Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/HkYWxsMLQeA0Bqj5QYfWhviq8sg.roa
File:                     HkYWxsMLQeA0Bqj5QYfWhviq8sg.roa (raw, json)
Hash identifier:          Lm5Bfe4rbihiE/y9Oo6Eh1uZbgfyI2CaQ3IqYGwgJ7E=
Subject key identifier:   1E:46:16:C6:C3:0B:41:E0:34:06:A8:F9:41:87:D6:86:F8:AA:F2:C8
Certificate issuer:       /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial:       019275924097EDE13263B2156082E8AC6FF7
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/HkYWxsMLQeA0Bqj5QYfWhviq8sg.roa
Signing time:             Thu 10 Oct 2024 08:36:11 +0000
ROA not before:           Thu 10 Oct 2024 08:36:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198128
IP address blocks:        193.207.32.0/21 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:75:92:40:97:ed:e1:32:63:b2:15:60:82:e8:ac:6f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
        Validity
            Not Before: Oct 10 08:36:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e4616c6c30b41e03406a8f94187d686f8aaf2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b7:85:bb:d8:e7:11:6c:82:4c:12:18:00:97:
                    03:1c:f5:5a:56:09:d0:25:ed:5c:28:d6:e5:46:c9:
                    df:1b:96:2f:38:43:b2:6a:b8:5b:97:c7:18:eb:72:
                    dc:e0:23:9a:bb:2f:7a:a1:b2:25:1f:4b:33:6b:26:
                    d7:49:71:10:45:d4:7b:98:cd:c1:82:ec:d2:b9:ec:
                    93:ba:fd:9f:ae:79:82:1b:5d:bd:5b:ec:87:48:11:
                    49:2e:e6:fd:ca:93:9a:16:d3:59:6a:55:82:b9:ca:
                    e8:36:e5:c8:6b:77:93:06:7f:4d:f4:4a:60:d9:af:
                    44:a2:3b:e9:74:23:41:8b:46:85:68:7c:5c:29:ad:
                    ba:21:08:df:9b:d7:aa:0c:e6:fc:b5:7a:55:a9:0f:
                    fc:15:47:b8:8b:09:b7:f2:4e:2e:d1:6e:d9:18:4b:
                    22:b8:38:5d:a4:93:0b:23:7a:7b:e9:ed:63:90:a8:
                    2b:7f:59:00:18:6b:b3:73:be:ec:66:e7:61:ec:f3:
                    bb:b8:bd:9a:dc:91:4f:83:d9:a9:67:4d:7d:58:e6:
                    bf:f1:90:a4:8d:a8:ac:d3:aa:82:83:fe:c6:c7:4d:
                    5c:4a:aa:6f:7b:04:5e:92:a2:b0:30:be:84:17:1d:
                    36:ea:1f:6e:8c:2f:fb:68:13:28:61:e6:ac:70:0b:
                    f7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:46:16:C6:C3:0B:41:E0:34:06:A8:F9:41:87:D6:86:F8:AA:F2:C8
            X509v3 Authority Key Identifier:
                keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/HkYWxsMLQeA0Bqj5QYfWhviq8sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.207.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2c:0b:47:25:f9:8c:3a:d5:f9:8f:0a:7c:01:b5:2b:7e:b9:fc:
         1d:87:7d:a2:ea:23:94:0a:ef:03:31:0f:92:80:db:9e:cf:66:
         94:0d:c3:9a:c4:ee:1b:1b:f7:b0:4b:45:61:ac:83:0a:b6:41:
         99:c0:b3:f3:5f:b0:9e:16:b3:fa:83:00:56:22:d1:e5:23:75:
         cf:4b:2d:59:e4:77:f5:94:a5:2c:79:37:cd:08:a9:44:53:4e:
         e4:a3:97:be:f1:e9:c6:61:34:7d:6f:99:28:e1:65:0c:2b:fd:
         99:0c:db:20:19:9f:29:6b:13:84:c2:10:2d:fb:5b:80:65:7c:
         be:3c:94:48:ec:13:a1:01:10:fe:19:07:5e:e5:b8:06:28:d1:
         33:88:da:12:69:cf:2d:15:80:5a:e8:bf:da:58:c0:b2:b6:4c:
         19:e4:7c:2d:fe:1c:54:b5:e2:5c:59:35:9d:cb:b1:ee:8f:06:
         15:7d:a5:2c:ed:2f:19:cb:b3:eb:9a:02:85:4c:ae:35:24:aa:
         4b:b2:1c:87:7f:6e:7f:3a:93:53:87:ff:d8:d6:3a:55:93:e5:
         9d:61:97:e7:69:99:b9:9a:e3:3e:77:bc:41:4d:f0:f3:75:48:
         05:86:44:e8:84:19:1a:3a:96:5d:96:1e:8c:62:94:ab:73:7c:
         b0:62:26:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ1kkCX7eEyY7IVYILorG/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjQxMDEwMDgzNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQ2MTZjNmMzMGI0MWUwMzQwNmE4Zjk0MTg3ZDY4NmY4YWFmMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3reFu9jnEWyCTBIYAJcDHPVaVgnQ
Je1cKNblRsnfG5YvOEOyarhbl8cY63Lc4COauy96obIlH0szaybXSXEQRdR7mM3B
guzSueyTuv2frnmCG129W+yHSBFJLub9ypOaFtNZalWCucroNuXIa3eTBn9N9Epg
2a9EojvpdCNBi0aFaHxcKa26IQjfm9eqDOb8tXpVqQ/8FUe4iwm38k4u0W7ZGEsi
uDhdpJMLI3p76e1jkKgrf1kAGGuzc77sZudh7PO7uL2a3JFPg9mpZ019WOa/8ZCk
jais06qCg/7Gx01cSqpvewRekqKwML6EFx026h9ujC/7aBMoYeascAv3PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5GFsbDC0HgNAao+UGH1ob4qvLIMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvSGtZV3hzTUxRZUEwQnFqNVFZZldodmlxOHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwc8gMA0G
CSqGSIb3DQEBCwUAA4IBAQAsC0cl+Yw61fmPCnwBtSt+ufwdh32i6iOUCu8DMQ+S
gNuez2aUDcOaxO4bG/ewS0VhrIMKtkGZwLPzX7CeFrP6gwBWItHlI3XPSy1Z5Hf1
lKUseTfNCKlEU07ko5e+8enGYTR9b5ko4WUMK/2ZDNsgGZ8paxOEwhAt+1uAZXy+
PJRI7BOhARD+GQde5bgGKNEziNoSac8tFYBa6L/aWMCytkwZ5Hwt/hxUteJcWTWd
y7HujwYVfaUs7S8Zy7PrmgKFTK41JKpLshyHf25/OpNTh//Y1jpVk+WdYZfnaZm5
muM+d7xBTfDzdUgFhkTohBkaOpZdlh6MYpSrc3ywYiaW
-----END CERTIFICATE-----