Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HKCDJO9FUZzCs48RHaRXmBCEPw0.roa
File:                     HKCDJO9FUZzCs48RHaRXmBCEPw0.roa (raw, json)
Hash identifier:          RDlXd0fdXfWrCJrLpKi6aQQnYwygrnPiCietIRHlPoY=
Subject key identifier:   1C:A0:83:24:EF:45:51:9C:C2:B3:8F:11:1D:A4:57:98:10:84:3F:0D
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       018CCA29715735545E0385C5E3AAEF1F2F15
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HKCDJO9FUZzCs48RHaRXmBCEPw0.roa
Signing time:             Tue 02 Jan 2024 12:32:42 +0000
ROA not before:           Tue 02 Jan 2024 12:32:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212359
IP address blocks:        2a0e:8f02:f00e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:71:57:35:54:5e:03:85:c5:e3:aa:ef:1f:2f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  2 12:32:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ca08324ef45519cc2b38f111da4579810843f0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:60:16:f9:a6:8e:1b:c7:76:ba:c7:e8:26:e6:
                    53:e4:f0:e3:c7:69:9c:6a:45:8b:ce:b9:a7:98:00:
                    3b:67:b1:8a:9b:19:12:42:82:2c:7d:48:11:51:3a:
                    9d:e9:6e:49:ac:2d:f4:9a:79:15:8f:93:3e:68:8e:
                    02:33:e1:1f:a4:12:da:57:2b:ac:5d:9b:dc:33:8c:
                    95:10:d9:ea:1a:e1:15:03:89:19:45:7a:39:54:76:
                    4d:d3:ab:52:c5:11:0c:82:98:ea:9e:b8:a2:ad:db:
                    e8:79:13:de:93:da:82:11:80:ca:87:97:d6:11:24:
                    94:1b:ce:a2:13:ed:6a:b6:82:9c:fc:89:bc:01:6e:
                    4c:7c:1e:f4:15:56:4b:b7:0b:52:08:ce:73:ed:41:
                    1b:af:8e:c6:0f:03:bd:02:46:bd:76:b4:e7:4b:08:
                    18:fd:d7:9c:eb:d0:fe:2d:e0:da:b6:e7:32:8d:fd:
                    05:56:dd:19:08:22:f9:84:85:ea:ec:1e:63:e3:80:
                    fa:b0:7d:f6:9b:cc:5d:22:0f:94:98:a4:9b:11:ea:
                    70:eb:5f:e9:76:59:a0:95:8c:46:62:ad:7f:97:c5:
                    ea:f3:fa:c8:63:5b:f0:5b:74:b0:9b:99:93:b5:bc:
                    a0:bd:1a:42:86:9f:32:4e:fd:12:14:7b:f1:64:c6:
                    ee:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A0:83:24:EF:45:51:9C:C2:B3:8F:11:1D:A4:57:98:10:84:3F:0D
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/HKCDJO9FUZzCs48RHaRXmBCEPw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f00e::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:96:62:ad:35:38:56:a8:5d:16:03:0f:c9:76:9a:10:fe:d0:
         c5:41:e0:3b:b7:cf:48:9d:ef:28:30:d0:43:52:95:86:88:a8:
         c8:8c:1d:3c:7b:c0:7f:b6:43:1e:0d:1b:33:e0:90:3d:a3:6d:
         12:cb:db:20:aa:05:5a:c2:5c:96:f9:ca:bc:1f:82:aa:d2:5a:
         7b:4e:a4:18:b6:63:1c:ff:72:66:a1:c9:ed:88:49:92:65:c6:
         6f:45:f0:86:06:41:3f:5b:9e:1f:cd:51:89:d3:aa:37:55:cf:
         48:85:30:71:f6:dd:26:66:03:8a:56:1f:e7:65:69:d5:33:a9:
         fe:0f:11:0f:dd:b4:a8:e5:04:7d:d5:26:f8:0f:85:12:74:ed:
         fd:5a:2a:61:52:5e:9e:69:14:b3:9c:1c:ad:0a:c0:de:84:b8:
         a2:4f:d7:18:03:90:85:bf:a9:85:61:40:ae:ee:1e:d0:38:1d:
         22:1e:02:34:85:2e:52:f7:2a:64:62:a5:88:d1:e1:9b:b6:e8:
         4a:73:c6:f1:2d:1a:27:bd:3c:b2:ad:81:46:0c:49:d8:f0:09:
         73:8d:0a:2f:71:18:3c:67:d3:ff:9e:57:ce:c8:e5:75:b3:c3:
         e1:e3:3e:b4:eb:9c:44:a7:05:9c:3d:4d:10:cc:c5:04:86:12:
         5f:4c:91:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKXFXNVReA4XF46rvHy8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjQwMTAyMTIzMjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2EwODMyNGVmNDU1MTljYzJiMzhmMTExZGE0NTc5ODEwODQzZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2AW+aaOG8d2usfoJuZT5PDjx2mc
akWLzrmnmAA7Z7GKmxkSQoIsfUgRUTqd6W5JrC30mnkVj5M+aI4CM+EfpBLaVyus
XZvcM4yVENnqGuEVA4kZRXo5VHZN06tSxREMgpjqnriirdvoeRPek9qCEYDKh5fW
ESSUG86iE+1qtoKc/Im8AW5MfB70FVZLtwtSCM5z7UEbr47GDwO9Aka9drTnSwgY
/dec69D+LeDatucyjf0FVt0ZCCL5hIXq7B5j44D6sH32m8xdIg+UmKSbEepw61/p
dlmglYxGYq1/l8Xq8/rIY1vwW3Swm5mTtbygvRpChp8yTv0SFHvxZMbupwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFByggyTvRVGcwrOPER2kV5gQhD8NMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvSEtDREpPOUZVWnpDczQ4UkhhUlhtQkNFUHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAO
MA0GCSqGSIb3DQEBCwUAA4IBAQBxlmKtNThWqF0WAw/JdpoQ/tDFQeA7t89Ine8o
MNBDUpWGiKjIjB08e8B/tkMeDRsz4JA9o20Sy9sgqgVawlyW+cq8H4Kq0lp7TqQY
tmMc/3JmocntiEmSZcZvRfCGBkE/W54fzVGJ06o3Vc9IhTBx9t0mZgOKVh/nZWnV
M6n+DxEP3bSo5QR91Sb4D4USdO39WiphUl6eaRSznBytCsDehLiiT9cYA5CFv6mF
YUCu7h7QOB0iHgI0hS5S9ypkYqWI0eGbtuhKc8bxLRonvTyyrYFGDEnY8AlzjQov
cRg8Z9P/nlfOyOV1s8Ph4z6065xEpwWcPU0QzMUEhhJfTJEl
-----END CERTIFICATE-----