Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/HHlEIHLaS3GMguRjiZVeXZtaB1U.roa
File:                     HHlEIHLaS3GMguRjiZVeXZtaB1U.roa (raw, json)
Hash identifier:          YlDlqGcFKkVbm+bI6++WiC8vTEcJ4i7q+bRlRvHQvDM=
Subject key identifier:   1C:79:44:20:72:DA:4B:71:8C:82:E4:63:89:95:5E:5D:9B:5A:07:55
Certificate issuer:       /CN=7c4b917dc9046a065678ae0df4d3e30369c59c69
Certificate serial:       019426D98ABED6A7488A9C9CE6205A2EFD83
Authority key identifier: 7C:4B:91:7D:C9:04:6A:06:56:78:AE:0D:F4:D3:E3:03:69:C5:9C:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/HHlEIHLaS3GMguRjiZVeXZtaB1U.roa
Signing time:             Thu 02 Jan 2025 11:49:38 +0000
ROA not before:           Thu 02 Jan 2025 11:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15623
IP address blocks:        185.117.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:8a:be:d6:a7:48:8a:9c:9c:e6:20:5a:2e:fd:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c4b917dc9046a065678ae0df4d3e30369c59c69
        Validity
            Not Before: Jan  2 11:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c79442072da4b718c82e46389955e5d9b5a0755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:95:08:6d:51:57:ba:a0:a0:9c:59:8d:6b:62:
                    be:4a:a4:6f:53:98:3c:6a:c3:7d:78:cb:a9:cb:02:
                    77:e5:79:be:5e:fa:d0:6f:dc:5e:f9:35:51:fd:68:
                    4a:96:d6:90:f3:9e:fa:e8:06:69:0a:9e:a0:7b:e6:
                    c9:75:c5:6b:f0:5c:ea:6d:a8:9e:4e:6f:91:04:41:
                    64:5b:e4:57:92:f4:1b:dc:2e:a2:ec:d5:b8:c9:c1:
                    d4:8a:31:15:02:4f:b5:67:4c:86:d8:af:84:98:dc:
                    f2:12:1d:82:1c:57:9d:62:7b:51:16:6b:6c:08:0d:
                    a8:ea:84:20:85:26:c9:7d:8e:24:37:9a:2e:05:be:
                    07:5c:f6:ab:b0:9c:c5:01:cb:13:bd:6a:94:0e:38:
                    89:f7:49:a6:7f:d3:6e:9c:32:29:3e:a1:29:92:9a:
                    ed:97:14:0e:c2:e4:77:1e:dd:37:08:f5:df:90:69:
                    dd:19:dc:90:ed:c1:70:69:e8:b6:40:bc:f5:4b:6f:
                    ec:e6:58:73:b7:75:57:92:8f:03:ac:0c:19:34:d2:
                    f5:4a:0a:b1:97:15:29:6c:0c:2c:f6:06:2b:bf:ce:
                    52:c7:e5:f3:01:52:80:a8:7a:dd:79:2e:fd:4e:cf:
                    42:8a:f5:dd:41:78:2e:43:a9:3c:7a:dc:ed:f2:4e:
                    5b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:79:44:20:72:DA:4B:71:8C:82:E4:63:89:95:5E:5D:9B:5A:07:55
            X509v3 Authority Key Identifier:
                keyid:7C:4B:91:7D:C9:04:6A:06:56:78:AE:0D:F4:D3:E3:03:69:C5:9C:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/HHlEIHLaS3GMguRjiZVeXZtaB1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:1a:54:cb:f5:5a:3b:df:3d:29:8a:63:75:7c:35:83:0b:af:
         d1:5d:8a:25:29:e0:3e:ef:d6:43:2a:7c:94:f9:4f:8f:5f:1d:
         3d:d3:d9:a2:a4:f0:23:bc:c0:61:78:b5:80:02:96:37:a9:18:
         5e:9e:47:11:35:25:d6:64:33:7f:ad:df:a8:17:a5:cb:65:1b:
         51:42:80:e8:1a:ef:cc:41:0a:53:6a:a5:d3:84:68:46:d2:bc:
         fb:9a:c0:6e:ba:b0:21:89:94:e8:fb:84:10:88:4a:9a:37:b3:
         3d:2d:6d:78:1f:99:4e:38:90:21:47:cf:a6:c8:9f:49:04:25:
         b0:37:a1:64:99:b0:eb:09:6c:c5:65:67:9f:8d:4b:20:c1:f0:
         de:89:0e:7d:80:26:16:51:2c:78:81:66:e9:16:0c:4a:18:4c:
         7e:ea:56:94:8c:51:2a:8c:2d:75:4d:99:b9:40:49:11:7d:2c:
         4d:6f:f9:dd:c9:26:ed:eb:53:61:98:75:f5:95:5a:22:2c:8f:
         c0:30:72:db:22:8a:89:3a:84:1c:a3:e5:e8:cd:1f:5c:5f:bc:
         21:06:3e:9a:d1:0d:6b:2a:fd:ce:81:20:e1:e4:b2:96:4a:c8:
         eb:c0:97:0a:df:71:28:de:19:2d:92:53:89:a6:f5:5d:4c:ef:
         92:8a:12:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Yq+1qdIipyc5iBaLv2DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNGI5MTdkYzkwNDZhMDY1Njc4YWUwZGY0ZDNlMzAzNjlj
NTljNjkwHhcNMjUwMTAyMTE0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzc5NDQyMDcyZGE0YjcxOGM4MmU0NjM4OTk1NWU1ZDliNWEwNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JUIbVFXuqCgnFmNa2K+SqRvU5g8
asN9eMupywJ35Xm+XvrQb9xe+TVR/WhKltaQ85766AZpCp6ge+bJdcVr8Fzqbaie
Tm+RBEFkW+RXkvQb3C6i7NW4ycHUijEVAk+1Z0yG2K+EmNzyEh2CHFedYntRFmts
CA2o6oQghSbJfY4kN5ouBb4HXParsJzFAcsTvWqUDjiJ90mmf9NunDIpPqEpkprt
lxQOwuR3Ht03CPXfkGndGdyQ7cFwaei2QLz1S2/s5lhzt3VXko8DrAwZNNL1Sgqx
lxUpbAws9gYrv85Sx+XzAVKAqHrdeS79Ts9CivXdQXguQ6k8etzt8k5bBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBx5RCBy2ktxjILkY4mVXl2bWgdVMB8GA1UdIwQY
MBaAFHxLkX3JBGoGVniuDfTT4wNpxZxpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkV1UmZja0VhZ1pXZUs0TjlOUGpBMm5GbkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84ZDg1ZDctNDA0OS00YjVhLTliZjct
OTFjNzBmNjFhMDY3LzEvSEhsRUlITGFTM0dNZ3VSamlaVmVYWnRhQjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84ZDg1ZDctNDA0OS00YjVhLTliZjctOTFjNzBmNjFhMDY3
LzEvZkV1UmZja0VhZ1pXZUs0TjlOUGpBMm5GbkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXUPMA0G
CSqGSIb3DQEBCwUAA4IBAQCVGlTL9Vo73z0pimN1fDWDC6/RXYolKeA+79ZDKnyU
+U+PXx0909mipPAjvMBheLWAApY3qRhenkcRNSXWZDN/rd+oF6XLZRtRQoDoGu/M
QQpTaqXThGhG0rz7msBuurAhiZTo+4QQiEqaN7M9LW14H5lOOJAhR8+myJ9JBCWw
N6FkmbDrCWzFZWefjUsgwfDeiQ59gCYWUSx4gWbpFgxKGEx+6laUjFEqjC11TZm5
QEkRfSxNb/ndySbt61NhmHX1lVoiLI/AMHLbIoqJOoQco+XozR9cX7whBj6a0Q1r
Kv3OgSDh5LKWSsjrwJcK33Eo3hktklOJpvVdTO+SihJj
-----END CERTIFICATE-----