Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/hzmnrqGEcmQoLE8-QnNCBlnG1g4.roa
File:                     hzmnrqGEcmQoLE8-QnNCBlnG1g4.roa (raw, json)
Hash identifier:          BMDDmrLQ040JiodI6CtpS7rhdysF3qgW4lRm+vEVeGs=
Subject key identifier:   87:39:A7:AE:A1:84:72:64:28:2C:4F:3E:42:73:42:06:59:C6:D6:0E
Certificate issuer:       /CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
Certificate serial:       01941FFA2500342ECE54BB6BC7B96769EF9F
Authority key identifier: 8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/hzmnrqGEcmQoLE8-QnNCBlnG1g4.roa
Signing time:             Wed 01 Jan 2025 03:47:54 +0000
ROA not before:           Wed 01 Jan 2025 03:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15517
IP address blocks:        213.133.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:25:00:34:2e:ce:54:bb:6b:c7:b9:67:69:ef:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8acd2eb2f0618b72c646d997d3c95dd836bdd006
        Validity
            Not Before: Jan  1 03:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8739a7aea1847264282c4f3e4273420659c6d60e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f7:eb:cb:d2:91:41:39:0b:bc:85:07:18:ef:
                    1d:1e:6d:78:0a:ba:e4:ec:42:b4:b4:e9:9d:3c:44:
                    24:59:5e:31:01:35:69:77:9a:30:ee:eb:29:45:cd:
                    8b:c3:2a:dc:62:b7:a1:b1:77:ee:d4:2e:82:5e:a7:
                    a2:00:1c:9c:33:94:45:83:ed:8e:65:90:1d:b1:c2:
                    6b:e7:d3:52:45:42:d1:ca:83:30:18:5c:f9:21:51:
                    58:0d:2d:4d:e6:71:62:2a:4e:d6:ce:1a:71:2d:93:
                    ea:55:72:f0:24:af:95:71:94:6a:19:70:88:4f:4b:
                    27:fd:f1:8b:53:f1:b9:a2:68:66:7b:80:5f:fc:e4:
                    2c:9c:04:6d:38:2c:90:c4:1c:47:d5:18:8a:68:89:
                    11:35:f9:cf:e9:8b:7f:33:85:da:2d:75:93:41:8c:
                    84:8f:01:31:57:73:db:8d:df:b4:aa:1b:c1:f5:75:
                    26:84:cc:47:a7:e9:34:0c:12:e4:38:36:8a:69:a2:
                    df:ef:32:19:c5:a4:84:8b:5c:0b:94:cc:6c:1c:78:
                    ed:0f:0e:e6:91:36:a5:ad:7b:06:30:d7:05:e6:21:
                    eb:b5:ec:49:1a:e7:66:49:6d:9b:e2:a6:7b:65:bb:
                    65:0d:da:bc:32:c9:70:ba:b9:0a:8f:2b:6a:34:3c:
                    ce:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:39:A7:AE:A1:84:72:64:28:2C:4F:3E:42:73:42:06:59:C6:D6:0E
            X509v3 Authority Key Identifier:
                keyid:8A:CD:2E:B2:F0:61:8B:72:C6:46:D9:97:D3:C9:5D:D8:36:BD:D0:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/is0usvBhi3LGRtmX08ld2Da90AY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/hzmnrqGEcmQoLE8-QnNCBlnG1g4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0587c-31e8-4a9b-af69-794c9d928cdc/1/is0usvBhi3LGRtmX08ld2Da90AY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.133.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         39:77:38:cb:0b:38:27:ec:d1:9a:58:8b:e4:b8:c5:e5:31:e0:
         8b:2c:62:22:c3:d1:97:4b:78:6b:98:ff:90:14:f5:88:3e:7c:
         0d:b2:e0:85:67:20:fa:e3:fd:08:1e:eb:9b:71:3a:da:52:36:
         13:f3:ff:cb:17:fc:3a:79:26:30:ee:e9:4c:29:e8:9c:10:73:
         a1:04:62:8a:83:6c:18:99:d8:8e:a2:dc:f6:40:23:1a:24:b7:
         df:c5:12:b2:d3:da:e2:34:6e:08:b7:f9:c7:c9:af:b3:8d:98:
         34:df:93:1a:fe:9d:1d:44:de:28:97:48:f3:c1:9b:9f:23:6b:
         d0:0e:e7:71:c6:71:47:cb:63:8e:83:ca:f6:40:91:bb:39:a6:
         3e:01:b2:5d:36:e1:90:f2:41:92:96:12:b5:f0:c5:55:cd:f7:
         fb:1c:09:4a:bf:a7:cc:40:6f:71:95:df:9a:38:9a:1c:30:82:
         ed:00:d0:32:f9:9c:9a:f2:97:11:6b:bc:9a:6f:17:31:49:a0:
         0d:f1:c9:78:ec:2f:d4:e6:58:7c:9d:fb:04:6d:a0:74:b5:e7:
         fa:51:27:0e:08:f4:f5:af:bd:4f:ff:8b:21:1a:21:d4:99:62:
         d3:77:b8:5e:86:49:12:e0:f3:80:68:05:1a:fc:a0:e6:97:55:
         2d:f2:03:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+iUANC7OVLtrx7lnae+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhY2QyZWIyZjA2MThiNzJjNjQ2ZDk5N2QzYzk1ZGQ4MzZi
ZGQwMDYwHhcNMjUwMTAxMDM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzM5YTdhZWExODQ3MjY0MjgyYzRmM2U0MjczNDIwNjU5YzZkNjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArffry9KRQTkLvIUHGO8dHm14Crrk
7EK0tOmdPEQkWV4xATVpd5ow7uspRc2LwyrcYrehsXfu1C6CXqeiABycM5RFg+2O
ZZAdscJr59NSRULRyoMwGFz5IVFYDS1N5nFiKk7WzhpxLZPqVXLwJK+VcZRqGXCI
T0sn/fGLU/G5omhme4Bf/OQsnARtOCyQxBxH1RiKaIkRNfnP6Yt/M4XaLXWTQYyE
jwExV3Pbjd+0qhvB9XUmhMxHp+k0DBLkODaKaaLf7zIZxaSEi1wLlMxsHHjtDw7m
kTalrXsGMNcF5iHrtexJGudmSW2b4qZ7ZbtlDdq8MslwurkKjytqNDzOcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIc5p66hhHJkKCxPPkJzQgZZxtYOMB8GA1UdIwQY
MBaAFIrNLrLwYYtyxkbZl9PJXdg2vdAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjkt
Nzk0YzlkOTI4Y2RjLzEvaHptbnJxR0VjbVFvTEU4LVFuTkNCbG5HMWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iMDU4N2MtMzFlOC00YTliLWFmNjktNzk0YzlkOTI4Y2Rj
LzEvaXMwdXN2QmhpM0xHUnRtWDA4bGQyRGE5MEFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD1YXwMA0G
CSqGSIb3DQEBCwUAA4IBAQA5dzjLCzgn7NGaWIvkuMXlMeCLLGIiw9GXS3hrmP+Q
FPWIPnwNsuCFZyD64/0IHuubcTraUjYT8//LF/w6eSYw7ulMKeicEHOhBGKKg2wY
mdiOotz2QCMaJLffxRKy09riNG4It/nHya+zjZg035Ma/p0dRN4ol0jzwZufI2vQ
DudxxnFHy2OOg8r2QJG7OaY+AbJdNuGQ8kGSlhK18MVVzff7HAlKv6fMQG9xld+a
OJocMILtANAy+Zya8pcRa7yabxcxSaAN8cl47C/U5lh8nfsEbaB0tef6UScOCPT1
r71P/4shGiHUmWLTd7hehkkS4POAaAUa/KDml1Ut8gNJ
-----END CERTIFICATE-----