Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hlRLCaDN62YSB20YILfdUp32aJM.roa
File:                     hlRLCaDN62YSB20YILfdUp32aJM.roa (raw, json)
Hash identifier:          qEqlkOVAR9hZWw4DvRVEACqSRbTnefoNwcmXMvMqfyA=
Subject key identifier:   86:54:4B:09:A0:CD:EB:66:12:07:6D:18:20:B7:DD:52:9D:F6:68:93
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0195968E68F4F757B81670867EB29C13135A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hlRLCaDN62YSB20YILfdUp32aJM.roa
Signing time:             Fri 14 Mar 2025 21:27:50 +0000
ROA not before:           Fri 14 Mar 2025 21:27:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        5.253.64.0/24 maxlen: 24
                          93.123.74.0/24 maxlen: 24
                          93.123.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:96:8e:68:f4:f7:57:b8:16:70:86:7e:b2:9c:13:13:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 14 21:27:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86544b09a0cdeb6612076d1820b7dd529df66893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2c:db:38:b4:45:83:df:c0:de:ac:f1:7a:02:
                    ea:cd:53:f4:27:82:43:9f:03:c4:3a:12:c1:a6:2a:
                    38:09:8c:8e:ec:00:57:d0:31:09:67:7c:b4:2f:f9:
                    ed:0f:ae:82:4c:14:98:c8:d6:d6:dc:2a:6a:85:30:
                    cd:fe:6a:d5:53:c2:cd:bc:73:5c:f1:33:0e:af:b5:
                    39:67:fb:5a:7e:fd:83:4f:f1:7f:4b:0d:d1:ac:9b:
                    ea:2f:96:ca:04:41:23:29:bb:e9:ed:2f:ec:7e:18:
                    97:81:95:50:9a:0f:f2:46:6d:15:50:d9:29:19:74:
                    af:41:1c:37:10:a5:d3:88:28:9a:a8:12:14:e7:f8:
                    38:43:c3:8a:3e:ce:d5:4a:0b:b3:59:26:53:e7:4e:
                    64:63:d1:77:00:e2:67:b4:11:9e:9c:88:99:b2:10:
                    1e:ed:1b:2a:1a:d8:c2:42:3b:71:c1:da:72:c1:9d:
                    8a:66:7e:fa:89:df:ac:d5:fa:82:bf:97:cd:ac:1d:
                    74:6d:22:bc:03:b7:22:81:29:e1:31:71:c0:17:a5:
                    0c:83:6a:ef:f1:2d:ad:75:00:f1:4d:09:3b:e2:6c:
                    80:d5:30:14:da:31:fb:3d:a7:3f:6b:9e:87:c2:85:
                    90:59:0c:ae:76:c3:eb:94:92:cb:ac:68:a8:d8:61:
                    9c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:54:4B:09:A0:CD:EB:66:12:07:6D:18:20:B7:DD:52:9D:F6:68:93
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hlRLCaDN62YSB20YILfdUp32aJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.64.0/24
                  93.123.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:73:8a:94:c2:08:ee:e6:ad:ec:1e:c0:df:78:bb:a7:fa:e7:
         55:52:14:3a:11:85:58:21:1e:90:43:d2:05:a3:2b:f2:50:fc:
         99:36:60:3c:90:60:0f:e7:7c:67:36:cf:13:a3:57:5f:16:56:
         fd:f9:b0:40:4a:3c:ec:e0:eb:fc:47:b2:6b:ac:eb:95:b4:01:
         84:e0:cc:fb:41:2b:04:bf:00:f5:f2:f5:cc:7c:d3:74:06:8c:
         de:a5:6a:86:a1:f0:ab:d2:7c:c1:48:fe:fb:57:07:44:a0:fb:
         30:34:a8:f5:4b:42:d1:54:a7:15:aa:45:51:93:f8:98:e2:b3:
         96:85:8e:11:cd:43:f8:19:e2:ee:f9:98:90:36:c2:bd:b5:8c:
         d0:8b:fd:5f:36:2d:1e:ff:1a:02:d4:09:d6:07:24:4a:28:a2:
         17:c1:61:4c:33:b0:50:32:b7:08:1b:6b:f5:b9:0e:9b:a7:c0:
         83:b5:62:f9:06:91:70:83:63:f3:fb:08:57:e1:c0:e3:ae:dd:
         ca:8c:09:08:3d:1a:64:bc:5f:07:4d:33:a4:f2:8d:d0:23:cd:
         c3:1f:ec:31:03:a5:3f:88:d4:ae:fe:6e:1e:1a:de:38:45:a7:
         1b:42:e5:8a:aa:59:83:d4:f5:11:ba:fc:21:c0:b3:b6:b6:8e:
         f6:35:bb:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWWjmj091e4FnCGfrKcExNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE0MjEyNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjU0NGIwOWEwY2RlYjY2MTIwNzZkMTgyMGI3ZGQ1MjlkZjY2ODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSzbOLRFg9/A3qzxegLqzVP0J4JD
nwPEOhLBpio4CYyO7ABX0DEJZ3y0L/ntD66CTBSYyNbW3CpqhTDN/mrVU8LNvHNc
8TMOr7U5Z/tafv2DT/F/Sw3RrJvqL5bKBEEjKbvp7S/sfhiXgZVQmg/yRm0VUNkp
GXSvQRw3EKXTiCiaqBIU5/g4Q8OKPs7VSguzWSZT505kY9F3AOJntBGenIiZshAe
7RsqGtjCQjtxwdpywZ2KZn76id+s1fqCv5fNrB10bSK8A7cigSnhMXHAF6UMg2rv
8S2tdQDxTQk74myA1TAU2jH7Pac/a56HwoWQWQyudsPrlJLLrGio2GGc4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIZUSwmgzetmEgdtGCC33VKd9miTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaGxSTENhRE42MllTQjIwWUlMZmRVcDMyYUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABf1AAwQB
XXtKMA0GCSqGSIb3DQEBCwUAA4IBAQArc4qUwgju5q3sHsDfeLun+udVUhQ6EYVY
IR6QQ9IFoyvyUPyZNmA8kGAP53xnNs8To1dfFlb9+bBASjzs4Ov8R7JrrOuVtAGE
4Mz7QSsEvwD18vXMfNN0BozepWqGofCr0nzBSP77VwdEoPswNKj1S0LRVKcVqkVR
k/iY4rOWhY4RzUP4GeLu+ZiQNsK9tYzQi/1fNi0e/xoC1AnWByRKKKIXwWFMM7BQ
MrcIG2v1uQ6bp8CDtWL5BpFwg2Pz+whX4cDjrt3KjAkIPRpkvF8HTTOk8o3QI83D
H+wxA6U/iNSu/m4eGt44RacbQuWKqlmD1PURuvwhwLO2to72Nbsi
-----END CERTIFICATE-----