Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/HLBqL1Utasb5Xniz6f_U8C9Bxy4.roa
File:                     HLBqL1Utasb5Xniz6f_U8C9Bxy4.roa (raw, json)
Hash identifier:          RrSy1EJUUEMHJMjtajwbQ1m+EUY5kGhNC9/eG5GdTT8=
Subject key identifier:   1C:B0:6A:2F:55:2D:6A:C6:F9:5E:78:B3:E9:FF:D4:F0:2F:41:C7:2E
Certificate issuer:       /CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
Certificate serial:       018CC725776649727B482D4188148E11882E
Authority key identifier: 1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/HLBqL1Utasb5Xniz6f_U8C9Bxy4.roa
Signing time:             Mon 01 Jan 2024 22:29:30 +0000
ROA not before:           Mon 01 Jan 2024 22:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12735
IP address blocks:        195.49.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:77:66:49:72:7b:48:2d:41:88:14:8e:11:88:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a4f8001c30cac546e3f92103b4b12732dfcbf52
        Validity
            Not Before: Jan  1 22:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cb06a2f552d6ac6f95e78b3e9ffd4f02f41c72e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a9:b5:dd:47:e3:10:79:59:ca:96:bf:4a:6b:
                    9d:22:ac:96:12:4d:b8:61:71:a9:7c:50:14:0f:17:
                    5b:40:91:ae:ea:45:7e:65:52:77:9b:ff:b5:9b:fd:
                    45:54:99:a9:31:f5:75:f9:f1:8d:c4:1c:98:f1:f5:
                    dd:8d:29:f0:32:e0:5d:ab:bb:48:1e:70:8e:df:8d:
                    53:c5:78:15:3b:2f:c9:c6:44:49:95:7b:06:a0:a6:
                    60:8e:70:69:07:49:48:af:26:72:36:cd:50:15:f9:
                    67:21:c1:ff:82:93:0a:79:ee:f9:1a:a3:ed:f7:41:
                    40:96:5c:60:6e:3d:f5:1f:a7:75:38:81:a8:5a:1d:
                    0d:7d:e7:0e:64:9a:23:fe:9f:be:20:31:ae:10:56:
                    44:5b:5a:d8:8a:8b:f9:24:d5:b6:e1:c1:0c:8b:e7:
                    f6:03:2e:50:3c:3b:01:75:d7:34:1e:ba:9c:88:18:
                    76:a3:c8:a6:ff:0b:e6:29:92:d5:56:35:78:b9:7a:
                    97:e3:31:e7:59:6e:7f:54:8a:06:c6:5e:77:c6:88:
                    95:3d:8a:e1:e5:79:f4:91:8b:b9:26:d0:bd:74:ce:
                    d9:26:98:32:4d:d7:62:e8:47:ee:8b:84:55:3e:2e:
                    95:e3:2e:e0:ec:7e:b6:a0:7e:a4:98:fb:21:d7:6d:
                    56:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B0:6A:2F:55:2D:6A:C6:F9:5E:78:B3:E9:FF:D4:F0:2F:41:C7:2E
            X509v3 Authority Key Identifier:
                keyid:1A:4F:80:01:C3:0C:AC:54:6E:3F:92:10:3B:4B:12:73:2D:FC:BF:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gk-AAcMMrFRuP5IQO0sScy38v1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/HLBqL1Utasb5Xniz6f_U8C9Bxy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d6c86d-6c65-4a25-a8fa-38d4f3211896/1/Gk-AAcMMrFRuP5IQO0sScy38v1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.49.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:3b:f7:9e:16:da:a1:26:e8:37:c5:e6:2d:c2:cf:5c:ff:78:
         b3:93:4e:f5:d7:1a:3d:eb:0d:a8:13:46:96:71:95:2d:f1:71:
         50:69:7a:24:92:e0:1c:5f:8a:f0:13:08:d9:c5:16:a8:3b:d8:
         80:78:ba:3c:11:2e:be:63:14:68:e4:9f:d8:b7:b8:ce:14:a9:
         94:6d:7d:ff:4e:39:53:18:63:3e:fa:67:d0:d1:ad:28:c4:e4:
         94:b5:28:7d:a0:23:35:39:62:ef:f1:a4:0b:19:c2:31:fc:27:
         68:58:50:5a:ce:9d:d8:8f:ad:b1:fe:61:e0:b3:2d:04:1c:44:
         33:45:e5:99:c8:36:07:fe:aa:be:0b:b7:2e:05:85:11:e2:db:
         ab:68:f3:dc:c2:05:07:15:20:c7:c2:e6:72:1b:30:6f:fd:ac:
         4b:45:18:6f:7c:df:51:72:fc:19:36:00:04:00:b3:99:51:6a:
         da:58:ef:3e:1b:07:4e:18:12:eb:92:18:e2:51:1a:96:34:9e:
         75:9e:b6:e0:40:cd:34:67:94:14:bf:6f:49:92:82:2c:30:05:
         d7:7d:25:1c:18:56:f9:c3:63:b5:f5:db:f9:40:b9:a0:bb:98:
         ea:b9:3f:8c:c6:76:af:6c:62:11:22:e7:74:f2:09:e3:37:ab:
         57:ab:fc:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJXdmSXJ7SC1BiBSOEYguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNGY4MDAxYzMwY2FjNTQ2ZTNmOTIxMDNiNGIxMjczMmRm
Y2JmNTIwHhcNMjQwMTAxMjIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2IwNmEyZjU1MmQ2YWM2Zjk1ZTc4YjNlOWZmZDRmMDJmNDFjNzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqm13UfjEHlZypa/SmudIqyWEk24
YXGpfFAUDxdbQJGu6kV+ZVJ3m/+1m/1FVJmpMfV1+fGNxByY8fXdjSnwMuBdq7tI
HnCO341TxXgVOy/JxkRJlXsGoKZgjnBpB0lIryZyNs1QFflnIcH/gpMKee75GqPt
90FAllxgbj31H6d1OIGoWh0NfecOZJoj/p++IDGuEFZEW1rYiov5JNW24cEMi+f2
Ay5QPDsBddc0HrqciBh2o8im/wvmKZLVVjV4uXqX4zHnWW5/VIoGxl53xoiVPYrh
5Xn0kYu5JtC9dM7ZJpgyTddi6Efui4RVPi6V4y7g7H62oH6kmPsh121WvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBywai9VLWrG+V54s+n/1PAvQccuMB8GA1UdIwQY
MBaAFBpPgAHDDKxUbj+SEDtLEnMt/L9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEt
MzhkNGYzMjExODk2LzEvSExCcUwxVXRhc2I1WG5pejZmX1U4QzlCeHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNmM4NmQtNmM2NS00YTI1LWE4ZmEtMzhkNGYzMjExODk2
LzEvR2stQUFjTU1yRlJ1UDVJUU8wc1NjeTM4djFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzHvMA0G
CSqGSIb3DQEBCwUAA4IBAQC8O/eeFtqhJug3xeYtws9c/3izk0711xo96w2oE0aW
cZUt8XFQaXokkuAcX4rwEwjZxRaoO9iAeLo8ES6+YxRo5J/Yt7jOFKmUbX3/TjlT
GGM++mfQ0a0oxOSUtSh9oCM1OWLv8aQLGcIx/CdoWFBazp3Yj62x/mHgsy0EHEQz
ReWZyDYH/qq+C7cuBYUR4turaPPcwgUHFSDHwuZyGzBv/axLRRhvfN9RcvwZNgAE
ALOZUWraWO8+GwdOGBLrkhjiURqWNJ51nrbgQM00Z5QUv29JkoIsMAXXfSUcGFb5
w2O19dv5QLmgu5jquT+MxnavbGIRIud08gnjN6tXq/y0
-----END CERTIFICATE-----