Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/1-HUimhT-3AS8CWM_9ceR1_Ut01M.roa
File:                     1-HUimhT-3AS8CWM_9ceR1_Ut01M.roa (raw, json)
Hash identifier:          /Wt6lvpZV/WYS41ohAWAHICdkwOQdIA19/RV2mlKysc=
Subject key identifier:   F8:75:22:9A:14:FE:DC:04:BC:09:63:3F:F5:C7:91:D7:F5:2D:D3:53
Certificate issuer:       /CN=febf30201f12a040d386d2b4eed4484623e4d11b
Certificate serial:       0194258F054FE554F9ECB87D6878A3AAF6B3
Authority key identifier: FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/1-HUimhT-3AS8CWM_9ceR1_Ut01M.roa
Signing time:             Thu 02 Jan 2025 05:48:37 +0000
ROA not before:           Thu 02 Jan 2025 05:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        185.240.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:05:4f:e5:54:f9:ec:b8:7d:68:78:a3:aa:f6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=febf30201f12a040d386d2b4eed4484623e4d11b
        Validity
            Not Before: Jan  2 05:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f875229a14fedc04bc09633ff5c791d7f52dd353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:8e:dc:93:98:2c:ff:55:27:f9:e9:96:ee:6c:
                    2a:5a:9b:f6:52:35:42:1d:b3:1c:1d:fc:f3:1b:98:
                    f8:9f:26:56:4b:4e:d1:7f:5f:50:73:c8:d8:81:36:
                    12:44:b2:d6:dc:c9:6b:9d:ad:48:b0:08:79:99:fc:
                    a7:fe:84:f2:af:b3:a2:34:a1:d8:2f:a6:35:eb:05:
                    dd:bd:cc:8a:05:5b:e3:70:a6:9c:d3:ca:4a:9e:ab:
                    3e:9c:3e:20:7e:9c:2d:e1:a8:27:5e:39:0b:97:c9:
                    60:44:83:77:38:89:fe:b2:a0:a1:01:f2:30:5a:8d:
                    62:db:06:20:b1:72:f8:fa:32:33:ad:90:57:b3:1d:
                    d3:2a:18:69:41:5c:df:fd:80:68:bf:54:5d:6c:75:
                    88:16:27:8a:43:6c:d6:74:92:22:7a:47:b6:fe:c9:
                    89:ed:78:11:b1:df:58:5d:ab:2e:71:8e:a4:ae:38:
                    2d:3e:e0:74:a9:ac:bd:4d:25:15:49:f3:c5:8f:a0:
                    2a:0a:df:6e:1b:44:39:af:7e:01:7b:fd:16:68:7b:
                    dc:a9:b8:22:75:05:4e:ea:23:e3:42:ab:df:c2:19:
                    91:00:f2:4f:9b:34:8b:ef:82:48:6e:ad:9f:e2:ed:
                    ba:46:c6:d4:8b:89:b3:6d:68:9f:1c:d1:80:af:90:
                    ef:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:75:22:9A:14:FE:DC:04:BC:09:63:3F:F5:C7:91:D7:F5:2D:D3:53
            X509v3 Authority Key Identifier:
                keyid:FE:BF:30:20:1F:12:A0:40:D3:86:D2:B4:EE:D4:48:46:23:E4:D1:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_r8wIB8SoEDThtK07tRIRiPk0Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/1-HUimhT-3AS8CWM_9ceR1_Ut01M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f8c4a2-96ac-4b4e-a195-a97c0dc0a749/1/_r8wIB8SoEDThtK07tRIRiPk0Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:b0:0a:5e:80:e1:e3:e5:45:72:c9:6c:42:e3:35:c3:05:0f:
         42:28:1c:f8:01:07:12:9d:9f:02:62:a1:e4:3c:ba:fd:c7:5c:
         9e:ec:b5:a7:81:a7:4d:22:68:7c:e2:92:52:74:d2:7d:9c:59:
         a0:08:33:99:6c:ad:f0:35:ec:01:b5:ab:21:62:42:0b:10:da:
         b9:d7:f4:89:b3:9c:63:38:09:7a:fd:f8:c4:9c:4a:67:dd:df:
         d8:6c:78:a4:4f:04:ac:56:a6:ca:69:16:bf:0d:ad:fe:b7:61:
         dd:bd:a3:f3:f1:48:aa:72:9e:24:ef:46:37:6a:62:ea:d8:1b:
         30:ec:b3:a3:8d:1c:e8:b1:c2:46:bc:12:3d:6a:24:52:db:58:
         82:97:21:f3:5e:9d:d2:6c:15:d4:02:6f:73:97:7d:1d:a4:06:
         b5:11:0b:d7:a5:b2:9a:6b:2b:f8:23:d5:7b:05:1e:bb:82:c3:
         8a:0e:2c:16:59:e9:a8:02:35:5d:8b:9c:10:ac:de:28:2c:88:
         dc:12:dc:b7:37:38:06:d7:0e:a4:db:7c:5a:29:39:b5:e2:15:
         c0:91:d3:8d:e5:24:eb:59:b2:bb:72:af:29:35:22:af:25:79:
         fe:d2:ad:a3:5d:1a:bc:80:a1:94:2c:9b:d8:3f:cd:13:90:ad:
         0d:76:37:3a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQljwVP5VT57Lh9aHijqvazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYmYzMDIwMWYxMmEwNDBkMzg2ZDJiNGVlZDQ0ODQ2MjNl
NGQxMWIwHhcNMjUwMTAyMDU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODc1MjI5YTE0ZmVkYzA0YmMwOTYzM2ZmNWM3OTFkN2Y1MmRkMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApY7ck5gs/1Un+emW7mwqWpv2UjVC
HbMcHfzzG5j4nyZWS07Rf19Qc8jYgTYSRLLW3Mlrna1IsAh5mfyn/oTyr7OiNKHY
L6Y16wXdvcyKBVvjcKac08pKnqs+nD4gfpwt4agnXjkLl8lgRIN3OIn+sqChAfIw
Wo1i2wYgsXL4+jIzrZBXsx3TKhhpQVzf/YBov1RdbHWIFieKQ2zWdJIieke2/smJ
7XgRsd9YXasucY6krjgtPuB0qay9TSUVSfPFj6AqCt9uG0Q5r34Be/0WaHvcqbgi
dQVO6iPjQqvfwhmRAPJPmzSL74JIbq2f4u26RsbUi4mzbWifHNGAr5DvSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPh1IpoU/twEvAljP/XHkdf1LdNTMB8GA1UdIwQY
MBaAFP6/MCAfEqBA04bStO7USEYj5NEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3I4d0lCOFNvRURUaHRLMDd0UklSaVBrMFJzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mOGM0YTItOTZhYy00YjRlLWExOTUt
YTk3YzBkYzBhNzQ5LzEvMS1IVWltaFQtM0FTOENXTV85Y2VSMV9VdDAxTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2MvZjhjNGEyLTk2YWMtNGI0ZS1hMTk1LWE5N2MwZGMwYTc0
OS8xL19yOHdJQjhTb0VEVGh0SzA3dFJJUmlQazBScy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnwhDAN
BgkqhkiG9w0BAQsFAAOCAQEAG7AKXoDh4+VFcslsQuM1wwUPQigc+AEHEp2fAmKh
5Dy6/cdcnuy1p4GnTSJofOKSUnTSfZxZoAgzmWyt8DXsAbWrIWJCCxDaudf0ibOc
YzgJev34xJxKZ93f2Gx4pE8ErFamymkWvw2t/rdh3b2j8/FIqnKeJO9GN2pi6tgb
MOyzo40c6LHCRrwSPWokUttYgpch816d0mwV1AJvc5d9HaQGtREL16Wymmsr+CPV
ewUeu4LDig4sFlnpqAI1XYucEKzeKCyI3BLctzc4BtcOpNt8Wik5teIVwJHTjeUk
61myu3KvKTUiryV5/tKto10avIChlCyb2D/NE5CtDXY3Og==
-----END CERTIFICATE-----