Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/hK0B_1bjDs4SgkjuewwBu_Hyp1Q.roa
File:                     hK0B_1bjDs4SgkjuewwBu_Hyp1Q.roa (raw, json)
Hash identifier:          P1SdgqhUGccV0nstYPHl8zR8nqe1TrQ9TkFifIcHjeo=
Subject key identifier:   84:AD:01:FF:56:E3:0E:CE:12:82:48:EE:7B:0C:01:BB:F1:F2:A7:54
Certificate issuer:       /CN=a608db43964b6986ec740f0b5e33f627589ac560
Certificate serial:       01942825D5679342ADB5D66773F364226884
Authority key identifier: A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/hK0B_1bjDs4SgkjuewwBu_Hyp1Q.roa
Signing time:             Thu 02 Jan 2025 17:52:35 +0000
ROA not before:           Thu 02 Jan 2025 17:52:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49181
IP address blocks:        176.96.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:d5:67:93:42:ad:b5:d6:67:73:f3:64:22:68:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a608db43964b6986ec740f0b5e33f627589ac560
        Validity
            Not Before: Jan  2 17:52:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84ad01ff56e30ece128248ee7b0c01bbf1f2a754
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ff:28:3f:e6:eb:39:19:29:74:9e:c3:53:8d:
                    e5:39:e5:8c:38:0e:94:11:5b:ed:99:50:c6:86:08:
                    3a:b5:50:93:cf:b5:a9:fc:d5:d4:db:2c:e8:c3:da:
                    bd:29:a2:9b:d1:60:83:78:f5:f3:fe:d9:4a:fc:d1:
                    00:85:17:93:31:53:aa:58:e9:c0:23:29:e6:84:ac:
                    98:f3:60:21:9e:98:ef:f0:65:8d:6d:1d:3f:4d:99:
                    4a:ce:6e:ed:4b:3b:8e:3e:b9:21:d9:8a:dd:b6:ab:
                    28:7b:94:53:be:61:73:4d:c8:4e:d8:0c:7d:26:65:
                    2c:93:76:94:05:85:5a:35:00:33:21:0a:56:eb:e7:
                    a4:c3:72:9a:dc:8e:ea:39:e6:a6:4b:0c:4c:52:99:
                    47:c2:7c:66:66:84:b9:79:a5:71:e9:16:21:2a:87:
                    77:1f:40:43:96:ff:37:10:5c:2e:a8:eb:31:e3:d2:
                    b1:c6:5b:e9:16:ce:f5:b0:c1:3e:b9:2d:ec:bb:d8:
                    9e:cf:b2:52:20:c6:cf:7c:bb:51:f2:1c:a2:92:36:
                    39:e6:cd:8f:ac:77:cd:2a:6e:43:a4:95:57:75:95:
                    59:45:b8:ac:3b:d2:25:ea:8e:29:8d:7c:44:fa:4b:
                    9e:25:df:61:3f:02:26:58:7d:27:c8:2a:f8:c7:50:
                    5a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:AD:01:FF:56:E3:0E:CE:12:82:48:EE:7B:0C:01:BB:F1:F2:A7:54
            X509v3 Authority Key Identifier:
                keyid:A6:08:DB:43:96:4B:69:86:EC:74:0F:0B:5E:33:F6:27:58:9A:C5:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/hK0B_1bjDs4SgkjuewwBu_Hyp1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/500150-1551-47de-b504-d64683cee16f/1/pgjbQ5ZLaYbsdA8LXjP2J1iaxWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:a4:b1:92:06:75:b3:60:dd:00:54:ba:03:23:6e:da:01:15:
         50:21:9e:19:55:b9:d0:99:1a:b9:4e:19:19:3d:eb:75:be:52:
         44:d9:da:53:2b:a5:39:a4:ec:3e:53:5c:ba:75:c6:75:e1:fd:
         74:d0:57:a9:9a:eb:29:97:b1:0b:cb:e3:69:ba:0c:26:0d:ca:
         65:a4:98:f2:6a:12:36:c4:46:de:48:c5:37:4f:fa:8a:e3:be:
         78:7c:2c:6b:41:9f:46:cf:36:2a:35:c7:ad:83:17:3c:ea:99:
         1d:6c:2a:1d:db:d0:43:60:02:78:70:fe:77:09:a1:28:61:51:
         20:61:c5:b7:27:32:ed:31:e7:09:ed:dc:44:da:98:91:a9:27:
         67:eb:2f:9a:15:33:e1:89:57:4c:61:fb:a2:ba:d6:98:ad:00:
         da:63:61:2b:ab:89:31:57:84:42:cc:f5:a1:aa:36:30:e1:26:
         5f:d1:21:f1:3c:74:4e:9d:ed:88:3a:15:42:65:e6:01:c4:b2:
         53:6e:c8:f3:70:3a:05:73:5b:8a:65:f4:e5:d2:8e:86:8c:57:
         6c:28:80:51:66:f0:63:bb:e6:e4:3e:85:1c:d9:be:b7:4d:67:
         22:ed:9d:89:2c:d3:de:4e:01:72:e0:fd:e6:84:dc:22:3f:80:
         b3:6e:a3:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJdVnk0KttdZnc/NkImiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDhkYjQzOTY0YjY5ODZlYzc0MGYwYjVlMzNmNjI3NTg5
YWM1NjAwHhcNMjUwMTAyMTc1MjM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGFkMDFmZjU2ZTMwZWNlMTI4MjQ4ZWU3YjBjMDFiYmYxZjJhNzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnf8oP+brORkpdJ7DU43lOeWMOA6U
EVvtmVDGhgg6tVCTz7Wp/NXU2yzow9q9KaKb0WCDePXz/tlK/NEAhReTMVOqWOnA
IynmhKyY82Ahnpjv8GWNbR0/TZlKzm7tSzuOPrkh2Yrdtqsoe5RTvmFzTchO2Ax9
JmUsk3aUBYVaNQAzIQpW6+ekw3Ka3I7qOeamSwxMUplHwnxmZoS5eaVx6RYhKod3
H0BDlv83EFwuqOsx49KxxlvpFs71sME+uS3su9iez7JSIMbPfLtR8hyikjY55s2P
rHfNKm5DpJVXdZVZRbisO9Il6o4pjXxE+kueJd9hPwImWH0nyCr4x1BawQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIStAf9W4w7OEoJI7nsMAbvx8qdUMB8GA1UdIwQY
MBaAFKYI20OWS2mG7HQPC14z9idYmsVgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQt
ZDY0NjgzY2VlMTZmLzEvaEswQl8xYmpEczRTZ2tqdWV3d0J1X0h5cDFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi81MDAxNTAtMTU1MS00N2RlLWI1MDQtZDY0NjgzY2VlMTZm
LzEvcGdqYlE1WkxhWWJzZEE4TFhqUDJKMWlheFdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGDiMA0G
CSqGSIb3DQEBCwUAA4IBAQCKpLGSBnWzYN0AVLoDI27aARVQIZ4ZVbnQmRq5ThkZ
Pet1vlJE2dpTK6U5pOw+U1y6dcZ14f100Fepmuspl7ELy+NpugwmDcplpJjyahI2
xEbeSMU3T/qK4754fCxrQZ9GzzYqNcetgxc86pkdbCod29BDYAJ4cP53CaEoYVEg
YcW3JzLtMecJ7dxE2piRqSdn6y+aFTPhiVdMYfuiutaYrQDaY2Erq4kxV4RCzPWh
qjYw4SZf0SHxPHROne2IOhVCZeYBxLJTbsjzcDoFc1uKZfTl0o6GjFdsKIBRZvBj
u+bkPoUc2b63TWci7Z2JLNPeTgFy4P3mhNwiP4CzbqO+
-----END CERTIFICATE-----