Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/18da7e-d2f0-4597-9b3d-385f3f52a96b/1/HGyMO-gI6BJOthGGldBVkMwTP6M.roa
File:                     HGyMO-gI6BJOthGGldBVkMwTP6M.roa (raw, json)
Hash identifier:          LWkHdvqqdhuJkMVn2Z8NyBNjrEPjz4vXV3NQv+TmBQY=
Subject key identifier:   1C:6C:8C:3B:E8:08:E8:12:4E:B6:11:86:95:D0:55:90:CC:13:3F:A3
Certificate issuer:       /CN=b15ca2f686d4e484a77c34c173476bf69d237b7d
Certificate serial:       019425220DC78D5CCCEEB9467F5A51C2229F
Authority key identifier: B1:5C:A2:F6:86:D4:E4:84:A7:7C:34:C1:73:47:6B:F6:9D:23:7B:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVyi9obU5ISnfDTBc0dr9p0je30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/18da7e-d2f0-4597-9b3d-385f3f52a96b/1/HGyMO-gI6BJOthGGldBVkMwTP6M.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25459
IP address blocks:        94.124.120.0/21 maxlen: 21
                          2a02:9e0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/18da7e-d2f0-4597-9b3d-385f3f52a96b/1/sVyi9obU5ISnfDTBc0dr9p0je30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/18da7e-d2f0-4597-9b3d-385f3f52a96b/1/sVyi9obU5ISnfDTBc0dr9p0je30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVyi9obU5ISnfDTBc0dr9p0je30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 06:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0d:c7:8d:5c:cc:ee:b9:46:7f:5a:51:c2:22:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b15ca2f686d4e484a77c34c173476bf69d237b7d
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c6c8c3be808e8124eb6118695d05590cc133fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:75:80:87:fb:00:e7:4a:ec:0f:47:20:be:25:
                    e8:5b:20:3b:c6:b0:86:12:8d:59:40:52:9a:f1:9f:
                    33:b7:d1:ec:8c:41:a1:c3:04:25:9c:30:f7:48:12:
                    46:ef:8f:47:cc:ad:3f:a8:44:5d:d3:de:81:d3:e8:
                    1f:98:51:f0:c0:49:07:3c:fe:d6:94:94:7d:54:e1:
                    dc:79:57:88:ef:f9:77:5e:66:b9:97:4a:69:ca:b9:
                    f8:52:83:fb:49:8a:fc:df:77:77:e2:b6:2d:59:c2:
                    c8:d6:17:9e:ca:1b:6b:fd:e1:87:99:38:31:06:1e:
                    e5:f5:ea:f8:e7:07:ae:e6:34:58:00:97:d1:79:a8:
                    67:96:c3:5b:ec:f2:9c:d8:75:f2:dd:11:f3:63:5a:
                    5a:11:30:00:96:06:25:dd:e8:71:23:c7:e9:b5:1c:
                    a8:ab:f7:48:aa:76:c9:a2:bd:b8:87:eb:87:25:12:
                    98:da:7e:25:64:26:1e:0c:cd:78:e1:49:15:17:34:
                    0b:11:12:ef:bd:5a:0e:5d:2b:d9:3c:a8:c6:c3:86:
                    dc:43:b5:f4:70:7f:ec:23:ad:13:cd:3e:67:5b:b8:
                    50:00:bb:1e:dc:3e:a3:b8:63:95:31:5b:b5:40:8d:
                    1c:4e:18:5d:d7:85:86:7b:a3:84:38:29:66:66:73:
                    74:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:6C:8C:3B:E8:08:E8:12:4E:B6:11:86:95:D0:55:90:CC:13:3F:A3
            X509v3 Authority Key Identifier:
                keyid:B1:5C:A2:F6:86:D4:E4:84:A7:7C:34:C1:73:47:6B:F6:9D:23:7B:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVyi9obU5ISnfDTBc0dr9p0je30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/18da7e-d2f0-4597-9b3d-385f3f52a96b/1/HGyMO-gI6BJOthGGldBVkMwTP6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/18da7e-d2f0-4597-9b3d-385f3f52a96b/1/sVyi9obU5ISnfDTBc0dr9p0je30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.120.0/21
                IPv6:
                  2a02:9e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:47:3a:d3:3e:4e:e4:2e:e6:20:e7:f6:4c:2e:08:34:ae:71:
         1a:7d:9b:aa:dc:22:6b:91:e8:5d:e0:51:78:71:31:e9:38:05:
         14:d4:4b:db:03:5e:51:8d:e5:ce:db:47:47:ee:fd:0e:ea:72:
         6b:b0:3e:55:1d:6d:cf:9b:9f:56:eb:36:d0:43:c0:6b:5a:c2:
         d3:b8:13:17:5a:74:95:7c:18:df:5d:c9:8b:2e:58:c2:99:bb:
         70:82:c3:9a:02:32:c9:f5:06:c9:1a:9c:59:9e:b1:e6:69:ea:
         6a:ff:72:63:7f:28:8a:d7:28:08:e2:6e:9c:5a:1b:c9:66:0a:
         5b:d2:88:e3:a0:43:61:bf:3b:c9:67:5c:89:eb:e7:6c:de:7b:
         de:05:61:5f:15:ff:85:30:23:04:0a:d7:21:a5:b5:ec:bd:35:
         29:17:2c:ba:f8:4a:b0:3d:1c:88:c1:5e:85:b6:76:cb:9d:2f:
         a9:b1:e6:4f:0f:fb:88:b7:d5:19:b9:ef:5e:6e:bd:bf:c3:dd:
         2d:0c:36:c1:b0:9e:26:ae:20:80:27:91:e7:5b:62:19:8a:ec:
         9b:8a:f5:a9:2f:fd:8c:7d:33:56:5d:ae:82:f1:25:ec:13:a3:
         9a:0c:72:76:e9:af:e3:ab:de:97:3e:36:14:5e:72:14:6d:74:
         02:e3:ac:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIg3HjVzM7rlGf1pRwiKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNWNhMmY2ODZkNGU0ODRhNzdjMzRjMTczNDc2YmY2OWQy
MzdiN2QwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzZjOGMzYmU4MDhlODEyNGViNjExODY5NWQwNTU5MGNjMTMzZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHWAh/sA50rsD0cgviXoWyA7xrCG
Eo1ZQFKa8Z8zt9HsjEGhwwQlnDD3SBJG749HzK0/qERd096B0+gfmFHwwEkHPP7W
lJR9VOHceVeI7/l3Xma5l0ppyrn4UoP7SYr833d34rYtWcLI1heeyhtr/eGHmTgx
Bh7l9er45weu5jRYAJfReahnlsNb7PKc2HXy3RHzY1paETAAlgYl3ehxI8fptRyo
q/dIqnbJor24h+uHJRKY2n4lZCYeDM144UkVFzQLERLvvVoOXSvZPKjGw4bcQ7X0
cH/sI60TzT5nW7hQALse3D6juGOVMVu1QI0cThhd14WGe6OEOClmZnN0nwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBxsjDvoCOgSTrYRhpXQVZDMEz+jMB8GA1UdIwQY
MBaAFLFcovaG1OSEp3w0wXNHa/adI3t9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1Z5aTlvYlU1SVNuZkRUQmMwZHI5cDBqZTMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8xOGRhN2UtZDJmMC00NTk3LTliM2Qt
Mzg1ZjNmNTJhOTZiLzEvSEd5TU8tZ0k2QkpPdGhHR2xkQlZrTXdUUDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8xOGRhN2UtZDJmMC00NTk3LTliM2QtMzg1ZjNmNTJhOTZi
LzEvc1Z5aTlvYlU1SVNuZkRUQmMwZHI5cDBqZTMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXnx4MA0E
AgACMAcDBQAqAgngMA0GCSqGSIb3DQEBCwUAA4IBAQBfRzrTPk7kLuYg5/ZMLgg0
rnEafZuq3CJrkehd4FF4cTHpOAUU1EvbA15RjeXO20dH7v0O6nJrsD5VHW3Pm59W
6zbQQ8BrWsLTuBMXWnSVfBjfXcmLLljCmbtwgsOaAjLJ9QbJGpxZnrHmaepq/3Jj
fyiK1ygI4m6cWhvJZgpb0ojjoENhvzvJZ1yJ6+ds3nveBWFfFf+FMCMECtchpbXs
vTUpFyy6+EqwPRyIwV6FtnbLnS+pseZPD/uIt9UZue9ebr2/w90tDDbBsJ4mriCA
J5HnW2IZiuybivWpL/2MfTNWXa6C8SXsE6OaDHJ26a/jq96XPjYUXnIUbXQC46w5
-----END CERTIFICATE-----