Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hzb-qpAW_NZ_IX_AdlrtS9G0n_Y.roa
File:                     hzb-qpAW_NZ_IX_AdlrtS9G0n_Y.roa (raw, json)
Hash identifier:          xejzb4i1zxDmlmViqiidyXDvJgO6T9+Qw0gCwq0xavE=
Subject key identifier:   87:36:FE:AA:90:16:FC:D6:7F:21:7F:C0:76:5A:ED:4B:D1:B4:9F:F6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E48F4C8DB698C9177C8D2D7997051918D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hzb-qpAW_NZ_IX_AdlrtS9G0n_Y.roa
Signing time:             Sat 16 Mar 2024 20:29:45 +0000
ROA not before:           Sat 16 Mar 2024 20:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        5.253.64.0/24 maxlen: 24
                          5.253.65.0/24 maxlen: 24
                          164.40.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:48:f4:c8:db:69:8c:91:77:c8:d2:d7:99:70:51:91:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 16 20:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8736feaa9016fcd67f217fc0765aed4bd1b49ff6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:26:a9:c0:1e:2a:c6:ab:a7:fd:fc:8f:61:3c:
                    e0:86:c5:cf:f1:7d:79:cf:e0:04:72:4b:ef:07:6d:
                    ce:1f:6d:ab:4a:06:47:f3:bb:ca:b1:fa:c7:25:fc:
                    fe:e5:16:73:99:2a:3c:b6:2f:90:44:84:ee:0c:fc:
                    3c:a1:5a:0f:5c:ea:d7:bf:c9:ac:40:cf:45:26:4c:
                    c0:70:0c:fc:64:d7:ae:d3:b4:da:80:5b:ef:52:fa:
                    1c:24:4a:c3:1a:17:9d:fd:82:23:58:4e:5c:1e:9e:
                    97:31:d5:f5:e8:75:d2:15:6f:7f:7c:bd:56:df:8f:
                    f3:4b:d9:8c:fe:f3:ba:af:99:11:93:d5:17:15:f5:
                    5c:aa:ce:f3:d5:1d:c9:c5:32:f3:02:ef:59:79:9b:
                    91:2e:48:b7:0b:63:28:36:2b:82:2e:66:25:ce:21:
                    a1:26:42:ac:c6:c9:7e:a7:14:47:82:90:5b:02:bb:
                    ed:86:f3:22:09:2b:ce:90:17:62:6a:aa:81:e2:0b:
                    4b:1b:98:ab:4c:bf:e7:4c:78:9a:e2:fd:09:5e:89:
                    fc:33:6a:69:eb:5f:0a:1e:97:8a:f1:f5:4c:ac:97:
                    24:48:ac:8a:38:25:7a:26:00:1c:99:cb:7a:a6:65:
                    58:35:ee:2f:8f:ee:9f:cb:48:83:c2:0a:5e:9b:11:
                    8d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:36:FE:AA:90:16:FC:D6:7F:21:7F:C0:76:5A:ED:4B:D1:B4:9F:F6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hzb-qpAW_NZ_IX_AdlrtS9G0n_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.64.0/23
                  164.40.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:02:80:d7:f0:0f:62:3f:b5:c0:17:08:02:99:3f:8e:86:3e:
         fb:01:ba:f4:7c:ed:b7:b9:c6:4e:24:e2:be:d3:29:e6:d2:3b:
         b7:5f:19:05:6f:1f:33:d7:4d:fd:59:0d:40:0a:74:89:39:96:
         03:28:e2:c4:45:21:92:b6:44:00:64:85:f4:70:a4:ae:e5:4f:
         42:70:d5:03:49:af:17:97:fa:8e:0a:80:8e:d9:54:b2:8a:b9:
         48:79:27:9a:f6:61:3e:07:f1:4c:94:58:6f:c0:92:85:b6:ea:
         34:53:7c:e5:5b:e0:9a:17:d1:05:b8:24:be:b5:1e:09:87:cf:
         7c:23:90:23:9c:10:20:dd:08:e5:72:38:1b:66:5b:71:ec:5a:
         a5:f9:09:18:14:9c:b1:53:6d:11:72:36:57:c0:65:08:36:4f:
         db:36:0d:59:b0:ad:a2:c8:7a:15:5f:e3:a7:00:ee:2d:a0:8c:
         8e:f2:63:28:93:2c:bd:25:0a:b9:a7:4b:ec:b9:08:c6:50:30:
         a6:10:08:50:c1:ee:56:bb:ca:42:0b:18:d4:b7:60:ce:8a:d9:
         24:19:60:2c:06:7d:07:bc:5d:58:63:a3:d8:da:41:8f:ef:5d:
         b2:7b:69:b1:4f:a1:83:6e:08:6b:86:17:6d:81:5f:13:fd:34:
         cf:98:04:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5I9MjbaYyRd8jS15lwUZGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzE2MjAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzM2ZmVhYTkwMTZmY2Q2N2YyMTdmYzA3NjVhZWQ0YmQxYjQ5ZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiapwB4qxqun/fyPYTzghsXP8X15
z+AEckvvB23OH22rSgZH87vKsfrHJfz+5RZzmSo8ti+QRITuDPw8oVoPXOrXv8ms
QM9FJkzAcAz8ZNeu07TagFvvUvocJErDGhed/YIjWE5cHp6XMdX16HXSFW9/fL1W
34/zS9mM/vO6r5kRk9UXFfVcqs7z1R3JxTLzAu9ZeZuRLki3C2MoNiuCLmYlziGh
JkKsxsl+pxRHgpBbArvthvMiCSvOkBdiaqqB4gtLG5irTL/nTHia4v0JXon8M2pp
618KHpeK8fVMrJckSKyKOCV6JgAcmct6pmVYNe4vj+6fy0iDwgpemxGN1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIc2/qqQFvzWfyF/wHZa7UvRtJ/2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaHpiLXFwQVdfTlpfSVhfQWRscnRTOUcwbl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBf1AAwQA
pCi5MA0GCSqGSIb3DQEBCwUAA4IBAQABAoDX8A9iP7XAFwgCmT+Ohj77Abr0fO23
ucZOJOK+0ynm0ju3XxkFbx8z1039WQ1ACnSJOZYDKOLERSGStkQAZIX0cKSu5U9C
cNUDSa8Xl/qOCoCO2VSyirlIeSea9mE+B/FMlFhvwJKFtuo0U3zlW+CaF9EFuCS+
tR4Jh898I5AjnBAg3QjlcjgbZltx7Fql+QkYFJyxU20RcjZXwGUINk/bNg1ZsK2i
yHoVX+OnAO4toIyO8mMokyy9JQq5p0vsuQjGUDCmEAhQwe5Wu8pCCxjUt2DOitkk
GWAsBn0HvF1YY6PY2kGP712ye2mxT6GDbghrhhdtgV8T/TTPmATQ
-----END CERTIFICATE-----