Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hpa_KAKBxABqT8GlEGf9Uwmt0D0.roa
File:                     Hpa_KAKBxABqT8GlEGf9Uwmt0D0.roa (raw, json)
Hash identifier:          MOFwvDTmdtQdp2wuAH5jBzknketF+FLYsD9qbv6YIuA=
Subject key identifier:   1E:96:BF:28:02:81:C4:00:6A:4F:C1:A5:10:67:FD:53:09:AD:D0:3D
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AE579EBD064004F99DCEF2B258B9D
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hpa_KAKBxABqT8GlEGf9Uwmt0D0.roa
Signing time:             Mon 01 Jan 2024 18:30:46 +0000
ROA not before:           Mon 01 Jan 2024 18:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42089
IP address blocks:        193.230.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e5:79:eb:d0:64:00:4f:99:dc:ef:2b:25:8b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e96bf280281c4006a4fc1a51067fd5309add03d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:76:52:d9:e2:32:9a:90:1f:5e:d3:65:64:7b:
                    ff:8d:a4:52:1d:d6:ce:37:47:0b:03:b4:27:c2:7f:
                    a0:ac:5a:5e:44:22:c8:c0:b3:d7:74:3b:bb:6b:59:
                    3e:9e:4e:ed:f6:49:a8:c4:2b:95:a1:22:a2:7c:5f:
                    ae:d2:19:4a:69:10:df:42:64:0e:cc:4b:98:66:74:
                    6f:a7:93:fc:28:1b:e1:99:82:92:51:eb:43:70:af:
                    79:94:35:5b:fd:4f:62:3b:e8:75:08:dc:c4:91:ff:
                    bf:05:bb:48:e9:8c:f5:b7:0a:04:4b:15:77:1b:be:
                    71:2f:a4:5f:7a:b7:a1:16:60:65:28:2e:9f:68:69:
                    2f:23:79:a8:77:dd:c8:fe:49:cc:97:d7:cc:e7:9b:
                    44:3c:1d:64:f0:b7:a3:fb:ec:de:d3:df:fa:9d:ce:
                    bc:3d:6d:e4:76:08:c7:95:63:b5:29:53:40:fb:f9:
                    49:57:01:da:63:f1:80:49:69:ab:12:9d:60:69:e3:
                    5d:b9:0f:cf:74:ca:2a:93:23:ed:c5:2b:7d:cf:a2:
                    51:2f:c3:8e:11:6a:bb:54:2d:98:f0:9c:ae:68:4d:
                    51:30:bb:e2:f3:35:0c:1a:fe:62:0d:92:83:81:d7:
                    bf:57:f8:55:4e:ae:74:c1:8c:20:7d:6e:29:c5:06:
                    5c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:96:BF:28:02:81:C4:00:6A:4F:C1:A5:10:67:FD:53:09:AD:D0:3D
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/Hpa_KAKBxABqT8GlEGf9Uwmt0D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.230.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:49:cf:4a:02:92:bb:6b:48:c8:bd:99:95:80:8b:e8:cc:2b:
         41:f9:4e:b9:4f:86:8a:2c:a3:f4:98:52:b9:53:59:3e:51:46:
         2f:35:f4:81:84:3d:f3:b2:c2:dc:56:2f:e6:bd:95:26:22:2b:
         c2:34:4a:83:b9:74:f8:f6:19:29:e8:2a:70:96:b9:9a:7e:b1:
         d1:b9:be:25:60:0f:b9:88:d0:15:6c:b9:28:ba:c1:0d:53:44:
         cc:a6:9a:6a:5b:4d:f3:0b:8e:5d:36:e7:62:22:95:81:ff:42:
         f5:ca:00:dc:05:bb:74:8d:e2:6a:37:a6:28:79:c6:38:b0:fe:
         b2:26:42:da:1c:4f:d1:95:ae:cc:a4:99:f8:23:fe:59:13:38:
         05:60:5c:77:0f:b0:ef:90:82:36:79:9c:16:45:25:28:bd:cf:
         10:c5:0c:81:6c:00:68:78:c1:92:f6:99:41:24:14:7f:8e:8f:
         ad:eb:69:8e:09:77:7a:07:3f:91:de:98:28:0c:6c:76:03:1f:
         eb:8a:65:74:27:21:a0:76:2f:b7:c7:a3:8b:2a:76:77:7a:b4:
         ed:1c:3e:5e:e5:5b:e0:aa:89:6e:4b:f1:87:fa:40:2b:03:26:
         f3:a2:ff:fb:e3:bc:26:73:a1:6e:7b:0f:10:25:18:b0:f2:50:
         a1:af:0c:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuV569BkAE+Z3O8rJYudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTk2YmYyODAyODFjNDAwNmE0ZmMxYTUxMDY3ZmQ1MzA5YWRkMDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXZS2eIympAfXtNlZHv/jaRSHdbO
N0cLA7Qnwn+grFpeRCLIwLPXdDu7a1k+nk7t9kmoxCuVoSKifF+u0hlKaRDfQmQO
zEuYZnRvp5P8KBvhmYKSUetDcK95lDVb/U9iO+h1CNzEkf+/BbtI6Yz1twoESxV3
G75xL6RferehFmBlKC6faGkvI3mod93I/knMl9fM55tEPB1k8Lej++ze09/6nc68
PW3kdgjHlWO1KVNA+/lJVwHaY/GASWmrEp1gaeNduQ/PdMoqkyPtxSt9z6JRL8OO
EWq7VC2Y8JyuaE1RMLvi8zUMGv5iDZKDgde/V/hVTq50wYwgfW4pxQZcDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6WvygCgcQAak/BpRBn/VMJrdA9MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvSHBhX0tBS0J4QUJxVDhHbEVHZjlVd210MEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweaWMA0G
CSqGSIb3DQEBCwUAA4IBAQCxSc9KApK7a0jIvZmVgIvozCtB+U65T4aKLKP0mFK5
U1k+UUYvNfSBhD3zssLcVi/mvZUmIivCNEqDuXT49hkp6CpwlrmafrHRub4lYA+5
iNAVbLkousENU0TMpppqW03zC45dNudiIpWB/0L1ygDcBbt0jeJqN6YoecY4sP6y
JkLaHE/Rla7MpJn4I/5ZEzgFYFx3D7DvkII2eZwWRSUovc8QxQyBbABoeMGS9plB
JBR/jo+t62mOCXd6Bz+R3pgoDGx2Ax/rimV0JyGgdi+3x6OLKnZ3erTtHD5e5Vvg
qoluS/GH+kArAybzov/747wmc6Fuew8QJRiw8lChrwxU
-----END CERTIFICATE-----