Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/hpAhrzOwgftCpIpd4wNiIu_a0eA.roa
File:                     hpAhrzOwgftCpIpd4wNiIu_a0eA.roa (raw, json)
Hash identifier:          v+YzOlEf60GdljyDX5gIy3T6X/Flx5RfQJyT4h0p+iQ=
Subject key identifier:   86:90:21:AF:33:B0:81:FB:42:A4:8A:5D:E3:03:62:22:EF:DA:D1:E0
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CB8E405C557C619FE8196D9F4537A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/hpAhrzOwgftCpIpd4wNiIu_a0eA.roa
Signing time:             Wed 01 Jan 2025 01:48:23 +0000
ROA not before:           Wed 01 Jan 2025 01:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202147
IP address blocks:        188.241.96.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:b8:e4:05:c5:57:c6:19:fe:81:96:d9:f4:53:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=869021af33b081fb42a48a5de3036222efdad1e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ab:0a:4c:bc:90:ce:8c:77:5d:14:86:b6:ba:
                    cc:a0:fe:75:9f:67:c6:b7:ee:08:dc:7c:e0:3a:cd:
                    c2:a9:c2:6c:9f:f6:08:8c:f1:0b:53:80:6f:a3:b1:
                    37:da:13:f1:b5:f3:bb:14:46:8e:14:e5:27:5e:c9:
                    02:5a:08:84:19:e2:42:fd:c6:ce:5d:5b:3e:a6:04:
                    f2:4e:b9:d0:b2:6b:fa:fb:2b:37:e2:87:3b:42:a2:
                    24:1e:2e:69:83:86:b9:01:3d:9a:a8:09:27:7f:97:
                    79:bc:ca:09:29:d6:b3:2f:f4:97:fd:95:c5:0d:b4:
                    d7:5a:54:c1:30:6f:7f:82:7c:c7:5f:ad:8d:43:57:
                    2c:1b:51:93:24:e7:5a:09:ad:cd:b7:d7:ea:e7:09:
                    c9:92:93:ed:89:c7:a5:83:67:f4:35:ba:b0:8d:5c:
                    41:07:cd:29:ea:47:6c:7b:3e:b9:63:e4:85:8f:78:
                    9d:41:5d:e4:69:de:51:9e:a8:f3:44:f4:68:7c:57:
                    f1:b2:ed:18:33:88:94:01:99:0c:9e:2e:80:cd:69:
                    20:92:1c:5d:fa:ab:0d:db:59:8c:80:ef:16:4f:94:
                    f8:04:61:01:09:99:21:2f:59:46:9a:5d:5a:12:50:
                    02:24:0d:2d:f1:13:78:b0:25:fd:fb:3c:b2:e8:61:
                    3b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:90:21:AF:33:B0:81:FB:42:A4:8A:5D:E3:03:62:22:EF:DA:D1:E0
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/hpAhrzOwgftCpIpd4wNiIu_a0eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:f2:2a:91:28:38:ad:35:ae:03:fe:cf:4d:58:f2:ff:dc:5c:
         9d:b1:e2:ce:e2:ce:98:ca:39:b2:cb:d2:12:4d:f5:75:03:62:
         e6:69:ab:ed:36:fd:25:07:49:2c:cb:78:c1:cc:d9:48:81:42:
         d1:d8:7f:ff:b0:86:37:8a:e0:b7:77:71:99:c5:e4:a0:05:c2:
         8f:d1:fb:72:e0:b1:db:79:b8:f5:4c:b2:45:bd:aa:79:4e:53:
         47:59:53:7c:2d:68:ca:ae:46:43:95:cf:5d:04:74:94:3f:92:
         bd:89:c3:94:9a:24:0a:ba:34:41:6c:9b:81:7a:f0:90:c0:36:
         4b:3f:a9:84:33:35:7e:d1:ba:b7:f4:f2:40:eb:ba:86:36:76:
         06:6e:2d:31:a2:6d:5e:a2:fb:25:49:a1:b3:3c:d4:06:44:c7:
         e0:68:26:c6:32:09:a7:9b:e9:85:31:b0:b9:4a:20:6f:56:2f:
         45:ae:a1:c1:13:62:36:c6:75:03:b8:8e:c8:49:f2:64:ef:de:
         3f:40:27:31:2e:8c:00:18:b4:86:71:84:81:41:ee:1f:35:8b:
         59:cb:99:de:fb:79:7d:9d:eb:64:a0:f4:70:e2:2c:6f:a2:db:
         e9:ef:2b:87:af:27:d0:b4:55:86:03:f0:e8:47:15:ea:0b:85:
         0f:c3:80:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjLjkBcVXxhn+gZbZ9FN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjkwMjFhZjMzYjA4MWZiNDJhNDhhNWRlMzAzNjIyMmVmZGFkMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KsKTLyQzox3XRSGtrrMoP51n2fG
t+4I3HzgOs3CqcJsn/YIjPELU4Bvo7E32hPxtfO7FEaOFOUnXskCWgiEGeJC/cbO
XVs+pgTyTrnQsmv6+ys34oc7QqIkHi5pg4a5AT2aqAknf5d5vMoJKdazL/SX/ZXF
DbTXWlTBMG9/gnzHX62NQ1csG1GTJOdaCa3Nt9fq5wnJkpPticelg2f0NbqwjVxB
B80p6kdsez65Y+SFj3idQV3kad5RnqjzRPRofFfxsu0YM4iUAZkMni6AzWkgkhxd
+qsN21mMgO8WT5T4BGEBCZkhL1lGml1aElACJA0t8RN4sCX9+zyy6GE73wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaQIa8zsIH7QqSKXeMDYiLv2tHgMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvaHBBaHJ6T3dnZnRDcElwZDR3TmlJdV9hMGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvPFgMA0G
CSqGSIb3DQEBCwUAA4IBAQCb8iqRKDitNa4D/s9NWPL/3FydseLO4s6Yyjmyy9IS
TfV1A2LmaavtNv0lB0ksy3jBzNlIgULR2H//sIY3iuC3d3GZxeSgBcKP0fty4LHb
ebj1TLJFvap5TlNHWVN8LWjKrkZDlc9dBHSUP5K9icOUmiQKujRBbJuBevCQwDZL
P6mEMzV+0bq39PJA67qGNnYGbi0xom1eovslSaGzPNQGRMfgaCbGMgmnm+mFMbC5
SiBvVi9FrqHBE2I2xnUDuI7ISfJk794/QCcxLowAGLSGcYSBQe4fNYtZy5ne+3l9
netkoPRw4ixvotvp7yuHryfQtFWGA/DoRxXqC4UPw4A4
-----END CERTIFICATE-----