Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/hmD_gbHlASML2ltcjVZUWmwvSYc.roa
File:                     hmD_gbHlASML2ltcjVZUWmwvSYc.roa (raw, json)
Hash identifier:          7BK9fS2pKl/VxlRPtn0r5sqSpL1lbttsGsNK/TVCOlc=
Subject key identifier:   86:60:FF:81:B1:E5:01:23:0B:DA:5B:5C:8D:56:54:5A:6C:2F:49:87
Certificate issuer:       /CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
Certificate serial:       0194236A06078CE9FED0DDF1431B8CDAC39D
Authority key identifier: B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/hmD_gbHlASML2ltcjVZUWmwvSYc.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215583
IP address blocks:        109.68.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:06:07:8c:e9:fe:d0:dd:f1:43:1b:8c:da:c3:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3c51b0c063cfc16943fc9a47e2c805990f6eaae
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8660ff81b1e501230bda5b5c8d56545a6c2f4987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:93:f1:87:37:ed:35:9e:c5:88:02:b1:14:d6:
                    7a:c6:f0:bc:64:d2:b8:9d:4c:3e:d1:da:82:00:c6:
                    b0:01:6a:e1:62:01:d8:1d:03:ac:b8:2d:40:06:7a:
                    eb:6d:cb:2a:35:52:76:28:67:ef:5c:4f:94:2d:a6:
                    26:77:e6:98:10:5d:50:54:89:3e:16:22:fb:bb:5c:
                    73:e6:6c:1f:8e:66:aa:34:fb:e1:36:a7:8b:5f:b6:
                    18:e3:e4:9a:d5:86:c1:31:75:87:e4:2f:4b:71:de:
                    d6:c3:ec:74:6c:47:4c:62:64:f1:59:ba:3f:92:bf:
                    d8:d3:b5:4c:c9:b1:98:d8:34:43:d4:4d:cd:16:86:
                    42:cf:ba:a6:41:c5:95:a5:63:27:75:c6:dc:9e:68:
                    76:3f:6e:ba:af:d5:24:63:49:96:6b:74:6f:34:37:
                    d9:2c:45:20:5b:97:42:7b:bd:16:0c:37:f6:da:2d:
                    16:8f:63:98:f3:e1:d2:24:0c:39:1b:1e:f6:91:66:
                    51:67:d6:78:38:e2:93:37:87:28:55:0b:fd:15:5d:
                    92:2f:27:6f:78:46:8f:ec:8b:2c:60:1d:8a:7c:9d:
                    6d:4b:a3:dc:2e:00:76:ae:c2:bc:b7:ae:57:a3:ed:
                    a3:cc:93:da:16:bb:dd:a1:b1:b7:cc:77:4b:d6:1f:
                    d9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:60:FF:81:B1:E5:01:23:0B:DA:5B:5C:8D:56:54:5A:6C:2F:49:87
            X509v3 Authority Key Identifier:
                keyid:B3:C5:1B:0C:06:3C:FC:16:94:3F:C9:A4:7E:2C:80:59:90:F6:EA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s8UbDAY8_BaUP8mkfiyAWZD26q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/hmD_gbHlASML2ltcjVZUWmwvSYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/587792-bae9-4183-a4b1-ff5f1ad69266/1/s8UbDAY8_BaUP8mkfiyAWZD26q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:ca:c6:44:fe:42:92:7f:25:b8:03:fb:96:06:27:a6:27:8b:
         15:54:2d:78:92:5c:dc:00:d9:8b:6d:b1:e4:59:2f:d7:92:12:
         c3:00:30:50:47:ec:b1:cc:91:9a:32:6b:b3:f0:78:07:88:e7:
         89:fe:80:86:55:b7:08:03:52:08:9e:d6:9b:42:c7:5c:18:72:
         24:99:cf:d8:f4:d5:b5:77:0c:6b:c2:7b:80:6e:dd:12:26:08:
         f2:f5:20:e2:80:64:78:21:a5:9a:e7:32:c4:a4:00:cd:c6:f6:
         bb:c7:3d:70:9d:40:44:5b:e6:9d:e3:f0:4e:92:c8:81:4c:65:
         ab:76:bf:66:a1:c6:eb:6f:1e:e2:8b:ea:f7:a1:48:bf:ef:40:
         e3:53:e0:01:e8:4a:30:43:2f:b4:94:4a:c5:a4:77:7c:f0:fc:
         02:2e:9a:7d:2c:f9:79:b0:6d:cf:cf:66:9d:7b:d9:6d:9b:62:
         7e:1f:6a:cb:4d:2c:f7:eb:1d:ee:71:b1:ae:8d:c6:ee:4c:18:
         eb:bc:3f:e4:df:4a:e1:74:ff:c7:62:f2:be:51:d8:34:c9:4d:
         df:81:7a:04:b4:b9:d8:9e:51:d9:64:5b:a8:5d:c5:7b:d2:3f:
         94:ec:0c:67:0c:0e:85:9e:a4:fe:bd:03:2b:2a:f7:db:42:d6:
         06:8b:22:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagYHjOn+0N3xQxuM2sOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYzUxYjBjMDYzY2ZjMTY5NDNmYzlhNDdlMmM4MDU5OTBm
NmVhYWUwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYwZmY4MWIxZTUwMTIzMGJkYTViNWM4ZDU2NTQ1YTZjMmY0OTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJPxhzftNZ7FiAKxFNZ6xvC8ZNK4
nUw+0dqCAMawAWrhYgHYHQOsuC1ABnrrbcsqNVJ2KGfvXE+ULaYmd+aYEF1QVIk+
FiL7u1xz5mwfjmaqNPvhNqeLX7YY4+Sa1YbBMXWH5C9Lcd7Ww+x0bEdMYmTxWbo/
kr/Y07VMybGY2DRD1E3NFoZCz7qmQcWVpWMndcbcnmh2P266r9UkY0mWa3RvNDfZ
LEUgW5dCe70WDDf22i0Wj2OY8+HSJAw5Gx72kWZRZ9Z4OOKTN4coVQv9FV2SLydv
eEaP7IssYB2KfJ1tS6PcLgB2rsK8t65Xo+2jzJPaFrvdobG3zHdL1h/ZRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZg/4Gx5QEjC9pbXI1WVFpsL0mHMB8GA1UdIwQY
MBaAFLPFGwwGPPwWlD/JpH4sgFmQ9uquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEt
ZmY1ZjFhZDY5MjY2LzEvaG1EX2diSGxBU01MMmx0Y2pWWlVXbXd2U1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODc3OTItYmFlOS00MTgzLWE0YjEtZmY1ZjFhZDY5MjY2
LzEvczhVYkRBWThfQmFVUDhta2ZpeUFXWkQyNnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUSUMA0G
CSqGSIb3DQEBCwUAA4IBAQCkysZE/kKSfyW4A/uWBiemJ4sVVC14klzcANmLbbHk
WS/XkhLDADBQR+yxzJGaMmuz8HgHiOeJ/oCGVbcIA1IIntabQsdcGHIkmc/Y9NW1
dwxrwnuAbt0SJgjy9SDigGR4IaWa5zLEpADNxva7xz1wnUBEW+ad4/BOksiBTGWr
dr9mocbrbx7ii+r3oUi/70DjU+AB6EowQy+0lErFpHd88PwCLpp9LPl5sG3Pz2ad
e9ltm2J+H2rLTSz36x3ucbGujcbuTBjrvD/k30rhdP/HYvK+Udg0yU3fgXoEtLnY
nlHZZFuoXcV70j+U7AxnDA6FnqT+vQMrKvfbQtYGiyJn
-----END CERTIFICATE-----