Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/HlvSc0s6hSL4iG7KdH2EZA43NNE.roa
File:                     HlvSc0s6hSL4iG7KdH2EZA43NNE.roa (raw, json)
Hash identifier:          8HScvCKn2851fJVyw48b0E9P1wHbvI2qJwjytj7ExYU=
Subject key identifier:   1E:5B:D2:73:4B:3A:85:22:F8:88:6E:CA:74:7D:84:64:0E:37:34:D1
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019428281B54EA893A5F303688A5EF6FD26A
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/HlvSc0s6hSL4iG7KdH2EZA43NNE.roa
Signing time:             Thu 02 Jan 2025 17:55:04 +0000
ROA not before:           Thu 02 Jan 2025 17:55:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49040
IP address blocks:        151.251.40.0/24 maxlen: 24
                          151.251.41.0/24 maxlen: 24
                          151.251.42.0/24 maxlen: 24
                          151.251.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:1b:54:ea:89:3a:5f:30:36:88:a5:ef:6f:d2:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 17:55:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e5bd2734b3a8522f8886eca747d84640e3734d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:19:c2:5c:31:12:f8:30:9c:6a:75:2d:3e:f2:
                    7d:6b:39:ac:e9:6e:0a:7f:10:3c:9d:06:ad:c4:b0:
                    b2:ab:dd:c9:7c:86:4c:b4:0d:24:97:4e:d8:ff:fb:
                    36:7b:3d:a5:29:aa:1a:33:95:b7:da:64:3c:41:77:
                    d4:d7:92:0e:ee:59:57:7d:a0:1e:10:7f:fa:f2:52:
                    07:4d:f7:f0:12:b8:e0:29:57:9c:3f:e7:b3:5b:96:
                    a8:94:a1:62:69:94:eb:a4:82:53:90:63:7d:aa:fd:
                    71:48:e1:aa:10:94:f2:19:b2:2b:76:5b:5d:d9:1c:
                    de:a2:80:d8:3b:0e:cc:c0:ea:af:34:4e:8c:2f:a2:
                    f1:72:53:76:f1:a2:f9:f5:11:ec:9a:2d:ac:b7:b5:
                    dd:6f:ad:a2:2e:40:20:18:df:35:a3:6c:39:a4:d1:
                    ff:1a:66:bb:8a:e6:16:3e:0c:89:d5:fb:0f:e3:6c:
                    6c:9e:33:3c:89:b0:c8:f3:8f:53:1a:d3:b3:0c:70:
                    13:64:02:e1:7f:e3:a1:9d:f0:c5:12:bf:90:22:e3:
                    0e:5e:f3:26:7f:51:92:d1:b3:00:3c:20:f1:1b:53:
                    37:8d:7f:6a:31:4c:5c:75:a2:5e:41:e9:ee:e3:96:
                    f6:f1:2e:fa:28:eb:fa:96:03:4c:7b:01:97:d7:2a:
                    39:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:5B:D2:73:4B:3A:85:22:F8:88:6E:CA:74:7D:84:64:0E:37:34:D1
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/HlvSc0s6hSL4iG7KdH2EZA43NNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.251.40.0-151.251.42.255
                  151.251.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:69:8e:af:1a:05:69:a6:bb:53:e7:53:30:f1:cd:df:64:b7:
         da:77:18:e6:b0:32:e6:eb:19:91:50:2d:10:8f:5c:a7:8c:45:
         15:70:4e:b0:d0:da:dd:60:48:7f:f9:68:37:4e:3f:23:10:72:
         98:1c:3b:9b:9d:a9:35:e0:75:9f:a5:f1:af:d9:29:3c:dd:a4:
         e2:68:44:a2:bf:9b:d9:7c:e1:01:53:8f:71:15:7d:c7:66:a4:
         df:f9:69:6d:02:18:2b:72:1c:90:4a:07:08:6a:ba:da:21:2d:
         0f:ca:01:d9:e7:48:73:9c:5c:04:14:34:6b:27:88:93:4e:4c:
         dd:59:4e:40:e2:58:07:c2:b6:08:0d:e5:7d:3e:42:82:14:52:
         c9:72:05:fa:f7:b6:ed:51:6b:da:55:db:27:97:f8:1c:c1:a6:
         53:cb:8f:dd:c7:33:bb:c3:72:75:c0:f6:d7:e9:a9:b5:b5:f6:
         6f:56:85:5d:db:8b:85:ee:7c:0a:4a:bb:1b:fa:98:23:3f:2f:
         a5:35:21:80:13:bb:2b:b8:e2:3a:4b:d1:bc:73:e1:63:3a:8e:
         d5:f1:78:ad:64:01:3e:43:fe:ec:20:b1:ac:26:f1:af:a7:b9:
         b1:09:8b:70:36:b8:52:e4:33:bd:f1:f0:7d:b7:65:e6:f1:ce:
         4c:dd:71:13
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQoKBtU6ok6XzA2iKXvb9JqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwMTAyMTc1NTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTViZDI3MzRiM2E4NTIyZjg4ODZlY2E3NDdkODQ2NDBlMzczNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRnCXDES+DCcanUtPvJ9azms6W4K
fxA8nQatxLCyq93JfIZMtA0kl07Y//s2ez2lKaoaM5W32mQ8QXfU15IO7llXfaAe
EH/68lIHTffwErjgKVecP+ezW5aolKFiaZTrpIJTkGN9qv1xSOGqEJTyGbIrdltd
2RzeooDYOw7MwOqvNE6ML6LxclN28aL59RHsmi2st7Xdb62iLkAgGN81o2w5pNH/
Gma7iuYWPgyJ1fsP42xsnjM8ibDI849TGtOzDHATZALhf+OhnfDFEr+QIuMOXvMm
f1GS0bMAPCDxG1M3jX9qMUxcdaJeQenu45b28S76KOv6lgNMewGX1yo5ZQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFB5b0nNLOoUi+IhuynR9hGQONzTRMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvSGx2U2MwczZoU0w0aUc3S2RIMkVaQTQzTk5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAOX+ygD
BACX+yoDBACX+zwwDQYJKoZIhvcNAQELBQADggEBAHhpjq8aBWmmu1PnUzDxzd9k
t9p3GOawMubrGZFQLRCPXKeMRRVwTrDQ2t1gSH/5aDdOPyMQcpgcO5udqTXgdZ+l
8a/ZKTzdpOJoRKK/m9l84QFTj3EVfcdmpN/5aW0CGCtyHJBKBwhqutohLQ/KAdnn
SHOcXAQUNGsniJNOTN1ZTkDiWAfCtggN5X0+QoIUUslyBfr3tu1Ra9pV2yeX+BzB
plPLj93HM7vDcnXA9tfpqbW19m9WhV3bi4XufApKuxv6mCM/L6U1IYATuyu44jpL
0bxz4WM6jtXxeK1kAT5D/uwgsawm8a+nubEJi3A2uFLkM73x8H23ZebxzkzdcRM=
-----END CERTIFICATE-----