Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/HR1TJcG3AG_suefNVvv2h1y7jts.roa
File:                     HR1TJcG3AG_suefNVvv2h1y7jts.roa (raw, json)
Hash identifier:          jl46NDl1eD+3H3yNjUjUt9A4Z+9o/63LKae5rqNmZI4=
Subject key identifier:   1D:1D:53:25:C1:B7:00:6F:EC:B9:E7:CD:56:FB:F6:87:5C:BB:8E:DB
Certificate issuer:       /CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
Certificate serial:       0194214443E8D8D4E805F9955516DBD637DC
Authority key identifier: 11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/HR1TJcG3AG_suefNVvv2h1y7jts.roa
Signing time:             Wed 01 Jan 2025 09:48:29 +0000
ROA not before:           Wed 01 Jan 2025 09:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a03:5640::/36 maxlen: 48
                          2a03:5640:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:43:e8:d8:d4:e8:05:f9:95:55:16:db:d6:37:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=118ba4ef901aac10876ccf976a5f7d16c4ca79f0
        Validity
            Not Before: Jan  1 09:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d1d5325c1b7006fecb9e7cd56fbf6875cbb8edb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:55:61:66:ad:ec:6c:bb:3e:6b:48:20:58:97:
                    f7:d6:2c:d4:bc:8f:f4:88:c6:69:b9:8f:23:64:1f:
                    a4:95:35:ff:79:7f:31:61:6b:b2:eb:5a:69:64:b0:
                    f0:71:1c:84:0d:de:52:d3:da:bc:4c:a8:e1:26:c3:
                    7a:e7:6e:6e:01:3c:87:a5:3f:16:31:d2:35:d5:a5:
                    4a:4e:64:ef:98:96:6b:05:27:80:9f:82:e6:0c:d1:
                    24:c7:10:52:61:2d:66:2e:bc:d8:01:c0:49:60:00:
                    8a:7d:7e:ba:9a:02:75:ce:2e:4e:c1:a6:80:65:72:
                    29:19:29:f1:48:ba:b5:67:a8:76:5d:2c:8d:4b:b0:
                    81:f1:05:7d:9e:3d:0f:99:13:49:6e:8d:24:cb:75:
                    3b:1a:35:3d:32:59:a4:2c:92:c7:78:1e:29:f9:a9:
                    a5:ff:72:58:c7:90:b9:f5:db:ab:b7:ef:00:2f:d5:
                    6d:1c:18:1b:ec:ce:97:b9:c5:5c:c0:1e:7f:24:a2:
                    c9:98:63:b4:f7:ec:36:35:cf:90:23:79:a8:67:12:
                    67:00:4c:55:43:b4:dd:26:f3:9d:57:75:bd:f5:58:
                    17:84:53:b7:12:dd:09:f8:9c:40:70:e1:54:62:c9:
                    ab:9a:f2:80:7e:45:3c:df:fd:07:17:e3:ab:d5:0c:
                    2a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:1D:53:25:C1:B7:00:6F:EC:B9:E7:CD:56:FB:F6:87:5C:BB:8E:DB
            X509v3 Authority Key Identifier:
                keyid:11:8B:A4:EF:90:1A:AC:10:87:6C:CF:97:6A:5F:7D:16:C4:CA:79:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EYuk75AarBCHbM-Xal99FsTKefA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/HR1TJcG3AG_suefNVvv2h1y7jts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/bd4d8d-9380-40e9-8142-f2b4efba59bc/1/EYuk75AarBCHbM-Xal99FsTKefA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5640::/36
                  2a03:5640:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         32:2b:f4:f4:ca:61:49:98:f0:5e:e1:ff:36:b2:60:3a:2c:bd:
         d0:13:0e:87:8a:23:33:fc:7f:ff:d4:01:d7:dc:ce:f4:9a:ab:
         5d:bb:41:13:21:29:6c:4a:9f:91:e3:cc:46:2e:24:e9:15:52:
         89:cf:b9:cd:e4:8f:2f:c3:be:85:65:59:b8:bc:65:42:a0:13:
         43:ce:43:83:f9:30:4e:c7:d2:69:17:e9:1f:7e:ff:43:83:5c:
         23:71:77:67:ed:80:3b:20:aa:08:f5:8d:11:af:3f:dc:29:40:
         11:e0:ca:ca:42:e6:d8:9d:51:4c:98:24:f0:2c:6c:6b:60:41:
         82:3d:88:87:6a:e4:ec:36:f9:e1:77:d8:da:47:42:66:6c:cc:
         00:6d:a4:3a:4c:30:74:bd:42:c1:e7:7f:21:d4:60:72:d7:17:
         ae:3b:8a:fa:57:3d:99:e5:24:d0:94:87:83:e6:5f:76:94:94:
         0c:96:7b:77:1a:fd:b3:e8:68:c4:41:10:d2:21:d3:7a:46:1d:
         58:9b:8e:4e:b4:35:ac:a0:2a:5f:2a:ef:a6:c4:5a:63:1e:ba:
         02:6d:b9:2b:d2:42:e0:70:50:48:aa:01:55:b9:df:39:53:e8:
         c8:24:79:fd:0e:ea:15:b0:e6:46:ae:54:77:73:3a:20:d6:df:
         59:13:9c:b2
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQhREPo2NToBfmVVRbb1jfcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExOGJhNGVmOTAxYWFjMTA4NzZjY2Y5NzZhNWY3ZDE2YzRj
YTc5ZjAwHhcNMjUwMTAxMDk0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDFkNTMyNWMxYjcwMDZmZWNiOWU3Y2Q1NmZiZjY4NzVjYmI4ZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplVhZq3sbLs+a0ggWJf31izUvI/0
iMZpuY8jZB+klTX/eX8xYWuy61ppZLDwcRyEDd5S09q8TKjhJsN6525uATyHpT8W
MdI11aVKTmTvmJZrBSeAn4LmDNEkxxBSYS1mLrzYAcBJYACKfX66mgJ1zi5OwaaA
ZXIpGSnxSLq1Z6h2XSyNS7CB8QV9nj0PmRNJbo0ky3U7GjU9MlmkLJLHeB4p+aml
/3JYx5C59durt+8AL9VtHBgb7M6XucVcwB5/JKLJmGO09+w2Nc+QI3moZxJnAExV
Q7TdJvOdV3W99VgXhFO3Et0J+JxAcOFUYsmrmvKAfkU83/0HF+Or1QwqywIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFB0dUyXBtwBv7LnnzVb79odcu47bMB8GA1UdIwQY
MBaAFBGLpO+QGqwQh2zPl2pffRbEynnwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDIt
ZjJiNGVmYmE1OWJjLzEvSFIxVEpjRzNBR19zdWVmTlZ2djJoMXk3anRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9iZDRkOGQtOTM4MC00MGU5LTgxNDItZjJiNGVmYmE1OWJj
LzEvRVl1azc1QWFyQkNIYk0tWGFsOTlGc1RLZWZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgNWQAAD
BgQqA1ZA8DANBgkqhkiG9w0BAQsFAAOCAQEAMiv09MphSZjwXuH/NrJgOiy90BMO
h4ojM/x//9QB19zO9JqrXbtBEyEpbEqfkePMRi4k6RVSic+5zeSPL8O+hWVZuLxl
QqATQ85Dg/kwTsfSaRfpH37/Q4NcI3F3Z+2AOyCqCPWNEa8/3ClAEeDKykLm2J1R
TJgk8Cxsa2BBgj2Ih2rk7Db54XfY2kdCZmzMAG2kOkwwdL1Cwed/IdRgctcXrjuK
+lc9meUk0JSHg+ZfdpSUDJZ7dxr9s+hoxEEQ0iHTekYdWJuOTrQ1rKAqXyrvpsRa
Yx66Am25K9JC4HBQSKoBVbnfOVPoyCR5/Q7qFbDmRq5Ud3M6INbfWROcsg==
-----END CERTIFICATE-----