Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/HVaPw1M_YmCfOdSIfoGhBode6OA.roa
File:                     HVaPw1M_YmCfOdSIfoGhBode6OA.roa (raw, json)
Hash identifier:          NFiADgwYfdjzr4xYtZMqLrK8mhGhvwOvSflVwe0WuFo=
Subject key identifier:   1D:56:8F:C3:53:3F:62:60:9F:39:D4:88:7E:81:A1:06:87:5E:E8:E0
Certificate issuer:       /CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
Certificate serial:       0191383DDF784C5D34BEAC297325218BA8ED
Authority key identifier: A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/HVaPw1M_YmCfOdSIfoGhBode6OA.roa
Signing time:             Fri 09 Aug 2024 17:44:24 +0000
ROA not before:           Fri 09 Aug 2024 17:44:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        89.22.224.0/21 maxlen: 21
                          89.22.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:38:3d:df:78:4c:5d:34:be:ac:29:73:25:21:8b:a8:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
        Validity
            Not Before: Aug  9 17:44:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d568fc3533f62609f39d4887e81a106875ee8e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:46:27:0d:b7:91:7c:29:76:25:9f:0f:44:3c:
                    6a:96:fe:ae:85:e4:09:42:9b:a3:20:8b:33:c7:0f:
                    71:db:40:a6:eb:ad:f9:57:40:ca:69:88:28:84:d2:
                    f2:be:4a:6f:8c:41:03:1a:d3:fd:f5:3f:94:42:9a:
                    4c:a3:19:97:14:bb:2e:5e:02:75:ca:f3:e2:c1:75:
                    b1:5e:af:9c:88:a1:79:6a:93:b0:e3:f1:b6:cc:75:
                    37:a8:b9:cb:60:b5:bb:84:10:5c:74:db:3d:f9:6b:
                    4e:26:47:96:33:20:b9:fe:d9:e6:f0:48:68:52:66:
                    6e:81:80:c8:56:f0:3b:a9:de:98:92:63:4c:7f:39:
                    6c:7f:4d:5b:9a:91:8f:f8:f0:a6:61:95:ab:f6:90:
                    27:ee:f0:4d:df:12:7b:11:6b:c5:6a:40:eb:25:80:
                    69:15:9a:55:75:bb:03:db:b9:b0:2d:26:3f:0a:2f:
                    b6:64:a1:d8:0c:4c:69:7e:33:7c:6e:4c:5a:52:80:
                    26:52:dc:94:f0:ab:2b:cd:6b:86:a0:46:7f:36:67:
                    77:c5:8d:52:f9:cc:dc:5c:07:5c:c3:0a:fb:9d:d7:
                    20:1a:16:01:ed:de:17:90:06:34:39:51:d5:e5:c6:
                    1d:a2:9d:47:d6:2f:fd:1f:40:dc:e7:44:fc:1f:31:
                    ea:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:56:8F:C3:53:3F:62:60:9F:39:D4:88:7E:81:A1:06:87:5E:E8:E0
            X509v3 Authority Key Identifier:
                keyid:A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/HVaPw1M_YmCfOdSIfoGhBode6OA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.22.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         39:2d:d2:0c:20:45:eb:df:54:48:23:e2:d9:7b:51:be:3c:c6:
         b6:c1:45:96:33:ab:b1:ae:39:0f:b8:e5:7b:02:09:70:94:ab:
         ec:7d:47:e5:61:c5:c5:4d:1d:a6:1e:e8:51:07:f3:ee:b4:a6:
         7e:da:16:66:52:bf:1b:64:68:20:37:ad:55:45:43:58:36:bd:
         ca:ac:9c:5f:38:b7:60:ee:98:37:ee:65:14:71:05:ac:79:9e:
         af:09:4f:78:a8:a3:b8:8b:43:1b:fd:3f:73:0a:54:e7:f8:06:
         80:5f:23:db:47:0c:0f:b3:5c:47:e4:79:87:5e:36:07:9d:ec:
         1c:94:74:98:19:51:d4:4a:71:cd:73:5e:5d:36:a6:09:7f:d5:
         76:dd:eb:49:cb:4b:14:6a:2d:09:27:aa:7c:f9:fa:ff:ba:08:
         02:7a:6a:ef:65:dc:84:34:43:c2:03:b2:75:a0:b5:09:b7:ab:
         31:2c:12:5d:77:fc:8e:3d:66:da:6b:47:2f:48:a4:65:82:4b:
         c3:f1:66:f2:b2:83:ba:de:1c:13:60:28:57:96:49:b6:b9:8a:
         28:7e:c1:64:dc:be:52:33:e8:45:29:f2:6d:47:53:2a:7c:57:
         87:4c:ed:14:47:24:95:03:14:ba:32:a0:1a:02:37:d6:46:e1:
         21:83:4d:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE4Pd94TF00vqwpcyUhi6jtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZDUyY2M4NzA2MDZhM2YzZjMyYzBmZmY5N2NmNjkzMWZh
NjVjYTMwHhcNMjQwODA5MTc0NDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDU2OGZjMzUzM2Y2MjYwOWYzOWQ0ODg3ZTgxYTEwNjg3NWVlOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkYnDbeRfCl2JZ8PRDxqlv6uheQJ
QpujIIszxw9x20Cm6635V0DKaYgohNLyvkpvjEEDGtP99T+UQppMoxmXFLsuXgJ1
yvPiwXWxXq+ciKF5apOw4/G2zHU3qLnLYLW7hBBcdNs9+WtOJkeWMyC5/tnm8Eho
UmZugYDIVvA7qd6YkmNMfzlsf01bmpGP+PCmYZWr9pAn7vBN3xJ7EWvFakDrJYBp
FZpVdbsD27mwLSY/Ci+2ZKHYDExpfjN8bkxaUoAmUtyU8KsrzWuGoEZ/Nmd3xY1S
+czcXAdcwwr7ndcgGhYB7d4XkAY0OVHV5cYdop1H1i/9H0Dc50T8HzHqmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1Wj8NTP2JgnznUiH6BoQaHXujgMB8GA1UdIwQY
MBaAFKjVLMhwYGo/PzLA//l89pMfplyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgt
ZjU1YmM4YWYxNTA2LzEvSFZhUHcxTV9ZbUNmT2RTSWZvR2hCb2RlNk9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgtZjU1YmM4YWYxNTA2
LzEvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWRbgMA0G
CSqGSIb3DQEBCwUAA4IBAQA5LdIMIEXr31RII+LZe1G+PMa2wUWWM6uxrjkPuOV7
AglwlKvsfUflYcXFTR2mHuhRB/PutKZ+2hZmUr8bZGggN61VRUNYNr3KrJxfOLdg
7pg37mUUcQWseZ6vCU94qKO4i0Mb/T9zClTn+AaAXyPbRwwPs1xH5HmHXjYHnewc
lHSYGVHUSnHNc15dNqYJf9V23etJy0sUai0JJ6p8+fr/uggCemrvZdyENEPCA7J1
oLUJt6sxLBJdd/yOPWbaa0cvSKRlgkvD8WbysoO63hwTYChXlkm2uYoofsFk3L5S
M+hFKfJtR1MqfFeHTO0URySVAxS6MqAaAjfWRuEhg003
-----END CERTIFICATE-----