Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/HLNbdsiEi9zrEX9bhrS_IVl3jtc.roa
File:                     HLNbdsiEi9zrEX9bhrS_IVl3jtc.roa (raw, json)
Hash identifier:          1y6Fi/ztp5kH8MZMJE7AZCFbRxNUTgcF8S0cn+hAm74=
Subject key identifier:   1C:B3:5B:76:C8:84:8B:DC:EB:11:7F:5B:86:B4:BF:21:59:77:8E:D7
Certificate issuer:       /CN=ee8ba8824c5c8d207326a4a3ab893ebb8f5096ad
Certificate serial:       0195D750C771D0E99EDB81D21481B13FF18B
Authority key identifier: EE:8B:A8:82:4C:5C:8D:20:73:26:A4:A3:AB:89:3E:BB:8F:50:96:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7ouogkxcjSBzJqSjq4k-u49Qlq0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/HLNbdsiEi9zrEX9bhrS_IVl3jtc.roa
Signing time:             Thu 27 Mar 2025 11:15:49 +0000
ROA not before:           Thu 27 Mar 2025 11:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5080
IP address blocks:        194.238.1.0/24 maxlen: 24
                          194.238.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/7ouogkxcjSBzJqSjq4k-u49Qlq0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/7ouogkxcjSBzJqSjq4k-u49Qlq0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7ouogkxcjSBzJqSjq4k-u49Qlq0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d7:50:c7:71:d0:e9:9e:db:81:d2:14:81:b1:3f:f1:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee8ba8824c5c8d207326a4a3ab893ebb8f5096ad
        Validity
            Not Before: Mar 27 11:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cb35b76c8848bdceb117f5b86b4bf2159778ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:36:fc:7b:51:8b:0b:2a:e8:f0:b3:44:24:59:
                    7b:d0:79:a7:30:67:64:9b:4e:29:8a:ff:43:ea:3b:
                    20:25:1c:34:c3:ec:df:61:71:d6:f3:29:77:37:6d:
                    10:ac:60:f0:41:40:2e:24:90:4c:0e:e9:27:e0:5e:
                    12:36:a3:31:6c:5d:5f:9e:1a:71:69:a5:eb:83:66:
                    ee:55:54:45:c8:af:22:e8:7e:47:09:25:b4:54:f7:
                    69:e1:de:f9:0c:24:23:e7:09:c6:6e:e7:1e:c6:c1:
                    c7:71:7a:dc:22:d0:5b:81:13:53:2d:ae:45:9a:c9:
                    0b:37:9e:2a:ec:ed:23:e9:3c:7a:ef:d0:60:18:88:
                    0d:58:3b:53:e7:d1:96:6c:70:2a:bc:58:fe:b7:7c:
                    b2:5f:bd:b4:50:b3:98:0a:c2:18:70:7c:4a:62:81:
                    9f:1f:f1:51:b3:3f:4b:92:dd:de:50:82:07:0b:97:
                    e4:9d:b9:77:fc:5e:0f:83:0a:b6:ea:a0:5f:4b:73:
                    4a:c9:8b:c0:aa:05:37:23:38:16:78:a9:24:77:c0:
                    83:0b:7d:c4:c2:aa:38:e7:19:7f:ae:c5:da:0b:f5:
                    5a:cb:b9:fb:da:56:83:a0:34:9e:6e:3a:ed:c9:c4:
                    4f:f1:a1:0a:ef:21:50:5d:b9:54:1d:0b:9b:f6:33:
                    e2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B3:5B:76:C8:84:8B:DC:EB:11:7F:5B:86:B4:BF:21:59:77:8E:D7
            X509v3 Authority Key Identifier:
                keyid:EE:8B:A8:82:4C:5C:8D:20:73:26:A4:A3:AB:89:3E:BB:8F:50:96:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7ouogkxcjSBzJqSjq4k-u49Qlq0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/HLNbdsiEi9zrEX9bhrS_IVl3jtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/63509c-5676-4eaf-99d4-eecd28e28e35/1/7ouogkxcjSBzJqSjq4k-u49Qlq0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.238.1.0-194.238.2.255

    Signature Algorithm: sha256WithRSAEncryption
         6d:8c:76:ea:2f:cc:fc:2c:cc:4d:93:c1:30:ff:5a:f9:c7:95:
         84:19:e3:8f:6b:40:52:e0:52:5b:a5:c9:c5:74:f5:a5:f2:aa:
         bc:ac:90:d5:5d:67:c0:c7:36:1c:34:94:9e:35:ab:00:e7:8d:
         56:cd:1f:b7:02:f9:92:11:9e:84:c6:4e:3f:80:9a:61:65:80:
         f4:cb:4a:6c:2c:9a:2a:a3:97:13:2d:2f:ed:e1:00:b1:a8:f2:
         3a:78:a4:f1:6b:82:be:4b:07:bd:15:0e:31:16:cc:77:8a:15:
         75:60:0e:70:01:42:b8:1d:92:fa:23:4c:ee:4e:0c:57:f5:d7:
         75:78:fb:2e:77:dd:1b:ec:00:f8:01:fc:59:82:f3:5b:9a:2d:
         6d:30:40:a5:e4:85:f8:4c:ff:78:e6:95:ce:29:9d:37:25:56:
         6c:d6:1a:3c:ff:fd:e2:35:f5:74:49:56:d7:e0:d2:44:26:c2:
         7d:77:18:85:4d:c3:7d:c0:4f:4f:ef:99:f6:dd:dc:99:be:1d:
         cc:83:7c:e7:25:42:6c:4d:57:e4:d9:50:e8:ed:d6:f3:93:46:
         6f:6e:15:8f:32:87:4c:c9:5c:2b:65:cc:25:9f:92:0d:99:3e:
         99:0d:9c:46:b4:f7:6f:8b:50:02:6e:95:e8:0b:27:48:1d:4c:
         e7:ad:75:b3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZXXUMdx0Ome24HSFIGxP/GLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlOGJhODgyNGM1YzhkMjA3MzI2YTRhM2FiODkzZWJiOGY1
MDk2YWQwHhcNMjUwMzI3MTExNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2IzNWI3NmM4ODQ4YmRjZWIxMTdmNWI4NmI0YmYyMTU5Nzc4ZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Tb8e1GLCyro8LNEJFl70HmnMGdk
m04piv9D6jsgJRw0w+zfYXHW8yl3N20QrGDwQUAuJJBMDukn4F4SNqMxbF1fnhpx
aaXrg2buVVRFyK8i6H5HCSW0VPdp4d75DCQj5wnGbucexsHHcXrcItBbgRNTLa5F
mskLN54q7O0j6Tx679BgGIgNWDtT59GWbHAqvFj+t3yyX720ULOYCsIYcHxKYoGf
H/FRsz9Lkt3eUIIHC5fknbl3/F4Pgwq26qBfS3NKyYvAqgU3IzgWeKkkd8CDC33E
wqo45xl/rsXaC/Vay7n72laDoDSebjrtycRP8aEK7yFQXblUHQub9jPiOwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFByzW3bIhIvc6xF/W4a0vyFZd47XMB8GA1UdIwQY
MBaAFO6LqIJMXI0gcyako6uJPruPUJatMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN291b2dreGNqU0J6SnFTanE0ay11NDlRbHEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82MzUwOWMtNTY3Ni00ZWFmLTk5ZDQt
ZWVjZDI4ZTI4ZTM1LzEvSExOYmRzaUVpOXpyRVg5YmhyU19JVmwzanRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82MzUwOWMtNTY3Ni00ZWFmLTk5ZDQtZWVjZDI4ZTI4ZTM1
LzEvN291b2dreGNqU0J6SnFTanE0ay11NDlRbHEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADC7gED
BADC7gIwDQYJKoZIhvcNAQELBQADggEBAG2MduovzPwszE2TwTD/WvnHlYQZ449r
QFLgUlulycV09aXyqryskNVdZ8DHNhw0lJ41qwDnjVbNH7cC+ZIRnoTGTj+AmmFl
gPTLSmwsmiqjlxMtL+3hALGo8jp4pPFrgr5LB70VDjEWzHeKFXVgDnABQrgdkvoj
TO5ODFf113V4+y533RvsAPgB/FmC81uaLW0wQKXkhfhM/3jmlc4pnTclVmzWGjz/
/eI19XRJVtfg0kQmwn13GIVNw33AT0/vmfbd3Jm+HcyDfOclQmxNV+TZUOjt1vOT
Rm9uFY8yh0zJXCtlzCWfkg2ZPpkNnEa092+LUAJulegLJ0gdTOetdbM=
-----END CERTIFICATE-----