Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/HLmW5v4h3vgk-OjCvbw20Sq1Jyk.roa
File:                     HLmW5v4h3vgk-OjCvbw20Sq1Jyk.roa (raw, json)
Hash identifier:          /ZuuEJWeOgHM1FRsa5kRsH1kNlEakNsle77vgsfcKvo=
Subject key identifier:   1C:B9:96:E6:FE:21:DE:F8:24:F8:E8:C2:BD:BC:36:D1:2A:B5:27:29
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       018E60D30475ED402EBCC548B2D4CD6C7B3B
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/HLmW5v4h3vgk-OjCvbw20Sq1Jyk.roa
Signing time:             Thu 21 Mar 2024 11:43:45 +0000
ROA not before:           Thu 21 Mar 2024 11:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28753
IP address blocks:        45.14.81.0/24 maxlen: 24
                          185.45.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:60:d3:04:75:ed:40:2e:bc:c5:48:b2:d4:cd:6c:7b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Mar 21 11:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cb996e6fe21def824f8e8c2bdbc36d12ab52729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:26:33:ef:d4:03:ee:e1:30:32:d4:d6:97:aa:
                    ec:bd:e7:ed:fb:18:07:85:b4:70:37:00:e4:4b:e2:
                    50:c4:18:41:8d:4e:a6:f0:ea:4c:4a:db:cc:02:30:
                    95:a8:68:91:47:86:c5:ab:5b:4a:86:28:35:40:44:
                    3d:44:ba:7c:58:ef:17:2d:2f:7f:f3:dc:e8:d2:be:
                    fc:a0:62:b6:be:6c:7c:15:f3:df:1e:fe:6c:aa:66:
                    af:16:95:8f:bf:d8:d8:48:44:be:af:ed:3a:c7:1b:
                    a0:44:6e:4e:0c:72:a2:34:7b:1b:8d:e2:57:cc:0f:
                    67:50:eb:c5:a4:de:46:05:58:6b:1c:67:7a:5c:52:
                    e0:f2:80:c8:6b:04:1c:dd:19:78:b4:8c:f5:90:a7:
                    20:a7:84:23:29:ad:33:5b:da:0c:b2:c3:d7:70:f2:
                    75:dd:67:79:b2:6f:3a:5f:37:18:81:9c:94:5a:ef:
                    62:54:36:2c:0e:0b:89:64:d0:b8:43:c3:19:29:b5:
                    50:94:17:b7:46:bf:84:c5:70:90:a3:62:6d:50:f7:
                    84:b4:8e:13:cc:5d:00:e2:d3:7b:aa:46:b4:2e:16:
                    a7:c9:7e:f3:fb:92:0d:55:aa:2e:ea:f6:1a:ca:fe:
                    e7:23:54:8c:b0:88:c9:16:e0:c3:53:69:e0:4b:b1:
                    24:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B9:96:E6:FE:21:DE:F8:24:F8:E8:C2:BD:BC:36:D1:2A:B5:27:29
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/HLmW5v4h3vgk-OjCvbw20Sq1Jyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.81.0/24
                  185.45.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:cc:66:80:b8:26:96:fc:d9:31:8a:0e:85:a8:1a:1a:57:ef:
         56:45:84:b5:77:75:31:fd:1d:65:e0:4a:2e:3a:53:6c:51:8c:
         5e:88:cb:55:6c:94:d8:85:a2:99:10:b4:d6:ee:81:8b:f7:03:
         37:c4:5e:a7:f6:d2:1f:c9:c8:36:27:46:f9:57:8f:0b:6b:ed:
         56:b3:0d:24:e1:46:88:d6:df:20:62:9b:38:49:7b:cb:01:2f:
         b2:c7:36:8d:80:10:ad:30:75:da:5b:47:72:99:c7:27:c1:5c:
         57:98:68:4f:d9:5b:fb:e1:16:e1:9c:af:c3:b7:c5:2f:f2:11:
         1a:18:19:58:65:65:12:53:dd:a5:b5:80:62:f6:8a:d9:72:3b:
         f1:e7:05:4a:cf:ad:4d:51:c8:94:5c:da:b1:c9:c2:49:cb:97:
         1b:08:49:a5:16:97:c3:1e:1e:d5:f6:20:20:82:5d:4d:a2:ab:
         bb:28:7c:af:d2:bd:6d:1d:d4:ed:32:a0:f4:4b:cd:bb:23:24:
         67:f7:88:d7:c7:9f:7b:df:e4:85:61:3b:59:e4:79:c5:61:9f:
         27:d4:bb:5c:55:fe:93:b8:ce:cf:ed:4c:37:ea:97:85:d8:26:
         1b:88:aa:2c:68:87:90:07:9f:ff:07:8a:ac:e5:31:5e:b1:37:
         3f:03:43:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5g0wR17UAuvMVIstTNbHs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwMzIxMTE0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I5OTZlNmZlMjFkZWY4MjRmOGU4YzJiZGJjMzZkMTJhYjUyNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCYz79QD7uEwMtTWl6rsveft+xgH
hbRwNwDkS+JQxBhBjU6m8OpMStvMAjCVqGiRR4bFq1tKhig1QEQ9RLp8WO8XLS9/
89zo0r78oGK2vmx8FfPfHv5sqmavFpWPv9jYSES+r+06xxugRG5ODHKiNHsbjeJX
zA9nUOvFpN5GBVhrHGd6XFLg8oDIawQc3Rl4tIz1kKcgp4QjKa0zW9oMssPXcPJ1
3Wd5sm86XzcYgZyUWu9iVDYsDguJZNC4Q8MZKbVQlBe3Rr+ExXCQo2JtUPeEtI4T
zF0A4tN7qka0LhanyX7z+5INVaou6vYayv7nI1SMsIjJFuDDU2ngS7EkrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBy5lub+Id74JPjowr28NtEqtScpMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvSExtVzV2NGgzdmdrLU9qQ3ZidzIwU3ExSnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ5RAwQA
uS1eMA0GCSqGSIb3DQEBCwUAA4IBAQAGzGaAuCaW/Nkxig6FqBoaV+9WRYS1d3Ux
/R1l4EouOlNsUYxeiMtVbJTYhaKZELTW7oGL9wM3xF6n9tIfycg2J0b5V48La+1W
sw0k4UaI1t8gYps4SXvLAS+yxzaNgBCtMHXaW0dymccnwVxXmGhP2Vv74RbhnK/D
t8Uv8hEaGBlYZWUSU92ltYBi9orZcjvx5wVKz61NUciUXNqxycJJy5cbCEmlFpfD
Hh7V9iAggl1Noqu7KHyv0r1tHdTtMqD0S827IyRn94jXx5973+SFYTtZ5HnFYZ8n
1LtcVf6TuM7P7Uw36peF2CYbiKosaIeQB5//B4qs5TFesTc/A0Pu
-----END CERTIFICATE-----