Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hmab6__F2XjPI4pz-S7ZDMsGfQ8.roa
File:                     hmab6__F2XjPI4pz-S7ZDMsGfQ8.roa (raw, json)
Hash identifier:          VKioes1rRTD3dBB9IXmj0I4YiJbzOl3bkffS8nKiVMw=
Subject key identifier:   86:66:9B:EB:FF:C5:D9:78:CF:23:8A:73:F9:2E:D9:0C:CB:06:7D:0F
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       0194282671B3F5CDF905FF47E1BBA7A169BE
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hmab6__F2XjPI4pz-S7ZDMsGfQ8.roa
Signing time:             Thu 02 Jan 2025 17:53:15 +0000
ROA not before:           Thu 02 Jan 2025 17:53:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        89.249.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:71:b3:f5:cd:f9:05:ff:47:e1:bb:a7:a1:69:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86669bebffc5d978cf238a73f92ed90ccb067d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:36:5c:f2:00:e7:59:99:a0:c1:00:da:66:15:
                    0c:6c:b7:3c:55:f5:2a:eb:22:35:87:19:00:f9:40:
                    fb:0e:d5:7b:b5:46:de:f1:a2:7f:ae:ad:c2:d0:4f:
                    30:61:8f:2f:01:2e:d9:8e:3a:b3:e2:43:6b:67:56:
                    9c:a2:49:2a:b2:bd:4c:fd:86:c0:2e:c4:82:87:b4:
                    74:b2:06:52:ff:5e:62:cd:43:27:bd:ae:13:df:69:
                    bb:0f:cf:6a:17:00:d2:05:c9:8f:e0:a3:18:f3:7a:
                    08:37:04:c0:39:74:72:ce:15:49:bd:c9:7d:30:8b:
                    41:16:21:1b:95:73:30:30:52:c9:a0:2a:c8:f1:cb:
                    47:62:66:59:bb:58:bc:4b:af:8e:77:00:96:ac:d7:
                    8b:d3:2d:a9:ef:0e:11:10:d6:1a:6d:2e:8b:ef:72:
                    83:38:b4:1f:95:44:40:34:40:53:14:54:95:5e:68:
                    f4:11:25:5c:b6:c9:9d:ee:d8:37:6c:70:37:4b:3c:
                    c4:4e:bf:68:fe:3d:e3:81:9e:1e:03:47:a6:24:4a:
                    da:d0:d3:65:d0:51:bd:d4:30:dc:81:97:ed:20:32:
                    b5:61:4e:00:4a:f5:b6:f2:0b:ce:05:ad:c2:72:85:
                    11:dc:e4:9c:1d:b3:09:1e:1d:db:22:cb:7e:31:f1:
                    87:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:66:9B:EB:FF:C5:D9:78:CF:23:8A:73:F9:2E:D9:0C:CB:06:7D:0F
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/hmab6__F2XjPI4pz-S7ZDMsGfQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:48:da:74:ae:15:44:54:f3:d9:15:7d:a4:6d:f5:3a:19:17:
         1a:8c:07:a5:7e:7d:19:f7:30:d2:80:0e:b0:19:2f:81:fe:88:
         aa:dc:c6:f4:33:c0:0e:f9:53:51:ad:83:fc:1b:c8:d2:07:49:
         a0:88:34:35:b5:dd:4d:d3:42:2a:ed:00:6f:0b:57:62:f1:be:
         1a:d3:f4:42:b5:ed:e4:b2:40:fa:92:5c:76:b3:ad:ab:dd:03:
         cf:ac:68:c5:92:1f:f5:89:95:b7:1f:a3:18:91:ce:23:19:fd:
         c1:79:28:8a:df:0c:5b:3c:92:9d:6e:10:61:6a:27:b7:cb:00:
         cb:70:2d:c8:1e:2e:30:3b:b7:14:55:5c:4b:42:5f:07:36:ea:
         31:f6:93:8c:27:98:4e:c9:76:a6:9b:d2:fc:3b:e4:69:0c:49:
         9a:3d:ab:9a:eb:e3:2d:47:d0:b0:2a:49:56:29:fc:52:4e:ab:
         36:fa:97:cf:8c:b2:1f:f8:98:e3:71:44:f7:14:b4:9d:a9:44:
         99:94:69:94:c3:53:80:26:5f:e9:96:fe:9c:fd:78:57:37:d5:
         1c:f9:7d:e9:c9:7d:d5:29:99:b2:3b:65:e0:bb:20:f7:90:af:
         5c:8d:14:51:2a:44:b2:d1:60:80:fe:c4:89:b5:3c:73:b6:96:
         12:16:09:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJnGz9c35Bf9H4bunoWm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY2OWJlYmZmYzVkOTc4Y2YyMzhhNzNmOTJlZDkwY2NiMDY3ZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzZc8gDnWZmgwQDaZhUMbLc8VfUq
6yI1hxkA+UD7DtV7tUbe8aJ/rq3C0E8wYY8vAS7Zjjqz4kNrZ1acokkqsr1M/YbA
LsSCh7R0sgZS/15izUMnva4T32m7D89qFwDSBcmP4KMY83oINwTAOXRyzhVJvcl9
MItBFiEblXMwMFLJoCrI8ctHYmZZu1i8S6+OdwCWrNeL0y2p7w4RENYabS6L73KD
OLQflURANEBTFFSVXmj0ESVctsmd7tg3bHA3SzzETr9o/j3jgZ4eA0emJEra0NNl
0FG91DDcgZftIDK1YU4ASvW28gvOBa3CcoUR3OScHbMJHh3bIst+MfGH0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZmm+v/xdl4zyOKc/ku2QzLBn0PMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvaG1hYjZfX0YyWGpQSTRwei1TN1pETXNHZlE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnKMA0G
CSqGSIb3DQEBCwUAA4IBAQCpSNp0rhVEVPPZFX2kbfU6GRcajAelfn0Z9zDSgA6w
GS+B/oiq3Mb0M8AO+VNRrYP8G8jSB0mgiDQ1td1N00Iq7QBvC1di8b4a0/RCte3k
skD6klx2s62r3QPPrGjFkh/1iZW3H6MYkc4jGf3BeSiK3wxbPJKdbhBhaie3ywDL
cC3IHi4wO7cUVVxLQl8HNuox9pOMJ5hOyXamm9L8O+RpDEmaPaua6+MtR9CwKklW
KfxSTqs2+pfPjLIf+JjjcUT3FLSdqUSZlGmUw1OAJl/plv6c/XhXN9Uc+X3pyX3V
KZmyO2XguyD3kK9cjRRRKkSy0WCA/sSJtTxztpYSFgkN
-----END CERTIFICATE-----