Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/h4oHF6R3uhLn9C5VN0t5w_HOGdk.roa
File:                     h4oHF6R3uhLn9C5VN0t5w_HOGdk.roa (raw, json)
Hash identifier:          l8RvUuXjd9Sh+5mA5Uw84faFr4xIw6LnpFGoAgtXpUY=
Subject key identifier:   87:8A:07:17:A4:77:BA:12:E7:F4:2E:55:37:4B:79:C3:F1:CE:19:D9
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       019739C233E702AB5301824BBD48A88EA4DC
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/h4oHF6R3uhLn9C5VN0t5w_HOGdk.roa
Signing time:             Wed 04 Jun 2025 07:05:17 +0000
ROA not before:           Wed 04 Jun 2025 07:05:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2586
IP address blocks:        192.175.45.0/24 maxlen: 24
                          2001:671::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:39:c2:33:e7:02:ab:53:01:82:4b:bd:48:a8:8e:a4:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jun  4 07:05:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=878a0717a477ba12e7f42e55374b79c3f1ce19d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:93:26:1a:cb:46:a7:02:45:a2:41:0e:84:f1:
                    a9:f4:59:2b:15:a6:f6:65:62:8f:5c:5b:01:5f:df:
                    d3:20:aa:72:7a:76:3e:05:c2:47:79:b1:14:8d:ff:
                    48:a4:9e:94:38:2a:88:3c:63:83:b7:78:9e:be:cd:
                    1f:b5:36:8c:05:59:38:42:9e:42:2b:ad:86:fe:4c:
                    c7:ae:8c:a9:7d:57:62:2e:45:14:5e:f9:1e:38:b2:
                    b1:9c:cf:76:1c:fa:2c:dd:92:ea:29:cc:38:1e:b7:
                    e0:41:a3:46:c5:f5:d9:d7:9e:1a:9e:a5:67:cb:cb:
                    2c:c6:42:07:99:5d:aa:fe:94:5a:6a:77:10:61:01:
                    27:7a:44:28:db:31:1f:9d:b6:00:fc:f4:6b:96:56:
                    2a:20:70:2a:85:35:88:e5:96:c5:a2:c0:5a:19:1f:
                    4f:59:be:a7:f5:b3:26:12:7f:df:50:4e:22:4d:0e:
                    9f:44:39:d4:0e:0b:70:5d:fe:29:b2:6e:85:63:5d:
                    20:71:ad:e5:e7:ec:c5:c2:02:d9:21:6d:17:a6:e0:
                    e2:ab:d7:74:e8:b2:12:5a:f3:21:5b:90:84:7e:70:
                    e7:db:9f:68:97:1a:0d:09:83:0d:66:aa:43:74:56:
                    3b:c9:66:9c:81:6a:7d:94:50:5f:09:81:46:83:3e:
                    13:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8A:07:17:A4:77:BA:12:E7:F4:2E:55:37:4B:79:C3:F1:CE:19:D9
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/h4oHF6R3uhLn9C5VN0t5w_HOGdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.175.45.0/24
                IPv6:
                  2001:671::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:df:b3:27:57:cd:fe:9e:36:1f:85:aa:d1:30:e0:13:3c:62:
         a8:bc:e0:21:f4:43:5a:e7:3d:79:3d:44:d5:62:39:e7:9e:7e:
         28:1b:7b:cf:a0:8b:36:0c:f4:a2:7e:ed:f6:50:f6:2c:7b:e2:
         95:ad:9a:83:2f:cb:90:cb:41:6d:44:aa:b8:97:75:11:2d:d7:
         9c:79:9c:aa:37:9b:f1:e7:f0:21:6e:42:08:98:5d:89:b4:4d:
         0c:c2:05:1d:02:e8:13:f3:e3:3b:93:93:13:fa:b0:84:04:20:
         f8:0f:63:b4:5c:9a:32:a9:27:80:fe:7e:09:8f:ac:da:a8:02:
         46:8a:c8:e8:c4:f3:dd:4d:01:21:0f:28:a4:1b:76:5c:29:5c:
         97:06:e3:20:6c:8f:c9:e5:ed:46:1b:33:f4:db:24:c9:45:17:
         56:fb:4c:cf:53:c2:18:7a:3e:9b:cb:5e:44:7d:ba:58:27:f3:
         b3:43:ac:0d:e3:96:82:3f:18:c3:af:c9:cd:57:83:ab:20:99:
         4f:80:83:c1:e1:08:a3:c1:4c:2e:3a:bf:15:f5:e5:60:62:63:
         aa:70:66:59:b0:6b:9c:f9:8b:2c:10:8c:fb:88:00:3b:4d:ee:
         e6:c8:eb:ff:f9:15:1d:bc:8a:c9:d4:61:84:c0:0a:f9:c9:1b:
         38:eb:7f:e9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZc5wjPnAqtTAYJLvUiojqTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjUwNjA0MDcwNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzhhMDcxN2E0NzdiYTEyZTdmNDJlNTUzNzRiNzljM2YxY2UxOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypMmGstGpwJFokEOhPGp9FkrFab2
ZWKPXFsBX9/TIKpyenY+BcJHebEUjf9IpJ6UOCqIPGODt3ievs0ftTaMBVk4Qp5C
K62G/kzHroypfVdiLkUUXvkeOLKxnM92HPos3ZLqKcw4HrfgQaNGxfXZ154anqVn
y8ssxkIHmV2q/pRaancQYQEnekQo2zEfnbYA/PRrllYqIHAqhTWI5ZbFosBaGR9P
Wb6n9bMmEn/fUE4iTQ6fRDnUDgtwXf4psm6FY10gca3l5+zFwgLZIW0XpuDiq9d0
6LISWvMhW5CEfnDn259olxoNCYMNZqpDdFY7yWacgWp9lFBfCYFGgz4TQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIeKBxekd7oS5/QuVTdLecPxzhnZMB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvaDRvSEY2UjN1aExuOUM1Vk4wdDV3X0hPR2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwK8tMA8E
AgACMAkDBwAgAQZxAAAwDQYJKoZIhvcNAQELBQADggEBAGTfsydXzf6eNh+FqtEw
4BM8Yqi84CH0Q1rnPXk9RNViOeeefigbe8+gizYM9KJ+7fZQ9ix74pWtmoMvy5DL
QW1EqriXdREt15x5nKo3m/Hn8CFuQgiYXYm0TQzCBR0C6BPz4zuTkxP6sIQEIPgP
Y7RcmjKpJ4D+fgmPrNqoAkaKyOjE891NASEPKKQbdlwpXJcG4yBsj8nl7UYbM/Tb
JMlFF1b7TM9Twhh6PpvLXkR9ulgn87NDrA3jloI/GMOvyc1Xg6sgmU+Ag8HhCKPB
TC46vxX15WBiY6pwZlmwa5z5iywQjPuIADtN7ubI6//5FR28isnUYYTACvnJGzjr
f+k=
-----END CERTIFICATE-----