Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/HTGaeGMP8CdzPiu4Kdvv1i2tT0s.roa
File:                     HTGaeGMP8CdzPiu4Kdvv1i2tT0s.roa (raw, json)
Hash identifier:          fsIzfA72TKkiu+lQEzJHOVfbq74I+G15Uri9KTlcXHM=
Subject key identifier:   1D:31:9A:78:63:0F:F0:27:73:3E:2B:B8:29:DB:EF:D6:2D:AD:4F:4B
Certificate issuer:       /CN=1319f052bc9e7284888074390c9d0bc127606692
Certificate serial:       019424447EEA57CEDECF135282A3049EC8ED
Authority key identifier: 13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/HTGaeGMP8CdzPiu4Kdvv1i2tT0s.roa
Signing time:             Wed 01 Jan 2025 23:47:36 +0000
ROA not before:           Wed 01 Jan 2025 23:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12527
IP address blocks:        88.157.230.0/24 maxlen: 24
                          88.157.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:7e:ea:57:ce:de:cf:13:52:82:a3:04:9e:c8:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1319f052bc9e7284888074390c9d0bc127606692
        Validity
            Not Before: Jan  1 23:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d319a78630ff027733e2bb829dbefd62dad4f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ed:39:e7:01:af:47:e6:53:69:15:02:c2:e8:
                    88:06:b7:5a:5a:a0:59:65:60:1f:81:21:28:41:9f:
                    97:c3:45:89:dc:98:35:3d:13:cf:89:00:7c:2a:79:
                    9a:19:19:bb:63:80:db:b8:e7:fc:75:ce:3c:13:97:
                    3f:5f:fd:7e:24:af:db:8a:9f:83:e7:f0:2c:ba:12:
                    d8:14:bd:61:c0:d0:67:a3:ba:45:55:0e:ae:cd:b9:
                    4b:21:61:11:cf:10:cc:b9:23:ec:c7:a0:5e:d8:6b:
                    ff:46:ac:23:35:4f:c3:48:9d:ca:52:42:b5:c7:d6:
                    1b:36:93:86:2c:dd:f7:07:2d:00:17:ad:cb:36:79:
                    b2:96:9e:b2:b1:73:9a:08:81:a3:83:17:4f:38:40:
                    21:8a:75:16:96:a4:f6:3c:5e:3d:d6:84:47:30:4d:
                    9b:62:68:b9:47:2e:4e:56:16:40:5c:31:28:a5:8b:
                    de:4c:e5:99:94:a4:70:69:e8:db:44:7f:db:be:7f:
                    1d:cc:69:f2:53:42:27:1b:5d:52:52:3b:d0:0d:ff:
                    6a:3a:3d:0d:75:23:3f:2c:55:e3:07:c5:46:4c:45:
                    2d:cd:e9:36:d5:76:25:34:63:3e:51:cf:91:39:37:
                    5d:b1:24:bd:36:93:4c:f8:fa:f7:51:34:bb:43:13:
                    57:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:31:9A:78:63:0F:F0:27:73:3E:2B:B8:29:DB:EF:D6:2D:AD:4F:4B
            X509v3 Authority Key Identifier:
                keyid:13:19:F0:52:BC:9E:72:84:88:80:74:39:0C:9D:0B:C1:27:60:66:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExnwUryecoSIgHQ5DJ0LwSdgZpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/HTGaeGMP8CdzPiu4Kdvv1i2tT0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d5bbce-4220-4ec4-8af5-2c1a7730bd25/1/ExnwUryecoSIgHQ5DJ0LwSdgZpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.157.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:d3:84:12:3a:a8:94:9f:c5:aa:96:23:85:d0:dc:32:4e:40:
         83:23:0b:b0:83:2f:08:8e:f9:e1:5a:9a:46:c0:78:d0:21:2d:
         2d:ed:3b:87:84:79:b6:7c:7d:de:8b:ad:24:88:20:30:45:54:
         29:b1:16:e7:5a:85:a5:02:0e:22:e4:a4:eb:84:d4:59:17:74:
         bd:f4:fd:7b:8f:01:54:47:8b:f1:41:8b:b8:86:5b:a0:23:55:
         a5:3c:c0:54:80:eb:b4:73:d9:b9:f6:2d:54:66:b7:3b:52:2a:
         c5:3a:3c:cc:a6:1b:b6:97:26:9e:e8:dd:79:93:93:14:14:91:
         ca:83:cf:2d:aa:e4:84:24:93:47:ef:77:32:21:b3:0f:55:51:
         35:f2:93:f4:8a:f5:cd:0d:db:1c:73:f9:c9:ac:de:1a:b6:d1:
         6a:e4:b1:a7:fd:fa:9b:66:a0:bd:8a:96:a0:5c:33:d2:bc:71:
         07:6d:2f:81:28:64:2f:83:8c:04:b8:b8:f0:ec:e0:b1:0e:45:
         d7:74:7d:41:ee:ce:8c:aa:23:54:58:f8:10:9f:52:49:a3:82:
         7d:8b:28:94:36:7a:8b:c5:33:58:d5:1c:1d:4e:45:b8:74:6d:
         1a:5d:1d:0d:86:e2:36:e7:9e:98:5e:c9:b0:33:19:ba:28:7c:
         75:44:37:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRH7qV87ezxNSgqMEnsjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTlmMDUyYmM5ZTcyODQ4ODgwNzQzOTBjOWQwYmMxMjc2
MDY2OTIwHhcNMjUwMTAxMjM0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDMxOWE3ODYzMGZmMDI3NzMzZTJiYjgyOWRiZWZkNjJkYWQ0ZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwO055wGvR+ZTaRUCwuiIBrdaWqBZ
ZWAfgSEoQZ+Xw0WJ3Jg1PRPPiQB8KnmaGRm7Y4DbuOf8dc48E5c/X/1+JK/bip+D
5/AsuhLYFL1hwNBno7pFVQ6uzblLIWERzxDMuSPsx6Be2Gv/RqwjNU/DSJ3KUkK1
x9YbNpOGLN33By0AF63LNnmylp6ysXOaCIGjgxdPOEAhinUWlqT2PF491oRHME2b
Ymi5Ry5OVhZAXDEopYveTOWZlKRwaejbRH/bvn8dzGnyU0InG11SUjvQDf9qOj0N
dSM/LFXjB8VGTEUtzek21XYlNGM+Uc+ROTddsSS9NpNM+Pr3UTS7QxNXmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0xmnhjD/Ancz4ruCnb79YtrU9LMB8GA1UdIwQY
MBaAFBMZ8FK8nnKEiIB0OQydC8EnYGaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUt
MmMxYTc3MzBiZDI1LzEvSFRHYWVHTVA4Q2R6UGl1NEtkdnYxaTJ0VDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNWJiY2UtNDIyMC00ZWM0LThhZjUtMmMxYTc3MzBiZDI1
LzEvRXhud1VyeWVjb1NJZ0hRNURKMEx3U2RnWnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWJ3mMA0G
CSqGSIb3DQEBCwUAA4IBAQA004QSOqiUn8WqliOF0NwyTkCDIwuwgy8IjvnhWppG
wHjQIS0t7TuHhHm2fH3ei60kiCAwRVQpsRbnWoWlAg4i5KTrhNRZF3S99P17jwFU
R4vxQYu4hlugI1WlPMBUgOu0c9m59i1UZrc7UirFOjzMphu2lyae6N15k5MUFJHK
g88tquSEJJNH73cyIbMPVVE18pP0ivXNDdscc/nJrN4attFq5LGn/fqbZqC9ipag
XDPSvHEHbS+BKGQvg4wEuLjw7OCxDkXXdH1B7s6MqiNUWPgQn1JJo4J9iyiUNnqL
xTNY1RwdTkW4dG0aXR0NhuI2556YXsmwMxm6KHx1RDck
-----END CERTIFICATE-----