Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/HBPcfyJ67WoZ0_lWemV3kbQcN1w.roa
File:                     HBPcfyJ67WoZ0_lWemV3kbQcN1w.roa (raw, json)
Hash identifier:          e07YXr0pitztXt3vGoJaRLbsDXOqIDq6lBwwACaXHYc=
Subject key identifier:   1C:13:DC:7F:22:7A:ED:6A:19:D3:F9:56:7A:65:77:91:B4:1C:37:5C
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018D9D9EFFDB5E59BF01C8AE949328142460
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/HBPcfyJ67WoZ0_lWemV3kbQcN1w.roa
Signing time:             Mon 12 Feb 2024 14:00:59 +0000
ROA not before:           Mon 12 Feb 2024 14:00:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        45.134.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:9e:ff:db:5e:59:bf:01:c8:ae:94:93:28:14:24:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Feb 12 14:00:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c13dc7f227aed6a19d3f9567a657791b41c375c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ef:31:f3:08:da:70:b5:df:3e:f4:0a:02:0d:
                    33:5c:d0:52:74:2d:19:45:e2:ac:62:f2:25:37:b2:
                    32:57:52:08:e6:fd:fc:e4:94:b7:33:7a:75:eb:5a:
                    52:28:af:6c:3c:ce:21:59:47:36:7a:59:2f:4a:06:
                    47:67:54:4c:06:ad:5e:fa:18:89:33:3d:a8:b5:bb:
                    9c:bc:e5:55:5c:6e:11:41:ee:7e:c1:f6:53:c3:4b:
                    eb:bd:d6:cb:32:1b:60:fb:6e:15:32:09:5c:66:22:
                    b5:94:29:74:56:89:b2:b7:3f:56:96:3b:6c:41:22:
                    e9:9f:9a:b2:e6:f7:d4:ce:07:c1:79:76:dd:22:b3:
                    d5:29:4f:14:0a:e8:6f:be:48:87:f3:ef:a6:d6:83:
                    7d:c5:77:0f:56:df:27:db:db:1b:ea:d5:ef:a6:73:
                    df:18:1e:dd:71:3a:2b:4a:5f:e6:ef:27:5a:92:f3:
                    09:72:c3:ac:79:aa:0a:e9:fc:a4:27:1a:2c:63:0a:
                    20:09:4d:a1:ec:36:46:48:4f:e8:0a:a8:43:eb:9c:
                    7a:5f:19:bf:58:24:d7:e0:fc:9e:b8:af:e2:00:34:
                    c3:41:ee:12:64:5f:e7:bc:3b:81:c0:6a:3e:08:fc:
                    43:28:38:d4:49:e9:76:64:06:7c:94:57:85:15:e0:
                    ba:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:13:DC:7F:22:7A:ED:6A:19:D3:F9:56:7A:65:77:91:B4:1C:37:5C
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/HBPcfyJ67WoZ0_lWemV3kbQcN1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:53:ab:8b:7a:10:1b:0b:7e:f6:5b:c3:d6:e4:67:17:d4:c7:
         cd:5b:0d:4d:a4:e7:ae:54:33:d4:41:3d:fa:c5:a3:97:62:ed:
         3a:fc:ac:11:66:04:15:ff:07:38:4e:07:1f:ae:5b:b8:80:c9:
         48:07:d8:25:e6:91:54:a0:5b:49:0d:79:c4:de:f4:7d:32:be:
         46:7a:cf:ad:8a:71:50:d4:b7:24:93:fd:e3:ac:8d:2e:f6:09:
         85:51:1a:b9:76:ed:1e:d8:5e:a8:e6:36:78:b7:cd:b1:df:66:
         0b:60:18:87:67:58:de:3c:a9:42:4d:79:1e:3d:a5:e4:9e:59:
         00:1c:b7:0e:30:13:0b:89:28:3a:5f:02:0c:2d:7e:be:a8:2d:
         4f:4c:25:51:c7:6c:d2:b2:70:fe:00:02:e1:42:38:29:8d:59:
         42:b8:34:7d:ce:b5:52:7b:77:cc:a9:6f:9e:2b:7e:bc:98:ac:
         51:dc:35:78:2a:a8:5e:71:9b:70:a9:e9:db:26:5f:17:2f:9a:
         44:fd:65:29:5b:a1:73:b9:f1:14:86:bb:93:d9:c2:58:6f:8d:
         b4:09:f7:85:11:56:a7:a2:34:1b:ea:6a:c4:a7:af:e0:80:6d:
         9f:7a:d5:15:b1:a6:e7:b2:41:b0:b3:e6:05:96:83:7e:b9:df:
         bd:27:c7:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2dnv/bXlm/AciulJMoFCRgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMjEyMTQwMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzEzZGM3ZjIyN2FlZDZhMTlkM2Y5NTY3YTY1Nzc5MWI0MWMzNzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+8x8wjacLXfPvQKAg0zXNBSdC0Z
ReKsYvIlN7IyV1II5v385JS3M3p161pSKK9sPM4hWUc2elkvSgZHZ1RMBq1e+hiJ
Mz2otbucvOVVXG4RQe5+wfZTw0vrvdbLMhtg+24VMglcZiK1lCl0Vomytz9Wljts
QSLpn5qy5vfUzgfBeXbdIrPVKU8UCuhvvkiH8++m1oN9xXcPVt8n29sb6tXvpnPf
GB7dcTorSl/m7ydakvMJcsOseaoK6fykJxosYwogCU2h7DZGSE/oCqhD65x6Xxm/
WCTX4PyeuK/iADTDQe4SZF/nvDuBwGo+CPxDKDjUSel2ZAZ8lFeFFeC6KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwT3H8ieu1qGdP5Vnpld5G0HDdcMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvSEJQY2Z5SjY3V29aMF9sV2VtVjNrYlFjTjF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYYVMA0G
CSqGSIb3DQEBCwUAA4IBAQCuU6uLehAbC372W8PW5GcX1MfNWw1NpOeuVDPUQT36
xaOXYu06/KwRZgQV/wc4Tgcfrlu4gMlIB9gl5pFUoFtJDXnE3vR9Mr5Ges+tinFQ
1Lckk/3jrI0u9gmFURq5du0e2F6o5jZ4t82x32YLYBiHZ1jePKlCTXkePaXknlkA
HLcOMBMLiSg6XwIMLX6+qC1PTCVRx2zSsnD+AALhQjgpjVlCuDR9zrVSe3fMqW+e
K368mKxR3DV4KqhecZtwqenbJl8XL5pE/WUpW6FzufEUhruT2cJYb420CfeFEVan
ojQb6mrEp6/ggG2fetUVsabnskGws+YFloN+ud+9J8cf
-----END CERTIFICATE-----