Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/HL3zbPTcxhVqirSBJma1znBaOUA.roa
File:                     HL3zbPTcxhVqirSBJma1znBaOUA.roa (raw, json)
Hash identifier:          7ZR3whBUXhwSo29A4QrdKRJ/028T23eDDNNBAiwMCIU=
Subject key identifier:   1C:BD:F3:6C:F4:DC:C6:15:6A:8A:B4:81:26:66:B5:CE:70:5A:39:40
Certificate issuer:       /CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
Certificate serial:       018FE823BE70EACAE32FF7032CC9012967A1
Authority key identifier: 5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/HL3zbPTcxhVqirSBJma1znBaOUA.roa
Signing time:             Wed 05 Jun 2024 11:23:27 +0000
ROA not before:           Wed 05 Jun 2024 11:23:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211895
IP address blocks:        2a0d:4480::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e8:23:be:70:ea:ca:e3:2f:f7:03:2c:c9:01:29:67:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
        Validity
            Not Before: Jun  5 11:23:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cbdf36cf4dcc6156a8ab4812666b5ce705a3940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:52:ba:3f:68:d0:58:b0:80:ee:c5:2e:e7:d9:
                    f0:77:32:d4:d9:e4:a3:91:e7:38:37:ca:5e:19:14:
                    bd:e9:8c:cd:7c:b7:52:66:46:71:26:25:cb:fc:42:
                    37:48:fa:6d:bc:dd:c4:2b:15:61:71:5d:3e:74:c5:
                    29:b0:b0:24:44:27:8c:e4:56:bd:03:8e:31:3c:02:
                    fd:ae:94:4e:4c:8c:d1:86:e5:3b:58:53:4a:cb:0b:
                    19:ba:eb:95:ea:6b:d3:41:e2:0f:5f:f1:f0:cb:df:
                    2f:01:4a:de:76:b2:d7:74:c7:09:92:bf:be:e1:54:
                    c5:55:6a:18:dd:c0:c8:c8:ae:d1:82:03:79:00:4a:
                    f1:60:c7:c9:69:2a:c8:fe:1f:e2:3e:a6:48:60:6f:
                    81:5f:63:e0:cc:19:20:5f:02:c3:18:9b:e4:8e:d3:
                    15:6d:de:97:38:cd:e9:c8:9e:93:01:e7:c6:3b:a0:
                    c6:55:1e:38:45:9f:d8:92:93:56:eb:5e:c6:94:75:
                    97:b9:07:a0:a3:06:81:3e:6e:c3:37:88:71:e4:37:
                    b2:97:2b:50:ba:a7:39:8a:03:0b:ca:90:47:83:7b:
                    6a:35:e4:14:f7:f8:67:17:56:39:eb:ca:9e:e2:ba:
                    3b:e6:23:79:15:d2:d6:d6:28:99:af:62:9c:82:1d:
                    9a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BD:F3:6C:F4:DC:C6:15:6A:8A:B4:81:26:66:B5:CE:70:5A:39:40
            X509v3 Authority Key Identifier:
                keyid:5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/HL3zbPTcxhVqirSBJma1znBaOUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:4480::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:16:be:c0:68:16:99:ee:7b:29:df:8f:35:a3:6c:38:f4:7d:
         94:3c:03:d5:63:9a:63:c2:57:57:15:2f:f6:0b:9b:06:52:dd:
         39:05:b2:41:54:ba:71:73:f8:42:b2:9c:5b:e0:44:2b:3b:1f:
         6c:86:fb:7d:7b:d5:b8:92:84:39:6c:d0:4d:41:b2:86:7c:79:
         17:63:52:1d:cc:17:7f:b6:1a:88:f9:67:dd:7b:a0:65:26:1d:
         ab:a6:57:3c:db:71:fd:03:c3:69:da:c5:9f:97:b9:c3:fe:09:
         d4:dd:c3:ba:dc:51:b5:cc:86:57:13:f7:11:b8:d5:c7:ee:7b:
         30:2a:cb:82:05:3c:e8:97:2f:47:ec:1b:e9:be:1e:a5:0e:de:
         ac:78:6b:94:e9:f8:ff:9c:92:a1:0c:03:ff:51:7c:c2:d1:92:
         f1:91:20:2a:e9:b8:51:12:ca:32:bc:be:2b:07:95:a9:48:5d:
         b9:b9:de:cf:8f:3f:6a:8f:5e:10:ee:d0:df:3c:22:af:87:ac:
         32:34:28:c9:52:16:95:c1:4b:5b:b6:a3:12:ee:49:1e:53:38:
         b9:25:a8:28:cc:61:16:9e:89:7f:64:f0:6f:ef:b8:f6:16:63:
         8d:07:4a:ca:92:cc:47:b6:9f:35:c0:d9:75:5c:d1:a1:71:07:
         55:93:92:8e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/oI75w6srjL/cDLMkBKWehMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjMxYWZjMzZjYjY5NTUwMDdmZTk3ZWQ0YTVlMzE4NWQy
MjcxYmEwHhcNMjQwNjA1MTEyMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2JkZjM2Y2Y0ZGNjNjE1NmE4YWI0ODEyNjY2YjVjZTcwNWEzOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1K6P2jQWLCA7sUu59nwdzLU2eSj
kec4N8peGRS96YzNfLdSZkZxJiXL/EI3SPptvN3EKxVhcV0+dMUpsLAkRCeM5Fa9
A44xPAL9rpROTIzRhuU7WFNKywsZuuuV6mvTQeIPX/Hwy98vAUredrLXdMcJkr++
4VTFVWoY3cDIyK7RggN5AErxYMfJaSrI/h/iPqZIYG+BX2PgzBkgXwLDGJvkjtMV
bd6XOM3pyJ6TAefGO6DGVR44RZ/YkpNW617GlHWXuQegowaBPm7DN4hx5DeylytQ
uqc5igMLypBHg3tqNeQU9/hnF1Y568qe4ro75iN5FdLW1iiZr2Kcgh2a5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBy982z03MYVaoq0gSZmtc5wWjlAMB8GA1UdIwQY
MBaAFFzzGvw2y2lVAH/pftSl4xhdInG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQt
NzM2ZDEyODg4Y2E4LzEvSEwzemJQVGN4aFZxaXJTQkptYTF6bkJhT1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQtNzM2ZDEyODg4Y2E4
LzEvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg1EgDAN
BgkqhkiG9w0BAQsFAAOCAQEAeRa+wGgWme57Kd+PNaNsOPR9lDwD1WOaY8JXVxUv
9gubBlLdOQWyQVS6cXP4QrKcW+BEKzsfbIb7fXvVuJKEOWzQTUGyhnx5F2NSHcwX
f7YaiPln3XugZSYdq6ZXPNtx/QPDadrFn5e5w/4J1N3DutxRtcyGVxP3EbjVx+57
MCrLggU86JcvR+wb6b4epQ7erHhrlOn4/5ySoQwD/1F8wtGS8ZEgKum4URLKMry+
KweVqUhdubnez48/ao9eEO7Q3zwir4esMjQoyVIWlcFLW7ajEu5JHlM4uSWoKMxh
Fp6Jf2Twb++49hZjjQdKypLMR7afNcDZdVzRoXEHVZOSjg==
-----END CERTIFICATE-----