Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/HR55_v7tU_nk_jRUWYmfJtQR9WA.roa
File:                     HR55_v7tU_nk_jRUWYmfJtQR9WA.roa (raw, json)
Hash identifier:          /dID2iZYF2CUzIicZ7+Z023I6NUW7EvfBXCTVjJ/V0M=
Subject key identifier:   1D:1E:79:FE:FE:ED:53:F9:E4:FE:34:54:59:89:9F:26:D4:11:F5:60
Certificate issuer:       /CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
Certificate serial:       01971AB0A9D4F4117783477FF56E32CBBCFB
Authority key identifier: C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/HR55_v7tU_nk_jRUWYmfJtQR9WA.roa
Signing time:             Thu 29 May 2025 06:17:54 +0000
ROA not before:           Thu 29 May 2025 06:17:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35617
IP address blocks:        45.131.220.0/22 maxlen: 24
                          46.21.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1a:b0:a9:d4:f4:11:77:83:47:7f:f5:6e:32:cb:bc:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
        Validity
            Not Before: May 29 06:17:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d1e79fefeed53f9e4fe345459899f26d411f560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b1:bd:67:8e:d9:d6:aa:60:58:41:26:36:65:
                    ed:bc:35:0a:ee:51:a8:1f:f8:7b:fa:63:92:0a:07:
                    e0:c0:af:a4:bf:25:24:d9:c4:75:b4:91:89:31:f7:
                    b5:c1:7c:ec:98:0c:27:81:8a:e1:2d:f2:16:ae:bc:
                    bf:79:27:4f:87:30:ae:3a:25:59:ef:4e:0f:c8:8b:
                    07:a3:89:c7:d9:ae:3e:5b:3e:af:66:34:71:bf:73:
                    9b:4e:ff:91:a9:6e:07:3e:9c:e2:4b:5b:d0:74:2c:
                    98:e2:4d:f3:43:d6:5e:3a:1a:5c:c8:30:ae:f1:a8:
                    f9:67:62:e6:bb:c6:57:83:b5:68:35:88:e7:cb:65:
                    23:21:e4:a7:83:ce:68:48:14:9d:66:c4:90:30:6c:
                    e6:a9:25:90:33:e8:3b:d8:54:13:0f:74:58:76:4c:
                    0f:15:f6:92:44:76:73:21:f0:7b:73:43:f3:34:ff:
                    e2:0c:f2:2b:72:23:32:48:f2:c9:45:19:f5:8e:53:
                    44:85:68:5d:01:65:dd:cb:37:f1:2f:74:13:bc:c4:
                    71:a3:43:a4:3a:01:95:0e:cb:01:31:f9:9b:b1:82:
                    52:2e:c9:97:54:2e:31:1f:9d:c8:53:a1:9d:b7:98:
                    e5:96:27:1b:ad:f0:f3:48:5e:35:ca:b6:61:b1:6b:
                    fd:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:1E:79:FE:FE:ED:53:F9:E4:FE:34:54:59:89:9F:26:D4:11:F5:60
            X509v3 Authority Key Identifier:
                keyid:C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/HR55_v7tU_nk_jRUWYmfJtQR9WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.220.0/22
                  46.21.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:d0:69:6d:c3:59:84:75:c1:1c:44:21:15:4d:d0:60:12:e6:
         46:af:64:9a:35:2c:5b:04:59:72:b3:53:21:8d:c6:fc:1f:22:
         fc:f4:cc:23:b8:c1:b6:0e:c3:99:ca:ed:23:0c:d7:c8:ad:9a:
         be:e4:65:43:6b:dc:99:ab:07:6b:1d:7f:c9:1a:de:22:a5:8d:
         d7:48:82:b8:8c:89:3e:a3:7e:ff:d1:58:b0:50:cd:6f:ab:74:
         90:f3:63:64:25:c0:88:7e:00:11:35:38:f8:e1:34:5e:a7:ef:
         a0:79:c3:1e:62:eb:05:db:ac:0a:8e:8a:e6:6f:6d:3b:1d:86:
         1e:80:23:57:89:90:9a:ae:ec:65:47:8c:c5:ba:9a:4c:1a:de:
         4d:29:51:28:f7:59:7a:b5:01:3a:16:ab:10:f5:7d:99:64:df:
         eb:2b:d3:92:05:14:0f:82:b2:87:14:af:93:97:ca:a3:47:bf:
         95:02:e4:d2:80:85:f1:b2:96:1f:21:3e:9f:e5:66:41:de:1e:
         ce:d7:0d:b1:ea:77:12:1a:a9:b6:a1:e6:2d:bf:70:25:e4:82:
         26:75:8a:0e:01:bb:c9:f5:c6:bb:07:73:2b:ec:a9:12:3a:21:
         a1:cc:74:c3:1b:19:98:1e:bf:6f:26:60:45:61:13:61:68:3a:
         e8:e8:49:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcasKnU9BF3g0d/9W4yy7z7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Y2ZhOTRmNjEzNGUzOTYwZWE1ZjMxODg0NmEzMGNmM2U5
MjJkZDcwHhcNMjUwNTI5MDYxNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDFlNzlmZWZlZWQ1M2Y5ZTRmZTM0NTQ1OTg5OWYyNmQ0MTFmNTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrG9Z47Z1qpgWEEmNmXtvDUK7lGo
H/h7+mOSCgfgwK+kvyUk2cR1tJGJMfe1wXzsmAwngYrhLfIWrry/eSdPhzCuOiVZ
704PyIsHo4nH2a4+Wz6vZjRxv3ObTv+RqW4HPpziS1vQdCyY4k3zQ9ZeOhpcyDCu
8aj5Z2Lmu8ZXg7VoNYjny2UjIeSng85oSBSdZsSQMGzmqSWQM+g72FQTD3RYdkwP
FfaSRHZzIfB7c0PzNP/iDPIrciMySPLJRRn1jlNEhWhdAWXdyzfxL3QTvMRxo0Ok
OgGVDssBMfmbsYJSLsmXVC4xH53IU6Gdt5jllicbrfDzSF41yrZhsWv9wwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB0eef7+7VP55P40VFmJnybUEfVgMB8GA1UdIwQY
MBaAFMbPqU9hNOOWDqXzGIRqMM8+ki3XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUt
ZjlhNDM3MDlkMDBiLzEvSFI1NV92N3RVX25rX2pSVVdZbWZKdFFSOVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUtZjlhNDM3MDlkMDBi
LzEveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYPcAwQC
LhUQMA0GCSqGSIb3DQEBCwUAA4IBAQB30Gltw1mEdcEcRCEVTdBgEuZGr2SaNSxb
BFlys1Mhjcb8HyL89MwjuMG2DsOZyu0jDNfIrZq+5GVDa9yZqwdrHX/JGt4ipY3X
SIK4jIk+o37/0ViwUM1vq3SQ82NkJcCIfgARNTj44TRep++gecMeYusF26wKjorm
b207HYYegCNXiZCaruxlR4zFuppMGt5NKVEo91l6tQE6FqsQ9X2ZZN/rK9OSBRQP
grKHFK+Tl8qjR7+VAuTSgIXxspYfIT6f5WZB3h7O1w2x6ncSGqm2oeYtv3Al5IIm
dYoOAbvJ9ca7B3Mr7KkSOiGhzHTDGxmYHr9vJmBFYRNhaDro6ElZ
-----END CERTIFICATE-----