Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/HLR-fOPDFUviNISkoimXAQ654cE.roa
File:                     HLR-fOPDFUviNISkoimXAQ654cE.roa (raw, json)
Hash identifier:          U05btgtoG6dZl0Miy3fGG6xmv9IJnzEWAjDR3vpcEvE=
Subject key identifier:   1C:B4:7E:7C:E3:C3:15:4B:E2:34:84:A4:A2:29:97:01:0E:B9:E1:C1
Certificate issuer:       /CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
Certificate serial:       0191BDC0501F016A89BA564FF6346A6E4238
Authority key identifier: 69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/HLR-fOPDFUviNISkoimXAQ654cE.roa
Signing time:             Wed 04 Sep 2024 15:56:22 +0000
ROA not before:           Wed 04 Sep 2024 15:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209294
IP address blocks:        2a01:e281:a400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 20:25:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:c0:50:1f:01:6a:89:ba:56:4f:f6:34:6a:6e:42:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69dbe1e7d9e87d68701a4035a76c51bfecd88d81
        Validity
            Not Before: Sep  4 15:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cb47e7ce3c3154be23484a4a22997010eb9e1c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:12:b1:be:d3:c4:b1:07:b6:d3:ec:4e:7b:95:
                    26:34:61:a4:60:f0:b4:ea:17:a0:1d:43:d3:ed:d7:
                    b7:80:88:89:38:4a:19:96:8d:14:43:63:9c:d5:f0:
                    54:68:d7:0e:ea:9a:2d:63:78:71:8f:67:dd:de:7e:
                    3e:62:a2:0c:a0:97:57:9a:cf:46:89:33:24:3a:95:
                    4a:0a:8e:3e:1e:b4:b2:a6:6f:00:68:96:56:93:de:
                    6e:a5:b1:1a:7f:47:32:94:6f:5b:1a:6a:28:d6:da:
                    25:1c:e6:ae:34:f3:8d:34:71:51:85:55:1e:c0:9f:
                    34:6b:89:57:e6:1c:71:93:45:c3:2d:06:9c:7d:26:
                    e3:ca:0c:f6:63:69:21:68:67:df:72:4e:2e:99:67:
                    61:58:8d:38:5c:7d:ba:3c:9a:71:a3:4e:00:3c:19:
                    93:3d:2a:f2:72:41:44:cf:c4:c7:04:6e:f4:c6:8f:
                    af:2f:ce:46:0b:26:b0:fc:52:6f:e8:0e:bb:f1:7f:
                    5a:b5:d7:90:5e:e3:9e:9d:ff:fd:95:aa:ad:87:fa:
                    89:f9:8b:20:4a:32:4f:6a:78:73:81:4e:10:71:3e:
                    d6:de:50:f1:ec:46:18:e2:5c:c8:15:c7:45:94:16:
                    4c:6d:7f:01:ca:d4:5d:4f:7a:fa:f6:ba:f3:48:d0:
                    40:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B4:7E:7C:E3:C3:15:4B:E2:34:84:A4:A2:29:97:01:0E:B9:E1:C1
            X509v3 Authority Key Identifier:
                keyid:69:DB:E1:E7:D9:E8:7D:68:70:1A:40:35:A7:6C:51:BF:EC:D8:8D:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/advh59nofWhwGkA1p2xRv-zYjYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/HLR-fOPDFUviNISkoimXAQ654cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/727015-e14e-4d41-b05b-8d94553b75e1/1/advh59nofWhwGkA1p2xRv-zYjYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:e281:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:66:63:ac:8a:ce:4e:17:14:d8:27:1c:0d:23:fd:d5:92:33:
         65:76:e2:48:74:6e:93:d3:d9:ad:df:f2:72:6a:61:1c:4f:2e:
         3e:b8:7d:5b:68:93:f2:83:9a:d5:b7:64:87:12:a7:ee:8c:54:
         c1:a1:7f:81:93:b9:b2:9f:70:21:82:40:9d:fa:5d:ad:08:b9:
         78:57:cf:48:ef:f4:2c:95:14:ba:5e:57:ae:97:04:8a:84:0f:
         bb:2e:02:b8:d9:eb:e3:38:96:7d:44:79:bb:f1:35:83:5f:da:
         bd:63:eb:79:26:95:86:d2:4a:9c:cd:69:df:93:a3:a5:e5:93:
         cd:a1:52:64:9d:62:87:42:65:af:09:ef:02:c8:d7:52:2e:0b:
         1d:48:86:b0:9a:8b:d3:60:19:ac:16:d3:df:6e:4e:1d:6c:f6:
         f9:7a:37:1f:42:8e:ba:e7:70:97:d4:9e:b4:6c:0c:e0:8b:9d:
         b6:a8:58:62:64:21:df:a9:f0:37:4a:47:8d:de:1a:c2:e2:36:
         2f:f6:27:16:09:ab:74:e5:05:78:f7:0c:c6:5c:d2:61:2b:e2:
         3b:8c:6a:9e:81:8a:62:5c:26:3e:8b:b8:73:61:43:2c:35:6e:
         cb:16:4f:5d:4a:c2:15:f0:2f:70:a3:c2:eb:90:8a:89:f0:43:
         67:5f:b5:c9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZG9wFAfAWqJulZP9jRqbkI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZGJlMWU3ZDllODdkNjg3MDFhNDAzNWE3NmM1MWJmZWNk
ODhkODEwHhcNMjQwOTA0MTU1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I0N2U3Y2UzYzMxNTRiZTIzNDg0YTRhMjI5OTcwMTBlYjllMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxKxvtPEsQe20+xOe5UmNGGkYPC0
6hegHUPT7de3gIiJOEoZlo0UQ2Oc1fBUaNcO6potY3hxj2fd3n4+YqIMoJdXms9G
iTMkOpVKCo4+HrSypm8AaJZWk95upbEaf0cylG9bGmoo1tolHOauNPONNHFRhVUe
wJ80a4lX5hxxk0XDLQacfSbjygz2Y2khaGffck4umWdhWI04XH26PJpxo04APBmT
PSryckFEz8THBG70xo+vL85GCyaw/FJv6A678X9atdeQXuOenf/9laqth/qJ+Ysg
SjJPanhzgU4QcT7W3lDx7EYY4lzIFcdFlBZMbX8BytRdT3r69rrzSNBAuwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBy0fnzjwxVL4jSEpKIplwEOueHBMB8GA1UdIwQY
MBaAFGnb4efZ6H1ocBpANadsUb/s2I2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWIt
OGQ5NDU1M2I3NWUxLzEvSExSLWZPUERGVXZpTklTa29pbVhBUTY1NGNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83MjcwMTUtZTE0ZS00ZDQxLWIwNWItOGQ5NDU1M2I3NWUx
LzEvYWR2aDU5bm9mV2h3R2tBMXAyeFJ2LXpZallFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgHigaQw
DQYJKoZIhvcNAQELBQADggEBAMJmY6yKzk4XFNgnHA0j/dWSM2V24kh0bpPT2a3f
8nJqYRxPLj64fVtok/KDmtW3ZIcSp+6MVMGhf4GTubKfcCGCQJ36Xa0IuXhXz0jv
9CyVFLpeV66XBIqED7suArjZ6+M4ln1EebvxNYNf2r1j63kmlYbSSpzNad+To6Xl
k82hUmSdYodCZa8J7wLI11IuCx1IhrCai9NgGawW099uTh1s9vl6Nx9CjrrncJfU
nrRsDOCLnbaoWGJkId+p8DdKR43eGsLiNi/2JxYJq3TlBXj3DMZc0mEr4juMap6B
imJcJj6LuHNhQyw1bssWT11KwhXwL3CjwuuQionwQ2dftck=
-----END CERTIFICATE-----