Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/h0Rq-64YdH2Rhgx8VqQPxecaOJk.roa
File:                     h0Rq-64YdH2Rhgx8VqQPxecaOJk.roa (raw, json)
Hash identifier:          +OMPPDfPiGbQBs5xm10WtKzO2XvkhzUC6VL8TFg0R8M=
Subject key identifier:   87:44:6A:FB:AE:18:74:7D:91:86:0C:7C:56:A4:0F:C5:E7:1A:38:99
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       019427B520C4DAA5A643BB27F3C302956D1F
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/h0Rq-64YdH2Rhgx8VqQPxecaOJk.roa
Signing time:             Thu 02 Jan 2025 15:49:29 +0000
ROA not before:           Thu 02 Jan 2025 15:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205800
IP address blocks:        185.239.177.0/24 maxlen: 24
                          185.239.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:20:c4:da:a5:a6:43:bb:27:f3:c3:02:95:6d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: Jan  2 15:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87446afbae18747d91860c7c56a40fc5e71a3899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6c:cd:9f:18:16:87:36:0b:91:da:a1:49:42:
                    dc:15:55:1e:c6:cc:71:2b:84:9e:b9:4f:c6:08:34:
                    8f:d5:e3:77:20:d5:b7:99:2c:e4:69:ee:11:c3:e9:
                    15:66:2c:65:7c:ce:07:ce:3c:0e:5a:b4:c4:83:06:
                    b6:b6:6c:3d:64:1b:12:6c:67:0d:a3:d3:90:43:18:
                    6d:fd:89:3a:4c:b7:e2:c6:2c:f9:03:18:f3:e2:28:
                    fc:12:f5:20:e5:c8:66:90:5b:d6:99:2b:fd:60:39:
                    60:80:16:85:f4:cd:cc:c5:28:9c:ab:41:ff:59:6d:
                    36:23:68:0e:00:9d:6d:26:46:b6:ef:4f:45:8b:e0:
                    d4:80:db:02:09:72:af:9e:99:d7:8d:08:06:f5:51:
                    82:16:96:e8:14:72:38:e6:69:8f:23:c2:69:b6:bb:
                    b6:9c:a9:74:1b:2c:dc:50:ed:38:46:e5:ac:f1:a6:
                    b7:30:df:88:d6:de:93:59:8a:99:cf:1c:90:b8:37:
                    16:3b:56:ed:10:21:48:1a:cc:d3:b7:f5:35:a9:49:
                    33:a1:0f:f8:a5:8a:97:a0:a8:a4:da:f5:a2:ca:b0:
                    e6:38:3c:8a:01:9f:ea:72:7f:55:9e:61:0f:19:31:
                    6d:04:d3:79:ed:66:e8:a7:26:6e:78:b3:e7:41:bd:
                    18:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:44:6A:FB:AE:18:74:7D:91:86:0C:7C:56:A4:0F:C5:E7:1A:38:99
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/h0Rq-64YdH2Rhgx8VqQPxecaOJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.177.0/24
                  185.239.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:c2:3d:be:d5:6f:e5:14:5c:88:c1:e2:02:3b:f6:2b:ed:3f:
         7a:4a:bf:23:a1:3b:ea:13:1e:94:ad:72:73:a2:28:84:90:78:
         d9:44:fb:ff:a7:5e:dc:75:ca:5b:0d:69:80:44:f0:72:99:90:
         95:55:6f:7f:89:78:6e:fd:c0:15:dd:20:e0:20:78:5e:77:22:
         5b:6f:b7:35:e1:eb:34:d7:bd:cb:7a:e0:ee:da:df:7a:a9:bb:
         4f:0a:e5:3f:6a:89:42:52:c2:19:0e:69:5c:6d:e8:bb:bb:d2:
         b8:db:c0:df:77:76:ca:97:1b:3c:db:3d:7e:f8:2f:a5:2c:27:
         65:b0:c4:a6:98:2f:ed:ed:04:a3:d4:40:96:35:47:55:36:9a:
         36:6b:e7:b5:77:56:d2:02:43:34:81:e0:2b:ac:cf:ee:d7:ac:
         e9:5f:77:d2:e1:a9:c2:1c:3a:ce:2c:df:1b:8f:2b:e2:b0:d8:
         64:7f:0b:e8:88:41:3a:d4:98:7a:ae:64:78:82:16:49:c4:1a:
         a3:59:b9:ab:9f:c5:d4:71:31:12:67:86:45:66:d8:b3:4a:ea:
         2e:00:d9:4c:c3:d6:b6:a4:c1:58:0a:70:7e:20:e3:94:e9:d9:
         0b:78:e5:a5:be:86:61:d4:29:5f:65:4c:d7:c7:b9:c6:d5:e3:
         92:17:d1:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntSDE2qWmQ7sn88MClW0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjUwMTAyMTU0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzQ0NmFmYmFlMTg3NDdkOTE4NjBjN2M1NmE0MGZjNWU3MWEzODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmzNnxgWhzYLkdqhSULcFVUexsxx
K4SeuU/GCDSP1eN3INW3mSzkae4Rw+kVZixlfM4HzjwOWrTEgwa2tmw9ZBsSbGcN
o9OQQxht/Yk6TLfixiz5Axjz4ij8EvUg5chmkFvWmSv9YDlggBaF9M3MxSicq0H/
WW02I2gOAJ1tJka2709Fi+DUgNsCCXKvnpnXjQgG9VGCFpboFHI45mmPI8Jptru2
nKl0GyzcUO04RuWs8aa3MN+I1t6TWYqZzxyQuDcWO1btECFIGszTt/U1qUkzoQ/4
pYqXoKik2vWiyrDmODyKAZ/qcn9VnmEPGTFtBNN57WbopyZueLPnQb0YtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIdEavuuGHR9kYYMfFakD8XnGjiZMB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvaDBScS02NFlkSDJSaGd4OFZxUVB4ZWNhT0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAue+xAwQA
ue+zMA0GCSqGSIb3DQEBCwUAA4IBAQB9wj2+1W/lFFyIweICO/Yr7T96Sr8joTvq
Ex6UrXJzoiiEkHjZRPv/p17cdcpbDWmARPBymZCVVW9/iXhu/cAV3SDgIHhedyJb
b7c14es0173LeuDu2t96qbtPCuU/aolCUsIZDmlcbei7u9K428Dfd3bKlxs82z1+
+C+lLCdlsMSmmC/t7QSj1ECWNUdVNpo2a+e1d1bSAkM0geArrM/u16zpX3fS4anC
HDrOLN8bjyvisNhkfwvoiEE61Jh6rmR4ghZJxBqjWbmrn8XUcTESZ4ZFZtizSuou
ANlMw9a2pMFYCnB+IOOU6dkLeOWlvoZh1ClfZUzXx7nG1eOSF9FT
-----END CERTIFICATE-----