Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/hGPKpUabfTwURA6WsciuOkTPGQI.roa
File:                     hGPKpUabfTwURA6WsciuOkTPGQI.roa (raw, json)
Hash identifier:          KEkDVhj8xqmITURn5vzg3xzmIbncL3eYEldek/45XYo=
Subject key identifier:   84:63:CA:A5:46:9B:7D:3C:14:44:0E:96:B1:C8:AE:3A:44:CF:19:02
Certificate issuer:       /CN=473779e6a77c7e58213198764ce2ac0e6bee6236
Certificate serial:       0196A94D3185B7BFD199D060AA1B1C57FDA6
Authority key identifier: 47:37:79:E6:A7:7C:7E:58:21:31:98:76:4C:E2:AC:0E:6B:EE:62:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/hGPKpUabfTwURA6WsciuOkTPGQI.roa
Signing time:             Wed 07 May 2025 05:52:10 +0000
ROA not before:           Wed 07 May 2025 05:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15388
IP address blocks:        178.254.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a9:4d:31:85:b7:bf:d1:99:d0:60:aa:1b:1c:57:fd:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473779e6a77c7e58213198764ce2ac0e6bee6236
        Validity
            Not Before: May  7 05:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8463caa5469b7d3c14440e96b1c8ae3a44cf1902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:96:88:00:39:ea:97:ac:4f:9c:4b:38:81:ad:
                    01:46:1c:f3:09:f4:04:1b:8f:89:24:30:3e:ed:63:
                    54:fb:c3:ec:be:05:da:c4:33:a1:19:25:74:85:16:
                    d8:4a:4a:9e:65:5b:0d:50:4f:61:21:94:a9:1a:3d:
                    51:99:5c:e5:84:1c:14:28:71:5d:d4:39:be:a0:4f:
                    69:51:e7:62:52:44:a4:d7:73:7b:86:4f:8a:41:4a:
                    4e:5b:37:49:65:89:7e:af:54:8a:54:5f:9b:70:5e:
                    20:97:b1:54:a0:a9:5a:58:ce:a7:58:a0:ea:f2:1f:
                    59:31:a0:05:21:62:da:d9:c7:37:72:70:58:ae:f9:
                    a6:f2:09:5c:23:6f:e7:55:51:1e:bd:62:7b:85:a0:
                    d4:07:23:98:59:a7:aa:dd:09:3d:17:3a:a1:c8:2b:
                    56:19:16:15:4b:53:99:b9:fd:60:af:19:79:7f:c8:
                    16:fc:d9:37:33:98:07:3b:83:6f:16:e0:2a:5c:04:
                    56:7f:2a:eb:52:c5:7d:81:ab:5e:c1:0c:4e:da:34:
                    de:4c:f3:57:a0:0a:a4:1e:02:df:a2:eb:07:27:3c:
                    d2:45:65:a8:4e:00:da:c4:da:96:e0:70:17:89:2a:
                    0c:14:d7:d2:bd:38:a4:1f:9f:66:5c:d9:6a:6e:eb:
                    de:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:63:CA:A5:46:9B:7D:3C:14:44:0E:96:B1:C8:AE:3A:44:CF:19:02
            X509v3 Authority Key Identifier:
                keyid:47:37:79:E6:A7:7C:7E:58:21:31:98:76:4C:E2:AC:0E:6B:EE:62:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rzd55qd8flghMZh2TOKsDmvuYjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/hGPKpUabfTwURA6WsciuOkTPGQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1d7583-d10c-47db-aee1-58d664210669/1/Rzd55qd8flghMZh2TOKsDmvuYjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:5a:fc:32:01:86:69:60:78:da:af:7c:d9:4b:fc:f8:79:1c:
         af:93:dd:58:6c:71:2c:0b:1e:59:41:b1:6b:4d:77:da:8f:6a:
         89:36:f6:59:a3:50:da:0c:25:eb:1a:45:d6:02:c5:2d:f3:d7:
         35:97:eb:2d:ff:28:de:cb:0c:f3:9a:61:b3:8c:15:e0:c2:1b:
         c1:61:79:23:e5:b2:2e:7f:21:0d:5c:0c:dd:5d:e2:aa:5c:c4:
         69:29:6b:c8:10:c7:5d:f2:f8:9c:07:08:6e:0c:51:cf:1b:e2:
         b1:6e:fd:83:30:ac:7b:cb:2a:2e:69:ec:2c:32:ab:dd:b9:16:
         9a:bd:69:cb:a2:7d:4e:9d:a7:82:fc:f4:0c:34:b1:1c:20:28:
         dc:25:57:40:e7:de:03:4b:a9:5a:ac:0d:e2:11:46:f5:b3:1e:
         81:1e:3f:6e:bb:ad:45:b6:c1:8d:a4:23:05:da:a6:9c:d4:53:
         03:01:14:60:f9:02:bc:04:86:e5:fb:01:c2:1e:b6:33:21:09:
         27:96:85:10:cb:f3:08:59:91:77:38:c4:82:5f:4b:60:67:d8:
         85:60:ce:51:65:37:41:8c:c4:88:fd:b1:96:c1:0c:95:d2:64:
         62:40:26:17:d7:29:f7:15:8b:46:27:cd:66:53:b9:cb:6a:36:
         db:1f:99:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZapTTGFt7/RmdBgqhscV/2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3Mzc3OWU2YTc3YzdlNTgyMTMxOTg3NjRjZTJhYzBlNmJl
ZTYyMzYwHhcNMjUwNTA3MDU1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDYzY2FhNTQ2OWI3ZDNjMTQ0NDBlOTZiMWM4YWUzYTQ0Y2YxOTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05aIADnql6xPnEs4ga0BRhzzCfQE
G4+JJDA+7WNU+8PsvgXaxDOhGSV0hRbYSkqeZVsNUE9hIZSpGj1RmVzlhBwUKHFd
1Dm+oE9pUediUkSk13N7hk+KQUpOWzdJZYl+r1SKVF+bcF4gl7FUoKlaWM6nWKDq
8h9ZMaAFIWLa2cc3cnBYrvmm8glcI2/nVVEevWJ7haDUByOYWaeq3Qk9FzqhyCtW
GRYVS1OZuf1grxl5f8gW/Nk3M5gHO4NvFuAqXARWfyrrUsV9gatewQxO2jTeTPNX
oAqkHgLfousHJzzSRWWoTgDaxNqW4HAXiSoMFNfSvTikH59mXNlqbuverwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIRjyqVGm308FEQOlrHIrjpEzxkCMB8GA1UdIwQY
MBaAFEc3eeanfH5YITGYdkzirA5r7mI2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpkNTVxZDhmbGdoTVpoMlRPS3NEbXZ1WWpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZDc1ODMtZDEwYy00N2RiLWFlZTEt
NThkNjY0MjEwNjY5LzEvaEdQS3BVYWJmVHdVUkE2V3NjaXVPa1RQR1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZDc1ODMtZDEwYy00N2RiLWFlZTEtNThkNjY0MjEwNjY5
LzEvUnpkNTVxZDhmbGdoTVpoMlRPS3NEbXZ1WWpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv4/MA0G
CSqGSIb3DQEBCwUAA4IBAQDZWvwyAYZpYHjar3zZS/z4eRyvk91YbHEsCx5ZQbFr
TXfaj2qJNvZZo1DaDCXrGkXWAsUt89c1l+st/yjeywzzmmGzjBXgwhvBYXkj5bIu
fyENXAzdXeKqXMRpKWvIEMdd8vicBwhuDFHPG+Kxbv2DMKx7yyouaewsMqvduRaa
vWnLon1OnaeC/PQMNLEcICjcJVdA594DS6larA3iEUb1sx6BHj9uu61FtsGNpCMF
2qac1FMDARRg+QK8BIbl+wHCHrYzIQknloUQy/MIWZF3OMSCX0tgZ9iFYM5RZTdB
jMSI/bGWwQyV0mRiQCYX1yn3FYtGJ81mU7nLajbbH5l1
-----END CERTIFICATE-----