Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/HIlv5s9oc51pLqUBM-kmlAr2_Ks.roa
File:                     HIlv5s9oc51pLqUBM-kmlAr2_Ks.roa (raw, json)
Hash identifier:          g9Oh0hCebbLbRQKjRiGfpeGRTU37oK+psvFJIgVlz3c=
Subject key identifier:   1C:89:6F:E6:CF:68:73:9D:69:2E:A5:01:33:E9:26:94:0A:F6:FC:AB
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019767CBCA8D75A72A9CAA4F82730B31E3DA
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/HIlv5s9oc51pLqUBM-kmlAr2_Ks.roa
Signing time:             Fri 13 Jun 2025 05:38:18 +0000
ROA not before:           Fri 13 Jun 2025 05:38:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215237
IP address blocks:        92.38.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:67:cb:ca:8d:75:a7:2a:9c:aa:4f:82:73:0b:31:e3:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jun 13 05:38:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c896fe6cf68739d692ea50133e926940af6fcab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:4c:7f:28:c6:73:b3:e1:6f:77:1a:ea:46:9e:
                    10:25:f9:12:e0:96:44:10:c7:1e:2f:8b:15:5c:8c:
                    28:19:be:1f:fb:de:92:5b:55:f8:6e:4b:00:33:4a:
                    b2:ee:26:9f:02:1f:46:e0:cc:c2:e6:93:a7:03:5a:
                    58:92:75:1e:2a:64:c8:bf:cb:17:5d:d3:92:9f:74:
                    38:19:5d:cc:92:f1:f5:d8:e1:fd:93:f5:9a:f5:82:
                    61:ea:f6:b8:b0:67:02:74:61:fa:f7:23:05:7e:5f:
                    74:ac:6f:69:9c:9d:24:c8:48:32:60:b4:4c:bb:c7:
                    c2:d6:e2:af:83:0c:03:10:6c:87:f3:b5:92:09:c5:
                    ff:0b:ab:8d:00:6f:7d:b9:6a:e7:cb:42:c6:a6:eb:
                    04:c3:d5:8f:63:52:0b:0e:8a:8c:b3:4e:eb:74:01:
                    81:26:3e:f2:78:68:e7:bb:c1:4e:e0:fa:48:b5:a1:
                    56:64:2b:19:46:bc:cb:94:83:d2:30:73:a8:66:aa:
                    ce:4f:40:2a:39:e3:69:2e:3e:65:56:ba:78:3d:02:
                    ef:41:fb:f3:62:34:65:03:3c:57:db:d1:3d:c6:95:
                    88:bb:37:4c:1a:7a:01:f9:81:48:90:32:71:7d:30:
                    8f:52:78:da:1a:ea:c9:39:5f:39:af:a3:49:6d:d4:
                    36:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:89:6F:E6:CF:68:73:9D:69:2E:A5:01:33:E9:26:94:0A:F6:FC:AB
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/HIlv5s9oc51pLqUBM-kmlAr2_Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:9b:79:6e:9e:63:b8:e7:45:89:6c:88:6e:47:34:85:ce:6d:
         1e:58:9a:0b:4d:ce:fa:21:03:69:92:cb:80:6a:79:d9:bf:98:
         36:f1:bb:92:5f:e7:41:21:bd:3f:24:4d:91:52:07:1f:3c:dd:
         ce:43:8e:b2:93:4a:8f:06:af:55:c6:c0:92:54:fa:4b:c3:87:
         af:5f:5d:40:a6:6f:6b:9c:d0:c1:c4:cf:f6:5d:ad:7b:c1:4a:
         e9:54:7b:5c:de:b3:13:f6:34:c0:26:94:1b:1e:67:99:10:3a:
         aa:1a:11:8a:4a:92:70:de:65:47:db:ec:21:3d:7c:02:47:7b:
         7b:3f:f0:cb:1b:1f:55:37:5e:12:4f:2b:98:ef:ca:0c:2e:e5:
         53:69:9d:72:8d:8a:67:b0:6b:4a:2c:83:01:ca:f2:a2:36:ad:
         02:2a:52:ae:fb:ce:2d:78:92:53:e9:f3:a6:a9:5b:ff:f5:64:
         8a:2e:56:6a:a9:fb:62:5c:ba:bd:a9:21:fd:b6:c5:23:06:4f:
         1c:c4:16:00:1a:3f:d5:f2:86:b4:2b:cd:f8:7d:ac:4f:5b:e8:
         c9:5d:bf:98:bb:53:95:76:9b:0f:53:ea:43:7a:36:5b:f8:02:
         d4:25:51:01:26:dc:d2:6f:e9:0a:bc:a0:62:01:31:ff:6d:a7:
         64:bf:23:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdny8qNdacqnKpPgnMLMePaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwNjEzMDUzODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg5NmZlNmNmNjg3MzlkNjkyZWE1MDEzM2U5MjY5NDBhZjZmY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Ux/KMZzs+FvdxrqRp4QJfkS4JZE
EMceL4sVXIwoGb4f+96SW1X4bksAM0qy7iafAh9G4MzC5pOnA1pYknUeKmTIv8sX
XdOSn3Q4GV3MkvH12OH9k/Wa9YJh6va4sGcCdGH69yMFfl90rG9pnJ0kyEgyYLRM
u8fC1uKvgwwDEGyH87WSCcX/C6uNAG99uWrny0LGpusEw9WPY1ILDoqMs07rdAGB
Jj7yeGjnu8FO4PpItaFWZCsZRrzLlIPSMHOoZqrOT0AqOeNpLj5lVrp4PQLvQfvz
YjRlAzxX29E9xpWIuzdMGnoB+YFIkDJxfTCPUnjaGurJOV85r6NJbdQ2TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByJb+bPaHOdaS6lATPpJpQK9vyrMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvSElsdjVzOW9jNTFwTHFVQk0ta21sQXIyX0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCYFMA0G
CSqGSIb3DQEBCwUAA4IBAQBKm3lunmO450WJbIhuRzSFzm0eWJoLTc76IQNpksuA
annZv5g28buSX+dBIb0/JE2RUgcfPN3OQ46yk0qPBq9VxsCSVPpLw4evX11Apm9r
nNDBxM/2Xa17wUrpVHtc3rMT9jTAJpQbHmeZEDqqGhGKSpJw3mVH2+whPXwCR3t7
P/DLGx9VN14STyuY78oMLuVTaZ1yjYpnsGtKLIMByvKiNq0CKlKu+84teJJT6fOm
qVv/9WSKLlZqqftiXLq9qSH9tsUjBk8cxBYAGj/V8oa0K834faxPW+jJXb+Yu1OV
dpsPU+pDejZb+ALUJVEBJtzSb+kKvKBiATH/badkvyPe
-----END CERTIFICATE-----