:71:a3:8a:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cc25ff32918f0b49306259d483afb9e381a3915
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86754247af5156d0fa0ce42d2947c0eba762deff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:52:64:bd:f2:1f:82:92:a6:ca:22:48:8a:
                    79:f9:98:56:82:af:45:c4:7e:f5:67:33:0d:34:69:
                    bb:90:30:34:71:1f:f3:24:95:cb:3a:ec:5f:3a:58:
                    2f:fa:19:8e:b5:65:62:b9:3d:0b:96:04:16:e0:49:
                    14:e6:1b:81:06:eb:a3:d0:a4:e3:00:d1:c5:ed:03:
                    bd:47:b6:f2:a6:6d:1e:50:30:c0:aa:45:b3:f5:01:
                    c8:58:03:3f:03:d2:22:89:24:31:3a:77:11:fa:e4:
                    27:b1:53:30:a7:9a:8c:39:e5:6d:52:4d:c8:0d:0f:
                    b8:ce:bd:84:41:59:2b:eb:ae:8e:e5:fe:45:5e:df:
                    57:6d:e7:8e:d1:93:da:1b:e0:0f:e1:fd:5f:d2:f9:
                    25:99:c4:9a:b4:a9:b6:33:e7:99:fe:f4:11:bf:51:
                    9a:5f:8e:64:2f:d9:c1:a7:fb:4c:00:f3:5e:30:e4:
                    cc:4a:46:14:39:ce:1b:3b:f8:7e:f4:78:bb:20:7b:
                    9f:58:5b:fa:01:5f:a0:bc:ec:37:21:80:08:c4:f7:
                    5c:ce:90:21:52:e4:6c:2a:96:18:61:c8:06:1c:ee:
                    ec:9a:00:23:2b:f3:4b:e8:62:a5:25:e5:9c:b2:b4:
                    43:d1:f4:fc:b7:fc:f6:b1:46:92:b1:84:ac:cf:b4:
                    61:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:75:42:47:AF:51:56:D0:FA:0C:E4:2D:29:47:C0:EB:A7:62:DE:FF
            X509v3 Authority Key Identifier:
                keyid:2C:C2:5F:F3:29:18:F0:B4:93:06:25:9D:48:3A:FB:9E:38:1A:39:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LMJf8ykY8LSTBiWdSDr7njgaORU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/hnVCR69RVtD6DOQtKUfA66di3v8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1277ec-156a-46c4-9f03-e25751b3ffd5/1/LMJf8ykY8LSTBiWdSDr7njgaORU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:d8:1b:bb:01:68:b1:05:32:c1:74:d9:38:aa:82:c5:77:a8:
         d9:c3:5c:99:50:a9:b7:a6:02:5b:c6:42:7b:5c:a0:83:cd:44:
         69:55:bd:38:31:90:75:01:6b:3f:81:90:61:30:bd:1a:4a:02:
         70:d2:39:db:99:4e:4d:99:f4:ab:3f:e0:54:b1:ed:6a:9e:1e:
         86:07:19:67:1b:a6:b4:ef:21:59:26:c9:16:64:9f:0c:08:eb:
         55:12:02:65:06:e0:57:a8:2e:fa:68:71:27:1f:14:52:7c:d2:
         f7:5e:61:4e:fb:3c:83:3b:cc:39:ac:77:58:14:12:6f:7c:33:
         e6:25:07:45:9d:2f:96:de:88:b4:e4:93:4d:15:7f:96:af:29:
         14:29:e5:a3:f2:2b:73:64:97:28:cd:44:24:ea:df:bb:bb:3f:
         3e:c7:7b:51:7e:4c:4c:b6:f9:6b:13:ef:2e:e1:1a:cd:77:d6:
         a0:a4:5d:42:c5:95:70:53:b9:3f:fe:c6:6b:b9:08:b9:51:fe:
         86:76:a1:5e:b8:f2:a2:82:15:cb:16:03:be:1b:09:7f:e6:85:
         b1:fa:df:f3:c1:19:95:86:53:64:91:2e:c9:62:cd:92:ea:03:
         5a:10:fd:e0:af:14:15:97:1b:fe:47:3d:91:00:e3:03:80:b4:
         8f:16:b7:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshwWfzodwR02cGtxo4pZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYzI1ZmYzMjkxOGYwYjQ5MzA2MjU5ZDQ4M2FmYjllMzgx
YTM5MTUwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc1NDI0N2FmNTE1NmQwZmEwY2U0MmQyOTQ3YzBlYmE3NjJkZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwlSZL3yH4KSpsoiSIp5+ZhWgq9F
xH71ZzMNNGm7kDA0cR/zJJXLOuxfOlgv+hmOtWViuT0LlgQW4EkU5huBBuuj0KTj
ANHF7QO9R7bypm0eUDDAqkWz9QHIWAM/A9IiiSQxOncR+uQnsVMwp5qMOeVtUk3I
DQ+4zr2EQVkr666O5f5FXt9XbeeO0ZPaG+AP4f1f0vklmcSatKm2M+eZ/vQRv1Ga
X45kL9nBp/tMAPNeMOTMSkYUOc4bO/h+9Hi7IHufWFv6AV+gvOw3IYAIxPdczpAh
UuRsKpYYYcgGHO7smgAjK/NL6GKlJeWcsrRD0fT8t/z2sUaSsYSsz7RhJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ1QkevUVbQ+gzkLSlHwOunYt7/MB8GA1UdIwQY
MBaAFCzCX/MpGPC0kwYlnUg6+544GjkVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE1KZjh5a1k4TFNUQmlXZFNEcjduamdhT1JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8xMjc3ZWMtMTU2YS00NmM0LTlmMDMt
ZTI1NzUxYjNmZmQ1LzEvaG5WQ1I2OVJWdEQ2RE9RdEtVZkE2NmRpM3Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8xMjc3ZWMtMTU2YS00NmM0LTlmMDMtZTI1NzUxYjNmZmQ1
LzEvTE1KZjh5a1k4TFNUQmlXZFNEcjduamdhT1JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ6sMA0G
CSqGSIb3DQEBCwUAA4IBAQCA2Bu7AWixBTLBdNk4qoLFd6jZw1yZUKm3pgJbxkJ7
XKCDzURpVb04MZB1AWs/gZBhML0aSgJw0jnbmU5NmfSrP+BUse1qnh6GBxlnG6a0
7yFZJskWZJ8MCOtVEgJlBuBXqC76aHEnHxRSfNL3XmFO+zyDO8w5rHdYFBJvfDPm
JQdFnS+W3oi05JNNFX+WrykUKeWj8itzZJcozUQk6t+7uz8+x3tRfkxMtvlrE+8u
4RrNd9agpF1CxZVwU7k//sZruQi5Uf6GdqFeuPKighXLFgO+Gwl/5oWx+t/zwRmV
hlNkkS7JYs2S6gNaEP3grxQVlxv+Rz2RAOMDgLSPFrdu
-----END CERTIFICATE-----