Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/hkaTE_7fhGUYELRP9AaJ9bAo5bk.roa
File:                     hkaTE_7fhGUYELRP9AaJ9bAo5bk.roa (raw, json)
Hash identifier:          KOzsqvok3H5PfVWyF9U8nn9XFXetQgaoM4WrEbmzfjU=
Subject key identifier:   86:46:93:13:FE:DF:84:65:18:10:B4:4F:F4:06:89:F5:B0:28:E5:B9
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       019423D745B244CC4C696111EA937E6532EB
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/hkaTE_7fhGUYELRP9AaJ9bAo5bk.roa
Signing time:             Wed 01 Jan 2025 21:48:18 +0000
ROA not before:           Wed 01 Jan 2025 21:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     27418
IP address blocks:        199.182.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:45:b2:44:cc:4c:69:61:11:ea:93:7e:65:32:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Jan  1 21:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86469313fedf84651810b44ff40689f5b028e5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a6:5f:b0:f7:9d:5c:28:81:40:86:5e:e6:57:
                    a1:b8:99:fa:c0:0d:d0:27:fc:e4:cc:61:91:16:be:
                    46:15:f2:e9:b0:05:44:9f:af:e5:cc:92:a2:e8:63:
                    d0:98:ad:11:7c:9b:ba:3c:e8:bc:89:ce:26:30:b1:
                    93:42:0a:a0:c7:be:cc:c3:57:ae:2b:97:6d:f1:ea:
                    d0:6a:a6:32:99:1b:aa:16:05:f9:21:40:b6:3f:3a:
                    d2:e6:9a:14:83:c9:75:6d:f5:19:43:5c:fa:1e:43:
                    d1:14:b3:d7:c2:6b:f9:c1:05:b5:fd:fb:2f:64:5b:
                    49:f4:d6:25:fc:2c:4d:6e:96:57:61:85:08:ab:bf:
                    e3:29:8f:93:e3:bc:16:1e:aa:5e:85:c0:5c:20:28:
                    a2:b9:fb:01:13:e5:b7:29:90:5b:b2:36:08:b8:c6:
                    9c:80:27:37:6c:55:43:77:bb:fe:a5:14:f4:02:01:
                    6c:81:c2:d2:44:db:a9:bf:37:65:2b:76:65:6d:2e:
                    c6:1e:3c:b6:64:ea:47:a4:14:b8:4b:5e:68:a3:73:
                    15:b2:fd:89:5a:fd:ca:c9:76:39:70:83:42:19:ea:
                    8c:5f:9f:82:13:59:42:7a:58:7e:dc:4b:64:ae:9c:
                    14:e6:07:63:8d:cc:37:fe:8c:f1:0a:f7:01:1d:8c:
                    77:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:46:93:13:FE:DF:84:65:18:10:B4:4F:F4:06:89:F5:B0:28:E5:B9
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/hkaTE_7fhGUYELRP9AaJ9bAo5bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.182.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:5e:fc:35:5c:da:5b:01:87:de:e1:f3:3e:73:b2:83:11:6f:
         06:3b:8a:de:ed:53:43:d1:fe:43:df:07:66:98:53:53:89:42:
         e7:47:6a:8e:3b:7f:2a:cf:84:90:ab:15:32:dd:e9:8e:51:5a:
         31:76:db:36:4a:19:6a:1b:c8:fa:fd:01:a8:93:df:a6:fa:16:
         1f:a9:b6:2d:3f:62:51:2a:51:7a:89:25:52:41:00:be:eb:18:
         6f:c8:90:b9:c5:cf:93:a6:98:73:09:34:f3:49:2d:12:5a:2c:
         fd:2f:a8:25:99:8a:e2:04:fa:c8:09:a9:cc:80:62:ed:67:5a:
         7d:48:a0:1a:17:45:10:64:68:0d:d0:00:e1:f0:50:bb:0e:74:
         e0:49:d8:9d:01:47:37:b1:d6:63:82:40:78:26:9a:be:c4:c2:
         b1:c2:3f:4c:a6:f8:ad:e6:6e:b5:49:9c:30:61:f2:81:f6:42:
         f8:f7:e1:57:8c:47:a3:0e:71:8e:85:de:1a:f6:6b:57:a1:99:
         83:5c:60:52:d5:79:af:c4:9b:14:d0:3f:b9:98:3b:a1:6c:cf:
         95:25:77:26:7f:a4:91:4c:a4:d7:3f:57:c8:eb:5b:93:4d:be:
         68:cb:65:22:05:20:3e:e6:9c:78:60:ff:dd:c5:52:bf:07:87:
         39:e1:06:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10WyRMxMaWER6pN+ZTLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjUwMTAxMjE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ2OTMxM2ZlZGY4NDY1MTgxMGI0NGZmNDA2ODlmNWIwMjhlNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKZfsPedXCiBQIZe5lehuJn6wA3Q
J/zkzGGRFr5GFfLpsAVEn6/lzJKi6GPQmK0RfJu6POi8ic4mMLGTQgqgx77Mw1eu
K5dt8erQaqYymRuqFgX5IUC2PzrS5poUg8l1bfUZQ1z6HkPRFLPXwmv5wQW1/fsv
ZFtJ9NYl/CxNbpZXYYUIq7/jKY+T47wWHqpehcBcICiiufsBE+W3KZBbsjYIuMac
gCc3bFVDd7v+pRT0AgFsgcLSRNupvzdlK3ZlbS7GHjy2ZOpHpBS4S15oo3MVsv2J
Wv3KyXY5cINCGeqMX5+CE1lCelh+3EtkrpwU5gdjjcw3/ozxCvcBHYx3FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZGkxP+34RlGBC0T/QGifWwKOW5MB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvaGthVEVfN2ZoR1VZRUxSUDlBYUo5YkFvNWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAx7boMA0G
CSqGSIb3DQEBCwUAA4IBAQCCXvw1XNpbAYfe4fM+c7KDEW8GO4re7VND0f5D3wdm
mFNTiULnR2qOO38qz4SQqxUy3emOUVoxdts2ShlqG8j6/QGok9+m+hYfqbYtP2JR
KlF6iSVSQQC+6xhvyJC5xc+TpphzCTTzSS0SWiz9L6glmYriBPrICanMgGLtZ1p9
SKAaF0UQZGgN0ADh8FC7DnTgSdidAUc3sdZjgkB4Jpq+xMKxwj9Mpvit5m61SZww
YfKB9kL49+FXjEejDnGOhd4a9mtXoZmDXGBS1XmvxJsU0D+5mDuhbM+VJXcmf6SR
TKTXP1fI61uTTb5oy2UiBSA+5px4YP/dxVK/B4c54QY3
-----END CERTIFICATE-----