Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/hbbnLuZpD5go-VUHqMX6cwP0VYE.roa
File:                     hbbnLuZpD5go-VUHqMX6cwP0VYE.roa (raw, json)
Hash identifier:          nw4SsVKZtCMAF0Lk44Bca7n8JsrQ2D2s1YmNiP6JfI0=
Subject key identifier:   85:B6:E7:2E:E6:69:0F:98:28:F9:55:07:A8:C5:FA:73:03:F4:55:81
Certificate issuer:       /CN=39247f77a3ae0af71eac03256449f5d292cffd74
Certificate serial:       0194274837370EEBA322F5EB410F16F20346
Authority key identifier: 39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/hbbnLuZpD5go-VUHqMX6cwP0VYE.roa
Signing time:             Thu 02 Jan 2025 13:50:31 +0000
ROA not before:           Thu 02 Jan 2025 13:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273015
IP address blocks:        185.56.110.0/23 maxlen: 23
                          185.56.110.0/24 maxlen: 24
                          185.56.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:37:37:0e:eb:a3:22:f5:eb:41:0f:16:f2:03:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39247f77a3ae0af71eac03256449f5d292cffd74
        Validity
            Not Before: Jan  2 13:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85b6e72ee6690f9828f95507a8c5fa7303f45581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bd:e6:86:ed:99:ea:d9:12:2d:42:81:a7:e9:
                    63:01:8c:c9:57:b2:aa:e7:06:40:04:b4:df:22:22:
                    ec:93:75:89:cc:bb:0c:d0:8d:fc:e0:e0:ba:56:9e:
                    a8:39:41:77:c8:78:84:16:e8:d9:c5:cb:28:4c:3d:
                    ba:98:1f:ef:87:65:70:9e:18:95:d8:23:06:57:d0:
                    05:8f:27:7d:e3:3f:7e:cb:4a:64:6d:f4:e5:ec:d5:
                    ad:c9:97:11:f9:f0:c2:2d:86:63:93:7d:d1:28:18:
                    1d:dc:c1:d5:f5:0f:7a:08:da:7f:73:9a:e0:ba:14:
                    3a:35:9c:3d:ed:a3:30:92:f8:18:96:7a:18:01:42:
                    0c:1c:48:f3:9c:ee:2d:f9:47:c8:a6:24:4e:6d:eb:
                    43:75:03:10:cd:42:a9:42:95:2d:32:fc:2f:8b:16:
                    6c:c7:4d:03:63:58:43:54:93:93:06:59:5a:e9:5b:
                    61:8c:17:f4:83:51:9e:92:47:98:b2:52:3b:d6:88:
                    2a:8d:bb:38:f9:d6:af:18:a2:16:da:ce:b1:90:b9:
                    87:af:3c:eb:93:47:53:4a:ae:3d:cc:31:ae:ba:a2:
                    49:89:c3:0d:54:69:2b:43:b4:22:20:e8:51:02:95:
                    46:f1:00:7b:67:38:6e:1b:f6:40:cb:23:ef:41:36:
                    12:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B6:E7:2E:E6:69:0F:98:28:F9:55:07:A8:C5:FA:73:03:F4:55:81
            X509v3 Authority Key Identifier:
                keyid:39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/hbbnLuZpD5go-VUHqMX6cwP0VYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:2f:e0:3b:de:4f:5b:65:f7:fd:e6:bd:f9:00:a1:ca:a7:e8:
         22:5c:77:15:73:34:a9:f4:60:08:77:0c:45:a5:81:85:f6:da:
         37:9c:d1:30:14:9f:43:8f:50:1a:a5:6c:97:ea:ee:fc:1b:65:
         b9:9b:96:e7:18:29:c6:bb:70:5c:0e:8a:d1:a2:38:1d:b2:14:
         01:2d:89:d2:a7:6e:1b:a4:5c:c3:0e:fe:bf:4f:12:04:3c:78:
         7c:5c:80:d2:ce:30:0c:a6:00:e0:d6:d2:55:2a:2d:f1:31:f7:
         eb:f2:c6:e7:b6:b5:14:3d:c0:e0:5f:b8:bb:bb:79:f0:7e:c4:
         ce:64:75:b9:11:b2:4d:51:23:53:51:e0:5f:02:9c:7b:2b:05:
         8b:10:32:9d:ea:29:f8:c1:e3:bc:b3:4c:1d:1a:f6:f9:b6:ee:
         93:d2:a8:ea:43:48:8e:a9:d4:92:6c:bb:cd:f8:9b:2b:2b:95:
         e9:5d:fd:f0:5b:da:da:41:1b:44:67:e4:ad:a8:96:e9:77:61:
         27:29:7e:2d:b5:4a:46:d5:9d:29:da:ec:73:6d:8b:ae:70:60:
         b9:e5:a6:c8:4a:d1:22:7e:cd:2f:36:39:a8:de:05:53:22:53:
         5a:d7:f3:b0:8f:e2:8e:b9:96:93:ec:b5:03:2a:1e:82:92:59:
         b0:a8:c2:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSDc3DuujIvXrQQ8W8gNGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjQ3Zjc3YTNhZTBhZjcxZWFjMDMyNTY0NDlmNWQyOTJj
ZmZkNzQwHhcNMjUwMTAyMTM1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI2ZTcyZWU2NjkwZjk4MjhmOTU1MDdhOGM1ZmE3MzAzZjQ1NTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnL3mhu2Z6tkSLUKBp+ljAYzJV7Kq
5wZABLTfIiLsk3WJzLsM0I384OC6Vp6oOUF3yHiEFujZxcsoTD26mB/vh2VwnhiV
2CMGV9AFjyd94z9+y0pkbfTl7NWtyZcR+fDCLYZjk33RKBgd3MHV9Q96CNp/c5rg
uhQ6NZw97aMwkvgYlnoYAUIMHEjznO4t+UfIpiRObetDdQMQzUKpQpUtMvwvixZs
x00DY1hDVJOTBlla6VthjBf0g1GekkeYslI71ogqjbs4+davGKIW2s6xkLmHrzzr
k0dTSq49zDGuuqJJicMNVGkrQ7QiIOhRApVG8QB7ZzhuG/ZAyyPvQTYSaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW25y7maQ+YKPlVB6jF+nMD9FWBMB8GA1UdIwQY
MBaAFDkkf3ejrgr3HqwDJWRJ9dKSz/10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYt
Y2Q2NmFkNTM0ODEyLzEvaGJibkx1WnBENWdvLVZVSHFNWDZjd1AwVllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYtY2Q2NmFkNTM0ODEy
LzEvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuThuMA0G
CSqGSIb3DQEBCwUAA4IBAQANL+A73k9bZff95r35AKHKp+giXHcVczSp9GAIdwxF
pYGF9to3nNEwFJ9Dj1AapWyX6u78G2W5m5bnGCnGu3BcDorRojgdshQBLYnSp24b
pFzDDv6/TxIEPHh8XIDSzjAMpgDg1tJVKi3xMffr8sbntrUUPcDgX7i7u3nwfsTO
ZHW5EbJNUSNTUeBfApx7KwWLEDKd6in4weO8s0wdGvb5tu6T0qjqQ0iOqdSSbLvN
+JsrK5XpXf3wW9raQRtEZ+StqJbpd2EnKX4ttUpG1Z0p2uxzbYuucGC55abIStEi
fs0vNjmo3gVTIlNa1/Owj+KOuZaT7LUDKh6CklmwqMJ4
-----END CERTIFICATE-----