Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/HVjNKTj34WculS_A2Shmfzsping.roa
File:                     HVjNKTj34WculS_A2Shmfzsping.roa (raw, json)
Hash identifier:          V2ofoMdxEZVPRMhmX3LE+TeQujVxCn7xdBDCVnigsI4=
Subject key identifier:   1D:58:CD:29:38:F7:E1:67:2E:95:2F:C0:D9:28:66:7F:3B:29:8A:78
Certificate issuer:       /CN=bfff419659f54df378792b602c0092c353988ec8
Certificate serial:       018CC94E414D6E17557B15C998DF4403E9FE
Authority key identifier: BF:FF:41:96:59:F5:4D:F3:78:79:2B:60:2C:00:92:C3:53:98:8E:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v_9Blln1TfN4eStgLACSw1OYjsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/HVjNKTj34WculS_A2Shmfzsping.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8881
IP address blocks:        45.129.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/v_9Blln1TfN4eStgLACSw1OYjsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/v_9Blln1TfN4eStgLACSw1OYjsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v_9Blln1TfN4eStgLACSw1OYjsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:41:4d:6e:17:55:7b:15:c9:98:df:44:03:e9:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfff419659f54df378792b602c0092c353988ec8
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d58cd2938f7e1672e952fc0d928667f3b298a78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:98:1f:9b:d2:16:3f:61:cc:e9:da:3c:bd:8f:
                    d7:ab:67:87:f7:ef:e8:e2:8f:f5:d6:a4:ca:f3:a3:
                    1a:4f:ff:65:ea:c9:0b:98:c2:87:31:a7:5d:a3:eb:
                    39:7f:64:1c:4d:17:ac:8a:74:0f:bb:ad:27:b1:4b:
                    db:5f:39:a8:f5:28:b9:fd:96:12:bf:63:3c:0c:70:
                    1d:7b:98:bd:0a:f4:7d:f0:dd:34:90:88:3d:d0:02:
                    32:26:11:6f:21:68:68:94:27:3f:04:96:90:d1:1a:
                    5a:b9:54:5e:c0:b5:bd:ae:c9:5c:f4:f0:db:b8:ec:
                    dd:7d:16:f9:1b:98:ce:e7:66:15:b5:ff:7c:bc:60:
                    e5:c9:9d:19:bd:5f:ac:48:1f:38:69:07:f9:83:0a:
                    4f:62:a2:f2:97:78:25:06:e5:91:8b:89:78:6a:bb:
                    74:5d:44:fe:ee:d5:4a:18:34:74:74:b8:9b:92:ed:
                    b8:3b:5e:39:ed:fd:d4:5f:dc:7e:a9:ee:e8:a6:43:
                    f3:e0:98:74:f7:09:94:e3:f9:b1:6d:21:43:59:fd:
                    39:b7:3e:2a:d2:be:42:5d:ee:2b:7e:5a:48:7c:9f:
                    62:f9:87:b1:3a:f9:50:9c:dc:15:48:00:46:92:7e:
                    3d:bc:00:e5:43:80:16:af:98:95:d3:23:82:29:c1:
                    45:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:58:CD:29:38:F7:E1:67:2E:95:2F:C0:D9:28:66:7F:3B:29:8A:78
            X509v3 Authority Key Identifier:
                keyid:BF:FF:41:96:59:F5:4D:F3:78:79:2B:60:2C:00:92:C3:53:98:8E:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v_9Blln1TfN4eStgLACSw1OYjsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/HVjNKTj34WculS_A2Shmfzsping.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/2ba138-1737-4714-960a-70bdf15dd619/1/v_9Blln1TfN4eStgLACSw1OYjsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:37:51:13:cb:cf:f3:d3:52:e0:a1:f6:3e:90:83:53:97:19:
         78:1d:30:ae:d3:b0:76:4b:06:d8:5e:12:f3:7e:2e:0c:0a:e9:
         86:7f:e6:33:14:59:c8:8f:c7:a5:13:08:44:c6:06:34:c1:b8:
         00:2c:5b:51:0a:15:4b:05:df:ea:92:10:72:99:34:e0:8e:46:
         b6:bc:2b:39:26:a4:7a:df:6d:22:c0:82:3a:99:b3:9f:59:7b:
         99:ba:cf:65:2f:0c:de:94:e1:62:51:d0:7d:23:e2:bf:01:4f:
         b7:63:45:96:25:5b:09:bc:38:dd:af:62:81:77:77:1a:9b:af:
         ab:b2:2f:af:b0:77:1e:09:b5:0d:6c:ea:f8:cc:87:f3:f8:9e:
         ba:ef:a9:a8:3a:d9:62:bf:5a:09:4d:84:8f:2f:88:e4:fb:ff:
         17:b6:5f:f9:67:e1:98:1a:1d:af:4f:7e:ee:43:49:ae:9f:4a:
         a4:ab:f0:3e:ec:c4:8f:b1:d7:49:31:43:dc:b9:85:b2:a4:d3:
         e3:b9:fa:2f:4f:78:19:f5:c6:11:68:7a:f5:f1:b4:46:11:0e:
         8e:bc:6f:a8:e3:fc:58:74:0d:ca:86:be:ca:42:66:cb:3a:66:
         b7:b8:c3:a2:d2:0d:ea:21:39:d2:5a:91:20:89:ef:fd:88:2a:
         3e:7e:53:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkFNbhdVexXJmN9EA+n+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZmY0MTk2NTlmNTRkZjM3ODc5MmI2MDJjMDA5MmMzNTM5
ODhlYzgwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDU4Y2QyOTM4ZjdlMTY3MmU5NTJmYzBkOTI4NjY3ZjNiMjk4YTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipgfm9IWP2HM6do8vY/Xq2eH9+/o
4o/11qTK86MaT/9l6skLmMKHMaddo+s5f2QcTResinQPu60nsUvbXzmo9Si5/ZYS
v2M8DHAde5i9CvR98N00kIg90AIyJhFvIWholCc/BJaQ0RpauVRewLW9rslc9PDb
uOzdfRb5G5jO52YVtf98vGDlyZ0ZvV+sSB84aQf5gwpPYqLyl3glBuWRi4l4art0
XUT+7tVKGDR0dLibku24O1457f3UX9x+qe7opkPz4Jh09wmU4/mxbSFDWf05tz4q
0r5CXe4rflpIfJ9i+YexOvlQnNwVSABGkn49vADlQ4AWr5iV0yOCKcFFUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1YzSk49+FnLpUvwNkoZn87KYp4MB8GA1UdIwQY
MBaAFL//QZZZ9U3zeHkrYCwAksNTmI7IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdl85QmxsbjFUZk40ZVN0Z0xBQ1N3MU9ZanNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8yYmExMzgtMTczNy00NzE0LTk2MGEt
NzBiZGYxNWRkNjE5LzEvSFZqTktUajM0V2N1bFNfQTJTaG1menNwaW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8yYmExMzgtMTczNy00NzE0LTk2MGEtNzBiZGYxNWRkNjE5
LzEvdl85QmxsbjFUZk40ZVN0Z0xBQ1N3MU9ZanNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYH2MA0G
CSqGSIb3DQEBCwUAA4IBAQCdN1ETy8/z01LgofY+kINTlxl4HTCu07B2SwbYXhLz
fi4MCumGf+YzFFnIj8elEwhExgY0wbgALFtRChVLBd/qkhBymTTgjka2vCs5JqR6
320iwII6mbOfWXuZus9lLwzelOFiUdB9I+K/AU+3Y0WWJVsJvDjdr2KBd3cam6+r
si+vsHceCbUNbOr4zIfz+J6676moOtliv1oJTYSPL4jk+/8Xtl/5Z+GYGh2vT37u
Q0mun0qkq/A+7MSPsddJMUPcuYWypNPjufovT3gZ9cYRaHr18bRGEQ6OvG+o4/xY
dA3Khr7KQmbLOma3uMOi0g3qITnSWpEgie/9iCo+flPf
-----END CERTIFICATE-----