Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HKcl5X-h8plO1F0VIeFobvo3Eb0.roa
File:                     HKcl5X-h8plO1F0VIeFobvo3Eb0.roa (raw, json)
Hash identifier:          x3TGaaWEdgVuO8977aXcUn1/pLB0Fp3CO2vj98OLvWA=
Subject key identifier:   1C:A7:25:E5:7F:A1:F2:99:4E:D4:5D:15:21:E1:68:6E:FA:37:11:BD
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01929F0E729CA0D3B947348D9AAC2E4A5187
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HKcl5X-h8plO1F0VIeFobvo3Eb0.roa
Signing time:             Fri 18 Oct 2024 09:56:17 +0000
ROA not before:           Fri 18 Oct 2024 09:56:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214822
IP address blocks:        195.133.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9f:0e:72:9c:a0:d3:b9:47:34:8d:9a:ac:2e:4a:51:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Oct 18 09:56:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ca725e57fa1f2994ed45d1521e1686efa3711bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:0a:b4:7e:4e:af:5e:ac:10:c5:72:d2:47:40:
                    63:f9:a4:8c:b5:63:4a:dd:c3:00:cd:52:c0:39:ef:
                    83:41:4c:f5:4f:59:fd:9f:d0:bb:7e:70:3a:a5:a0:
                    32:8e:a1:53:44:69:eb:e3:ce:04:3b:34:1a:3a:16:
                    5b:dd:c4:93:fc:0f:71:5d:f2:83:32:2c:d2:c8:60:
                    16:70:b6:ff:be:e3:6a:65:1b:98:50:0f:ef:87:c3:
                    ac:f0:ab:72:f2:36:0c:e0:be:17:29:cb:4a:7b:9e:
                    ae:38:51:a3:8d:a9:68:5c:ff:6a:f2:9e:ca:9f:ef:
                    e0:62:35:be:32:35:ac:1b:87:8d:c2:53:81:09:87:
                    90:67:f3:70:4d:69:25:d0:22:b3:d4:27:b6:06:47:
                    91:91:04:40:0d:03:df:60:f0:f7:45:bf:40:86:66:
                    37:03:9e:46:99:54:9d:32:fd:7e:86:33:a7:7a:53:
                    69:95:8e:ce:83:36:19:6f:bc:49:32:ef:f8:82:4a:
                    5b:b9:a9:ac:6b:4f:f6:7b:e9:ef:bd:af:2a:db:e4:
                    ec:86:24:31:46:61:58:d2:ee:1a:c7:b9:e5:2b:3d:
                    cc:13:43:5c:45:2a:3f:a3:21:7c:4f:fa:f3:69:06:
                    3f:7a:91:87:73:ab:0c:e1:c9:dd:ff:d0:2b:81:0c:
                    52:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A7:25:E5:7F:A1:F2:99:4E:D4:5D:15:21:E1:68:6E:FA:37:11:BD
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HKcl5X-h8plO1F0VIeFobvo3Eb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:cd:da:22:f3:7b:db:ef:80:39:ae:04:16:2a:ad:02:4e:62:
         c3:30:3f:08:bd:14:f4:a8:d4:72:82:60:14:65:7d:99:ef:71:
         fa:2c:a3:9d:27:b6:e4:b7:cf:46:7c:48:5e:d9:3f:cc:e7:31:
         b9:86:ad:84:b5:22:5a:ed:a3:d7:f9:0f:bd:2b:30:f3:09:50:
         0d:ef:3c:b2:b2:c3:d1:69:6c:77:6c:e8:5b:65:db:4c:c6:08:
         b1:66:38:91:d1:22:f9:be:1b:99:95:b3:93:aa:01:bd:02:aa:
         a0:c8:ef:63:8e:d2:45:a4:5c:54:e8:b2:32:e0:19:74:58:25:
         55:4c:a7:b2:00:4c:ce:f6:d8:be:59:c9:4d:ed:97:0e:cd:3b:
         3c:b8:e3:bd:96:3e:04:43:b4:b1:dd:6a:e6:74:1f:bd:fe:47:
         b5:b1:59:66:60:4c:97:8c:c0:aa:e1:0e:32:e4:59:6e:59:28:
         a3:e7:fd:c6:45:ee:b6:7c:9c:3b:7f:dd:fd:65:e6:c2:ec:59:
         e9:39:84:0e:44:6d:89:7f:b7:72:83:33:45:7d:14:18:85:08:
         fb:76:7e:b7:d3:a7:dc:88:d3:e5:6f:a6:ec:c2:d9:86:5d:af:
         cd:f0:a6:e2:2c:35:27:59:6b:f4:0c:7a:0c:b3:fa:68:ab:77:
         a2:a4:9e:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKfDnKcoNO5RzSNmqwuSlGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMDE4MDk1NjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2E3MjVlNTdmYTFmMjk5NGVkNDVkMTUyMWUxNjg2ZWZhMzcxMWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Qq0fk6vXqwQxXLSR0Bj+aSMtWNK
3cMAzVLAOe+DQUz1T1n9n9C7fnA6paAyjqFTRGnr484EOzQaOhZb3cST/A9xXfKD
MizSyGAWcLb/vuNqZRuYUA/vh8Os8Kty8jYM4L4XKctKe56uOFGjjaloXP9q8p7K
n+/gYjW+MjWsG4eNwlOBCYeQZ/NwTWkl0CKz1Ce2BkeRkQRADQPfYPD3Rb9AhmY3
A55GmVSdMv1+hjOnelNplY7OgzYZb7xJMu/4gkpbuamsa0/2e+nvva8q2+TshiQx
RmFY0u4ax7nlKz3ME0NcRSo/oyF8T/rzaQY/epGHc6sM4cnd/9ArgQxSWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBynJeV/ofKZTtRdFSHhaG76NxG9MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSEtjbDVYLWg4cGxPMUYwVkllRm9idm8zRWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UfMA0G
CSqGSIb3DQEBCwUAA4IBAQBNzdoi83vb74A5rgQWKq0CTmLDMD8IvRT0qNRygmAU
ZX2Z73H6LKOdJ7bkt89GfEhe2T/M5zG5hq2EtSJa7aPX+Q+9KzDzCVAN7zyyssPR
aWx3bOhbZdtMxgixZjiR0SL5vhuZlbOTqgG9AqqgyO9jjtJFpFxU6LIy4Bl0WCVV
TKeyAEzO9ti+WclN7ZcOzTs8uOO9lj4EQ7Sx3WrmdB+9/ke1sVlmYEyXjMCq4Q4y
5FluWSij5/3GRe62fJw7f939ZebC7FnpOYQORG2Jf7dygzNFfRQYhQj7dn6306fc
iNPlb6bswtmGXa/N8KbiLDUnWWv0DHoMs/poq3eipJ57
-----END CERTIFICATE-----