Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/hlmaKR0IwWpvUFK5sNXUdHYBMsk.roa
File:                     hlmaKR0IwWpvUFK5sNXUdHYBMsk.roa (raw, json)
Hash identifier:          wEzb/Aa54fgdvbZU/lyU/5U8Twa1DZ66dwj2lEbQ5Go=
Subject key identifier:   86:59:9A:29:1D:08:C1:6A:6F:50:52:B9:B0:D5:D4:74:76:01:32:C9
Certificate issuer:       /CN=46d9a0a4b57a0eec7c4e52a119db4b1c656f4db4
Certificate serial:       018CC5005EB3AA1A5CBB6A77504058F4C2C6
Authority key identifier: 46:D9:A0:A4:B5:7A:0E:EC:7C:4E:52:A1:19:DB:4B:1C:65:6F:4D:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/hlmaKR0IwWpvUFK5sNXUdHYBMsk.roa
Signing time:             Mon 01 Jan 2024 12:29:44 +0000
ROA not before:           Mon 01 Jan 2024 12:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        83.137.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:5e:b3:aa:1a:5c:bb:6a:77:50:40:58:f4:c2:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46d9a0a4b57a0eec7c4e52a119db4b1c656f4db4
        Validity
            Not Before: Jan  1 12:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86599a291d08c16a6f5052b9b0d5d474760132c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:1e:01:9c:5f:7e:b7:a2:b5:81:8d:ef:d1:5a:
                    50:b5:c1:28:66:85:10:1b:17:c6:6a:a8:c1:30:7c:
                    73:83:2f:ab:fa:bd:ed:07:d4:ce:ac:15:30:d5:72:
                    c5:88:bb:e8:ad:5d:a2:8d:b7:c2:55:69:99:30:aa:
                    d7:94:6f:a2:86:f4:96:4b:a6:59:7f:de:8a:6b:f2:
                    78:00:1f:86:b7:f0:e8:7f:da:6a:9e:13:95:90:13:
                    d1:f5:53:db:54:e0:73:b4:6b:e3:bf:5c:fe:42:c8:
                    08:b2:47:56:07:d6:a3:e4:f8:d0:f2:e0:0a:d7:a3:
                    98:46:14:2a:9b:d9:72:f4:5b:e7:af:91:78:89:32:
                    fd:4e:73:27:20:88:6e:61:1c:e6:9f:65:94:71:78:
                    36:85:19:05:b6:f6:fa:98:23:2e:77:cc:0e:a7:62:
                    a9:59:a2:04:5d:23:e3:07:74:65:48:ca:74:1a:b0:
                    98:7e:9f:5d:cb:73:f8:3b:50:07:51:d0:29:ab:18:
                    a5:d0:19:7e:90:0f:6b:f0:30:52:a8:d1:a7:ba:eb:
                    28:9d:20:ef:13:98:53:ee:16:b0:a6:3a:6d:3f:3a:
                    22:43:5d:0e:bc:af:56:6d:96:a8:4d:fb:23:f2:f3:
                    39:ca:15:3d:f3:92:c5:dc:5d:10:c7:11:c1:b4:20:
                    fe:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:59:9A:29:1D:08:C1:6A:6F:50:52:B9:B0:D5:D4:74:76:01:32:C9
            X509v3 Authority Key Identifier:
                keyid:46:D9:A0:A4:B5:7A:0E:EC:7C:4E:52:A1:19:DB:4B:1C:65:6F:4D:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/hlmaKR0IwWpvUFK5sNXUdHYBMsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/673b1d-6d14-4df5-99ad-2ee2b7295dff/1/RtmgpLV6Dux8TlKhGdtLHGVvTbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:2f:5b:f3:13:7b:c9:8f:3a:a9:af:9b:b4:2f:ed:2f:25:86:
         5f:dd:63:f3:b9:3e:fb:07:e7:89:c2:0b:89:c5:6d:c2:72:75:
         bb:c6:e7:9a:39:a8:d4:c7:eb:7e:71:63:98:60:fb:94:8c:2f:
         1f:72:fc:d4:e4:12:87:f2:1a:38:3a:b2:7a:43:eb:e9:f8:6a:
         67:b3:01:9e:33:44:71:ce:8b:f4:76:39:de:5b:74:1a:6b:50:
         6f:2e:59:d8:33:a2:80:57:4b:63:bd:f1:ab:80:af:67:0a:e4:
         e7:58:fd:8f:86:99:40:81:5b:7f:a2:b4:de:65:de:31:9a:99:
         3f:52:81:9f:55:e2:01:54:28:c2:ec:bb:c5:a7:e9:11:79:aa:
         8b:b0:44:9a:f9:25:c2:57:6e:7e:1d:18:97:0c:45:b0:a6:97:
         6b:7a:17:63:fd:82:c4:0d:e8:f3:b6:9e:7e:3c:02:6f:2a:34:
         1a:92:e2:90:83:3c:78:8f:b7:55:ff:4a:d4:d3:37:3a:bb:f8:
         06:b2:a5:84:e5:e8:1d:d8:fd:e5:54:f7:52:d0:9b:07:83:3f:
         b9:72:2a:7e:38:73:c8:15:81:4f:bd:18:3a:ad:db:7b:02:9d:
         08:52:b4:c7:b0:c5:be:89:92:16:43:df:8b:03:81:0d:52:20:
         53:97:08:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAF6zqhpcu2p3UEBY9MLGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZDlhMGE0YjU3YTBlZWM3YzRlNTJhMTE5ZGI0YjFjNjU2
ZjRkYjQwHhcNMjQwMTAxMTIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjU5OWEyOTFkMDhjMTZhNmY1MDUyYjliMGQ1ZDQ3NDc2MDEzMmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgh4BnF9+t6K1gY3v0VpQtcEoZoUQ
GxfGaqjBMHxzgy+r+r3tB9TOrBUw1XLFiLvorV2ijbfCVWmZMKrXlG+ihvSWS6ZZ
f96Ka/J4AB+Gt/Dof9pqnhOVkBPR9VPbVOBztGvjv1z+QsgIskdWB9aj5PjQ8uAK
16OYRhQqm9ly9Fvnr5F4iTL9TnMnIIhuYRzmn2WUcXg2hRkFtvb6mCMud8wOp2Kp
WaIEXSPjB3RlSMp0GrCYfp9dy3P4O1AHUdApqxil0Bl+kA9r8DBSqNGnuusonSDv
E5hT7hawpjptPzoiQ10OvK9WbZaoTfsj8vM5yhU985LF3F0QxxHBtCD+jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZZmikdCMFqb1BSubDV1HR2ATLJMB8GA1UdIwQY
MBaAFEbZoKS1eg7sfE5SoRnbSxxlb020MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnRtZ3BMVjZEdXg4VGxLaEdkdExIR1Z2VGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS82NzNiMWQtNmQxNC00ZGY1LTk5YWQt
MmVlMmI3Mjk1ZGZmLzEvaGxtYUtSMEl3V3B2VUZLNXNOWFVkSFlCTXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS82NzNiMWQtNmQxNC00ZGY1LTk5YWQtMmVlMmI3Mjk1ZGZm
LzEvUnRtZ3BMVjZEdXg4VGxLaEdkdExIR1Z2VGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU4n1MA0G
CSqGSIb3DQEBCwUAA4IBAQBKL1vzE3vJjzqpr5u0L+0vJYZf3WPzuT77B+eJwguJ
xW3CcnW7xueaOajUx+t+cWOYYPuUjC8fcvzU5BKH8ho4OrJ6Q+vp+GpnswGeM0Rx
zov0djneW3Qaa1BvLlnYM6KAV0tjvfGrgK9nCuTnWP2PhplAgVt/orTeZd4xmpk/
UoGfVeIBVCjC7LvFp+kReaqLsESa+SXCV25+HRiXDEWwppdrehdj/YLEDejztp5+
PAJvKjQakuKQgzx4j7dV/0rU0zc6u/gGsqWE5egd2P3lVPdS0JsHgz+5cip+OHPI
FYFPvRg6rdt7Ap0IUrTHsMW+iZIWQ9+LA4ENUiBTlwhA
-----END CERTIFICATE-----