Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/HWM7xo7xbMHWg9C9kpC63IFCnKk.roa
File:                     HWM7xo7xbMHWg9C9kpC63IFCnKk.roa (raw, json)
Hash identifier:          R3ej26quyXT0H7/5fLPkoZCwcuQJBcNHN639Yh0fzbI=
Subject key identifier:   1D:63:3B:C6:8E:F1:6C:C1:D6:83:D0:BD:92:90:BA:DC:81:42:9C:A9
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       0192DE299A7E0A26BC5BE53CA24B9AC9A68B
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/HWM7xo7xbMHWg9C9kpC63IFCnKk.roa
Signing time:             Wed 30 Oct 2024 16:02:01 +0000
ROA not before:           Wed 30 Oct 2024 16:02:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203499
IP address blocks:        2.59.108.0/22 maxlen: 24
                          2.59.109.0/24 maxlen: 24
                          2.59.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:de:29:9a:7e:0a:26:bc:5b:e5:3c:a2:4b:9a:c9:a6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Oct 30 16:02:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d633bc68ef16cc1d683d0bd9290badc81429ca9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:61:87:48:a7:7d:22:4f:a7:27:a0:8a:f7:e3:
                    53:b7:22:74:85:ad:11:2c:b1:2f:ee:88:c9:f8:ce:
                    96:44:36:45:ee:a5:6d:8b:7e:89:ba:57:01:9d:a6:
                    94:66:1a:d4:7f:c7:32:46:c0:d8:9e:31:1d:94:cb:
                    28:37:d0:92:15:d6:e4:b8:12:8a:89:fe:a6:2b:a1:
                    b2:c2:67:34:75:69:ad:20:4f:09:1e:83:86:62:e4:
                    67:d2:3b:fe:0b:3e:eb:22:ff:dd:82:4a:8b:cb:c3:
                    7c:30:be:53:6b:a9:f9:75:be:22:ec:0c:cf:b8:17:
                    c7:ce:4c:89:32:3d:7b:f8:2a:da:bb:ff:76:af:e8:
                    a1:a5:32:aa:46:fe:c1:30:3a:88:99:e6:83:bc:c4:
                    9c:86:63:da:1f:09:37:20:fe:a9:bd:2a:61:13:9b:
                    93:4a:68:fb:1e:e7:b1:5b:56:aa:af:cc:e4:20:38:
                    d2:e1:21:ac:72:86:3f:8d:1b:a1:e1:6e:e0:95:b5:
                    df:81:d0:c6:52:3b:8f:68:cb:17:5c:75:2e:6d:be:
                    64:c5:6c:59:4d:07:55:97:0d:6e:4b:98:cd:5c:7a:
                    13:e2:84:5d:6e:50:07:a5:a3:bd:63:80:b9:04:3f:
                    ab:aa:b3:30:5e:90:44:6e:b2:74:3d:d2:63:de:91:
                    3d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:63:3B:C6:8E:F1:6C:C1:D6:83:D0:BD:92:90:BA:DC:81:42:9C:A9
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/HWM7xo7xbMHWg9C9kpC63IFCnKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:b3:c0:b4:87:27:ce:07:38:74:6f:42:15:9e:b8:50:16:0c:
         ae:cf:32:1a:cb:a2:4a:8d:ac:b6:6a:1d:13:05:12:ec:c2:3b:
         ae:e5:81:d6:f6:6f:ac:8e:00:fe:9b:63:3b:32:b4:4e:3c:50:
         8a:2b:58:85:2b:39:06:72:1a:45:6e:d0:4f:1d:69:e9:94:2c:
         a9:52:13:f1:32:f2:6f:29:42:76:6b:30:6f:fc:e6:5b:c0:06:
         a9:bc:b2:78:e6:d7:b9:50:2d:64:dc:49:97:0b:24:13:b9:2a:
         4e:2d:af:3b:95:4b:11:0a:4c:29:56:a7:c0:79:9f:35:91:0a:
         4e:5e:34:20:36:fa:c8:bb:a9:9d:59:14:72:f0:9e:c9:e5:d1:
         b1:f2:c1:f3:52:cf:b7:04:82:b0:50:aa:a9:75:a2:5d:b5:d3:
         88:05:e6:d0:d0:5b:e8:f0:98:30:1a:c8:c2:21:09:7c:1c:96:
         31:a1:51:12:07:8e:71:05:ba:f7:96:25:3f:07:b6:ff:34:ae:
         89:92:09:d7:0b:8f:40:30:44:77:9e:aa:45:b1:3e:a6:05:a5:
         f5:b7:7d:09:3a:fc:92:2a:39:ea:f6:cb:33:f5:6b:58:e6:fb:
         aa:64:61:fc:c5:8f:38:1f:e9:09:98:85:6a:d7:ea:49:65:fc:
         b0:31:10:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLeKZp+Cia8W+U8okuayaaLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjQxMDMwMTYwMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDYzM2JjNjhlZjE2Y2MxZDY4M2QwYmQ5MjkwYmFkYzgxNDI5Y2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWGHSKd9Ik+nJ6CK9+NTtyJ0ha0R
LLEv7ojJ+M6WRDZF7qVti36JulcBnaaUZhrUf8cyRsDYnjEdlMsoN9CSFdbkuBKK
if6mK6Gywmc0dWmtIE8JHoOGYuRn0jv+Cz7rIv/dgkqLy8N8ML5Ta6n5db4i7AzP
uBfHzkyJMj17+Crau/92r+ihpTKqRv7BMDqImeaDvMSchmPaHwk3IP6pvSphE5uT
Smj7HuexW1aqr8zkIDjS4SGscoY/jRuh4W7glbXfgdDGUjuPaMsXXHUubb5kxWxZ
TQdVlw1uS5jNXHoT4oRdblAHpaO9Y4C5BD+rqrMwXpBEbrJ0PdJj3pE9FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1jO8aO8WzB1oPQvZKQutyBQpypMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvSFdNN3hvN3hiTUhXZzlDOWtwQzYzSUZDbktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjtsMA0G
CSqGSIb3DQEBCwUAA4IBAQAbs8C0hyfOBzh0b0IVnrhQFgyuzzIay6JKjay2ah0T
BRLswjuu5YHW9m+sjgD+m2M7MrROPFCKK1iFKzkGchpFbtBPHWnplCypUhPxMvJv
KUJ2azBv/OZbwAapvLJ45te5UC1k3EmXCyQTuSpOLa87lUsRCkwpVqfAeZ81kQpO
XjQgNvrIu6mdWRRy8J7J5dGx8sHzUs+3BIKwUKqpdaJdtdOIBebQ0Fvo8JgwGsjC
IQl8HJYxoVESB45xBbr3liU/B7b/NK6JkgnXC49AMER3nqpFsT6mBaX1t30JOvyS
Kjnq9ssz9WtY5vuqZGH8xY84H+kJmIVq1+pJZfywMRBf
-----END CERTIFICATE-----