Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/HBeQLNx6wYSIsJ7niE18RNl2FbA.roa
File:                     HBeQLNx6wYSIsJ7niE18RNl2FbA.roa (raw, json)
Hash identifier:          GHNKCyt6mj1cZoiOmemmQ6nwCFj8pDxFuJoQfQGs5SA=
Subject key identifier:   1C:17:90:2C:DC:7A:C1:84:88:B0:9E:E7:88:4D:7C:44:D9:76:15:B0
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       01935F9B3FFBA8764C6EA9EFA74804E4202B
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/HBeQLNx6wYSIsJ7niE18RNl2FbA.roa
Signing time:             Sun 24 Nov 2024 19:17:09 +0000
ROA not before:           Sun 24 Nov 2024 19:17:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215073
IP address blocks:        85.235.73.0/24 maxlen: 24
                          193.111.78.0/24 maxlen: 24
                          217.18.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 22:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:5f:9b:3f:fb:a8:76:4c:6e:a9:ef:a7:48:04:e4:20:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Nov 24 19:17:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c17902cdc7ac18488b09ee7884d7c44d97615b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:52:6b:c5:db:e0:72:1e:6b:dd:d7:43:de:84:
                    aa:b9:05:41:d2:a6:49:df:d2:57:9d:72:ca:5a:f7:
                    73:5c:be:5e:07:2b:e7:6c:74:ae:c7:48:22:6b:9f:
                    65:a2:9f:66:14:5d:bb:00:d8:62:ef:0e:a2:70:5e:
                    87:3f:a5:1c:57:1d:6d:db:1b:47:4a:b9:8a:aa:4e:
                    6a:36:c2:6b:13:2f:e3:b0:50:db:5e:33:d7:52:ee:
                    b8:1c:e2:ec:67:85:d3:29:8d:4a:2b:61:8d:00:30:
                    b6:f1:c3:99:77:7c:c1:1b:b7:84:bf:7d:e7:5d:51:
                    86:0f:78:41:f5:f4:9b:92:f8:3e:97:2c:d0:bf:a8:
                    9b:98:6e:dd:f6:10:49:e6:1b:8e:2c:52:59:ee:f7:
                    c9:ef:20:70:3d:b7:e0:e4:57:95:f6:ec:86:7a:3a:
                    de:f7:0b:82:ce:5e:5f:41:73:7f:f3:ef:dc:15:2c:
                    48:ce:98:d6:18:5c:1d:d8:26:15:e9:1e:63:e6:4f:
                    0b:43:4f:9d:7a:1e:2c:b7:3d:da:d5:de:4c:7b:f9:
                    ad:f4:6d:42:47:dc:80:ad:6a:d9:74:93:f9:7e:11:
                    cf:36:83:07:ef:63:f3:2a:42:60:50:8a:65:10:52:
                    29:75:7b:53:bc:52:e9:db:f2:75:24:9d:ff:32:b3:
                    bb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:17:90:2C:DC:7A:C1:84:88:B0:9E:E7:88:4D:7C:44:D9:76:15:B0
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/HBeQLNx6wYSIsJ7niE18RNl2FbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.73.0/24
                  193.111.78.0/24
                  217.18.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:16:3a:59:35:d7:cc:67:93:87:1a:1a:1b:2a:81:c4:1a:19:
         20:3c:9e:b4:38:32:26:97:69:45:cc:f4:9f:b2:d7:56:8d:2e:
         d0:1f:84:e1:9d:49:5d:f4:b9:d6:10:4f:54:15:30:f7:1c:8c:
         46:c8:c6:91:b2:b7:2c:34:a3:05:26:bc:79:93:2a:c7:d0:a0:
         3e:b7:40:19:1f:fd:0d:1c:16:b8:49:af:a1:47:9b:72:24:34:
         4d:34:3b:d7:46:9c:e2:fd:5c:34:4e:6d:b0:de:c5:eb:60:2f:
         d1:9c:79:a3:05:90:75:1b:51:f5:e6:a5:01:c1:5f:c9:6f:b2:
         a0:7d:f0:cb:37:bd:82:e3:45:6a:cd:3e:fe:97:2b:9a:ae:07:
         c9:ac:10:3d:79:93:8e:5e:b9:4b:b8:ec:91:2f:99:4a:03:49:
         d7:ab:9e:64:09:1b:d9:10:a5:4c:a0:01:c1:ea:ff:cc:30:bf:
         ab:f3:44:b5:76:fd:9c:1d:07:08:ce:48:2d:00:a3:8a:fe:23:
         28:5f:e5:70:43:ce:d7:65:df:22:ac:7a:35:9e:c3:2b:de:41:
         3f:fe:5c:b6:c7:9b:32:08:9c:a6:c9:27:89:e6:91:cf:5e:71:
         b0:cc:cf:8b:3b:99:c3:6a:51:70:90:eb:e5:f5:41:3c:ad:ca:
         19:9a:ca:38
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZNfmz/7qHZMbqnvp0gE5CArMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjQxMTI0MTkxNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzE3OTAyY2RjN2FjMTg0ODhiMDllZTc4ODRkN2M0NGQ5NzYxNWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlJrxdvgch5r3ddD3oSquQVB0qZJ
39JXnXLKWvdzXL5eByvnbHSux0gia59lop9mFF27ANhi7w6icF6HP6UcVx1t2xtH
SrmKqk5qNsJrEy/jsFDbXjPXUu64HOLsZ4XTKY1KK2GNADC28cOZd3zBG7eEv33n
XVGGD3hB9fSbkvg+lyzQv6ibmG7d9hBJ5huOLFJZ7vfJ7yBwPbfg5FeV9uyGejre
9wuCzl5fQXN/8+/cFSxIzpjWGFwd2CYV6R5j5k8LQ0+deh4stz3a1d5Me/mt9G1C
R9yArWrZdJP5fhHPNoMH72PzKkJgUIplEFIpdXtTvFLp2/J1JJ3/MrO7EwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBwXkCzcesGEiLCe54hNfETZdhWwMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvSEJlUUxOeDZ3WVNJc0o3bmlFMThSTmwyRmJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVetJAwQA
wW9OAwQA2RLTMA0GCSqGSIb3DQEBCwUAA4IBAQDXFjpZNdfMZ5OHGhobKoHEGhkg
PJ60ODIml2lFzPSfstdWjS7QH4ThnUld9LnWEE9UFTD3HIxGyMaRsrcsNKMFJrx5
kyrH0KA+t0AZH/0NHBa4Sa+hR5tyJDRNNDvXRpzi/Vw0Tm2w3sXrYC/RnHmjBZB1
G1H15qUBwV/Jb7KgffDLN72C40VqzT7+lyuargfJrBA9eZOOXrlLuOyRL5lKA0nX
q55kCRvZEKVMoAHB6v/MML+r80S1dv2cHQcIzkgtAKOK/iMoX+VwQ87XZd8irHo1
nsMr3kE//ly2x5syCJymySeJ5pHPXnGwzM+LO5nDalFwkOvl9UE8rcoZmso4
-----END CERTIFICATE-----