Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/hwKz7IYH_-iNgD70kdkgfB3RGnU.roa
File:                     hwKz7IYH_-iNgD70kdkgfB3RGnU.roa (raw, json)
Hash identifier:          QRpzenucSAmsau+T2O1HZRw8q7B8Dy+dhwBcPIXqF90=
Subject key identifier:   87:02:B3:EC:86:07:FF:E8:8D:80:3E:F4:91:D9:20:7C:1D:D1:1A:75
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       01942747699CE8EF6FE13236EB80FD664744
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/hwKz7IYH_-iNgD70kdkgfB3RGnU.roa
Signing time:             Thu 02 Jan 2025 13:49:38 +0000
ROA not before:           Thu 02 Jan 2025 13:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        185.210.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:69:9c:e8:ef:6f:e1:32:36:eb:80:fd:66:47:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Jan  2 13:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8702b3ec8607ffe88d803ef491d9207c1dd11a75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:60:21:7f:27:d0:ee:6d:01:79:b3:75:ff:c6:
                    c4:4f:f8:59:62:67:64:30:93:c7:39:3c:95:f4:4a:
                    1e:de:7a:18:7c:37:36:3d:76:28:ae:f1:4f:49:44:
                    b7:fc:32:da:5c:66:05:67:1d:31:6c:24:37:b6:15:
                    aa:21:1a:d3:e8:f1:dd:73:ac:2d:45:1f:7a:72:71:
                    c4:56:11:f3:96:c7:5b:04:3e:f6:43:37:be:43:28:
                    c8:6d:25:28:ef:52:da:49:ee:d5:fb:d3:b9:05:23:
                    af:87:00:65:a4:d8:80:d2:c6:2b:81:45:df:c2:e1:
                    58:57:81:c7:e0:ef:1a:26:e3:30:0e:7c:05:66:8a:
                    60:5a:d0:6d:2d:01:50:6a:43:66:91:8e:d8:bd:35:
                    06:d3:70:5b:d8:cb:f7:8c:a6:9f:b6:3a:36:c4:d3:
                    24:70:21:c1:2a:b4:0e:5f:43:a2:22:3b:51:16:a7:
                    b3:db:88:19:83:56:7c:fd:0c:1b:13:d3:40:d1:a2:
                    fb:69:bd:85:de:89:7e:c0:d0:a7:90:01:d8:f3:af:
                    c2:14:32:a4:bc:ea:83:bd:42:f4:c4:2c:23:0f:51:
                    4f:52:6e:bb:e2:5f:c0:c4:b9:f3:65:3b:f0:1f:c1:
                    92:35:03:85:f2:6a:85:30:67:3b:25:fb:ba:2b:76:
                    5b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:02:B3:EC:86:07:FF:E8:8D:80:3E:F4:91:D9:20:7C:1D:D1:1A:75
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/hwKz7IYH_-iNgD70kdkgfB3RGnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:b6:d2:d3:5a:52:9b:ae:cc:89:c9:0a:31:ae:06:3b:d8:03:
         f0:c0:bf:4f:97:d7:c0:b2:61:4d:61:8d:21:26:e9:dd:2f:ba:
         37:0c:11:57:31:cc:4d:9d:5f:cb:11:09:80:ed:70:5e:cf:c0:
         7b:b8:c5:85:91:1e:2b:b8:97:6a:84:36:84:6f:b6:0c:b6:42:
         e5:47:1a:d3:7b:13:8d:55:c4:52:e6:ca:52:91:72:a0:f5:a2:
         63:e8:02:af:96:ed:f3:06:f3:ea:7e:7a:bb:71:4a:8a:b6:a4:
         1c:a5:5b:ff:6a:70:06:96:e5:69:bd:93:8d:97:1c:e6:99:ca:
         fe:fa:1c:a8:a5:6d:ed:fb:d2:03:07:e9:8a:c1:cc:b1:c8:0f:
         18:cd:ad:bd:6b:c0:39:af:fc:8f:14:de:0f:4a:e6:4f:68:3f:
         1f:c6:8b:01:e3:63:80:9e:b7:f1:48:1b:1b:3e:66:e3:fe:85:
         9f:c6:bc:62:f5:62:93:11:81:15:b9:34:5d:fb:bf:cf:7c:ca:
         71:f2:f1:7c:d0:82:e6:5a:89:dd:08:56:fe:06:76:ba:8f:da:
         81:cb:ed:24:01:31:fe:38:ef:f7:6d:1f:16:0a:df:02:96:2a:
         eb:b0:f0:c2:57:af:a5:37:66:6d:cc:5f:83:bf:16:63:42:6d:
         c9:d3:a8:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR2mc6O9v4TI264D9ZkdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjUwMTAyMTM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzAyYjNlYzg2MDdmZmU4OGQ4MDNlZjQ5MWQ5MjA3YzFkZDExYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2AhfyfQ7m0BebN1/8bET/hZYmdk
MJPHOTyV9Eoe3noYfDc2PXYorvFPSUS3/DLaXGYFZx0xbCQ3thWqIRrT6PHdc6wt
RR96cnHEVhHzlsdbBD72Qze+QyjIbSUo71LaSe7V+9O5BSOvhwBlpNiA0sYrgUXf
wuFYV4HH4O8aJuMwDnwFZopgWtBtLQFQakNmkY7YvTUG03Bb2Mv3jKaftjo2xNMk
cCHBKrQOX0OiIjtRFqez24gZg1Z8/QwbE9NA0aL7ab2F3ol+wNCnkAHY86/CFDKk
vOqDvUL0xCwjD1FPUm674l/AxLnzZTvwH8GSNQOF8mqFMGc7Jfu6K3ZbWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcCs+yGB//ojYA+9JHZIHwd0Rp1MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvaHdLejdJWUhfLWlOZ0Q3MGtka2dmQjNSR25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudKoMA0G
CSqGSIb3DQEBCwUAA4IBAQCettLTWlKbrsyJyQoxrgY72APwwL9Pl9fAsmFNYY0h
JundL7o3DBFXMcxNnV/LEQmA7XBez8B7uMWFkR4ruJdqhDaEb7YMtkLlRxrTexON
VcRS5spSkXKg9aJj6AKvlu3zBvPqfnq7cUqKtqQcpVv/anAGluVpvZONlxzmmcr+
+hyopW3t+9IDB+mKwcyxyA8Yza29a8A5r/yPFN4PSuZPaD8fxosB42OAnrfxSBsb
Pmbj/oWfxrxi9WKTEYEVuTRd+7/PfMpx8vF80ILmWondCFb+Bna6j9qBy+0kATH+
OO/3bR8WCt8ClirrsPDCV6+lN2ZtzF+DvxZjQm3J06jM
-----END CERTIFICATE-----