Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/hlgUeTS6IBRaopiSVrOUgC-_wJs.roa
File:                     hlgUeTS6IBRaopiSVrOUgC-_wJs.roa (raw, json)
Hash identifier:          LdBAJrgqIH+Vij0f6svoaKnmeA18Z44APvKHCC4L9FI=
Subject key identifier:   86:58:14:79:34:BA:20:14:5A:A2:98:92:56:B3:94:80:2F:BF:C0:9B
Certificate issuer:       /CN=42383dcfc9d399f0397a881a4b6a6ee6ae161822
Certificate serial:       01942368CCF3976145E2BD02266FF814AE69
Authority key identifier: 42:38:3D:CF:C9:D3:99:F0:39:7A:88:1A:4B:6A:6E:E6:AE:16:18:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qjg9z8nTmfA5eogaS2pu5q4WGCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/hlgUeTS6IBRaopiSVrOUgC-_wJs.roa
Signing time:             Wed 01 Jan 2025 19:47:38 +0000
ROA not before:           Wed 01 Jan 2025 19:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33915
IP address blocks:        5.199.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/Qjg9z8nTmfA5eogaS2pu5q4WGCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/Qjg9z8nTmfA5eogaS2pu5q4WGCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qjg9z8nTmfA5eogaS2pu5q4WGCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:cc:f3:97:61:45:e2:bd:02:26:6f:f8:14:ae:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42383dcfc9d399f0397a881a4b6a6ee6ae161822
        Validity
            Not Before: Jan  1 19:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8658147934ba20145aa2989256b394802fbfc09b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1b:0b:ae:91:b3:50:13:e5:b0:73:bb:21:a6:
                    85:36:6f:43:35:7e:57:5c:d3:46:de:26:6f:4a:0e:
                    c8:64:4f:74:88:88:05:5c:a2:a2:78:85:f1:fd:75:
                    99:d7:2f:e2:3e:17:32:33:41:ad:c3:c6:6e:81:4f:
                    ca:2f:b0:e5:97:a3:7b:9c:b7:46:6a:03:74:c8:de:
                    d6:6c:84:da:0a:7a:68:35:54:1c:5e:1a:e4:33:8f:
                    e4:89:71:a5:11:e7:88:a9:f7:0c:78:b7:91:1c:5c:
                    21:ec:05:5c:cb:05:bc:b3:dd:54:5b:0c:e6:41:c2:
                    d7:2b:1c:2d:1b:10:0c:b6:77:6d:55:11:e5:c9:a0:
                    32:78:5c:bc:63:68:f8:36:d3:81:32:89:b9:29:b5:
                    f8:11:b7:6f:d8:8e:fe:fa:0a:01:e1:9b:9c:ea:6a:
                    1d:73:9b:6d:62:15:3c:09:bb:6e:bb:a8:66:76:b0:
                    8b:95:bb:0f:f8:17:ff:fc:ce:36:3b:51:e9:b4:7c:
                    e7:1d:c5:84:a5:c2:c4:44:42:35:47:da:c6:0c:5d:
                    f1:f2:fa:27:24:2c:86:3e:0e:60:b4:f7:ef:bc:db:
                    be:c8:b6:b5:be:2b:a4:61:fa:52:d3:15:a9:d0:51:
                    72:93:4d:c6:04:46:dd:a2:84:49:77:b7:22:da:c3:
                    0b:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:58:14:79:34:BA:20:14:5A:A2:98:92:56:B3:94:80:2F:BF:C0:9B
            X509v3 Authority Key Identifier:
                keyid:42:38:3D:CF:C9:D3:99:F0:39:7A:88:1A:4B:6A:6E:E6:AE:16:18:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qjg9z8nTmfA5eogaS2pu5q4WGCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/hlgUeTS6IBRaopiSVrOUgC-_wJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/6ab40e-59a0-4843-ad31-f880d0cae090/1/Qjg9z8nTmfA5eogaS2pu5q4WGCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:0e:de:67:ae:95:a1:17:a7:5c:6b:14:e4:c4:ff:50:43:c6:
         56:c7:2a:e0:a4:47:91:57:21:e7:b1:e9:b0:cd:f4:18:39:c3:
         dd:8d:ff:5f:57:bc:2d:e5:dc:3e:bb:40:b9:64:bb:44:1c:b9:
         7e:d1:2b:a4:e1:98:c6:f7:01:78:37:49:88:aa:96:a6:4d:b7:
         4a:e4:62:e3:9b:b4:c0:f3:1a:27:80:95:6e:be:33:f6:7f:96:
         ee:ce:88:a1:b4:87:9b:e5:5c:08:51:54:8a:56:41:fb:0a:18:
         c4:2a:68:d0:de:0e:f6:17:82:9f:9f:3a:28:22:95:41:b0:3d:
         f1:59:4b:1e:32:cb:f5:ae:52:96:3f:a0:7f:56:e2:0c:88:e5:
         9c:09:c8:37:5f:dc:16:5b:af:e6:d6:c6:07:e6:da:9d:e4:62:
         0d:12:3e:3f:72:52:d9:27:c6:f0:d2:3e:f6:9a:71:9a:af:64:
         8e:67:e4:ff:6b:b0:ea:29:17:2a:45:99:dc:83:ad:99:f1:a6:
         e6:c2:d3:13:e3:ca:30:8d:49:03:0c:bc:75:41:70:38:44:c7:
         8f:bc:a2:c3:be:5b:aa:66:7d:4e:b4:74:6a:1c:6a:a9:97:e1:
         96:95:a8:46:b8:03:5a:c1:04:4d:08:ab:1e:1b:11:8d:9d:76:
         3d:44:77:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaMzzl2FF4r0CJm/4FK5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMzgzZGNmYzlkMzk5ZjAzOTdhODgxYTRiNmE2ZWU2YWUx
NjE4MjIwHhcNMjUwMTAxMTk0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjU4MTQ3OTM0YmEyMDE0NWFhMjk4OTI1NmIzOTQ4MDJmYmZjMDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BsLrpGzUBPlsHO7IaaFNm9DNX5X
XNNG3iZvSg7IZE90iIgFXKKieIXx/XWZ1y/iPhcyM0Gtw8ZugU/KL7Dll6N7nLdG
agN0yN7WbITaCnpoNVQcXhrkM4/kiXGlEeeIqfcMeLeRHFwh7AVcywW8s91UWwzm
QcLXKxwtGxAMtndtVRHlyaAyeFy8Y2j4NtOBMom5KbX4Ebdv2I7++goB4Zuc6mod
c5ttYhU8Cbtuu6hmdrCLlbsP+Bf//M42O1HptHznHcWEpcLEREI1R9rGDF3x8von
JCyGPg5gtPfvvNu+yLa1viukYfpS0xWp0FFyk03GBEbdooRJd7ci2sMLowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZYFHk0uiAUWqKYklazlIAvv8CbMB8GA1UdIwQY
MBaAFEI4Pc/J05nwOXqIGktqbuauFhgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWpnOXo4blRtZkE1ZW9nYVMycHU1cTRXR0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS82YWI0MGUtNTlhMC00ODQzLWFkMzEt
Zjg4MGQwY2FlMDkwLzEvaGxnVWVUUzZJQlJhb3BpU1ZyT1VnQy1fd0pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS82YWI0MGUtNTlhMC00ODQzLWFkMzEtZjg4MGQwY2FlMDkw
LzEvUWpnOXo4blRtZkE1ZW9nYVMycHU1cTRXR0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBce8MA0G
CSqGSIb3DQEBCwUAA4IBAQApDt5nrpWhF6dcaxTkxP9QQ8ZWxyrgpEeRVyHnsemw
zfQYOcPdjf9fV7wt5dw+u0C5ZLtEHLl+0Suk4ZjG9wF4N0mIqpamTbdK5GLjm7TA
8xongJVuvjP2f5buzoihtIeb5VwIUVSKVkH7ChjEKmjQ3g72F4KfnzooIpVBsD3x
WUseMsv1rlKWP6B/VuIMiOWcCcg3X9wWW6/m1sYH5tqd5GINEj4/clLZJ8bw0j72
mnGar2SOZ+T/a7DqKRcqRZncg62Z8abmwtMT48owjUkDDLx1QXA4RMePvKLDvluq
Zn1OtHRqHGqpl+GWlahGuANawQRNCKseGxGNnXY9RHch
-----END CERTIFICATE-----