Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/395684-c872-4217-b27c-8b5ea6648176/1/HyPwmwNvj6CdMpZdefHGIg4yDzE.roa
File:                     HyPwmwNvj6CdMpZdefHGIg4yDzE.roa (raw, json)
Hash identifier:          OXYxYv21hsNNqtBtEPFKc2/1/qoxMz48zojYmP3J5L8=
Subject key identifier:   1F:23:F0:9B:03:6F:8F:A0:9D:32:96:5D:79:F1:C6:22:0E:32:0F:31
Certificate issuer:       /CN=b043e621fe1009701f6366843c0abc41e180c144
Certificate serial:       01941F8C957CEE44CD43C71B5EC528F5A347
Authority key identifier: B0:43:E6:21:FE:10:09:70:1F:63:66:84:3C:0A:BC:41:E1:80:C1:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sEPmIf4QCXAfY2aEPAq8QeGAwUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/395684-c872-4217-b27c-8b5ea6648176/1/HyPwmwNvj6CdMpZdefHGIg4yDzE.roa
Signing time:             Wed 01 Jan 2025 01:48:14 +0000
ROA not before:           Wed 01 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8708
IP address blocks:        193.111.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/395684-c872-4217-b27c-8b5ea6648176/1/sEPmIf4QCXAfY2aEPAq8QeGAwUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/395684-c872-4217-b27c-8b5ea6648176/1/sEPmIf4QCXAfY2aEPAq8QeGAwUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sEPmIf4QCXAfY2aEPAq8QeGAwUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:95:7c:ee:44:cd:43:c7:1b:5e:c5:28:f5:a3:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b043e621fe1009701f6366843c0abc41e180c144
        Validity
            Not Before: Jan  1 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f23f09b036f8fa09d32965d79f1c6220e320f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:50:dc:49:c5:97:6a:bd:1a:d9:00:e6:8e:f5:
                    f0:b7:a6:5b:c4:a3:73:48:c3:ca:aa:65:93:83:24:
                    a4:5f:bb:c5:b5:0c:11:7c:aa:ce:a8:26:db:c5:e9:
                    9e:41:16:bc:22:07:00:f8:b0:34:44:e1:bd:90:bc:
                    7a:d6:cd:91:01:03:5d:6d:28:20:60:f8:5d:6f:ff:
                    f8:bc:c7:d3:bd:44:67:be:32:2f:5a:de:2a:f9:ea:
                    69:ac:b6:31:a1:c3:fa:5f:7b:1a:58:5e:11:e6:b6:
                    ea:29:88:a7:4e:f5:02:fb:8b:47:3a:cd:e1:80:04:
                    2e:5f:57:db:8d:2e:ee:48:43:af:dc:2e:5e:c5:66:
                    fb:d3:22:56:80:0f:ff:2e:e9:a3:63:96:58:2c:33:
                    ba:1b:37:22:4a:a3:7a:8b:0e:e6:53:f7:0d:0f:94:
                    f0:c2:c9:7b:a5:84:3b:3c:1c:9e:e0:8c:a4:0b:03:
                    38:ae:ed:bf:a4:d5:66:68:c5:ed:7a:8d:4e:47:1f:
                    d2:5f:33:38:50:e8:5f:a4:0c:61:34:da:c6:a4:d4:
                    d1:15:91:6d:e4:ee:ff:02:ea:e3:f3:dc:3a:e8:9a:
                    d2:41:71:8f:9f:ed:85:b9:d4:ea:96:ef:f8:32:d0:
                    65:59:35:54:19:3b:20:c8:e4:90:b1:7f:7b:be:f8:
                    54:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:23:F0:9B:03:6F:8F:A0:9D:32:96:5D:79:F1:C6:22:0E:32:0F:31
            X509v3 Authority Key Identifier:
                keyid:B0:43:E6:21:FE:10:09:70:1F:63:66:84:3C:0A:BC:41:E1:80:C1:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sEPmIf4QCXAfY2aEPAq8QeGAwUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/395684-c872-4217-b27c-8b5ea6648176/1/HyPwmwNvj6CdMpZdefHGIg4yDzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/395684-c872-4217-b27c-8b5ea6648176/1/sEPmIf4QCXAfY2aEPAq8QeGAwUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:b8:eb:43:55:fc:6e:fd:ca:fb:d8:30:bb:2c:b6:0b:24:df:
         f4:8a:5b:4a:0b:fa:82:4b:bc:ba:71:00:61:be:d3:ac:95:fb:
         9b:7d:76:81:bf:85:76:7c:3e:04:59:96:b3:59:67:a9:43:2f:
         8f:75:45:f6:fd:23:c8:a0:15:01:1f:2b:35:e5:b8:b1:48:6b:
         8d:e8:72:3a:1a:40:42:72:16:39:ad:b8:9d:60:68:c3:5f:82:
         7b:e1:04:91:fd:33:55:a7:c6:c4:27:2d:68:01:6d:4b:df:91:
         a3:b7:97:03:90:d7:91:f4:ea:7c:f3:8f:78:45:2c:1e:57:0b:
         a9:76:23:fb:2b:39:f4:9e:22:32:11:05:80:e6:bd:0c:98:31:
         32:64:73:42:f2:88:80:fd:12:00:bd:b6:96:98:c2:b7:27:12:
         d7:df:4f:09:02:8f:ac:5a:5d:56:5b:95:bf:28:f2:a5:48:87:
         8e:14:70:50:18:e9:33:f4:c8:08:ff:cc:e8:62:9f:be:82:04:
         4b:5c:6d:89:1d:24:f2:18:ce:f2:6e:23:7f:bf:93:9e:00:ee:
         74:e6:84:0b:38:77:bd:62:a7:7b:58:82:51:ed:7f:54:43:50:
         cb:96:48:bf:be:b7:f4:82:5a:75:17:c9:2e:6e:93:45:0f:04:
         23:cf:4f:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJV87kTNQ8cbXsUo9aNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNDNlNjIxZmUxMDA5NzAxZjYzNjY4NDNjMGFiYzQxZTE4
MGMxNDQwHhcNMjUwMTAxMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjIzZjA5YjAzNmY4ZmEwOWQzMjk2NWQ3OWYxYzYyMjBlMzIwZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VDcScWXar0a2QDmjvXwt6ZbxKNz
SMPKqmWTgySkX7vFtQwRfKrOqCbbxemeQRa8IgcA+LA0ROG9kLx61s2RAQNdbSgg
YPhdb//4vMfTvURnvjIvWt4q+epprLYxocP6X3saWF4R5rbqKYinTvUC+4tHOs3h
gAQuX1fbjS7uSEOv3C5exWb70yJWgA//LumjY5ZYLDO6GzciSqN6iw7mU/cND5Tw
wsl7pYQ7PBye4IykCwM4ru2/pNVmaMXteo1ORx/SXzM4UOhfpAxhNNrGpNTRFZFt
5O7/Aurj89w66JrSQXGPn+2FudTqlu/4MtBlWTVUGTsgyOSQsX97vvhUzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8j8JsDb4+gnTKWXXnxxiIOMg8xMB8GA1UdIwQY
MBaAFLBD5iH+EAlwH2NmhDwKvEHhgMFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0VQbUlmNFFDWEFmWTJhRVBBcThRZUdBd1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8zOTU2ODQtYzg3Mi00MjE3LWIyN2Mt
OGI1ZWE2NjQ4MTc2LzEvSHlQd213TnZqNkNkTXBaZGVmSEdJZzR5RHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8zOTU2ODQtYzg3Mi00MjE3LWIyN2MtOGI1ZWE2NjQ4MTc2
LzEvc0VQbUlmNFFDWEFmWTJhRVBBcThRZUdBd1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW+hMA0G
CSqGSIb3DQEBCwUAA4IBAQAouOtDVfxu/cr72DC7LLYLJN/0iltKC/qCS7y6cQBh
vtOslfubfXaBv4V2fD4EWZazWWepQy+PdUX2/SPIoBUBHys15bixSGuN6HI6GkBC
chY5rbidYGjDX4J74QSR/TNVp8bEJy1oAW1L35Gjt5cDkNeR9Op88494RSweVwup
diP7Kzn0niIyEQWA5r0MmDEyZHNC8oiA/RIAvbaWmMK3JxLX308JAo+sWl1WW5W/
KPKlSIeOFHBQGOkz9MgI/8zoYp++ggRLXG2JHSTyGM7ybiN/v5OeAO505oQLOHe9
Yqd7WIJR7X9UQ1DLlki/vrf0glp1F8kubpNFDwQjz082
-----END CERTIFICATE-----