Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/HILnFlkGd7r6hae5SYoGn16D19s.roa
File:                     HILnFlkGd7r6hae5SYoGn16D19s.roa (raw, json)
Hash identifier:          oIDvIgRBeWLFhg5beBU/3KGIxadZjhz94yFq+V9gSFk=
Subject key identifier:   1C:82:E7:16:59:06:77:BA:FA:85:A7:B9:49:8A:06:9F:5E:83:D7:DB
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D7A93170D86FEF4028723F510AEBCBCE4
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/HILnFlkGd7r6hae5SYoGn16D19s.roa
Signing time:             Mon 05 Feb 2024 18:41:16 +0000
ROA not before:           Mon 05 Feb 2024 18:41:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51659
IP address blocks:        45.129.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7a:93:17:0d:86:fe:f4:02:87:23:f5:10:ae:bc:bc:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  5 18:41:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c82e716590677bafa85a7b9498a069f5e83d7db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:82:53:60:2b:fb:91:b6:15:98:57:96:18:cd:
                    63:ec:4a:de:3d:29:86:64:c5:b7:52:26:b3:88:2b:
                    96:0d:f4:18:50:f3:f1:65:59:c1:6f:ce:16:92:2b:
                    2c:a1:7d:f7:38:92:1f:d7:6f:f5:d9:22:3e:fa:b9:
                    bd:72:de:e5:79:84:b9:0a:89:82:60:33:cc:26:6a:
                    5c:e7:10:b3:c9:d5:ab:64:49:09:63:74:0c:c2:6f:
                    2d:64:98:0c:5a:be:d1:67:74:91:22:07:a1:b5:1e:
                    e6:f9:32:8c:c1:ce:cc:f8:30:be:db:06:84:4b:99:
                    f5:a4:90:0b:53:33:c8:70:60:0f:c1:2c:f1:09:e7:
                    84:95:08:39:c1:b4:ee:8c:8a:7f:d8:fd:e6:52:4d:
                    02:39:31:66:11:1a:4b:98:16:57:6a:43:77:0b:f1:
                    fa:e2:94:7c:f9:dc:5b:4f:9b:b8:fd:5f:60:72:4a:
                    53:db:50:61:fb:c7:cb:78:91:34:d2:60:03:9f:0f:
                    e7:c6:db:0d:9b:d7:77:ae:ef:8a:6d:af:cb:12:23:
                    13:bf:68:84:78:89:a8:ba:2a:2e:fb:6a:a8:69:60:
                    38:4d:c2:ca:03:b5:5e:e0:93:61:c0:99:b8:bc:81:
                    4c:f2:91:3e:9f:59:de:e6:55:03:a0:93:d5:6e:10:
                    80:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:82:E7:16:59:06:77:BA:FA:85:A7:B9:49:8A:06:9F:5E:83:D7:DB
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/HILnFlkGd7r6hae5SYoGn16D19s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:b2:d4:73:46:e1:e8:57:67:b6:d6:4b:22:75:79:c6:6a:18:
         a0:7d:c8:e4:86:1d:e8:aa:77:3c:32:94:1a:79:55:34:dd:1e:
         95:c3:11:18:9a:a1:0e:9e:61:33:e2:0b:33:b9:18:bf:49:50:
         25:b7:37:7a:1d:ec:e4:25:47:36:73:f6:68:20:4f:d0:ed:dd:
         8e:28:e2:b9:c2:ec:70:08:cd:c8:b4:04:8a:a1:86:98:17:3d:
         44:62:31:ff:5a:1d:72:71:03:09:90:53:d9:78:22:8e:a2:e2:
         21:ff:88:4a:0d:75:6a:2e:00:c9:3c:76:1d:24:35:ac:b8:5d:
         e4:60:a8:f0:51:cc:6f:ef:f8:0e:92:84:e4:2c:ba:1b:9d:db:
         7a:ad:3a:04:21:4a:af:5f:76:71:42:f1:ff:6b:74:1b:1d:c1:
         d8:1f:09:8e:d4:60:26:41:a8:64:38:f3:89:7b:ff:a6:98:cc:
         01:e7:6d:6d:6d:b6:5d:aa:f3:55:cd:7f:f4:a9:44:3f:b3:66:
         29:21:18:95:48:49:6c:b3:02:52:41:a9:46:03:4c:f7:9d:5f:
         1d:ae:73:a6:91:b7:08:40:81:1c:76:76:53:df:98:12:e5:47:
         c4:46:ee:87:fe:1c:97:63:21:4f:84:2a:3c:00:61:fe:c6:d2:
         06:6b:63:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY16kxcNhv70Aocj9RCuvLzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjA1MTg0MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzgyZTcxNjU5MDY3N2JhZmE4NWE3Yjk0OThhMDY5ZjVlODNkN2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoJTYCv7kbYVmFeWGM1j7ErePSmG
ZMW3UiaziCuWDfQYUPPxZVnBb84WkissoX33OJIf12/12SI++rm9ct7leYS5ComC
YDPMJmpc5xCzydWrZEkJY3QMwm8tZJgMWr7RZ3SRIgehtR7m+TKMwc7M+DC+2waE
S5n1pJALUzPIcGAPwSzxCeeElQg5wbTujIp/2P3mUk0COTFmERpLmBZXakN3C/H6
4pR8+dxbT5u4/V9gckpT21Bh+8fLeJE00mADnw/nxtsNm9d3ru+Kba/LEiMTv2iE
eImouiou+2qoaWA4TcLKA7Ve4JNhwJm4vIFM8pE+n1ne5lUDoJPVbhCAqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByC5xZZBne6+oWnuUmKBp9eg9fbMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvSElMbkZsa0dkN3I2aGFlNVNZb0duMTZEMTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYECMA0G
CSqGSIb3DQEBCwUAA4IBAQANstRzRuHoV2e21ksidXnGahigfcjkhh3oqnc8MpQa
eVU03R6VwxEYmqEOnmEz4gszuRi/SVAltzd6HezkJUc2c/ZoIE/Q7d2OKOK5wuxw
CM3ItASKoYaYFz1EYjH/Wh1ycQMJkFPZeCKOouIh/4hKDXVqLgDJPHYdJDWsuF3k
YKjwUcxv7/gOkoTkLLobndt6rToEIUqvX3ZxQvH/a3QbHcHYHwmO1GAmQahkOPOJ
e/+mmMwB521tbbZdqvNVzX/0qUQ/s2YpIRiVSElsswJSQalGA0z3nV8drnOmkbcI
QIEcdnZT35gS5UfERu6H/hyXYyFPhCo8AGH+xtIGa2MW
-----END CERTIFICATE-----