Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/HL_391YyhybjwJ74kNKee4Xme30.roa
File:                     HL_391YyhybjwJ74kNKee4Xme30.roa (raw, json)
Hash identifier:          SKqvmhnXy6lVHKlIjthvO2Ffcm5YC3y5BAN0frkvak8=
Subject key identifier:   1C:BF:F7:F7:56:32:87:26:E3:C0:9E:F8:90:D2:9E:7B:85:E6:7B:7D
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       0194228E09866C1DE7CF4F2814D69A25DBDE
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/HL_391YyhybjwJ74kNKee4Xme30.roa
Signing time:             Wed 01 Jan 2025 15:48:41 +0000
ROA not before:           Wed 01 Jan 2025 15:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204901
IP address blocks:        2a01:ffc6:8000::/34 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:09:86:6c:1d:e7:cf:4f:28:14:d6:9a:25:db:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Jan  1 15:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cbff7f756328726e3c09ef890d29e7b85e67b7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:11:41:58:0a:bf:ea:28:e3:a8:60:b0:d1:8c:
                    49:b1:ba:2c:f9:d8:c3:5b:91:5a:d9:47:58:0d:89:
                    ee:ce:13:5a:80:38:9c:a7:32:d8:fc:53:4b:0d:52:
                    d7:3f:15:17:77:f8:28:54:7f:2e:c9:5a:9e:0d:46:
                    c4:46:40:5d:ff:e6:03:ba:f5:5b:a7:c6:86:4b:c4:
                    dc:93:f5:d9:fc:1f:fb:5f:65:74:3c:d0:be:db:cd:
                    fe:ed:62:d7:b0:88:67:bf:80:43:7f:f2:9a:f1:8e:
                    0b:f3:37:4b:87:f2:57:cf:6b:a6:51:24:80:0c:fc:
                    a5:78:58:dc:2d:98:8c:aa:26:62:ad:de:2f:c6:9e:
                    48:b3:b0:76:48:a8:79:e5:5e:11:f5:6f:05:ed:98:
                    e1:a8:dc:ce:df:df:e6:83:21:99:cc:33:e2:69:1d:
                    16:df:b9:65:98:5c:8c:68:4e:77:13:6b:ac:60:c6:
                    bf:98:84:ca:1f:27:4c:31:7b:97:59:a1:0b:31:d3:
                    b9:a5:a7:7a:07:f2:15:6d:4c:04:69:89:51:e0:82:
                    b4:2c:5b:4a:17:29:ef:31:75:ba:2a:f6:0b:0d:bd:
                    27:8e:63:07:1d:ea:7b:08:8c:46:57:0a:e8:4d:5f:
                    19:82:66:34:74:a8:a4:e0:c8:31:ca:f2:b8:0a:0e:
                    2c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BF:F7:F7:56:32:87:26:E3:C0:9E:F8:90:D2:9E:7B:85:E6:7B:7D
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/HL_391YyhybjwJ74kNKee4Xme30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc6:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         11:0f:f9:a7:b3:8a:7f:3b:48:74:91:b3:90:53:20:4b:67:c0:
         c2:af:76:f6:39:01:50:bd:f6:88:41:26:0f:99:bc:85:e6:36:
         b7:2b:ba:4e:1f:f7:05:4d:64:4e:fc:1d:c9:12:7f:12:7e:4f:
         58:b7:b5:f4:5f:fd:3d:11:ce:0a:f7:43:6a:7f:18:c4:6f:80:
         c2:3a:e2:c1:d5:c1:16:c2:9a:59:d5:77:a6:e8:b0:21:5b:06:
         f4:4f:cc:51:99:17:df:a7:38:5f:0e:84:26:4d:40:7d:a0:7b:
         14:a0:33:ba:0d:be:e4:fd:1c:b3:35:5d:4d:3e:f1:41:53:c4:
         67:7e:40:ec:d7:a8:5e:53:da:52:07:5e:82:5f:3d:9e:24:36:
         f7:3a:30:30:99:e4:32:8f:7f:be:36:9b:a0:21:b0:1a:95:14:
         d9:cf:3e:d3:45:a8:3f:ce:de:71:fc:64:53:76:37:45:45:f2:
         01:1b:0a:03:43:98:0a:a2:75:07:3a:b3:0c:b4:63:e7:2e:b0:
         f3:08:c8:5f:61:5a:89:d7:86:8b:58:36:9b:84:91:91:f5:f8:
         39:d2:c2:3e:4e:25:ba:44:d9:5c:fc:70:04:dc:6f:4d:4e:01:
         2e:fb:88:27:70:3f:7e:c8:ea:b1:99:4a:f1:60:2f:eb:16:18:
         01:8e:45:7e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQijgmGbB3nz08oFNaaJdveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjUwMTAxMTU0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JmZjdmNzU2MzI4NzI2ZTNjMDllZjg5MGQyOWU3Yjg1ZTY3YjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhFBWAq/6ijjqGCw0YxJsbos+djD
W5Fa2UdYDYnuzhNagDicpzLY/FNLDVLXPxUXd/goVH8uyVqeDUbERkBd/+YDuvVb
p8aGS8Tck/XZ/B/7X2V0PNC+283+7WLXsIhnv4BDf/Ka8Y4L8zdLh/JXz2umUSSA
DPyleFjcLZiMqiZird4vxp5Is7B2SKh55V4R9W8F7ZjhqNzO39/mgyGZzDPiaR0W
37llmFyMaE53E2usYMa/mITKHydMMXuXWaELMdO5pad6B/IVbUwEaYlR4IK0LFtK
FynvMXW6KvYLDb0njmMHHep7CIxGVwroTV8ZgmY0dKik4MgxyvK4Cg4sKwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBy/9/dWMocm48Ce+JDSnnuF5nt9MB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvSExfMzkxWXloeWJqd0o3NGtOS2VlNFhtZTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgH/xoAw
DQYJKoZIhvcNAQELBQADggEBABEP+aezin87SHSRs5BTIEtnwMKvdvY5AVC99ohB
Jg+ZvIXmNrcruk4f9wVNZE78HckSfxJ+T1i3tfRf/T0Rzgr3Q2p/GMRvgMI64sHV
wRbCmlnVd6bosCFbBvRPzFGZF9+nOF8OhCZNQH2gexSgM7oNvuT9HLM1XU0+8UFT
xGd+QOzXqF5T2lIHXoJfPZ4kNvc6MDCZ5DKPf742m6AhsBqVFNnPPtNFqD/O3nH8
ZFN2N0VF8gEbCgNDmAqidQc6swy0Y+cusPMIyF9hWonXhotYNpuEkZH1+DnSwj5O
JbpE2Vz8cATcb01OAS77iCdwP37I6rGZSvFgL+sWGAGORX4=
-----END CERTIFICATE-----