Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/HyNCxQlG4pU8sUEoFsYhLb1GzCY.roa
File:                     HyNCxQlG4pU8sUEoFsYhLb1GzCY.roa (raw, json)
Hash identifier:          G6il+trKEhoxsyl0BONyQUhAmxkiYuT6eiUBFu1sWZE=
Subject key identifier:   1F:23:42:C5:09:46:E2:95:3C:B1:41:28:16:C6:21:2D:BD:46:CC:26
Certificate issuer:       /CN=ccd1e28930d77a7eb9891b6fabbb2915ee3885aa
Certificate serial:       018CC3B707E8B55C4CC478F0078A56A1D0F6
Authority key identifier: CC:D1:E2:89:30:D7:7A:7E:B9:89:1B:6F:AB:BB:29:15:EE:38:85:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zNHiiTDXen65iRtvq7spFe44hao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/HyNCxQlG4pU8sUEoFsYhLb1GzCY.roa
Signing time:             Mon 01 Jan 2024 06:30:01 +0000
ROA not before:           Mon 01 Jan 2024 06:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        152.88.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zNHiiTDXen65iRtvq7spFe44hao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zNHiiTDXen65iRtvq7spFe44hao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zNHiiTDXen65iRtvq7spFe44hao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:07:e8:b5:5c:4c:c4:78:f0:07:8a:56:a1:d0:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccd1e28930d77a7eb9891b6fabbb2915ee3885aa
        Validity
            Not Before: Jan  1 06:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f2342c50946e2953cb1412816c6212dbd46cc26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:84:25:c8:ae:69:a1:5c:2a:b3:35:29:e6:e0:
                    02:85:a6:d1:f8:41:e8:02:ca:69:84:a0:01:dd:e9:
                    aa:97:27:99:b1:3e:be:8e:ce:ee:3a:2d:ec:40:b2:
                    c1:f6:aa:67:5f:54:ec:47:0d:de:e7:74:05:07:94:
                    50:7b:7d:b4:57:b5:60:23:d3:24:0a:ff:7e:00:9d:
                    69:53:14:41:bc:6d:ee:80:39:2c:3a:54:8a:49:42:
                    ba:3d:3a:f4:64:d9:58:08:63:95:f9:ab:35:ca:06:
                    5d:b5:e1:ba:f1:62:1c:32:d4:fd:a3:71:8f:09:4b:
                    b6:0c:ab:ab:81:13:07:30:06:41:76:2a:47:90:38:
                    c7:dc:a5:aa:55:d2:d4:aa:ae:88:6b:1a:ec:50:dd:
                    28:af:e8:cc:16:c4:4b:af:88:75:0b:72:8a:1e:e8:
                    98:5c:34:0f:b8:92:42:dc:d2:fa:ef:ad:a9:d3:27:
                    54:5e:d0:ae:27:2d:c1:92:32:ca:24:17:96:0d:27:
                    91:a5:8a:69:a2:24:5e:4a:8d:f9:95:22:b0:eb:79:
                    ce:c3:0e:dc:13:2c:40:67:11:0b:0b:63:cb:fb:2a:
                    7e:66:c7:e2:39:84:52:a6:5e:49:b2:3e:34:72:fe:
                    78:98:ca:08:bb:83:bc:e9:df:eb:0b:a3:56:ad:5e:
                    61:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:23:42:C5:09:46:E2:95:3C:B1:41:28:16:C6:21:2D:BD:46:CC:26
            X509v3 Authority Key Identifier:
                keyid:CC:D1:E2:89:30:D7:7A:7E:B9:89:1B:6F:AB:BB:29:15:EE:38:85:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNHiiTDXen65iRtvq7spFe44hao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/HyNCxQlG4pU8sUEoFsYhLb1GzCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1042dd-e67b-402a-81dc-c13b1f977d57/1/zNHiiTDXen65iRtvq7spFe44hao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a5:8d:b0:17:ed:fe:54:70:3b:67:49:5a:e3:93:bd:f7:c0:c8:
         40:f7:d4:bd:c0:02:50:2d:33:94:b3:f7:de:d8:fd:0f:91:21:
         e4:de:d2:d9:45:5f:6f:1f:9d:bd:e0:14:aa:fb:f0:b2:3c:49:
         29:23:b0:49:20:62:81:4a:e9:e0:f2:16:75:f4:f0:f4:f5:fe:
         1c:b8:25:73:b4:c7:0b:83:36:ed:41:df:f0:51:4d:f0:0a:63:
         e5:08:ca:13:32:ed:87:9e:b3:1c:55:95:d8:f5:2e:b5:2b:6d:
         93:6d:9f:2d:00:df:87:ca:e9:c8:32:01:c7:9b:b1:c0:93:3f:
         fb:92:34:b4:f9:c2:33:f2:3c:f2:56:9d:da:41:0b:ec:d4:68:
         1e:48:55:e3:c6:4f:5e:e7:e6:a5:70:83:ae:f5:a9:86:d2:b8:
         dd:47:b5:b2:ee:e9:4f:01:df:33:26:cd:6c:e4:1a:11:a2:54:
         db:12:73:05:8e:ae:37:a5:94:ae:9f:7f:19:09:fa:32:ed:c7:
         ee:02:0a:17:c1:b3:3e:1c:b0:a2:c6:1d:04:fc:80:1d:fd:ec:
         0f:fa:4b:7f:0f:21:40:20:9a:73:08:2f:86:b3:34:58:01:5f:
         5d:33:77:f4:61:8c:c0:4e:5b:9a:07:b2:ed:cb:dd:17:04:c4:
         df:41:c9:14
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtwfotVxMxHjwB4pWodD2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDFlMjg5MzBkNzdhN2ViOTg5MWI2ZmFiYmIyOTE1ZWUz
ODg1YWEwHhcNMjQwMTAxMDYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjIzNDJjNTA5NDZlMjk1M2NiMTQxMjgxNmM2MjEyZGJkNDZjYzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroQlyK5poVwqszUp5uAChabR+EHo
AspphKAB3emqlyeZsT6+js7uOi3sQLLB9qpnX1TsRw3e53QFB5RQe320V7VgI9Mk
Cv9+AJ1pUxRBvG3ugDksOlSKSUK6PTr0ZNlYCGOV+as1ygZdteG68WIcMtT9o3GP
CUu2DKurgRMHMAZBdipHkDjH3KWqVdLUqq6IaxrsUN0or+jMFsRLr4h1C3KKHuiY
XDQPuJJC3NL6762p0ydUXtCuJy3BkjLKJBeWDSeRpYppoiReSo35lSKw63nOww7c
EyxAZxELC2PL+yp+ZsfiOYRSpl5Jsj40cv54mMoIu4O86d/rC6NWrV5hkwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFB8jQsUJRuKVPLFBKBbGIS29RswmMB8GA1UdIwQY
MBaAFMzR4okw13p+uYkbb6u7KRXuOIWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5IaWlURFhlbjY1aVJ0dnE3c3BGZTQ0aGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xMDQyZGQtZTY3Yi00MDJhLTgxZGMt
YzEzYjFmOTc3ZDU3LzEvSHlOQ3hRbEc0cFU4c1VFb0ZzWWhMYjFHekNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xMDQyZGQtZTY3Yi00MDJhLTgxZGMtYzEzYjFmOTc3ZDU3
LzEvek5IaWlURFhlbjY1aVJ0dnE3c3BGZTQ0aGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmFgwDQYJ
KoZIhvcNAQELBQADggEBAKWNsBft/lRwO2dJWuOTvffAyED31L3AAlAtM5Sz997Y
/Q+RIeTe0tlFX28fnb3gFKr78LI8SSkjsEkgYoFK6eDyFnX08PT1/hy4JXO0xwuD
Nu1B3/BRTfAKY+UIyhMy7YeesxxVldj1LrUrbZNtny0A34fK6cgyAcebscCTP/uS
NLT5wjPyPPJWndpBC+zUaB5IVePGT17n5qVwg671qYbSuN1HtbLu6U8B3zMmzWzk
GhGiVNsScwWOrjellK6ffxkJ+jLtx+4CChfBsz4csKLGHQT8gB397A/6S38PIUAg
mnMIL4azNFgBX10zd/RhjMBOW5oHsu3L3RcExN9ByRQ=
-----END CERTIFICATE-----