Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/hLpx9n_WcayRIKZ3sUAKK8d1gJA.roa
File:                     hLpx9n_WcayRIKZ3sUAKK8d1gJA.roa (raw, json)
Hash identifier:          vrLIFITuBcFjGVIv3ZoUmEtHR8f5FmtJ+lgB+T4YDxY=
Subject key identifier:   84:BA:71:F6:7F:D6:71:AC:91:20:A6:77:B1:40:0A:2B:C7:75:80:90
Certificate issuer:       /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial:       018CC801369CF3305C855654D2DBA50EA399
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/hLpx9n_WcayRIKZ3sUAKK8d1gJA.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28714
IP address blocks:        129.233.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:36:9c:f3:30:5c:85:56:54:d2:db:a5:0e:a3:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84ba71f67fd671ac9120a677b1400a2bc7758090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a2:f1:ac:87:da:d5:62:74:40:d6:84:2b:1d:
                    c8:71:77:8d:f9:ea:20:7f:fe:3a:c7:d9:e0:dd:68:
                    ae:51:53:39:c3:d1:cd:82:e3:e2:d8:80:6b:35:90:
                    8f:d7:7f:eb:e7:46:a4:d5:d8:d4:b9:5f:b4:8b:67:
                    58:40:6f:c4:12:7a:b8:28:f2:55:8b:fe:af:05:d8:
                    4b:32:df:55:f9:b5:72:12:e9:66:c7:de:a6:c6:09:
                    e4:61:5a:d8:9e:71:e1:38:02:27:c4:5f:9e:54:28:
                    d7:44:41:f3:76:54:f8:45:df:09:5d:78:1f:a6:73:
                    e9:a8:94:b2:c3:8c:76:fc:26:e1:98:9f:e6:b3:84:
                    c9:8f:10:b3:44:9a:2f:c9:9d:c9:8c:ee:eb:4a:ad:
                    76:24:cd:56:89:5a:43:54:78:8c:b6:40:90:c6:7a:
                    3a:90:59:f8:b7:bf:13:32:12:2b:d0:64:d2:d8:c2:
                    27:60:b3:3f:d0:05:55:e9:4d:ea:af:88:a2:8a:7c:
                    bc:10:d6:78:0f:fb:16:a1:5e:d8:54:82:22:d6:b3:
                    f2:0d:9e:e5:02:d4:0d:6c:1e:1d:56:11:2a:e2:88:
                    e8:bf:7b:58:92:f7:8d:92:3d:20:d1:c5:58:4d:17:
                    c1:73:99:14:0d:e8:e4:f1:4c:4a:69:c0:fb:19:a4:
                    ce:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:BA:71:F6:7F:D6:71:AC:91:20:A6:77:B1:40:0A:2B:C7:75:80:90
            X509v3 Authority Key Identifier:
                keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/hLpx9n_WcayRIKZ3sUAKK8d1gJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.233.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:2a:5e:0a:3a:97:9f:97:e7:dc:6b:4e:55:96:a6:67:5b:15:
         98:5b:64:cd:e3:da:46:81:3c:0f:ff:02:2d:d4:45:04:51:ce:
         bd:68:28:32:ca:60:ae:d7:d2:dd:c0:f4:40:04:1a:3f:e5:fe:
         42:07:31:a0:1a:81:15:36:95:86:9f:fe:3d:6e:e5:e1:dd:90:
         48:dd:bb:8b:e9:21:c1:78:e8:3c:da:42:14:49:78:a3:ee:15:
         9a:a3:cb:78:88:22:95:b1:99:c7:bf:5f:58:16:2e:e5:0a:68:
         b2:2b:82:a5:db:7a:cc:6f:92:55:3e:66:cf:58:56:5a:ba:df:
         63:97:5e:a3:95:a6:b5:65:43:2e:b8:e6:b5:ec:ba:8c:0f:53:
         d3:e0:1b:39:13:89:31:d3:5d:df:cd:18:50:6e:ed:22:7d:d8:
         31:d8:ea:4a:8b:4d:0e:61:6c:e2:5b:a7:16:e4:97:0d:44:18:
         db:90:b6:26:51:41:7b:fa:81:8d:c8:57:64:27:62:01:55:cf:
         5f:8a:0d:f1:82:44:5a:c3:64:dd:d9:82:01:d4:c7:57:59:43:
         2e:ab:5d:54:02:04:bc:88:92:52:9c:3b:21:84:cd:56:e6:eb:
         0d:80:43:e5:8f:df:67:4b:12:b2:9e:1e:7f:cd:72:ca:87:42:
         ed:40:98:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATac8zBchVZU0tulDqOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGJhNzFmNjdmZDY3MWFjOTEyMGE2NzdiMTQwMGEyYmM3NzU4MDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqLxrIfa1WJ0QNaEKx3IcXeN+eog
f/46x9ng3WiuUVM5w9HNguPi2IBrNZCP13/r50ak1djUuV+0i2dYQG/EEnq4KPJV
i/6vBdhLMt9V+bVyEulmx96mxgnkYVrYnnHhOAInxF+eVCjXREHzdlT4Rd8JXXgf
pnPpqJSyw4x2/CbhmJ/ms4TJjxCzRJovyZ3JjO7rSq12JM1WiVpDVHiMtkCQxno6
kFn4t78TMhIr0GTS2MInYLM/0AVV6U3qr4iiiny8ENZ4D/sWoV7YVIIi1rPyDZ7l
AtQNbB4dVhEq4ojov3tYkveNkj0g0cVYTRfBc5kUDejk8UxKacD7GaTO0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIS6cfZ/1nGskSCmd7FACivHdYCQMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvaExweDluX1djYXlSSUtaM3NVQUtLOGQxZ0pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgenZMA0G
CSqGSIb3DQEBCwUAA4IBAQAtKl4KOpefl+fca05VlqZnWxWYW2TN49pGgTwP/wIt
1EUEUc69aCgyymCu19LdwPRABBo/5f5CBzGgGoEVNpWGn/49buXh3ZBI3buL6SHB
eOg82kIUSXij7hWao8t4iCKVsZnHv19YFi7lCmiyK4Kl23rMb5JVPmbPWFZaut9j
l16jlaa1ZUMuuOa17LqMD1PT4Bs5E4kx013fzRhQbu0ifdgx2OpKi00OYWziW6cW
5JcNRBjbkLYmUUF7+oGNyFdkJ2IBVc9fig3xgkRaw2Td2YIB1MdXWUMuq11UAgS8
iJJSnDshhM1W5usNgEPlj99nSxKynh5/zXLKh0LtQJiM
-----END CERTIFICATE-----