Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/HsLH977Wr8CRqPeFRIsKeWuqNBQ.roa
File:                     HsLH977Wr8CRqPeFRIsKeWuqNBQ.roa (raw, json)
Hash identifier:          DfN2Ce+eFgUYzjRB1SnZEzwBexeV9U5bLQB9J92xhK4=
Subject key identifier:   1E:C2:C7:F7:BE:D6:AF:C0:91:A8:F7:85:44:8B:0A:79:6B:AA:34:14
Certificate issuer:       /CN=3e782de1b5d5292edd136d5278258c67b05be22a
Certificate serial:       01941FFA251F6703DF3614AABE82C166B94A
Authority key identifier: 3E:78:2D:E1:B5:D5:29:2E:DD:13:6D:52:78:25:8C:67:B0:5B:E2:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pngt4bXVKS7dE21SeCWMZ7Bb4io.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/HsLH977Wr8CRqPeFRIsKeWuqNBQ.roa
Signing time:             Wed 01 Jan 2025 03:47:54 +0000
ROA not before:           Wed 01 Jan 2025 03:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62149
IP address blocks:        185.69.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/Pngt4bXVKS7dE21SeCWMZ7Bb4io.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/Pngt4bXVKS7dE21SeCWMZ7Bb4io.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pngt4bXVKS7dE21SeCWMZ7Bb4io.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:25:1f:67:03:df:36:14:aa:be:82:c1:66:b9:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e782de1b5d5292edd136d5278258c67b05be22a
        Validity
            Not Before: Jan  1 03:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ec2c7f7bed6afc091a8f785448b0a796baa3414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:02:c2:04:ee:02:52:19:7f:9e:78:5d:11:ed:
                    f2:0c:52:6b:68:7a:95:de:c2:76:85:27:39:61:2e:
                    2a:1c:2b:08:b3:7c:cd:90:39:09:87:a9:a5:a9:4d:
                    97:4d:48:3c:66:74:38:fd:f9:dc:93:03:5d:77:29:
                    6b:67:58:e7:2d:f4:03:10:04:c1:2d:0c:3e:b2:6a:
                    4b:22:a9:b4:f9:7c:26:4e:47:56:fe:4e:22:ea:dc:
                    04:4d:0b:48:9d:b3:bb:b2:d9:ee:34:ec:62:dc:6e:
                    4b:a8:c3:86:5d:94:a9:43:5a:19:2a:34:63:38:c0:
                    06:08:7c:e9:bd:52:ae:bc:32:95:7e:65:a8:9c:d3:
                    0d:4c:11:d2:d7:27:0f:15:b2:67:26:df:18:0d:94:
                    ac:e4:29:f4:c8:5a:3b:69:97:86:06:d2:5f:10:b6:
                    41:b0:be:fd:7e:14:29:8d:7d:3d:63:05:2b:27:dc:
                    8d:c8:97:3b:a2:c5:83:1c:52:e3:11:e6:7c:ed:95:
                    7e:1b:8a:41:4a:6b:e5:c4:8c:8d:2c:e1:95:ea:da:
                    99:7a:06:32:2e:f0:ee:61:59:1c:10:63:d1:7c:d8:
                    0b:0f:b2:66:29:6c:c6:f9:f9:95:3a:ac:85:cc:07:
                    f7:8e:df:52:94:36:70:2f:cd:4d:ab:a2:29:d7:45:
                    a7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:C2:C7:F7:BE:D6:AF:C0:91:A8:F7:85:44:8B:0A:79:6B:AA:34:14
            X509v3 Authority Key Identifier:
                keyid:3E:78:2D:E1:B5:D5:29:2E:DD:13:6D:52:78:25:8C:67:B0:5B:E2:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pngt4bXVKS7dE21SeCWMZ7Bb4io.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/HsLH977Wr8CRqPeFRIsKeWuqNBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/Pngt4bXVKS7dE21SeCWMZ7Bb4io.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:1e:6c:2b:79:1c:a3:73:5e:a5:c1:3f:45:7e:51:0a:18:9f:
         f2:cf:25:0c:b4:89:44:4b:c3:17:3d:1b:91:c5:4a:7e:35:03:
         b1:bf:eb:3b:de:a6:47:d5:9b:1d:ed:f9:ed:21:bb:a2:2a:9f:
         bf:f8:ec:b6:24:e4:3b:bb:f4:52:c4:04:89:44:fe:ea:3a:6a:
         a1:e8:21:72:ff:7c:29:08:0f:67:47:dd:a8:aa:48:70:aa:19:
         c5:a4:9e:fe:e5:97:98:d9:b8:68:1f:fa:b6:ad:1c:2a:62:0d:
         84:ee:2a:3f:45:b3:2c:25:48:0e:08:36:4d:66:46:fe:23:cc:
         be:0d:9f:77:fd:0b:54:9d:f7:df:3b:11:c0:fc:d0:15:58:7e:
         44:85:62:82:45:14:0b:59:0c:a0:f6:3d:ed:7b:74:d1:d5:c9:
         3f:23:c8:96:21:f1:13:0d:d3:81:52:69:b3:03:3c:79:a3:35:
         0c:aa:79:c8:06:72:5d:47:a8:a4:e5:0c:29:46:6f:6e:3c:96:
         57:3b:df:9c:ad:b3:b4:ec:a7:c8:3e:63:3a:5d:56:8e:63:45:
         18:fb:9f:8a:ed:81:31:d2:95:22:71:dd:cb:90:aa:ba:8a:5f:
         aa:a1:c0:57:8d:fb:a4:6c:58:e0:2d:b1:11:d3:29:98:1e:1c:
         ff:80:7e:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+iUfZwPfNhSqvoLBZrlKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzgyZGUxYjVkNTI5MmVkZDEzNmQ1Mjc4MjU4YzY3YjA1
YmUyMmEwHhcNMjUwMTAxMDM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWMyYzdmN2JlZDZhZmMwOTFhOGY3ODU0NDhiMGE3OTZiYWEzNDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsALCBO4CUhl/nnhdEe3yDFJraHqV
3sJ2hSc5YS4qHCsIs3zNkDkJh6mlqU2XTUg8ZnQ4/fnckwNddylrZ1jnLfQDEATB
LQw+smpLIqm0+XwmTkdW/k4i6twETQtInbO7stnuNOxi3G5LqMOGXZSpQ1oZKjRj
OMAGCHzpvVKuvDKVfmWonNMNTBHS1ycPFbJnJt8YDZSs5Cn0yFo7aZeGBtJfELZB
sL79fhQpjX09YwUrJ9yNyJc7osWDHFLjEeZ87ZV+G4pBSmvlxIyNLOGV6tqZegYy
LvDuYVkcEGPRfNgLD7JmKWzG+fmVOqyFzAf3jt9SlDZwL81Nq6Ip10Wn3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7Cx/e+1q/Akaj3hUSLCnlrqjQUMB8GA1UdIwQY
MBaAFD54LeG11Sku3RNtUngljGewW+IqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5ndDRiWFZLUzdkRTIxU2VDV01aN0JiNGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9kMDM1ZmItZTg2MC00NjFkLTk3Mjgt
MTQ5ZTJhM2FkZTc2LzEvSHNMSDk3N1dyOENScVBlRlJJc0tlV3VxTkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9kMDM1ZmItZTg2MC00NjFkLTk3MjgtMTQ5ZTJhM2FkZTc2
LzEvUG5ndDRiWFZLUzdkRTIxU2VDV01aN0JiNGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUXsMA0G
CSqGSIb3DQEBCwUAA4IBAQAuHmwreRyjc16lwT9FflEKGJ/yzyUMtIlES8MXPRuR
xUp+NQOxv+s73qZH1Zsd7fntIbuiKp+/+Oy2JOQ7u/RSxASJRP7qOmqh6CFy/3wp
CA9nR92oqkhwqhnFpJ7+5ZeY2bhoH/q2rRwqYg2E7io/RbMsJUgOCDZNZkb+I8y+
DZ93/QtUnfffOxHA/NAVWH5EhWKCRRQLWQyg9j3te3TR1ck/I8iWIfETDdOBUmmz
Azx5ozUMqnnIBnJdR6ik5QwpRm9uPJZXO9+crbO07KfIPmM6XVaOY0UY+5+K7YEx
0pUicd3LkKq6il+qocBXjfukbFjgLbER0ymYHhz/gH4A
-----END CERTIFICATE-----