Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/huUdoRBrSkw9ERfAbY_K0ms09AQ.roa
File:                     huUdoRBrSkw9ERfAbY_K0ms09AQ.roa (raw, json)
Hash identifier:          /chnp5DKS977ybnp/eJrPNXNv/laADFMHK9MLA974oE=
Subject key identifier:   86:E5:1D:A1:10:6B:4A:4C:3D:11:17:C0:6D:8F:CA:D2:6B:34:F4:04
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       0194266C316A3EE3E2742ADB64C02750BCB3
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/huUdoRBrSkw9ERfAbY_K0ms09AQ.roa
Signing time:             Thu 02 Jan 2025 09:50:12 +0000
ROA not before:           Thu 02 Jan 2025 09:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204834
IP address blocks:        185.129.240.0/24 maxlen: 24
                          185.129.241.0/24 maxlen: 24
                          185.129.242.0/24 maxlen: 24
                          185.129.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:31:6a:3e:e3:e2:74:2a:db:64:c0:27:50:bc:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Jan  2 09:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86e51da1106b4a4c3d1117c06d8fcad26b34f404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:32:47:54:8d:7b:54:46:54:62:d4:03:d0:9c:
                    fb:04:11:76:89:2b:5a:fa:b9:17:27:e9:8b:03:6b:
                    58:03:89:08:67:88:18:0d:de:71:83:ed:c2:e1:d9:
                    d1:f4:e7:33:6e:05:0e:cd:50:e1:90:c8:f2:c4:c6:
                    6a:ce:1c:e2:bc:15:11:8b:85:f0:b0:35:af:24:79:
                    08:13:ac:ce:55:44:9a:aa:3d:1d:32:11:73:f3:a5:
                    b2:31:89:ef:94:7c:a3:fd:29:e1:93:d9:24:3c:94:
                    d6:15:4c:8f:a0:b0:0e:bd:4b:4e:1b:d2:9d:fe:71:
                    63:b5:0a:b2:e1:57:38:ff:2d:7d:2d:f7:31:2d:3c:
                    94:87:29:31:b0:39:eb:a5:51:14:ca:97:76:10:b8:
                    ab:65:48:f0:09:ab:13:f9:e2:91:cd:f5:ee:7f:0d:
                    31:f1:d4:21:2d:40:b0:45:37:59:b5:c9:f0:34:93:
                    7e:68:61:aa:ed:b4:7a:f2:2e:f4:b7:43:34:71:45:
                    80:c0:90:97:22:6f:bd:00:14:95:61:a9:9d:1d:26:
                    b0:2e:cd:a0:d6:fc:06:ee:d1:88:1b:20:1c:0e:9d:
                    1e:22:9c:dc:a4:b9:79:ac:59:68:dc:c0:7e:57:be:
                    46:54:21:0a:84:62:25:b2:24:df:15:01:b0:bc:d3:
                    53:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E5:1D:A1:10:6B:4A:4C:3D:11:17:C0:6D:8F:CA:D2:6B:34:F4:04
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/huUdoRBrSkw9ERfAbY_K0ms09AQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:4a:bc:a8:bb:67:b1:19:fa:c9:d0:d5:ba:23:8a:0e:4a:25:
         57:60:59:3a:89:ef:06:44:e8:10:ee:68:05:00:cb:1d:55:ae:
         0b:1d:4f:60:d5:01:73:d8:3e:75:1b:62:6b:a5:51:f3:5e:3e:
         ad:3e:7c:3b:09:44:13:7b:ec:03:a4:34:ba:9b:0b:9b:43:a2:
         8c:07:75:8e:a8:4a:c6:13:1d:af:88:ee:88:bf:ee:0e:0b:f6:
         24:40:b4:62:dc:73:f1:96:d7:56:79:e0:c6:aa:56:55:e0:76:
         23:33:40:e7:67:58:8c:90:35:2c:49:8e:cb:70:42:3b:32:ad:
         ff:b3:01:fa:84:a2:2f:f4:d7:17:e2:e2:48:41:10:10:dd:2a:
         be:36:d9:8d:ac:e6:69:4b:92:c2:5e:92:34:3e:ed:ae:cd:04:
         2e:7f:c4:90:22:98:3d:f5:37:bc:74:2f:96:c0:46:1d:7b:b9:
         16:2f:84:cc:86:83:a1:f3:46:3e:b7:89:4f:77:20:de:b5:2d:
         e1:80:a5:2e:d2:5d:bb:46:e2:ef:f6:97:4f:62:1a:66:1b:03:
         04:8c:a4:01:26:80:29:59:e7:1a:fd:5e:13:70:02:4d:a8:1a:
         bf:7e:0d:82:ca:ab:b1:73:04:84:ce:2c:80:2d:57:dc:6a:df:
         d7:5b:74:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbDFqPuPidCrbZMAnULyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjUwMTAyMDk1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmU1MWRhMTEwNmI0YTRjM2QxMTE3YzA2ZDhmY2FkMjZiMzRmNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTJHVI17VEZUYtQD0Jz7BBF2iSta
+rkXJ+mLA2tYA4kIZ4gYDd5xg+3C4dnR9OczbgUOzVDhkMjyxMZqzhzivBURi4Xw
sDWvJHkIE6zOVUSaqj0dMhFz86WyMYnvlHyj/Snhk9kkPJTWFUyPoLAOvUtOG9Kd
/nFjtQqy4Vc4/y19LfcxLTyUhykxsDnrpVEUypd2ELirZUjwCasT+eKRzfXufw0x
8dQhLUCwRTdZtcnwNJN+aGGq7bR68i70t0M0cUWAwJCXIm+9ABSVYamdHSawLs2g
1vwG7tGIGyAcDp0eIpzcpLl5rFlo3MB+V75GVCEKhGIlsiTfFQGwvNNTJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIblHaEQa0pMPREXwG2PytJrNPQEMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvaHVVZG9SQnJTa3c5RVJmQWJZX0swbXMwOUFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYHwMA0G
CSqGSIb3DQEBCwUAA4IBAQAlSryou2exGfrJ0NW6I4oOSiVXYFk6ie8GROgQ7mgF
AMsdVa4LHU9g1QFz2D51G2JrpVHzXj6tPnw7CUQTe+wDpDS6mwubQ6KMB3WOqErG
Ex2viO6Iv+4OC/YkQLRi3HPxltdWeeDGqlZV4HYjM0DnZ1iMkDUsSY7LcEI7Mq3/
swH6hKIv9NcX4uJIQRAQ3Sq+NtmNrOZpS5LCXpI0Pu2uzQQuf8SQIpg99Te8dC+W
wEYde7kWL4TMhoOh80Y+t4lPdyDetS3hgKUu0l27RuLv9pdPYhpmGwMEjKQBJoAp
Weca/V4TcAJNqBq/fg2CyquxcwSEziyALVfcat/XW3Rp
-----END CERTIFICATE-----