Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/hYC4G8-iHx18TcNgOVJpoymqlWE.roa
File:                     hYC4G8-iHx18TcNgOVJpoymqlWE.roa (raw, json)
Hash identifier:          krKVVMmbuUgfZ2ydkNUzq9SZ3lwhV/h03o//k4Y/uHM=
Subject key identifier:   85:80:B8:1B:CF:A2:1F:1D:7C:4D:C3:60:39:52:69:A3:29:AA:95:61
Certificate issuer:       /CN=51b2c401ce5c9e881cd9a3be8efec60022da0eb6
Certificate serial:       019711D6BDDCE1F6CFA0E75ABF2A736744C7
Authority key identifier: 51:B2:C4:01:CE:5C:9E:88:1C:D9:A3:BE:8E:FE:C6:00:22:DA:0E:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/hYC4G8-iHx18TcNgOVJpoymqlWE.roa
Signing time:             Tue 27 May 2025 13:02:55 +0000
ROA not before:           Tue 27 May 2025 13:02:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.170.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:d6:bd:dc:e1:f6:cf:a0:e7:5a:bf:2a:73:67:44:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b2c401ce5c9e881cd9a3be8efec60022da0eb6
        Validity
            Not Before: May 27 13:02:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8580b81bcfa21f1d7c4dc360395269a329aa9561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:be:1d:fd:7b:de:9e:a5:1b:f9:88:45:70:de:
                    f5:82:fe:cd:93:cb:a6:ff:a4:59:93:70:53:f2:32:
                    da:69:ed:ab:d2:f0:c2:7c:6f:34:93:e1:be:b8:4b:
                    c8:d9:ec:a2:f4:d2:60:27:da:86:2b:04:ad:6d:0e:
                    38:4e:62:fe:26:fd:1f:5f:c3:55:2c:94:e0:ed:a7:
                    78:2d:80:85:2c:d8:95:8c:ce:6e:3f:ef:d6:ca:0d:
                    34:cb:ee:c6:9e:4a:c5:32:4a:fc:56:a2:9d:f8:ac:
                    1e:b1:22:6d:08:49:da:88:88:d8:59:37:be:89:4b:
                    76:71:99:f9:38:3e:65:6f:8e:19:91:ae:73:5c:51:
                    8d:ae:7a:02:5d:0f:d8:62:1b:34:0d:7e:26:5d:b9:
                    01:11:12:6c:32:36:64:87:29:ad:04:1e:f6:56:74:
                    0f:62:f5:8c:29:b1:e0:1f:af:f2:f8:4d:f8:17:ad:
                    12:1e:1a:f7:4b:5f:66:08:f0:5a:78:e9:47:49:d4:
                    38:b5:fb:11:0b:92:cf:66:19:6d:a4:be:45:e3:5a:
                    22:4f:45:25:66:46:00:d4:b0:6d:83:d8:87:95:4c:
                    fa:d0:3b:4c:7a:3a:58:1d:5d:4c:78:c4:08:7a:19:
                    d8:2c:1d:9f:75:c3:44:71:74:3f:fa:d3:c4:71:54:
                    58:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:80:B8:1B:CF:A2:1F:1D:7C:4D:C3:60:39:52:69:A3:29:AA:95:61
            X509v3 Authority Key Identifier:
                keyid:51:B2:C4:01:CE:5C:9E:88:1C:D9:A3:BE:8E:FE:C6:00:22:DA:0E:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/hYC4G8-iHx18TcNgOVJpoymqlWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:45:1e:85:c1:2c:78:53:ef:ba:27:15:9d:a7:3d:44:85:8f:
         8a:8e:60:5b:59:bb:0e:ea:bd:42:1f:b3:50:cb:fc:2b:9f:0d:
         db:14:96:d4:bb:3b:31:36:de:e9:90:f9:e2:d7:b3:27:8c:82:
         ad:a4:78:bf:f7:dc:06:17:ea:9a:97:1c:43:21:28:12:68:65:
         73:94:a6:7c:bb:c6:d1:46:66:d6:b5:f0:9e:87:9a:2f:81:5b:
         01:d1:e6:6d:56:53:6f:72:cb:18:5e:da:5b:b8:d4:41:21:59:
         f6:85:0d:69:1f:e9:0f:3a:cc:e8:ac:5e:08:ce:4f:af:ba:ba:
         4a:3f:e3:85:8c:eb:4c:5f:54:5f:5b:12:2e:46:74:14:ff:fd:
         c1:bf:db:e0:2c:62:5e:bc:e7:c0:e8:0b:08:ec:4f:1d:70:21:
         82:6a:79:40:29:2d:04:68:db:43:8a:f7:62:33:68:2b:50:4c:
         ca:4a:6a:f2:57:0b:6a:e4:9a:59:e6:d1:92:a5:a9:b1:da:b8:
         52:59:46:2a:f4:93:2c:1b:f3:d8:1a:f8:88:f7:69:39:67:7a:
         cc:69:1c:60:aa:4d:a2:a1:2e:b1:f3:c3:a5:cd:52:c1:6a:32:
         f7:ed:4b:a1:ae:a3:b0:fe:5d:ba:4e:49:d4:b5:9a:09:2b:5f:
         1b:cb:0e:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcR1r3c4fbPoOdavypzZ0THMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjJjNDAxY2U1YzllODgxY2Q5YTNiZThlZmVjNjAwMjJk
YTBlYjYwHhcNMjUwNTI3MTMwMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTgwYjgxYmNmYTIxZjFkN2M0ZGMzNjAzOTUyNjlhMzI5YWE5NTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs74d/XvenqUb+YhFcN71gv7Nk8um
/6RZk3BT8jLaae2r0vDCfG80k+G+uEvI2eyi9NJgJ9qGKwStbQ44TmL+Jv0fX8NV
LJTg7ad4LYCFLNiVjM5uP+/Wyg00y+7GnkrFMkr8VqKd+KwesSJtCEnaiIjYWTe+
iUt2cZn5OD5lb44Zka5zXFGNrnoCXQ/YYhs0DX4mXbkBERJsMjZkhymtBB72VnQP
YvWMKbHgH6/y+E34F60SHhr3S19mCPBaeOlHSdQ4tfsRC5LPZhltpL5F41oiT0Ul
ZkYA1LBtg9iHlUz60DtMejpYHV1MeMQIehnYLB2fdcNEcXQ/+tPEcVRYMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWAuBvPoh8dfE3DYDlSaaMpqpVhMB8GA1UdIwQY
MBaAFFGyxAHOXJ6IHNmjvo7+xgAi2g62MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJMRUFjNWNub2djMmFPLWp2N0dBQ0xhRHJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83OTRmMzYtOWQyYS00MWJkLTkyOGMt
OTRkMWIxZDE2Yjg1LzEvaFlDNEc4LWlIeDE4VGNOZ09WSnBveW1xbFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83OTRmMzYtOWQyYS00MWJkLTkyOGMtOTRkMWIxZDE2Yjg1
LzEvVWJMRUFjNWNub2djMmFPLWp2N0dBQ0xhRHJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaoFMA0G
CSqGSIb3DQEBCwUAA4IBAQBURR6FwSx4U++6JxWdpz1EhY+KjmBbWbsO6r1CH7NQ
y/wrnw3bFJbUuzsxNt7pkPni17MnjIKtpHi/99wGF+qalxxDISgSaGVzlKZ8u8bR
RmbWtfCeh5ovgVsB0eZtVlNvcssYXtpbuNRBIVn2hQ1pH+kPOszorF4Izk+vurpK
P+OFjOtMX1RfWxIuRnQU//3Bv9vgLGJevOfA6AsI7E8dcCGCanlAKS0EaNtDivdi
M2grUEzKSmryVwtq5JpZ5tGSpamx2rhSWUYq9JMsG/PYGviI92k5Z3rMaRxgqk2i
oS6x88OlzVLBajL37UuhrqOw/l26TknUtZoJK18byw5b
-----END CERTIFICATE-----