Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/hilzp4s8xPP_QorzDGy_F05mBOs.roa
File:                     hilzp4s8xPP_QorzDGy_F05mBOs.roa (raw, json)
Hash identifier:          11dvahHbAWcHekc6lqsEJuOp8gAjzh6chwsm3bSPNvo=
Subject key identifier:   86:29:73:A7:8B:3C:C4:F3:FF:42:8A:F3:0C:6C:BF:17:4E:66:04:EB
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019672FD1418B6ACD9507FDC153B87875B1E
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/hilzp4s8xPP_QorzDGy_F05mBOs.roa
Signing time:             Sat 26 Apr 2025 16:45:10 +0000
ROA not before:           Sat 26 Apr 2025 16:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        178.239.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:72:fd:14:18:b6:ac:d9:50:7f:dc:15:3b:87:87:5b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Apr 26 16:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=862973a78b3cc4f3ff428af30c6cbf174e6604eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f0:76:61:5f:b6:63:03:15:3a:d0:2a:85:cf:
                    4e:70:69:67:fe:a7:0b:77:1c:7d:f8:1e:b2:0f:3c:
                    bb:0a:eb:91:db:48:84:8e:c4:76:1a:fe:3c:4f:68:
                    66:34:b7:6e:40:ec:50:b2:60:9f:d1:a2:53:ca:cf:
                    47:eb:1c:d8:ae:07:22:fa:1a:fc:ac:c8:84:9a:45:
                    ab:ba:64:b5:13:38:85:d4:f2:76:c5:bc:9a:2c:37:
                    5b:40:4c:32:e1:86:85:a3:b1:8d:98:0c:9e:26:e6:
                    fe:d1:f4:9b:cc:cb:52:b9:c9:e0:3c:73:6c:a0:7e:
                    7f:75:b2:c4:2a:d9:96:7a:96:52:17:93:2a:95:39:
                    ac:e2:9e:13:78:6d:60:3d:a5:82:9f:69:8e:cc:2e:
                    e9:92:01:22:c6:9e:0f:d8:28:f6:7d:58:02:5f:56:
                    fe:fa:a3:b3:6b:89:a7:75:85:0d:9d:9e:4b:34:21:
                    49:ab:7c:b8:77:08:3e:af:42:23:c6:c7:2c:5c:b2:
                    05:11:ed:ef:e3:57:7c:50:67:0c:ca:54:06:bd:ea:
                    34:e3:66:f1:76:7e:62:33:24:4d:46:31:2c:0e:cb:
                    1d:5d:b6:86:bb:97:ea:dc:a2:3e:ff:10:25:ab:b9:
                    d9:cd:ec:02:08:8f:25:7c:06:ba:71:a5:95:6e:28:
                    1e:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:29:73:A7:8B:3C:C4:F3:FF:42:8A:F3:0C:6C:BF:17:4E:66:04:EB
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/hilzp4s8xPP_QorzDGy_F05mBOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:d4:1f:55:aa:05:14:ae:a9:da:f6:5c:bf:97:ea:44:dd:6c:
         41:e5:cc:2b:f5:0b:fa:25:3f:98:7c:03:b3:fb:41:4c:d2:b6:
         f4:00:e2:4f:e8:7a:07:ac:3b:3b:86:20:1b:ca:4e:6d:cf:8e:
         2d:8c:5d:95:7b:2a:95:65:ec:0e:c6:b4:55:48:da:f6:bb:00:
         33:d1:2d:02:05:16:05:79:4b:7f:c4:ae:fd:c2:8e:2c:61:ae:
         fb:a5:29:9a:a1:93:0f:7e:ad:94:a8:5b:d4:af:22:34:f9:57:
         86:90:c4:f3:33:65:d9:a9:8a:e6:0b:3a:36:79:a2:bb:1c:bb:
         d4:30:75:ec:68:79:fb:0f:4e:8b:87:c5:20:e2:39:11:d1:47:
         b2:4c:c2:e9:15:5c:37:91:16:f4:3a:4d:f4:34:78:ff:51:68:
         81:ee:5c:bd:bd:8d:53:36:63:18:d7:1f:4b:1e:7c:c7:61:ca:
         1c:11:0b:0d:88:77:0d:1b:40:80:14:c2:a9:7a:50:db:a4:67:
         32:c1:fe:ca:26:f5:15:8d:9a:05:88:7a:6e:ae:a0:fd:60:21:
         7d:58:65:e7:a6:74:73:9d:e8:34:52:81:36:4f:ff:61:09:cb:
         bb:c1:5d:ef:dc:25:31:f8:9f:fb:56:ba:de:e0:f9:e9:5d:9a:
         5e:6a:93:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZy/RQYtqzZUH/cFTuHh1seMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNDI2MTY0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjI5NzNhNzhiM2NjNGYzZmY0MjhhZjMwYzZjYmYxNzRlNjYwNGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/B2YV+2YwMVOtAqhc9OcGln/qcL
dxx9+B6yDzy7CuuR20iEjsR2Gv48T2hmNLduQOxQsmCf0aJTys9H6xzYrgci+hr8
rMiEmkWrumS1EziF1PJ2xbyaLDdbQEwy4YaFo7GNmAyeJub+0fSbzMtSucngPHNs
oH5/dbLEKtmWepZSF5MqlTms4p4TeG1gPaWCn2mOzC7pkgEixp4P2Cj2fVgCX1b+
+qOza4mndYUNnZ5LNCFJq3y4dwg+r0IjxscsXLIFEe3v41d8UGcMylQGveo042bx
dn5iMyRNRjEsDssdXbaGu5fq3KI+/xAlq7nZzewCCI8lfAa6caWVbigekwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYpc6eLPMTz/0KK8wxsvxdOZgTrMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvaGlsenA0czh4UFBfUW9yekRHeV9GMDVtQk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+QMA0G
CSqGSIb3DQEBCwUAA4IBAQAW1B9VqgUUrqna9ly/l+pE3WxB5cwr9Qv6JT+YfAOz
+0FM0rb0AOJP6HoHrDs7hiAbyk5tz44tjF2VeyqVZewOxrRVSNr2uwAz0S0CBRYF
eUt/xK79wo4sYa77pSmaoZMPfq2UqFvUryI0+VeGkMTzM2XZqYrmCzo2eaK7HLvU
MHXsaHn7D06Lh8Ug4jkR0UeyTMLpFVw3kRb0Ok30NHj/UWiB7ly9vY1TNmMY1x9L
HnzHYcocEQsNiHcNG0CAFMKpelDbpGcywf7KJvUVjZoFiHpurqD9YCF9WGXnpnRz
neg0UoE2T/9hCcu7wV3v3CUx+J/7Vrre4PnpXZpeapML
-----END CERTIFICATE-----