Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/HLSexlRS7cRMXGxrZKl2JJ0EIzY.roa
File:                     HLSexlRS7cRMXGxrZKl2JJ0EIzY.roa (raw, json)
Hash identifier:          oQQNe7K5/IbchAEMzcOhto4Vsr2KGH4LuGs1SxEGQIo=
Subject key identifier:   1C:B4:9E:C6:54:52:ED:C4:4C:5C:6C:6B:64:A9:76:24:9D:04:23:36
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019421B23E8E99E848027EDD397CB4E058EE
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/HLSexlRS7cRMXGxrZKl2JJ0EIzY.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203068
IP address blocks:        109.205.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3e:8e:99:e8:48:02:7e:dd:39:7c:b4:e0:58:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cb49ec65452edc44c5c6c6b64a976249d042336
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f4:c6:c5:22:64:cd:45:f0:5f:e1:da:97:b7:
                    e4:5a:a7:e2:cc:d0:2f:2f:51:70:bf:3c:28:0c:ea:
                    c1:10:26:db:01:87:86:99:5c:c8:59:39:29:99:ed:
                    1b:53:14:7f:de:cc:f3:33:f0:00:53:1a:70:bf:74:
                    5f:73:68:48:5e:3f:23:1e:6b:66:da:05:ca:bb:6b:
                    e3:b7:4a:e8:c1:fd:a1:9b:fc:0a:13:82:2d:f8:90:
                    7b:d0:e7:31:8b:17:cc:dd:17:ce:82:82:7a:d2:25:
                    dd:95:34:30:95:73:1e:ca:8a:d6:56:3b:36:b7:af:
                    35:f7:fb:dd:3c:16:4c:22:9c:d0:61:2d:ef:20:b5:
                    de:60:48:bc:11:f7:32:49:1b:80:9e:48:5a:92:d8:
                    22:48:7c:38:a4:59:2e:b7:e7:07:46:51:17:45:e1:
                    8e:db:a3:2e:53:e0:a6:24:bf:38:53:15:74:7d:89:
                    77:3f:f7:e3:d8:d5:0c:07:fc:ea:8f:3f:ff:34:6c:
                    19:2c:bb:4d:b4:9c:4e:4a:09:e6:3d:d8:8b:2a:b7:
                    bf:aa:23:02:73:87:c5:ac:92:45:02:dd:a3:c7:25:
                    28:4a:37:3d:75:a0:c8:0f:fd:6f:43:2d:71:bb:37:
                    70:8e:af:40:8c:8c:05:9c:51:1b:bf:b6:bb:8a:26:
                    c1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B4:9E:C6:54:52:ED:C4:4C:5C:6C:6B:64:A9:76:24:9D:04:23:36
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/HLSexlRS7cRMXGxrZKl2JJ0EIzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.205.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:85:e4:45:b6:31:7e:3d:96:18:14:a1:55:76:5a:2e:c1:d7:
         66:e1:96:6a:65:3d:e4:d8:0e:ce:b9:9b:64:05:8f:44:4b:9d:
         bc:27:41:16:5b:1d:61:86:f3:d0:9f:7e:56:01:27:da:8c:cf:
         7f:80:84:9e:81:05:f5:d1:f8:6a:29:8d:29:d1:d3:d7:65:26:
         0c:e5:f3:f9:fb:a9:e0:e2:c9:d5:e3:da:85:92:60:12:e3:95:
         3b:d3:d2:39:3d:08:1a:b0:fd:3f:55:b2:dd:e7:2d:7a:17:e6:
         93:06:6f:93:54:71:2d:f5:4e:68:1b:2e:4b:f3:36:75:d7:99:
         cf:9d:93:0d:25:5b:96:1b:3e:75:1d:6f:06:34:11:d0:da:3f:
         63:df:84:98:47:de:12:cc:1b:b1:92:24:ec:31:5b:8a:80:f1:
         c0:01:81:56:88:3d:e7:ab:81:17:25:14:be:0d:aa:5d:47:6a:
         9e:8b:d8:6e:12:c8:e5:20:99:a4:86:83:45:a5:5c:91:68:fd:
         ca:e9:f5:5f:b9:20:ac:19:ff:92:07:76:b7:1b:d9:5a:93:9b:
         95:34:5f:d7:bc:e6:7d:a9:4d:2e:ac:8c:4f:e4:2a:00:d4:37:
         24:6c:15:1a:cd:53:51:7e:1b:83:d7:86:47:05:d6:e8:b3:52:
         57:02:e1:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsj6OmehIAn7dOXy04FjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I0OWVjNjU0NTJlZGM0NGM1YzZjNmI2NGE5NzYyNDlkMDQyMzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvTGxSJkzUXwX+Hal7fkWqfizNAv
L1FwvzwoDOrBECbbAYeGmVzIWTkpme0bUxR/3szzM/AAUxpwv3Rfc2hIXj8jHmtm
2gXKu2vjt0rowf2hm/wKE4It+JB70OcxixfM3RfOgoJ60iXdlTQwlXMeyorWVjs2
t6819/vdPBZMIpzQYS3vILXeYEi8EfcySRuAnkhaktgiSHw4pFkut+cHRlEXReGO
26MuU+CmJL84UxV0fYl3P/fj2NUMB/zqjz//NGwZLLtNtJxOSgnmPdiLKre/qiMC
c4fFrJJFAt2jxyUoSjc9daDID/1vQy1xuzdwjq9AjIwFnFEbv7a7iibBfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBy0nsZUUu3ETFxsa2SpdiSdBCM2MB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvSExTZXhsUlM3Y1JNWEd4clpLbDJKSjBFSXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc30MA0G
CSqGSIb3DQEBCwUAA4IBAQA0heRFtjF+PZYYFKFVdlouwddm4ZZqZT3k2A7OuZtk
BY9ES528J0EWWx1hhvPQn35WASfajM9/gISegQX10fhqKY0p0dPXZSYM5fP5+6ng
4snV49qFkmAS45U709I5PQgasP0/VbLd5y16F+aTBm+TVHEt9U5oGy5L8zZ115nP
nZMNJVuWGz51HW8GNBHQ2j9j34SYR94SzBuxkiTsMVuKgPHAAYFWiD3nq4EXJRS+
DapdR2qei9huEsjlIJmkhoNFpVyRaP3K6fVfuSCsGf+SB3a3G9lak5uVNF/XvOZ9
qU0urIxP5CoA1DckbBUazVNRfhuD14ZHBdbos1JXAuG8
-----END CERTIFICATE-----