Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/HVMwvoqiQxnWp1sWSOHVQE0zxNg.roa
File:                     HVMwvoqiQxnWp1sWSOHVQE0zxNg.roa (raw, json)
Hash identifier:          d7SKnCW8ku4fGrlZ7xr3HJS4+umCvsIcXc5uSkZlzas=
Subject key identifier:   1D:53:30:BE:8A:A2:43:19:D6:A7:5B:16:48:E1:D5:40:4D:33:C4:D8
Certificate issuer:       /CN=f497673c78efae5f6bd80a25ace3d3c37193e789
Certificate serial:       018CC492370C0706E2FE7C79A5D7319635D5
Authority key identifier: F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/HVMwvoqiQxnWp1sWSOHVQE0zxNg.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30969
IP address blocks:        2a01:410:100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:37:0c:07:06:e2:fe:7c:79:a5:d7:31:96:35:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f497673c78efae5f6bd80a25ace3d3c37193e789
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d5330be8aa24319d6a75b1648e1d5404d33c4d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cb:28:6a:a1:81:06:32:be:34:86:90:e3:4e:
                    8e:78:be:c1:9e:0a:10:cb:a8:44:07:d3:0c:5b:74:
                    82:76:55:ee:71:f2:82:99:3b:8d:5c:41:a7:ce:46:
                    42:a2:5a:be:aa:2a:ab:74:9a:c6:1a:ab:67:c8:cd:
                    8e:31:35:de:30:78:09:c9:39:ca:3f:58:63:c7:83:
                    01:02:75:81:49:5d:bc:40:46:2c:70:fa:64:b5:41:
                    e6:51:bb:fc:d3:a8:91:e2:8d:35:16:b5:c1:ff:93:
                    fd:a9:e0:cf:f2:36:47:12:62:37:e0:0c:06:44:54:
                    3c:e3:d7:45:25:69:98:ed:62:ac:4c:8b:f8:ff:2a:
                    56:83:93:ab:19:e5:97:fa:1b:23:2f:9b:d1:f4:e2:
                    77:c2:d6:1f:57:fc:98:0a:c6:9d:d0:b2:fb:68:26:
                    3a:be:49:70:a4:f1:19:5e:a1:78:97:1e:eb:3c:a0:
                    40:39:bc:4c:fa:f2:69:bc:93:09:7a:c5:1a:63:d3:
                    45:34:55:5c:38:c8:ac:3c:67:90:ef:74:7c:8c:30:
                    ce:62:f4:ae:18:28:19:02:52:55:23:9f:f3:63:6e:
                    18:a6:99:69:e0:59:97:dd:74:28:17:67:1f:bf:17:
                    90:e5:dc:bb:8b:eb:ee:06:11:97:ca:09:cb:78:3a:
                    ed:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:53:30:BE:8A:A2:43:19:D6:A7:5B:16:48:E1:D5:40:4D:33:C4:D8
            X509v3 Authority Key Identifier:
                keyid:F4:97:67:3C:78:EF:AE:5F:6B:D8:0A:25:AC:E3:D3:C3:71:93:E7:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9JdnPHjvrl9r2AolrOPTw3GT54k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/HVMwvoqiQxnWp1sWSOHVQE0zxNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/d13658-af7e-4d6e-82ef-6e0696fee8e6/1/9JdnPHjvrl9r2AolrOPTw3GT54k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:410:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         0f:3c:58:11:50:ab:d1:73:96:3a:1a:72:5b:b1:0e:9d:de:45:
         ca:38:c6:6c:be:d1:92:41:2c:d5:cc:0e:2d:45:07:c2:8c:7a:
         41:a3:c7:b5:44:b0:58:c9:07:43:85:f3:09:9e:30:54:92:df:
         17:64:6c:c2:19:e4:19:0b:aa:9d:a1:2b:c2:41:73:e4:1b:0c:
         d0:d7:c7:87:56:ba:e7:3e:59:0a:33:e8:aa:03:b4:ef:c2:bd:
         b4:df:3b:a1:77:e6:00:ac:94:76:16:00:a1:61:d9:74:dd:81:
         b2:1a:18:23:7f:94:0f:e5:15:1f:b9:a7:27:67:5d:97:c0:a7:
         5f:b5:e4:3d:31:22:41:ec:7a:c6:d8:37:31:d3:d8:9a:08:b9:
         aa:4d:e2:49:93:93:c5:1b:9e:18:24:2b:8d:56:c2:9d:82:97:
         7d:37:33:2f:a8:96:91:4d:09:69:4b:83:98:61:6b:b6:49:ec:
         e7:79:44:91:4c:79:23:51:59:ad:31:08:53:4b:e0:f2:0a:5b:
         ca:d3:6b:c5:ed:02:5b:bd:67:52:cc:16:4f:bc:ef:67:16:ec:
         17:57:95:7e:ac:43:b1:8e:3b:d8:62:67:27:e4:6a:70:12:ff:
         7d:da:ad:53:1d:ff:30:b8:98:c6:1d:ef:42:90:f6:08:1f:c3:
         84:af:3e:78
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzEkjcMBwbi/nx5pdcxljXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OTc2NzNjNzhlZmFlNWY2YmQ4MGEyNWFjZTNkM2MzNzE5
M2U3ODkwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDUzMzBiZThhYTI0MzE5ZDZhNzViMTY0OGUxZDU0MDRkMzNjNGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAussoaqGBBjK+NIaQ406OeL7BngoQ
y6hEB9MMW3SCdlXucfKCmTuNXEGnzkZColq+qiqrdJrGGqtnyM2OMTXeMHgJyTnK
P1hjx4MBAnWBSV28QEYscPpktUHmUbv806iR4o01FrXB/5P9qeDP8jZHEmI34AwG
RFQ849dFJWmY7WKsTIv4/ypWg5OrGeWX+hsjL5vR9OJ3wtYfV/yYCsad0LL7aCY6
vklwpPEZXqF4lx7rPKBAObxM+vJpvJMJesUaY9NFNFVcOMisPGeQ73R8jDDOYvSu
GCgZAlJVI5/zY24Ypplp4FmX3XQoF2cfvxeQ5dy7i+vuBhGXygnLeDrtawIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFB1TML6KokMZ1qdbFkjh1UBNM8TYMB8GA1UdIwQY
MBaAFPSXZzx4765fa9gKJazj08Nxk+eJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYt
NmUwNjk2ZmVlOGU2LzEvSFZNd3ZvcWlReG5XcDFzV1NPSFZRRTB6eE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kMTM2NTgtYWY3ZS00ZDZlLTgyZWYtNmUwNjk2ZmVlOGU2
LzEvOUpkblBIanZybDlyMkFvbHJPUFR3M0dUNTRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgEEEAEw
DQYJKoZIhvcNAQELBQADggEBAA88WBFQq9FzljoacluxDp3eRco4xmy+0ZJBLNXM
Di1FB8KMekGjx7VEsFjJB0OF8wmeMFSS3xdkbMIZ5BkLqp2hK8JBc+QbDNDXx4dW
uuc+WQoz6KoDtO/CvbTfO6F35gCslHYWAKFh2XTdgbIaGCN/lA/lFR+5pydnXZfA
p1+15D0xIkHsesbYNzHT2JoIuapN4kmTk8UbnhgkK41Wwp2Cl303My+olpFNCWlL
g5hha7ZJ7Od5RJFMeSNRWa0xCFNL4PIKW8rTa8XtAlu9Z1LMFk+872cW7BdXlX6s
Q7GOO9hiZyfkanAS/33arVMd/zC4mMYd70KQ9ggfw4SvPng=
-----END CERTIFICATE-----