Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/HfHLmT1T8g0NNpCmZTL8nuxvvVA.roa
File:                     HfHLmT1T8g0NNpCmZTL8nuxvvVA.roa (raw, json)
Hash identifier:          53I+KjVDWB/6X5O5GtPp9UeTo4DQH7YRAtTBiJgd3/8=
Subject key identifier:   1D:F1:CB:99:3D:53:F2:0D:0D:36:90:A6:65:32:FC:9E:EC:6F:BD:50
Certificate issuer:       /CN=99201f609e7a893da86cf0ebbca4bbf47279d617
Certificate serial:       018F924BFD9A133F6BC4C44685AC38DDFC80
Authority key identifier: 99:20:1F:60:9E:7A:89:3D:A8:6C:F0:EB:BC:A4:BB:F4:72:79:D6:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSAfYJ56iT2obPDrvKS79HJ51hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/HfHLmT1T8g0NNpCmZTL8nuxvvVA.roa
Signing time:             Sun 19 May 2024 19:20:04 +0000
ROA not before:           Sun 19 May 2024 19:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61112
IP address blocks:        194.246.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/mSAfYJ56iT2obPDrvKS79HJ51hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/mSAfYJ56iT2obPDrvKS79HJ51hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSAfYJ56iT2obPDrvKS79HJ51hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:92:4b:fd:9a:13:3f:6b:c4:c4:46:85:ac:38:dd:fc:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99201f609e7a893da86cf0ebbca4bbf47279d617
        Validity
            Not Before: May 19 19:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1df1cb993d53f20d0d3690a66532fc9eec6fbd50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:31:57:75:62:41:6c:cd:71:a1:6f:57:7b:d8:
                    42:7c:b5:56:f1:78:af:5a:13:c8:b7:78:0f:af:01:
                    71:75:3e:94:22:58:11:1a:2b:28:7d:72:b6:6d:1b:
                    1a:41:8e:e5:ab:55:50:3a:51:10:df:a7:c0:ed:cc:
                    8f:0f:ad:c7:f5:5b:57:af:91:33:68:bc:60:89:17:
                    f3:dc:29:d8:e9:21:05:1a:51:cf:d6:6d:06:0d:5f:
                    c1:b3:33:9a:8e:b3:20:f6:20:e2:5e:d4:19:f0:e3:
                    99:68:fa:88:d3:75:99:54:9e:9f:92:ed:6a:3e:dd:
                    4e:b5:e1:5c:1f:17:e8:d6:d5:9e:65:93:0a:89:3d:
                    a3:3a:c8:85:92:ca:dc:d6:d6:69:87:b2:5e:e6:ef:
                    ac:68:d0:a6:85:6c:ed:46:01:8c:7e:f6:39:6e:6f:
                    d0:6f:e0:a7:b9:d2:4c:a4:2b:49:48:34:47:63:14:
                    2f:1b:89:14:98:18:d3:a6:3c:f0:15:0d:31:9f:dd:
                    ff:4d:82:f3:a7:19:0b:75:49:b2:7a:61:e2:a3:32:
                    ac:1e:4b:75:3b:63:86:4c:b6:fc:bf:2e:3d:28:96:
                    31:55:33:5c:52:6c:c6:aa:11:15:4b:5a:3e:5f:6e:
                    9d:88:48:b3:93:a0:72:be:4d:5e:cf:34:f9:b6:af:
                    b5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F1:CB:99:3D:53:F2:0D:0D:36:90:A6:65:32:FC:9E:EC:6F:BD:50
            X509v3 Authority Key Identifier:
                keyid:99:20:1F:60:9E:7A:89:3D:A8:6C:F0:EB:BC:A4:BB:F4:72:79:D6:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSAfYJ56iT2obPDrvKS79HJ51hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/HfHLmT1T8g0NNpCmZTL8nuxvvVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/6536f9-87dd-4edd-b01c-b23172eb81fb/1/mSAfYJ56iT2obPDrvKS79HJ51hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:5e:1d:b3:f1:f5:a7:b7:21:2e:80:7d:14:a2:0f:e1:36:a5:
         d7:1b:6f:53:79:ee:68:ff:16:8d:34:02:c9:51:4e:d6:c6:6a:
         cf:a0:c0:38:0f:fd:d8:0e:ff:74:ae:e7:cf:4a:3d:b0:40:2c:
         b3:23:e4:bb:01:b7:ef:de:66:c8:d3:78:e0:84:60:5c:aa:58:
         d8:e6:99:ed:ad:94:57:f2:80:1a:6c:de:2b:fd:f8:fa:f5:d0:
         f8:dc:1f:86:0b:e4:b2:94:0a:1a:82:74:66:8b:36:34:21:b9:
         ed:fc:b7:ce:e9:9f:3b:b0:f4:1a:8b:fb:06:8e:ad:ca:54:61:
         c1:7c:f6:eb:83:35:2d:95:22:73:8c:4b:81:b5:46:b3:a6:b2:
         df:56:bc:bb:c2:b7:1c:ea:13:bb:60:c8:81:91:60:aa:a8:a6:
         5d:56:d6:5f:f4:bf:7c:8c:93:be:fa:47:cd:08:6a:0f:47:01:
         cb:2c:1b:8c:d0:75:25:54:c1:45:29:da:47:b3:90:1a:63:40:
         20:f8:d3:b7:8a:42:ae:04:5e:36:d0:99:3c:d6:6a:58:6f:00:
         79:ec:08:fc:0e:03:3c:67:64:4e:c0:c3:56:fa:dd:6d:99:33:
         4f:ae:50:d1:2a:0a:1a:ef:7b:01:56:a9:d5:91:37:86:e1:a8:
         2a:9e:7d:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+SS/2aEz9rxMRGhaw43fyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MjAxZjYwOWU3YTg5M2RhODZjZjBlYmJjYTRiYmY0NzI3
OWQ2MTcwHhcNMjQwNTE5MTkyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGYxY2I5OTNkNTNmMjBkMGQzNjkwYTY2NTMyZmM5ZWVjNmZiZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzFXdWJBbM1xoW9Xe9hCfLVW8Xiv
WhPIt3gPrwFxdT6UIlgRGisofXK2bRsaQY7lq1VQOlEQ36fA7cyPD63H9VtXr5Ez
aLxgiRfz3CnY6SEFGlHP1m0GDV/BszOajrMg9iDiXtQZ8OOZaPqI03WZVJ6fku1q
Pt1OteFcHxfo1tWeZZMKiT2jOsiFksrc1tZph7Je5u+saNCmhWztRgGMfvY5bm/Q
b+CnudJMpCtJSDRHYxQvG4kUmBjTpjzwFQ0xn93/TYLzpxkLdUmyemHiozKsHkt1
O2OGTLb8vy49KJYxVTNcUmzGqhEVS1o+X26diEizk6Byvk1ezzT5tq+1rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3xy5k9U/INDTaQpmUy/J7sb71QMB8GA1UdIwQY
MBaAFJkgH2Ceeok9qGzw67yku/RyedYXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVNBZllKNTZpVDJvYlBEcnZLUzc5SEo1MWhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni82NTM2ZjktODdkZC00ZWRkLWIwMWMt
YjIzMTcyZWI4MWZiLzEvSGZITG1UMVQ4ZzBOTnBDbVpUTDhudXh2dlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni82NTM2ZjktODdkZC00ZWRkLWIwMWMtYjIzMTcyZWI4MWZi
LzEvbVNBZllKNTZpVDJvYlBEcnZLUzc5SEo1MWhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvYiMA0G
CSqGSIb3DQEBCwUAA4IBAQBcXh2z8fWntyEugH0Uog/hNqXXG29Tee5o/xaNNALJ
UU7WxmrPoMA4D/3YDv90rufPSj2wQCyzI+S7Abfv3mbI03jghGBcqljY5pntrZRX
8oAabN4r/fj69dD43B+GC+SylAoagnRmizY0Ibnt/LfO6Z87sPQai/sGjq3KVGHB
fPbrgzUtlSJzjEuBtUazprLfVry7wrcc6hO7YMiBkWCqqKZdVtZf9L98jJO++kfN
CGoPRwHLLBuM0HUlVMFFKdpHs5AaY0Ag+NO3ikKuBF420Jk81mpYbwB57Aj8DgM8
Z2ROwMNW+t1tmTNPrlDRKgoa73sBVqnVkTeG4agqnn1j
-----END CERTIFICATE-----