Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/hSbMJ-hPg9MmjXN0AtoMEEZneyE.roa
File:                     hSbMJ-hPg9MmjXN0AtoMEEZneyE.roa (raw, json)
Hash identifier:          H4KgVcTDHhcZRNAWfaw8PqytpqVvLo9CsZv4P2jrslw=
Subject key identifier:   85:26:CC:27:E8:4F:83:D3:26:8D:73:74:02:DA:0C:10:46:67:7B:21
Certificate issuer:       /CN=4f73b056f8d0fa996d6833c30b1fd78e7d979ac4
Certificate serial:       0196AB0DFF9215F4CEBC8BD6A1EC5A9D2882
Authority key identifier: 4F:73:B0:56:F8:D0:FA:99:6D:68:33:C3:0B:1F:D7:8E:7D:97:9A:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/hSbMJ-hPg9MmjXN0AtoMEEZneyE.roa
Signing time:             Wed 07 May 2025 14:02:23 +0000
ROA not before:           Wed 07 May 2025 14:02:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34309
IP address blocks:        185.231.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ab:0d:ff:92:15:f4:ce:bc:8b:d6:a1:ec:5a:9d:28:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f73b056f8d0fa996d6833c30b1fd78e7d979ac4
        Validity
            Not Before: May  7 14:02:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8526cc27e84f83d3268d737402da0c1046677b21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:d5:67:7c:ea:90:c2:32:74:76:68:75:ef:50:
                    b3:8b:13:94:2c:1f:38:7d:e1:be:83:7b:14:e9:5f:
                    54:7f:a1:83:4e:37:51:45:20:8c:59:6e:85:5b:0b:
                    1b:c7:1f:8d:f1:38:a6:f9:50:48:8f:91:99:f9:0c:
                    5f:19:9d:42:56:56:0a:78:75:41:8a:f7:4f:36:6c:
                    e9:a2:58:6d:c9:bc:f6:f6:a8:41:6b:48:cb:25:ff:
                    45:8b:43:0e:1e:8f:90:20:32:68:44:95:60:d4:4f:
                    97:3f:77:be:c3:04:7a:03:95:0e:1c:fe:3b:b8:8e:
                    0e:5b:38:ec:30:34:e3:e3:3a:7b:6b:69:a3:4b:ea:
                    92:6b:af:02:69:f1:a7:43:14:66:c6:d0:ff:e1:ec:
                    c0:61:ef:81:17:48:31:6e:29:42:ff:54:e5:08:61:
                    2c:c0:bc:83:43:d9:79:0d:61:3f:d2:4d:15:af:95:
                    76:44:23:99:98:51:6f:94:09:7d:c5:e6:e9:70:f0:
                    c0:0e:59:11:0e:04:d6:13:04:66:fb:e4:ed:79:4a:
                    f5:ba:55:77:b9:98:60:10:a7:e1:fe:07:3d:43:d3:
                    24:ba:59:be:da:2e:e7:b5:6d:58:7c:fe:0c:c6:6c:
                    e5:8d:62:5f:a3:da:e8:ec:9f:54:e2:9d:26:6d:ca:
                    15:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:26:CC:27:E8:4F:83:D3:26:8D:73:74:02:DA:0C:10:46:67:7B:21
            X509v3 Authority Key Identifier:
                keyid:4F:73:B0:56:F8:D0:FA:99:6D:68:33:C3:0B:1F:D7:8E:7D:97:9A:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/hSbMJ-hPg9MmjXN0AtoMEEZneyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:a5:8d:c0:92:5f:13:6f:cf:88:7f:29:2e:a9:e1:63:da:c9:
         6a:0a:38:b0:74:79:a6:a0:e6:72:41:bc:a9:38:a4:c1:ac:ab:
         89:07:b1:c3:04:cc:e6:14:00:67:8b:e2:1a:9b:1e:40:b3:42:
         b8:7f:ca:2c:a6:24:b3:c3:01:0d:6f:7a:dc:a1:c1:1f:b8:b6:
         d6:19:97:1b:71:9f:41:da:5f:f3:8d:2f:c6:b0:92:10:55:37:
         ab:4e:18:95:6c:66:64:35:c5:b5:47:7d:56:02:83:da:43:fd:
         04:04:b3:d3:7c:8f:f7:bf:d3:15:75:f9:7b:6f:07:84:f7:99:
         00:5d:6d:eb:16:1d:2c:dc:ef:07:e8:ed:86:77:1d:47:5a:6f:
         e1:01:43:0e:92:50:44:b9:67:21:db:ae:f5:a6:40:91:82:1b:
         b3:0c:06:00:2c:83:04:0f:2f:24:9e:db:16:33:f4:e3:c1:31:
         5d:40:55:fd:42:c6:01:c4:df:33:fd:67:eb:c1:5e:31:9e:88:
         b9:17:1b:8e:f5:10:92:2b:ee:a9:d7:97:0e:f7:ca:22:8b:24:
         82:45:a4:06:16:f8:40:bc:d5:bf:b6:71:7f:9b:5e:f5:cc:ab:
         fc:e7:a9:4e:52:0e:f9:0c:a0:45:4a:06:bc:ad:45:50:c8:36:
         60:25:e5:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZarDf+SFfTOvIvWoexanSiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNzNiMDU2ZjhkMGZhOTk2ZDY4MzNjMzBiMWZkNzhlN2Q5
NzlhYzQwHhcNMjUwNTA3MTQwMjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI2Y2MyN2U4NGY4M2QzMjY4ZDczNzQwMmRhMGMxMDQ2Njc3YjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5tVnfOqQwjJ0dmh171CzixOULB84
feG+g3sU6V9Uf6GDTjdRRSCMWW6FWwsbxx+N8Tim+VBIj5GZ+QxfGZ1CVlYKeHVB
ivdPNmzpolhtybz29qhBa0jLJf9Fi0MOHo+QIDJoRJVg1E+XP3e+wwR6A5UOHP47
uI4OWzjsMDTj4zp7a2mjS+qSa68CafGnQxRmxtD/4ezAYe+BF0gxbilC/1TlCGEs
wLyDQ9l5DWE/0k0Vr5V2RCOZmFFvlAl9xebpcPDADlkRDgTWEwRm++TteUr1ulV3
uZhgEKfh/gc9Q9Mkulm+2i7ntW1YfP4MxmzljWJfo9ro7J9U4p0mbcoVVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUmzCfoT4PTJo1zdALaDBBGZ3shMB8GA1UdIwQY
MBaAFE9zsFb40PqZbWgzwwsf1459l5rEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDNPd1Z2alEtcGx0YURQREN4X1hqbjJYbXNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8yYWNiOGYtMjIyZi00NDczLTkyMDUt
MTM5MGEyZDk5ZTBiLzEvaFNiTUotaFBnOU1talhOMEF0b01FRVpuZXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8yYWNiOGYtMjIyZi00NDczLTkyMDUtMTM5MGEyZDk5ZTBi
LzEvVDNPd1Z2alEtcGx0YURQREN4X1hqbjJYbXNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuedoMA0G
CSqGSIb3DQEBCwUAA4IBAQCFpY3Akl8Tb8+IfykuqeFj2slqCjiwdHmmoOZyQbyp
OKTBrKuJB7HDBMzmFABni+Iamx5As0K4f8ospiSzwwENb3rcocEfuLbWGZcbcZ9B
2l/zjS/GsJIQVTerThiVbGZkNcW1R31WAoPaQ/0EBLPTfI/3v9MVdfl7bweE95kA
XW3rFh0s3O8H6O2Gdx1HWm/hAUMOklBEuWch2671pkCRghuzDAYALIMEDy8kntsW
M/TjwTFdQFX9QsYBxN8z/WfrwV4xnoi5FxuO9RCSK+6p15cO98oiiySCRaQGFvhA
vNW/tnF/m171zKv856lOUg75DKBFSga8rUVQyDZgJeXO
-----END CERTIFICATE-----