Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/HGJX27GXVPS4-Sh7KYOLtXA2lsk.roa
File:                     HGJX27GXVPS4-Sh7KYOLtXA2lsk.roa (raw, json)
Hash identifier:          ktUOYmvxvNnEDaOyvbNYmuzDQIxtFAbjVvU/kz1DvfM=
Subject key identifier:   1C:62:57:DB:B1:97:54:F4:B8:F9:28:7B:29:83:8B:B5:70:36:96:C9
Certificate issuer:       /CN=dff1113bfc892d1df49a166047cb8c2aaeca768e
Certificate serial:       018CC8025EC05461DD156E34602DAAF6C0E6
Authority key identifier: DF:F1:11:3B:FC:89:2D:1D:F4:9A:16:60:47:CB:8C:2A:AE:CA:76:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_ERO_yJLR30mhZgR8uMKq7Kdo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/HGJX27GXVPS4-Sh7KYOLtXA2lsk.roa
Signing time:             Tue 02 Jan 2024 02:30:47 +0000
ROA not before:           Tue 02 Jan 2024 02:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49522
IP address blocks:        194.165.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/3_ERO_yJLR30mhZgR8uMKq7Kdo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/3_ERO_yJLR30mhZgR8uMKq7Kdo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_ERO_yJLR30mhZgR8uMKq7Kdo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:5e:c0:54:61:dd:15:6e:34:60:2d:aa:f6:c0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff1113bfc892d1df49a166047cb8c2aaeca768e
        Validity
            Not Before: Jan  2 02:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c6257dbb19754f4b8f9287b29838bb5703696c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:46:3a:40:16:65:ae:2f:e9:bf:f3:00:1e:0a:
                    14:24:eb:f6:f7:3f:d7:8b:37:0f:95:64:4a:77:6b:
                    11:30:07:9e:a9:8e:84:22:6f:89:2b:03:6c:ab:17:
                    e6:41:25:f7:dc:6f:8a:80:f5:18:70:16:f0:9e:3d:
                    61:02:e7:9a:50:a8:a4:97:d9:1b:8a:d7:b3:cb:15:
                    6c:f2:11:e4:5c:0d:cd:f0:de:de:a3:2d:32:64:31:
                    c0:d1:62:0c:9c:f6:c7:28:97:76:39:64:19:f4:6e:
                    53:59:43:91:17:42:2b:fb:68:77:39:1e:d6:b0:d4:
                    ea:35:d4:03:eb:f0:8f:e8:dc:f6:a2:0c:dd:b1:04:
                    91:88:2c:f4:96:07:e9:32:b1:35:53:88:bb:91:a0:
                    37:22:ec:3b:09:80:73:22:bd:88:ea:05:67:18:a8:
                    8d:0e:cc:9b:69:db:f0:a2:e8:7e:3f:19:ac:30:27:
                    55:df:68:97:10:ff:03:a7:2f:d9:0c:de:45:09:db:
                    53:36:8f:c4:c2:46:71:fd:77:ec:0d:79:f8:7e:73:
                    e8:fd:a1:9e:be:23:6e:68:fa:21:f2:2a:04:6c:54:
                    ce:70:59:5b:5c:ea:64:b2:4e:4b:c2:34:e2:1b:f3:
                    bd:bb:3b:7d:1a:ce:3d:b1:18:3c:f6:b0:eb:7c:cc:
                    d6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:62:57:DB:B1:97:54:F4:B8:F9:28:7B:29:83:8B:B5:70:36:96:C9
            X509v3 Authority Key Identifier:
                keyid:DF:F1:11:3B:FC:89:2D:1D:F4:9A:16:60:47:CB:8C:2A:AE:CA:76:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_ERO_yJLR30mhZgR8uMKq7Kdo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/HGJX27GXVPS4-Sh7KYOLtXA2lsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/3_ERO_yJLR30mhZgR8uMKq7Kdo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:39:64:8d:db:e4:50:c8:a6:66:b4:08:55:c4:82:ce:24:da:
         37:59:b6:a5:f9:8b:00:89:35:d0:38:61:77:ef:8f:47:b1:c2:
         cb:0a:11:71:72:45:4b:8c:1c:bf:2e:9d:38:9e:d1:14:39:ce:
         93:d2:73:69:d4:c6:47:ee:cb:6f:cc:af:0d:58:cc:cf:7f:3e:
         e0:d2:92:69:01:47:ec:68:8c:70:aa:1e:01:b0:42:e0:5d:ce:
         75:aa:06:3b:ce:02:a6:32:02:98:f4:7b:8b:e0:76:9d:3a:d6:
         a8:22:6a:25:bc:92:11:52:88:d3:14:d2:8c:c8:cc:f6:c9:ef:
         3d:2f:a2:97:27:21:0e:42:81:07:5a:dd:14:19:06:57:de:fe:
         7a:33:42:e0:35:7f:37:0b:65:ab:d8:09:05:8c:d9:81:46:f8:
         2f:3a:14:30:4f:a1:69:a7:6a:71:a0:be:a8:d6:21:1a:3d:72:
         3d:90:f2:ff:59:15:9d:15:6e:99:14:5e:58:7b:a5:c9:e1:52:
         b2:6b:22:b7:19:51:da:dd:26:34:18:11:12:2c:5d:4b:bd:6b:
         14:c8:32:99:ef:90:e5:14:b9:94:b6:24:ed:e6:9d:dc:d2:52:
         d6:85:d2:a9:25:d8:bb:e3:ef:f7:60:6c:cb:25:93:b0:2c:c2:
         4d:28:31:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAl7AVGHdFW40YC2q9sDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjExMTNiZmM4OTJkMWRmNDlhMTY2MDQ3Y2I4YzJhYWVj
YTc2OGUwHhcNMjQwMTAyMDIzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzYyNTdkYmIxOTc1NGY0YjhmOTI4N2IyOTgzOGJiNTcwMzY5NmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUY6QBZlri/pv/MAHgoUJOv29z/X
izcPlWRKd2sRMAeeqY6EIm+JKwNsqxfmQSX33G+KgPUYcBbwnj1hAueaUKikl9kb
itezyxVs8hHkXA3N8N7eoy0yZDHA0WIMnPbHKJd2OWQZ9G5TWUORF0Ir+2h3OR7W
sNTqNdQD6/CP6Nz2ogzdsQSRiCz0lgfpMrE1U4i7kaA3Iuw7CYBzIr2I6gVnGKiN
Dsybadvwouh+PxmsMCdV32iXEP8Dpy/ZDN5FCdtTNo/EwkZx/XfsDXn4fnPo/aGe
viNuaPoh8ioEbFTOcFlbXOpksk5LwjTiG/O9uzt9Gs49sRg89rDrfMzWewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxiV9uxl1T0uPkoeymDi7VwNpbJMB8GA1UdIwQY
MBaAFN/xETv8iS0d9JoWYEfLjCquynaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19FUk9feUpMUjMwbWhaZ1I4dU1LcTdLZG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9kYjdiOGYtMzc0My00NDcwLWE5YjUt
NWE1NDE2OWMxYjVlLzEvSEdKWDI3R1hWUFM0LVNoN0tZT0x0WEEybHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9kYjdiOGYtMzc0My00NDcwLWE5YjUtNWE1NDE2OWMxYjVl
LzEvM19FUk9feUpMUjMwbWhaZ1I4dU1LcTdLZG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqU3MA0G
CSqGSIb3DQEBCwUAA4IBAQA/OWSN2+RQyKZmtAhVxILOJNo3Wbal+YsAiTXQOGF3
749HscLLChFxckVLjBy/Lp04ntEUOc6T0nNp1MZH7stvzK8NWMzPfz7g0pJpAUfs
aIxwqh4BsELgXc51qgY7zgKmMgKY9HuL4HadOtaoImolvJIRUojTFNKMyMz2ye89
L6KXJyEOQoEHWt0UGQZX3v56M0LgNX83C2Wr2AkFjNmBRvgvOhQwT6Fpp2pxoL6o
1iEaPXI9kPL/WRWdFW6ZFF5Ye6XJ4VKyayK3GVHa3SY0GBESLF1LvWsUyDKZ75Dl
FLmUtiTt5p3c0lLWhdKpJdi74+/3YGzLJZOwLMJNKDGX
-----END CERTIFICATE-----