Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/HKZbtiEx0yt26zrM5uXMnlBai4I.roa
File:                     HKZbtiEx0yt26zrM5uXMnlBai4I.roa (raw, json)
Hash identifier:          dGH3BX5XSVTr4LkOMl+1cUYLjuKRpq4qEtPom6AIeyM=
Subject key identifier:   1C:A6:5B:B6:21:31:D3:2B:76:EB:3A:CC:E6:E5:CC:9E:50:5A:8B:82
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0194274898110AB78EE62C6AACC8860D4674
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/HKZbtiEx0yt26zrM5uXMnlBai4I.roa
Signing time:             Thu 02 Jan 2025 13:50:56 +0000
ROA not before:           Thu 02 Jan 2025 13:50:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200615
IP address blocks:        2a09:e683:1::/48 maxlen: 48
                          2a09:e685::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:98:11:0a:b7:8e:e6:2c:6a:ac:c8:86:0d:46:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ca65bb62131d32b76eb3acce6e5cc9e505a8b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6e:7b:1f:d8:66:67:a0:51:8d:ed:1b:bb:cd:
                    46:e1:01:cc:44:6f:60:96:43:1a:74:aa:85:66:0c:
                    4c:40:d4:37:4f:e3:df:60:ec:bd:78:81:88:ef:f8:
                    87:ec:ba:78:3e:28:bb:ff:d9:a7:86:90:7b:c1:f8:
                    32:ed:c7:64:d0:0a:36:1b:a7:ae:da:46:62:d2:8e:
                    ea:30:58:f9:cf:35:3e:3a:a8:ad:30:5f:87:8c:5c:
                    4c:30:16:99:74:04:f1:ee:49:1a:95:88:4a:d0:e6:
                    83:b0:31:ae:fc:c2:c9:91:13:71:c3:b2:96:8f:00:
                    a1:06:c6:bf:ae:50:c3:a3:5f:21:6a:cb:89:4e:8c:
                    9a:23:4a:b6:56:8f:30:e9:c6:03:55:ce:29:07:5b:
                    57:e3:b8:aa:58:1b:89:54:c2:f8:bb:c2:bb:d5:b6:
                    2e:f4:e9:a4:d0:47:5b:c9:7a:5c:92:ea:99:78:96:
                    ea:00:51:1e:e9:85:c9:0f:fa:ad:6f:44:35:69:ad:
                    4a:36:bc:d4:52:35:9b:1e:46:92:4b:79:90:2a:82:
                    a1:b8:10:49:c4:b3:ff:6a:77:d6:37:ab:05:8a:bd:
                    be:af:4c:29:32:45:34:74:e8:91:dd:7a:61:e2:cd:
                    f6:12:69:30:54:a8:61:1d:8c:3d:b7:ff:90:d8:3f:
                    5d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A6:5B:B6:21:31:D3:2B:76:EB:3A:CC:E6:E5:CC:9E:50:5A:8B:82
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/HKZbtiEx0yt26zrM5uXMnlBai4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e683:1::/48
                  2a09:e685::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:c2:33:97:41:a2:83:ef:ea:f9:3d:a5:c1:e8:9f:ae:ef:78:
         67:14:df:6d:14:e8:71:a1:65:7d:f1:93:65:b9:e9:9e:81:01:
         5b:35:8b:59:aa:6b:c4:b4:71:ec:28:37:5f:b9:41:87:26:8f:
         e5:95:0a:35:07:d9:d4:ef:a4:c2:30:a3:85:42:35:63:16:32:
         d2:c5:42:37:02:a1:7f:a3:fe:ea:c6:d6:41:ab:17:6a:20:bc:
         8f:cd:70:ec:62:91:79:e6:c8:95:48:c8:0b:b9:97:17:45:58:
         c0:25:82:05:33:35:d9:25:fc:a1:09:0d:e5:97:ce:66:25:cb:
         8b:53:1a:b0:0b:02:16:9b:2f:5b:be:46:16:c2:1f:05:9a:56:
         01:59:34:e6:e8:fb:68:c3:a2:40:14:ec:6f:7d:a7:a0:6c:fc:
         be:fb:ce:12:45:6d:ad:21:e7:89:e5:52:d2:65:81:16:2d:45:
         80:70:41:8c:d4:1e:ae:b7:31:81:14:9b:97:89:d6:62:ec:91:
         c8:75:f1:f2:5d:f1:b8:03:87:e7:cd:b5:cf:79:0a:d3:fe:bc:
         21:35:38:06:40:0d:ec:1c:8c:73:75:fa:87:4f:63:78:ee:75:
         ef:12:b0:b0:7c:36:58:ae:84:79:74:b0:97:f2:8d:12:00:4e:
         40:1b:f1:ba
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnSJgRCreO5ixqrMiGDUZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2E2NWJiNjIxMzFkMzJiNzZlYjNhY2NlNmU1Y2M5ZTUwNWE4YjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW57H9hmZ6BRje0bu81G4QHMRG9g
lkMadKqFZgxMQNQ3T+PfYOy9eIGI7/iH7Lp4Pii7/9mnhpB7wfgy7cdk0Ao2G6eu
2kZi0o7qMFj5zzU+OqitMF+HjFxMMBaZdATx7kkalYhK0OaDsDGu/MLJkRNxw7KW
jwChBsa/rlDDo18hasuJToyaI0q2Vo8w6cYDVc4pB1tX47iqWBuJVML4u8K71bYu
9Omk0EdbyXpckuqZeJbqAFEe6YXJD/qtb0Q1aa1KNrzUUjWbHkaSS3mQKoKhuBBJ
xLP/anfWN6sFir2+r0wpMkU0dOiR3Xph4s32EmkwVKhhHYw9t/+Q2D9dZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBymW7YhMdMrdus6zOblzJ5QWouCMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvSEtaYnRpRXgweXQyNnpyTTV1WE1ubEJhaTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgnmgwAB
AwcAKgnmhQAAMA0GCSqGSIb3DQEBCwUAA4IBAQBbwjOXQaKD7+r5PaXB6J+u73hn
FN9tFOhxoWV98ZNluemegQFbNYtZqmvEtHHsKDdfuUGHJo/llQo1B9nU76TCMKOF
QjVjFjLSxUI3AqF/o/7qxtZBqxdqILyPzXDsYpF55siVSMgLuZcXRVjAJYIFMzXZ
JfyhCQ3ll85mJcuLUxqwCwIWmy9bvkYWwh8FmlYBWTTm6Ptow6JAFOxvfaegbPy+
+84SRW2tIeeJ5VLSZYEWLUWAcEGM1B6utzGBFJuXidZi7JHIdfHyXfG4A4fnzbXP
eQrT/rwhNTgGQA3sHIxzdfqHT2N47nXvErCwfDZYroR5dLCX8o0SAE5AG/G6
-----END CERTIFICATE-----