Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/HSxOpF8LeaRif88_oEZ4y7MBldM.roa
File:                     HSxOpF8LeaRif88_oEZ4y7MBldM.roa (raw, json)
Hash identifier:          n8DGCpnE1FwgPJK7R+0dK8cIDb4XdG2XSYHd7OuwJKU=
Subject key identifier:   1D:2C:4E:A4:5F:0B:79:A4:62:7F:CF:3F:A0:46:78:CB:B3:01:95:D3
Certificate issuer:       /CN=4fd6646c93c2974789ecef7b444656ee64161729
Certificate serial:       019426D96F636988ABE7BD3EA9734D43A782
Authority key identifier: 4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/HSxOpF8LeaRif88_oEZ4y7MBldM.roa
Signing time:             Thu 02 Jan 2025 11:49:31 +0000
ROA not before:           Thu 02 Jan 2025 11:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25575
IP address blocks:        213.145.224.0/19 maxlen: 22
                          2a03:1000::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:6f:63:69:88:ab:e7:bd:3e:a9:73:4d:43:a7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fd6646c93c2974789ecef7b444656ee64161729
        Validity
            Not Before: Jan  2 11:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d2c4ea45f0b79a4627fcf3fa04678cbb30195d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ba:bf:05:73:2c:de:68:8c:b8:65:cb:2d:d0:
                    a7:0a:08:c1:e4:db:fa:04:69:d7:07:6e:2a:73:31:
                    f6:1a:3e:d9:69:8d:af:f7:23:f8:17:cf:96:1b:f5:
                    4c:87:51:af:46:70:3e:b0:d3:bc:91:89:bc:fa:b0:
                    36:3c:b0:10:8c:2d:82:af:13:13:13:96:b9:6c:65:
                    b0:72:91:16:7d:c4:c6:8c:f0:56:65:17:f6:8d:fe:
                    80:dc:cc:b5:40:d4:dd:0e:72:f1:d8:da:6a:62:02:
                    bc:ec:a6:16:a1:6b:63:f5:c0:07:68:20:0a:7c:1c:
                    b8:53:02:5f:d6:08:32:68:b4:62:17:cd:bf:be:1d:
                    80:2c:c4:68:ee:b1:ee:ab:db:53:63:27:05:fa:7f:
                    47:87:d4:22:d3:bd:47:54:6e:ac:11:17:74:52:a0:
                    70:5f:f0:fd:1e:f7:b9:32:6e:23:ff:59:dd:d6:12:
                    89:4a:33:63:b7:a3:1d:20:5d:79:9e:15:fa:b8:75:
                    69:38:35:12:5f:f2:05:53:bc:54:81:df:e8:8f:33:
                    41:5a:55:4d:76:37:4c:a9:87:b0:47:86:d8:0c:6a:
                    bc:60:12:d7:83:ad:85:fe:ec:84:7b:ba:92:04:0b:
                    ec:4e:bb:60:2c:ce:fa:b9:79:c8:1b:b4:0b:b8:97:
                    1b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:2C:4E:A4:5F:0B:79:A4:62:7F:CF:3F:A0:46:78:CB:B3:01:95:D3
            X509v3 Authority Key Identifier:
                keyid:4F:D6:64:6C:93:C2:97:47:89:EC:EF:7B:44:46:56:EE:64:16:17:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T9ZkbJPCl0eJ7O97REZW7mQWFyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/HSxOpF8LeaRif88_oEZ4y7MBldM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/33816b-145b-47f8-85fa-76a5385c515a/1/T9ZkbJPCl0eJ7O97REZW7mQWFyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.224.0/19
                IPv6:
                  2a03:1000::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:bd:ec:7e:ad:46:9d:3a:17:6d:90:95:86:69:f0:90:fa:11:
         05:b9:eb:da:4b:12:2b:90:56:fd:05:4b:26:57:17:b1:b4:b9:
         5e:25:a9:5b:05:96:b5:bd:b8:40:1d:51:08:16:1e:60:18:b7:
         54:b8:74:dd:57:99:66:a6:77:c2:0b:ec:14:12:00:4f:52:1b:
         b4:b7:12:dc:ea:9a:5c:fd:b4:3c:c0:3e:ed:d2:32:93:cb:94:
         67:6c:b5:78:7e:e0:4d:04:19:d0:a3:35:05:77:7f:a2:cc:50:
         05:97:5e:f7:db:6e:0a:2f:20:35:3e:60:3e:3b:d6:fe:b6:13:
         77:91:c3:ce:74:90:d0:af:44:47:06:89:4a:73:25:ec:26:42:
         59:6d:0b:5b:1c:5f:4c:33:76:e8:94:6a:9f:13:ed:93:d9:97:
         d5:ed:92:4d:17:ce:10:a3:f7:f3:3d:a7:82:75:b0:4d:9e:93:
         72:0f:2c:79:ec:d5:a8:59:6b:ff:7f:c1:5f:c2:ce:25:31:6d:
         04:e1:be:ec:1d:f8:3a:92:73:9e:48:fe:1d:ec:d8:21:4f:2e:
         9b:59:be:91:c0:c0:ec:66:7f:ab:ef:0d:af:df:51:0e:2a:ee:
         4f:5c:95:22:d1:79:fc:30:49:52:85:70:98:c2:df:97:e2:8d:
         d7:b8:70:7c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2W9jaYir570+qXNNQ6eCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmZDY2NDZjOTNjMjk3NDc4OWVjZWY3YjQ0NDY1NmVlNjQx
NjE3MjkwHhcNMjUwMTAyMTE0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDJjNGVhNDVmMGI3OWE0NjI3ZmNmM2ZhMDQ2NzhjYmIzMDE5NWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7q/BXMs3miMuGXLLdCnCgjB5Nv6
BGnXB24qczH2Gj7ZaY2v9yP4F8+WG/VMh1GvRnA+sNO8kYm8+rA2PLAQjC2CrxMT
E5a5bGWwcpEWfcTGjPBWZRf2jf6A3My1QNTdDnLx2NpqYgK87KYWoWtj9cAHaCAK
fBy4UwJf1ggyaLRiF82/vh2ALMRo7rHuq9tTYycF+n9Hh9Qi071HVG6sERd0UqBw
X/D9Hve5Mm4j/1nd1hKJSjNjt6MdIF15nhX6uHVpODUSX/IFU7xUgd/ojzNBWlVN
djdMqYewR4bYDGq8YBLXg62F/uyEe7qSBAvsTrtgLM76uXnIG7QLuJcbLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB0sTqRfC3mkYn/PP6BGeMuzAZXTMB8GA1UdIwQY
MBaAFE/WZGyTwpdHiezve0RGVu5kFhcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEt
NzZhNTM4NWM1MTVhLzEvSFN4T3BGOExlYVJpZjg4X29FWjR5N01CbGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8zMzgxNmItMTQ1Yi00N2Y4LTg1ZmEtNzZhNTM4NWM1MTVh
LzEvVDlaa2JKUENsMGVKN085N1JFWlc3bVFXRnlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1ZHgMA0E
AgACMAcDBQAqAxAAMA0GCSqGSIb3DQEBCwUAA4IBAQA/vex+rUadOhdtkJWGafCQ
+hEFuevaSxIrkFb9BUsmVxextLleJalbBZa1vbhAHVEIFh5gGLdUuHTdV5lmpnfC
C+wUEgBPUhu0txLc6ppc/bQ8wD7t0jKTy5RnbLV4fuBNBBnQozUFd3+izFAFl173
224KLyA1PmA+O9b+thN3kcPOdJDQr0RHBolKcyXsJkJZbQtbHF9MM3bolGqfE+2T
2ZfV7ZJNF84Qo/fzPaeCdbBNnpNyDyx57NWoWWv/f8Ffws4lMW0E4b7sHfg6knOe
SP4d7NghTy6bWb6RwMDsZn+r7w2v31EOKu5PXJUi0Xn8MElShXCYwt+X4o3XuHB8
-----END CERTIFICATE-----