Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/HDAlGA4h66F4ys1PgZtcuWJlRbU.roa
File:                     HDAlGA4h66F4ys1PgZtcuWJlRbU.roa (raw, json)
Hash identifier:          rbzHwOAoqcMw1lI8y0r4q+/jJrFcAP8JfjFSaJTJuHU=
Subject key identifier:   1C:30:25:18:0E:21:EB:A1:78:CA:CD:4F:81:9B:5C:B9:62:65:45:B5
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B91D2643E1B9649B4E3BF5DA8D73
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/HDAlGA4h66F4ys1PgZtcuWJlRbU.roa
Signing time:             Mon 01 Jan 2024 20:29:38 +0000
ROA not before:           Mon 01 Jan 2024 20:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201211
IP address blocks:        45.147.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b9:1d:26:43:e1:b9:64:9b:4e:3b:f5:da:8d:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c3025180e21eba178cacd4f819b5cb9626545b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:28:d0:b5:53:94:d3:25:7d:a4:14:26:e2:c2:
                    23:ce:24:ce:6f:29:dd:37:4e:ac:6d:23:09:a9:57:
                    34:7f:bb:8a:f7:2f:b4:1b:04:52:6b:40:95:96:af:
                    80:f0:2e:b7:97:65:22:dd:47:d7:dc:17:3f:ff:cf:
                    db:7f:24:a6:7e:67:3a:f6:79:f2:22:4d:02:2a:af:
                    55:7f:e9:5e:45:63:c2:cf:f3:b0:f6:87:cc:12:4f:
                    07:f2:0c:11:5f:7b:f8:25:79:b4:36:d5:22:af:8e:
                    e2:82:14:a0:40:35:f4:6a:0b:c7:f0:12:db:ed:43:
                    ef:4f:55:0d:84:b0:8c:c0:87:f3:dd:00:4d:47:b6:
                    8c:ab:a8:0b:42:f0:cd:ec:c5:c7:69:a4:7b:cb:0f:
                    99:75:9d:e0:66:81:22:dc:83:b5:9a:50:fb:3d:40:
                    57:cf:9d:e0:1e:fa:8d:57:48:aa:0c:ad:a9:9a:c3:
                    1f:b8:bd:fd:0b:54:47:72:ed:8f:78:39:e1:53:c4:
                    1b:00:63:86:9a:e6:30:ed:e7:e4:03:f3:54:cb:41:
                    46:2b:6c:33:84:c6:b6:11:03:4c:90:11:18:62:94:
                    ed:60:0a:b7:2f:a2:69:7b:4c:49:fe:e5:ff:6f:19:
                    aa:1d:5c:a6:aa:3a:32:2b:6d:7b:2d:c0:82:c9:4c:
                    4b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:30:25:18:0E:21:EB:A1:78:CA:CD:4F:81:9B:5C:B9:62:65:45:B5
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/HDAlGA4h66F4ys1PgZtcuWJlRbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:c6:81:6b:e2:47:d6:47:40:ad:3f:10:bc:23:97:b9:f5:dc:
         25:bd:9e:c8:92:b6:ea:5b:95:79:dd:d5:aa:0c:5d:64:0f:0d:
         54:5f:fa:2d:47:8c:91:48:b3:7a:44:42:98:bc:5c:b1:a3:94:
         f1:58:d9:f4:fb:c7:37:aa:62:1f:a8:21:75:87:42:04:b6:c2:
         ec:2b:a5:e9:d9:0d:7a:51:1a:a9:e6:d4:ac:cc:07:c3:d3:38:
         47:b3:99:03:65:a5:35:bc:62:81:3f:72:82:70:ae:82:93:ab:
         7e:15:33:75:c6:fd:c4:5b:3f:9b:0f:35:d1:dd:ba:5e:ed:41:
         26:77:a4:f8:90:ca:30:2f:f5:a2:70:b8:aa:44:b6:68:eb:05:
         8d:44:10:78:f2:22:ec:05:bd:60:a8:a4:4f:ca:e8:8f:55:71:
         5d:10:11:65:1f:cd:39:a7:bc:f1:80:2d:fc:b7:2b:de:c4:e9:
         22:f9:19:a5:46:8e:6d:1c:81:90:b3:fd:e9:1d:6b:53:2f:cd:
         dd:cf:b2:7b:7a:4e:79:8c:7d:97:ab:ba:14:ab:60:55:5e:a8:
         43:b6:7c:b9:05:cb:86:2c:32:65:02:78:62:7a:59:89:a6:23:
         d9:83:2b:81:3e:18:a2:45:c7:6f:14:de:78:21:8e:05:c1:05:
         3c:aa:47:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7kdJkPhuWSbTjv12o1zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzMwMjUxODBlMjFlYmExNzhjYWNkNGY4MTliNWNiOTYyNjU0NWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSjQtVOU0yV9pBQm4sIjziTObynd
N06sbSMJqVc0f7uK9y+0GwRSa0CVlq+A8C63l2Ui3UfX3Bc//8/bfySmfmc69nny
Ik0CKq9Vf+leRWPCz/Ow9ofMEk8H8gwRX3v4JXm0NtUir47ighSgQDX0agvH8BLb
7UPvT1UNhLCMwIfz3QBNR7aMq6gLQvDN7MXHaaR7yw+ZdZ3gZoEi3IO1mlD7PUBX
z53gHvqNV0iqDK2pmsMfuL39C1RHcu2PeDnhU8QbAGOGmuYw7efkA/NUy0FGK2wz
hMa2EQNMkBEYYpTtYAq3L6Jpe0xJ/uX/bxmqHVymqjoyK217LcCCyUxLywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwwJRgOIeuheMrNT4GbXLliZUW1MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvSERBbEdBNGg2NkY0eXMxUGdadGN1V0psUmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMCMA0G
CSqGSIb3DQEBCwUAA4IBAQA7xoFr4kfWR0CtPxC8I5e59dwlvZ7IkrbqW5V53dWq
DF1kDw1UX/otR4yRSLN6REKYvFyxo5TxWNn0+8c3qmIfqCF1h0IEtsLsK6Xp2Q16
URqp5tSszAfD0zhHs5kDZaU1vGKBP3KCcK6Ck6t+FTN1xv3EWz+bDzXR3bpe7UEm
d6T4kMowL/WicLiqRLZo6wWNRBB48iLsBb1gqKRPyuiPVXFdEBFlH805p7zxgC38
tyvexOki+RmlRo5tHIGQs/3pHWtTL83dz7J7ek55jH2Xq7oUq2BVXqhDtny5BcuG
LDJlAnhielmJpiPZgyuBPhiiRcdvFN54IY4FwQU8qkfe
-----END CERTIFICATE-----