Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/H1-xrUolZhz6fzzg_UIN6T3DPWQ.roa
File:                     H1-xrUolZhz6fzzg_UIN6T3DPWQ.roa (raw, json)
Hash identifier:          qIZY0TolKgREye8GEvOpwQsSjnvpT07vwo6n55/XGY4=
Subject key identifier:   1F:5F:B1:AD:4A:25:66:1C:FA:7F:3C:E0:FD:42:0D:E9:3D:C3:3D:64
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       0194236A04ACD2E7C0BE44354E9EAB79322A
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/H1-xrUolZhz6fzzg_UIN6T3DPWQ.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211064
IP address blocks:        185.236.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:04:ac:d2:e7:c0:be:44:35:4e:9e:ab:79:32:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f5fb1ad4a25661cfa7f3ce0fd420de93dc33d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:96:ab:03:96:df:06:70:ed:fa:b0:b4:7b:f7:
                    a2:fa:eb:06:d8:f1:90:34:e6:4f:62:7d:63:cb:9a:
                    5e:a1:27:56:06:a0:a4:ea:b9:d3:6e:2d:af:e0:05:
                    c5:53:54:d1:31:1e:c7:ea:d5:65:6d:bb:ae:ea:79:
                    50:12:db:8f:35:ec:50:60:ae:96:75:22:38:c8:0e:
                    03:ba:24:97:02:88:6e:02:92:24:46:ab:fe:35:bf:
                    3d:d3:24:18:05:dc:73:3b:aa:a9:32:6c:b3:9d:28:
                    42:60:4c:ef:cb:dd:c8:84:41:7c:83:51:ff:26:f8:
                    80:82:ce:1d:aa:9f:e7:6d:0d:43:3e:8b:cb:07:fd:
                    18:44:ce:7f:1b:56:e8:6e:9d:75:13:20:95:05:4c:
                    e1:aa:84:87:9d:37:d9:7f:c6:f9:4b:2e:4b:bb:94:
                    e1:33:35:0a:7b:e6:11:24:2b:d5:a0:47:cf:0e:56:
                    c7:63:2d:46:23:66:69:2f:c9:81:84:5d:35:f9:93:
                    3e:bb:8f:03:07:32:38:85:97:05:40:81:c0:36:e2:
                    14:b1:2f:c5:d1:53:7b:4f:38:bb:8b:f5:51:1a:ff:
                    a1:48:69:82:7e:47:03:5f:10:d0:bc:66:37:76:82:
                    5d:f8:8d:a5:36:aa:ec:0c:62:bb:d4:19:d6:33:88:
                    39:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:5F:B1:AD:4A:25:66:1C:FA:7F:3C:E0:FD:42:0D:E9:3D:C3:3D:64
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/H1-xrUolZhz6fzzg_UIN6T3DPWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:aa:5b:11:76:56:36:ca:ab:db:c5:68:21:5e:47:a0:59:50:
         7e:7a:2a:2e:e8:95:fd:44:83:d8:33:0f:8f:88:d7:70:38:3d:
         da:42:2d:60:cc:c2:6f:1a:6f:58:34:58:ab:f1:49:2f:c3:44:
         9d:27:0b:d9:a8:f0:b2:d2:47:e1:0c:18:36:c5:de:82:42:3f:
         a6:dd:cd:f0:bb:eb:49:ef:d0:2e:77:fa:ca:ea:cb:8a:85:00:
         91:cc:b2:98:14:6d:31:92:0c:9d:38:b2:1b:ff:d9:0b:ab:61:
         c0:ff:15:2f:3e:47:b2:67:83:c6:dd:b4:f7:04:47:e5:1e:40:
         8b:3e:61:bc:d6:da:f1:db:af:34:a9:3b:dc:c3:71:41:9f:f3:
         a5:8e:05:97:c2:71:82:0e:cb:1f:0e:84:87:fd:13:ad:4a:e0:
         9b:d8:53:3b:10:e6:09:37:08:77:d4:f0:74:94:57:87:7c:95:
         2c:b7:e4:59:9a:1c:32:2c:64:7d:52:b3:6e:3d:85:5f:2c:cf:
         0d:6b:c0:cf:3a:b7:0e:ad:30:3e:9d:8a:1a:38:84:8e:09:b9:
         69:a2:bd:7d:58:8f:64:aa:5d:53:3d:bd:0d:dd:30:c4:f9:c9:
         61:ba:c5:cc:62:60:0d:16:19:e2:5c:22:34:20:cd:99:47:48:
         f2:19:12:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagSs0ufAvkQ1Tp6reTIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjVmYjFhZDRhMjU2NjFjZmE3ZjNjZTBmZDQyMGRlOTNkYzMzZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyparA5bfBnDt+rC0e/ei+usG2PGQ
NOZPYn1jy5peoSdWBqCk6rnTbi2v4AXFU1TRMR7H6tVlbbuu6nlQEtuPNexQYK6W
dSI4yA4DuiSXAohuApIkRqv+Nb890yQYBdxzO6qpMmyznShCYEzvy93IhEF8g1H/
JviAgs4dqp/nbQ1DPovLB/0YRM5/G1bobp11EyCVBUzhqoSHnTfZf8b5Sy5Lu5Th
MzUKe+YRJCvVoEfPDlbHYy1GI2ZpL8mBhF01+ZM+u48DBzI4hZcFQIHANuIUsS/F
0VN7Tzi7i/VRGv+hSGmCfkcDXxDQvGY3doJd+I2lNqrsDGK71BnWM4g5OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9fsa1KJWYc+n884P1CDek9wz1kMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvSDEteHJVb2xaaHo2Znp6Z19VSU42VDNEUFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueyMMA0G
CSqGSIb3DQEBCwUAA4IBAQBIqlsRdlY2yqvbxWghXkegWVB+eiou6JX9RIPYMw+P
iNdwOD3aQi1gzMJvGm9YNFir8Ukvw0SdJwvZqPCy0kfhDBg2xd6CQj+m3c3wu+tJ
79Aud/rK6suKhQCRzLKYFG0xkgydOLIb/9kLq2HA/xUvPkeyZ4PG3bT3BEflHkCL
PmG81trx2680qTvcw3FBn/OljgWXwnGCDssfDoSH/ROtSuCb2FM7EOYJNwh31PB0
lFeHfJUst+RZmhwyLGR9UrNuPYVfLM8Na8DPOrcOrTA+nYoaOISOCblpor19WI9k
ql1TPb0N3TDE+clhusXMYmANFhniXCI0IM2ZR0jyGRLf
-----END CERTIFICATE-----