Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/2HpWGhHN5UolWMbR-d_0EFL3Aso.roa
File:                     2HpWGhHN5UolWMbR-d_0EFL3Aso.roa (raw, json)
Hash identifier:          OzOYMIcWTPcQ/NwlYzDD+meIaDpIjqi6Q3FZJ+zOMPw=
Subject key identifier:   D8:7A:56:1A:11:CD:E5:4A:25:58:C6:D1:F9:DF:F4:10:52:F7:02:CA
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0196530B9657B1CA64EAEC91B61654527EFC
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/2HpWGhHN5UolWMbR-d_0EFL3Aso.roa
Signing time:             Sun 20 Apr 2025 11:53:10 +0000
ROA not before:           Sun 20 Apr 2025 11:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214361
IP address blocks:        178.239.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:53:0b:96:57:b1:ca:64:ea:ec:91:b6:16:54:52:7e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Apr 20 11:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d87a561a11cde54a2558c6d1f9dff41052f702ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d0:56:80:00:3e:aa:71:28:9d:b6:b5:05:53:
                    10:0b:1e:62:4a:9f:4c:ea:a0:10:56:a8:66:a0:96:
                    e9:a4:f4:c0:c5:bf:a9:a7:ec:b4:4f:ec:9a:a7:8e:
                    95:c7:61:b4:fe:79:87:e3:d4:d8:88:10:44:35:bb:
                    dc:20:f3:ef:41:d9:a3:b0:69:39:f3:73:c1:1d:6a:
                    21:b2:68:90:fb:9a:58:f9:4b:e4:44:8f:82:63:e5:
                    2e:56:f9:1d:3a:f6:71:e4:9b:08:ee:2c:81:ab:8e:
                    44:db:ec:a4:c8:32:e1:92:91:a3:d2:18:7c:06:c7:
                    87:79:06:f3:1a:2c:b9:5e:a3:58:49:c0:aa:9c:3e:
                    f1:8f:6e:77:1b:db:8f:f3:c5:b6:37:04:2f:cc:29:
                    d1:b4:cb:5b:dd:8b:ed:49:01:9a:38:97:d2:ad:1f:
                    c6:cd:4c:97:d5:ec:8a:86:92:60:00:c5:31:95:2f:
                    85:b8:5a:0f:04:cb:e9:8d:02:a0:35:e5:39:56:d6:
                    09:cb:98:64:ac:2c:3c:b8:bc:67:0c:0e:20:a7:56:
                    ca:12:2a:d8:ec:07:84:8a:40:87:e8:4b:b8:c0:46:
                    14:2d:e5:3b:6b:1a:99:18:3d:19:18:1f:7f:83:4d:
                    57:a7:f7:7d:48:ba:05:e3:38:75:18:c6:63:12:5b:
                    43:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7A:56:1A:11:CD:E5:4A:25:58:C6:D1:F9:DF:F4:10:52:F7:02:CA
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/2HpWGhHN5UolWMbR-d_0EFL3Aso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:e9:69:48:98:8a:f0:2a:3b:6b:40:49:30:5d:cf:b9:60:38:
         a1:a3:12:b7:86:86:76:1c:8b:4e:ff:6b:39:89:4b:35:d4:52:
         66:75:dd:0a:83:13:ff:ed:32:14:c3:84:c1:58:62:ef:1d:4b:
         ef:82:3b:33:65:fd:2a:b5:1b:34:9d:63:c7:bd:e5:ac:ce:c5:
         56:d6:84:9a:87:a6:e1:30:22:ef:c1:9b:51:71:33:0b:fc:46:
         5c:ac:bf:16:56:6f:73:bc:41:34:d4:0a:8b:c2:49:30:8c:79:
         8d:4c:b3:31:24:04:07:94:4f:a6:2f:7e:42:53:e6:cf:28:73:
         84:6f:7a:cd:d7:09:be:dd:25:fe:3d:82:c4:ed:98:ba:01:a0:
         7e:79:20:ca:b3:a6:d9:ed:2f:93:3f:19:63:bb:23:d8:b1:b3:
         8a:8a:f2:9d:12:c8:68:60:42:7d:06:da:80:d1:60:57:3b:8a:
         4f:75:7f:15:56:36:f8:19:e5:ae:6e:de:87:1c:3a:dd:50:0b:
         32:c9:d2:a3:33:b3:ca:cc:e3:7d:b8:49:9f:92:4c:3d:92:bb:
         da:7d:bf:52:49:b8:11:81:08:7d:36:c2:f0:f5:b1:51:b1:30:
         de:0d:95:a1:29:5b:2d:34:5e:40:6b:da:19:39:03:ee:be:3e:
         2a:c4:bb:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZTC5ZXscpk6uyRthZUUn78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNDIwMTE1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdhNTYxYTExY2RlNTRhMjU1OGM2ZDFmOWRmZjQxMDUyZjcwMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tBWgAA+qnEonba1BVMQCx5iSp9M
6qAQVqhmoJbppPTAxb+pp+y0T+yap46Vx2G0/nmH49TYiBBENbvcIPPvQdmjsGk5
83PBHWohsmiQ+5pY+UvkRI+CY+UuVvkdOvZx5JsI7iyBq45E2+ykyDLhkpGj0hh8
BseHeQbzGiy5XqNYScCqnD7xj253G9uP88W2NwQvzCnRtMtb3YvtSQGaOJfSrR/G
zUyX1eyKhpJgAMUxlS+FuFoPBMvpjQKgNeU5VtYJy5hkrCw8uLxnDA4gp1bKEirY
7AeEikCH6Eu4wEYULeU7axqZGD0ZGB9/g01Xp/d9SLoF4zh1GMZjEltDLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNh6VhoRzeVKJVjG0fnf9BBS9wLKMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvMkhwV0doSE41VW9sV01iUi1kXzBFRkwzQXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+SMA0G
CSqGSIb3DQEBCwUAA4IBAQBc6WlImIrwKjtrQEkwXc+5YDihoxK3hoZ2HItO/2s5
iUs11FJmdd0KgxP/7TIUw4TBWGLvHUvvgjszZf0qtRs0nWPHveWszsVW1oSah6bh
MCLvwZtRcTML/EZcrL8WVm9zvEE01AqLwkkwjHmNTLMxJAQHlE+mL35CU+bPKHOE
b3rN1wm+3SX+PYLE7Zi6AaB+eSDKs6bZ7S+TPxljuyPYsbOKivKdEshoYEJ9BtqA
0WBXO4pPdX8VVjb4GeWubt6HHDrdUAsyydKjM7PKzON9uEmfkkw9krvafb9SSbgR
gQh9NsLw9bFRsTDeDZWhKVstNF5Aa9oZOQPuvj4qxLuI
-----END CERTIFICATE-----