Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f5873a-8932-426f-8175-38c8dafb3e4f/1/HeBmPgZA5AB79C-7lMk2IQxhCpE.roa
File:                     HeBmPgZA5AB79C-7lMk2IQxhCpE.roa (raw, json)
Hash identifier:          zVbmMLMlYP3ottsSsc9o213U3GUMSAoGMNy2sz4QKMs=
Subject key identifier:   1D:E0:66:3E:06:40:E4:00:7B:F4:2F:BB:94:C9:36:21:0C:61:0A:91
Certificate issuer:       /CN=65e226bcf4a830b2f448fd6ea9976b152087dd45
Certificate serial:       018CC4245465EF5F6F463E51A7DED11CC701
Authority key identifier: 65:E2:26:BC:F4:A8:30:B2:F4:48:FD:6E:A9:97:6B:15:20:87:DD:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZeImvPSoMLL0SP1uqZdrFSCH3UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f5873a-8932-426f-8175-38c8dafb3e4f/1/HeBmPgZA5AB79C-7lMk2IQxhCpE.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6830
IP address blocks:        188.126.30.0/23 maxlen: 23
                          185.134.192.0/22 maxlen: 22
                          188.126.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f5873a-8932-426f-8175-38c8dafb3e4f/1/ZeImvPSoMLL0SP1uqZdrFSCH3UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f5873a-8932-426f-8175-38c8dafb3e4f/1/ZeImvPSoMLL0SP1uqZdrFSCH3UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZeImvPSoMLL0SP1uqZdrFSCH3UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:54:65:ef:5f:6f:46:3e:51:a7:de:d1:1c:c7:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65e226bcf4a830b2f448fd6ea9976b152087dd45
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1de0663e0640e4007bf42fbb94c936210c610a91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1c:13:de:b1:78:5e:c2:b5:b9:48:cc:72:1d:
                    0f:e1:3e:e0:ff:14:c2:57:e0:e6:7c:da:b3:f2:3a:
                    7c:97:da:3f:7d:50:d4:8c:29:79:6d:74:a9:49:86:
                    f2:a1:f7:38:02:98:60:1a:90:a6:e6:f8:a3:e0:6b:
                    f0:54:c9:81:1d:ea:1a:fb:00:1f:e0:16:0c:0d:24:
                    ce:90:1a:34:2a:eb:c3:90:e7:c5:40:3c:3b:c4:cc:
                    f1:09:ab:30:08:9c:a1:a6:28:2f:0f:0f:d6:33:90:
                    06:0a:87:38:01:05:a2:e6:9b:a7:34:85:d9:99:9d:
                    79:92:bd:13:01:26:7f:fd:80:5d:89:2a:f3:9c:d1:
                    52:c7:fa:e6:72:fb:97:3d:90:db:4e:73:42:25:15:
                    6f:ee:86:c9:a8:a0:53:84:9a:ed:81:fb:80:18:97:
                    e2:d9:9e:7b:73:9a:be:31:35:c0:1a:46:04:26:c2:
                    ee:74:73:bd:86:c7:b2:9d:1a:34:58:c8:dd:b6:d0:
                    2a:18:2a:99:c6:63:72:5f:59:91:f5:36:5f:f4:04:
                    ef:d7:77:7e:f4:fc:a1:49:12:d4:ee:49:25:77:a5:
                    f6:a2:0e:07:f2:6b:47:a3:a0:0b:24:b3:45:2f:79:
                    04:fd:13:52:bf:98:17:9d:11:7f:06:ec:74:6f:3d:
                    d7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E0:66:3E:06:40:E4:00:7B:F4:2F:BB:94:C9:36:21:0C:61:0A:91
            X509v3 Authority Key Identifier:
                keyid:65:E2:26:BC:F4:A8:30:B2:F4:48:FD:6E:A9:97:6B:15:20:87:DD:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZeImvPSoMLL0SP1uqZdrFSCH3UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f5873a-8932-426f-8175-38c8dafb3e4f/1/HeBmPgZA5AB79C-7lMk2IQxhCpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f5873a-8932-426f-8175-38c8dafb3e4f/1/ZeImvPSoMLL0SP1uqZdrFSCH3UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.192.0/22
                  188.126.2.0/23
                  188.126.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:53:b7:bf:90:09:7b:9b:23:b8:60:7a:f6:83:34:ab:e8:4a:
         2e:cf:17:5b:1f:71:dc:7b:ee:7d:3c:3e:4e:91:91:9e:e3:94:
         be:4f:14:bb:66:75:13:b3:12:31:b7:af:23:13:20:6d:7c:0b:
         d3:0a:7d:74:02:90:2d:cc:4e:b4:59:94:5f:e5:6e:ba:bd:fc:
         7d:53:4f:78:b5:32:ff:78:72:35:fb:84:5c:43:47:ce:4f:d1:
         23:80:9a:da:ae:f9:8f:17:07:73:2d:e1:ab:34:d3:51:15:8d:
         2a:5f:02:18:e3:ec:ac:ab:30:a7:ae:4c:1f:d2:33:df:e0:23:
         b0:d3:68:78:22:90:76:3e:72:5b:90:8b:fc:b0:94:74:bc:e4:
         a6:c7:c9:c9:59:51:d4:2d:13:dc:69:94:21:ee:8f:0b:3d:6e:
         ef:22:3b:b4:87:85:5d:a6:a8:7c:5a:c2:b3:4c:95:66:05:61:
         e2:d4:80:68:83:4a:38:15:53:1f:4d:bb:e2:5e:17:93:4e:18:
         d3:88:05:fd:2f:f4:d9:48:9f:f4:48:6f:e6:a0:e2:57:54:d6:
         ac:c4:bb:aa:c3:85:91:f4:f0:d9:b6:d4:c8:8d:67:2d:73:a3:
         d9:9a:d0:8d:6b:35:0d:37:45:d5:93:e3:44:ce:7e:21:4f:75:
         de:08:98:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJFRl719vRj5Rp97RHMcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZTIyNmJjZjRhODMwYjJmNDQ4ZmQ2ZWE5OTc2YjE1MjA4
N2RkNDUwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGUwNjYzZTA2NDBlNDAwN2JmNDJmYmI5NGM5MzYyMTBjNjEwYTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBwT3rF4XsK1uUjMch0P4T7g/xTC
V+DmfNqz8jp8l9o/fVDUjCl5bXSpSYbyofc4AphgGpCm5vij4GvwVMmBHeoa+wAf
4BYMDSTOkBo0KuvDkOfFQDw7xMzxCaswCJyhpigvDw/WM5AGCoc4AQWi5punNIXZ
mZ15kr0TASZ//YBdiSrznNFSx/rmcvuXPZDbTnNCJRVv7obJqKBThJrtgfuAGJfi
2Z57c5q+MTXAGkYEJsLudHO9hseynRo0WMjdttAqGCqZxmNyX1mR9TZf9ATv13d+
9PyhSRLU7kkld6X2og4H8mtHo6ALJLNFL3kE/RNSv5gXnRF/Bux0bz3XsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB3gZj4GQOQAe/Qvu5TJNiEMYQqRMB8GA1UdIwQY
MBaAFGXiJrz0qDCy9Ej9bqmXaxUgh91FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmVJbXZQU29NTEwwU1AxdXFaZHJGU0NIM1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mNTg3M2EtODkzMi00MjZmLTgxNzUt
MzhjOGRhZmIzZTRmLzEvSGVCbVBnWkE1QUI3OUMtN2xNazJJUXhoQ3BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mNTg3M2EtODkzMi00MjZmLTgxNzUtMzhjOGRhZmIzZTRm
LzEvWmVJbXZQU29NTEwwU1AxdXFaZHJGU0NIM1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuYbAAwQB
vH4CAwQBvH4eMA0GCSqGSIb3DQEBCwUAA4IBAQAqU7e/kAl7myO4YHr2gzSr6Eou
zxdbH3Hce+59PD5OkZGe45S+TxS7ZnUTsxIxt68jEyBtfAvTCn10ApAtzE60WZRf
5W66vfx9U094tTL/eHI1+4RcQ0fOT9EjgJrarvmPFwdzLeGrNNNRFY0qXwIY4+ys
qzCnrkwf0jPf4COw02h4IpB2PnJbkIv8sJR0vOSmx8nJWVHULRPcaZQh7o8LPW7v
Iju0h4Vdpqh8WsKzTJVmBWHi1IBog0o4FVMfTbviXheTThjTiAX9L/TZSJ/0SG/m
oOJXVNasxLuqw4WR9PDZttTIjWctc6PZmtCNazUNN0XVk+NEzn4hT3XeCJjR
-----END CERTIFICATE-----