Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/HghXHCKcfz0FtbkLmJyQPadRRBM.roa
File:                     HghXHCKcfz0FtbkLmJyQPadRRBM.roa (raw, json)
Hash identifier:          r+CGpTi/QeMyvkYDvXf0oUVJ0ypMG+K8FKNPJI+/TAs=
Subject key identifier:   1E:08:57:1C:22:9C:7F:3D:05:B5:B9:0B:98:9C:90:3D:A7:51:44:13
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747D5DA54E4D1D96DF189A73B9C54FA
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/HghXHCKcfz0FtbkLmJyQPadRRBM.roa
Signing time:             Thu 02 Jan 2025 13:50:06 +0000
ROA not before:           Thu 02 Jan 2025 13:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51992
IP address blocks:        2a0b:b86:3b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d5:da:54:e4:d1:d9:6d:f1:89:a7:3b:9c:54:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e08571c229c7f3d05b5b90b989c903da7514413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:01:cb:4d:f9:05:75:fa:cf:34:0b:8a:46:16:
                    8a:a6:b7:03:e0:86:e5:25:35:be:0e:9c:f6:b6:0b:
                    47:cc:22:bb:4f:38:1f:de:18:4b:ba:1d:59:83:60:
                    6a:3a:75:81:b0:ba:8f:60:d0:99:5f:37:e8:fd:d7:
                    07:59:1f:3e:00:22:0e:2b:eb:83:bc:84:9d:d1:a8:
                    9c:d9:7a:62:24:12:bf:36:17:14:6a:2a:07:bc:76:
                    d0:74:e1:29:e9:6c:2f:75:30:cb:cb:92:48:fe:47:
                    21:28:51:4c:cf:b0:34:94:60:45:38:3f:b9:40:5f:
                    87:7f:cb:a3:19:40:d6:74:2a:6a:ab:73:71:68:7a:
                    bd:69:c6:55:3a:a8:64:5a:ed:e5:fa:76:c7:34:fc:
                    10:86:08:b0:f6:68:55:00:5d:a3:76:e4:89:40:40:
                    57:b7:61:98:ee:8a:2f:c0:93:e8:db:23:90:9f:2b:
                    2e:f6:43:22:9e:0c:99:3f:20:bd:b9:ae:1c:2b:dc:
                    fa:e4:0d:e5:92:e2:08:91:aa:80:05:81:4b:04:d6:
                    a0:87:d3:c0:14:c2:69:c4:13:50:e0:08:50:99:12:
                    1c:94:50:58:f6:9e:0c:2a:15:56:37:9d:73:a0:f7:
                    8c:ff:45:37:1b:16:44:41:72:0a:5e:05:dd:79:82:
                    bf:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:08:57:1C:22:9C:7F:3D:05:B5:B9:0B:98:9C:90:3D:A7:51:44:13
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/HghXHCKcfz0FtbkLmJyQPadRRBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b86:3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:76:89:2d:30:8f:05:de:67:ce:53:9b:e8:fd:da:f5:8f:36:
         fa:fa:42:3e:b2:7d:cc:b0:3c:f1:de:94:6c:b0:b3:be:f8:9e:
         86:95:6f:38:6a:f3:a0:3e:06:0d:da:c6:7f:f3:b7:5c:d6:d7:
         b0:c3:a2:52:99:55:4e:fa:6f:1f:47:45:de:14:ec:32:4b:8f:
         aa:b8:89:c4:b2:96:19:5e:98:5c:7b:51:c6:d2:49:af:41:8b:
         66:2f:c7:34:34:55:ca:4e:a4:7d:32:10:62:8d:df:70:a0:0c:
         0c:ef:86:86:37:dd:bb:28:9a:a7:46:37:13:e9:bc:94:8a:3b:
         20:36:e8:65:93:cd:db:29:b1:42:b7:92:64:77:99:6c:a3:87:
         b8:b1:70:c1:4f:13:0b:a8:2c:f7:54:50:7a:fd:e6:72:68:c4:
         57:75:35:31:71:e4:21:55:fe:38:17:c6:cd:f7:31:20:7a:33:
         00:d2:0a:ef:9e:5a:dc:b8:c5:6c:ac:2f:e0:2a:c1:36:6f:b9:
         39:d6:fa:9b:ea:22:fb:53:5f:25:71:6f:bf:25:2c:42:bd:6b:
         ca:1e:4d:5b:dd:f8:c3:0f:d7:6d:ab:c1:9f:c5:d4:45:f4:4d:
         a1:70:a2:5e:32:af:c3:db:c8:ec:2b:99:02:58:f2:f9:9b:69:
         ba:ce:4f:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnR9XaVOTR2W3xiac7nFT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTA4NTcxYzIyOWM3ZjNkMDViNWI5MGI5ODljOTAzZGE3NTE0NDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AHLTfkFdfrPNAuKRhaKprcD4Ibl
JTW+Dpz2tgtHzCK7Tzgf3hhLuh1Zg2BqOnWBsLqPYNCZXzfo/dcHWR8+ACIOK+uD
vISd0aic2XpiJBK/NhcUaioHvHbQdOEp6WwvdTDLy5JI/kchKFFMz7A0lGBFOD+5
QF+Hf8ujGUDWdCpqq3NxaHq9acZVOqhkWu3l+nbHNPwQhgiw9mhVAF2jduSJQEBX
t2GY7oovwJPo2yOQnysu9kMingyZPyC9ua4cK9z65A3lkuIIkaqABYFLBNagh9PA
FMJpxBNQ4AhQmRIclFBY9p4MKhVWN51zoPeM/0U3GxZEQXIKXgXdeYK/yQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB4IVxwinH89BbW5C5ickD2nUUQTMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvSGdoWEhDS2NmejBGdGJrTG1KeVFQYWRSUkJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsLhgA7
MA0GCSqGSIb3DQEBCwUAA4IBAQCldoktMI8F3mfOU5vo/dr1jzb6+kI+sn3MsDzx
3pRssLO++J6GlW84avOgPgYN2sZ/87dc1teww6JSmVVO+m8fR0XeFOwyS4+quInE
spYZXphce1HG0kmvQYtmL8c0NFXKTqR9MhBijd9woAwM74aGN927KJqnRjcT6byU
ijsgNuhlk83bKbFCt5Jkd5lso4e4sXDBTxMLqCz3VFB6/eZyaMRXdTUxceQhVf44
F8bN9zEgejMA0grvnlrcuMVsrC/gKsE2b7k51vqb6iL7U18lcW+/JSxCvWvKHk1b
3fjDD9dtq8GfxdRF9E2hcKJeMq/D28jsK5kCWPL5m2m6zk/h
-----END CERTIFICATE-----