Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/hEnYun4dBmY4NXRm3bASEYEJDP0.roa
File:                     hEnYun4dBmY4NXRm3bASEYEJDP0.roa (raw, json)
Hash identifier:          9ED8ExgB7hEhZTw92vukURu1ltjtyM6wWC7Qc0GRBP4=
Subject key identifier:   84:49:D8:BA:7E:1D:06:66:38:35:74:66:DD:B0:12:11:81:09:0C:FD
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       0194221FB39136C3FF0ADC57E63FDD506013
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/hEnYun4dBmY4NXRm3bASEYEJDP0.roa
Signing time:             Wed 01 Jan 2025 13:48:10 +0000
ROA not before:           Wed 01 Jan 2025 13:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20374
IP address blocks:        157.23.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b3:91:36:c3:ff:0a:dc:57:e6:3f:dd:50:60:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  1 13:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8449d8ba7e1d066638357466ddb0121181090cfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:81:d1:e0:d8:c9:75:ea:65:48:dd:e8:be:31:
                    68:e1:f2:12:c8:81:0b:e3:6a:a6:6f:45:6d:fd:f5:
                    df:ed:52:96:f7:87:b3:49:9f:3e:82:ef:1e:00:a8:
                    dd:30:be:33:28:cb:73:a5:0f:ed:45:d7:97:9d:66:
                    a4:e2:3b:da:ce:e4:cf:d2:3c:c9:82:a0:31:54:f8:
                    de:fd:8f:28:00:cb:b1:ed:2f:e5:2f:6d:05:c1:c0:
                    98:68:16:fe:34:50:f3:c6:40:62:7f:3a:94:39:a7:
                    06:f3:c8:50:81:1f:60:da:85:c0:db:f4:8a:0e:9f:
                    92:ab:49:31:fa:34:55:29:98:b9:9b:3b:c0:07:00:
                    de:d9:36:46:b5:25:0b:bf:a3:88:f4:4a:12:97:d8:
                    89:ec:5f:21:01:ee:e1:0d:bc:ad:63:e7:0c:7e:cf:
                    43:c5:e7:02:73:b1:41:ba:1d:fb:b6:cf:a8:06:0b:
                    47:b0:f4:03:fa:8f:9b:9e:08:0f:c6:bd:e2:c9:a7:
                    4e:d3:44:27:36:25:76:83:9d:2f:9a:f1:fd:06:21:
                    51:8e:96:74:fb:eb:3a:b9:bd:f9:69:1d:21:9f:cb:
                    88:3f:40:ea:fa:b7:58:e2:71:50:7b:60:63:88:f4:
                    e6:6f:4e:35:1e:19:e5:4a:1a:1e:10:71:5e:35:71:
                    90:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:49:D8:BA:7E:1D:06:66:38:35:74:66:DD:B0:12:11:81:09:0C:FD
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/hEnYun4dBmY4NXRm3bASEYEJDP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:61:67:b3:07:42:fc:e4:db:9b:9d:d0:41:76:da:10:67:cb:
         59:6b:15:0e:b7:14:f8:68:ae:25:38:17:35:7c:75:86:c2:ab:
         15:02:e9:9a:77:b5:9f:af:ce:4c:f3:31:c5:4c:8b:b6:48:9b:
         fa:68:2d:b1:09:a6:03:d1:2b:69:ed:8e:72:da:55:78:6b:a7:
         83:28:ad:a9:be:a6:fa:eb:14:24:c7:e1:b1:19:c2:df:08:f9:
         e8:3b:5c:ba:87:82:41:06:ab:ae:dd:4e:1a:8a:ec:97:88:68:
         f8:66:ed:5d:bf:d2:63:93:05:b3:6d:78:60:87:4d:2e:66:3a:
         4d:79:63:67:7d:ee:4e:64:66:b3:3c:d2:66:48:91:c6:65:59:
         37:09:1e:cb:dd:64:fc:bc:d0:50:b6:93:6e:53:ab:24:96:40:
         42:83:f1:00:d6:1e:66:6f:77:82:38:b7:fb:18:22:1f:d7:bd:
         07:be:d6:40:39:5e:6b:0d:0e:f3:18:3f:5b:22:4c:9a:04:bf:
         51:ac:02:b0:db:dd:2d:f8:04:5e:33:f7:3b:cf:93:33:5a:7d:
         ab:d9:64:bb:f0:78:2a:65:5f:64:a7:c6:03:84:59:ea:00:e2:
         67:07:1f:12:e5:30:95:eb:22:ae:a9:20:e4:17:c1:51:96:bc:
         ff:07:aa:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7ORNsP/CtxX5j/dUGATMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjUwMTAxMTM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQ5ZDhiYTdlMWQwNjY2MzgzNTc0NjZkZGIwMTIxMTgxMDkwY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoHR4NjJdeplSN3ovjFo4fISyIEL
42qmb0Vt/fXf7VKW94ezSZ8+gu8eAKjdML4zKMtzpQ/tRdeXnWak4jvazuTP0jzJ
gqAxVPje/Y8oAMux7S/lL20FwcCYaBb+NFDzxkBifzqUOacG88hQgR9g2oXA2/SK
Dp+Sq0kx+jRVKZi5mzvABwDe2TZGtSULv6OI9EoSl9iJ7F8hAe7hDbytY+cMfs9D
xecCc7FBuh37ts+oBgtHsPQD+o+bnggPxr3iyadO00QnNiV2g50vmvH9BiFRjpZ0
++s6ub35aR0hn8uIP0Dq+rdY4nFQe2BjiPTmb041HhnlShoeEHFeNXGQawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRJ2Lp+HQZmODV0Zt2wEhGBCQz9MB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvaEVuWXVuNGRCbVk0TlhSbTNiQVNFWUVKRFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnReyMA0G
CSqGSIb3DQEBCwUAA4IBAQAOYWezB0L85NubndBBdtoQZ8tZaxUOtxT4aK4lOBc1
fHWGwqsVAumad7Wfr85M8zHFTIu2SJv6aC2xCaYD0Stp7Y5y2lV4a6eDKK2pvqb6
6xQkx+GxGcLfCPnoO1y6h4JBBquu3U4aiuyXiGj4Zu1dv9JjkwWzbXhgh00uZjpN
eWNnfe5OZGazPNJmSJHGZVk3CR7L3WT8vNBQtpNuU6sklkBCg/EA1h5mb3eCOLf7
GCIf170HvtZAOV5rDQ7zGD9bIkyaBL9RrAKw290t+AReM/c7z5MzWn2r2WS78Hgq
ZV9kp8YDhFnqAOJnBx8S5TCV6yKuqSDkF8FRlrz/B6ox
-----END CERTIFICATE-----