Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/hhPgXvUcRmC2TUO_q-TKXjYPTkU.roa
File:                     hhPgXvUcRmC2TUO_q-TKXjYPTkU.roa (raw, json)
Hash identifier:          B1vJ9YpVhqlbehY9Pjx88rXjq4zvkC3AQA3CRXGOEBs=
Subject key identifier:   86:13:E0:5E:F5:1C:46:60:B6:4D:43:BF:AB:E4:CA:5E:36:0F:4E:45
Certificate issuer:       /CN=aafc41aafbbccaa96711849745ef722a5260ac7e
Certificate serial:       018CC7272A9A0F3106E333FBCC1BA109C75C
Authority key identifier: AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/hhPgXvUcRmC2TUO_q-TKXjYPTkU.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42525
IP address blocks:        45.67.92.0/22 maxlen: 24
                          2a09:7440::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2a:9a:0f:31:06:e3:33:fb:cc:1b:a1:09:c7:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aafc41aafbbccaa96711849745ef722a5260ac7e
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8613e05ef51c4660b64d43bfabe4ca5e360f4e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c7:50:2f:4a:2a:65:3a:f5:80:7e:ce:f6:4b:
                    9c:28:19:da:9e:81:19:4e:fd:9b:88:7a:bd:ca:fd:
                    e0:61:67:94:b7:e2:e3:fc:34:4f:3c:19:a5:ce:51:
                    2c:86:30:e1:78:8c:6b:e4:27:8a:18:82:8d:d3:27:
                    19:1b:63:9e:65:8c:6e:00:00:22:38:3f:82:ed:e9:
                    f1:c5:8f:a0:81:52:da:58:6d:e2:ba:ca:2f:ed:30:
                    24:db:82:8e:13:81:da:a9:25:03:ac:1e:07:b5:8b:
                    cf:2b:15:01:f7:7e:07:ae:63:a2:44:01:f2:eb:d3:
                    3a:a7:7c:ea:ac:8b:85:be:e2:68:9a:74:ca:32:d6:
                    fd:fc:69:86:de:8c:6c:08:36:28:97:0e:2c:27:58:
                    33:ba:40:23:db:79:1e:aa:16:92:e2:7b:17:88:33:
                    e3:03:0b:3c:9f:51:c8:e3:93:4f:84:4f:21:82:a8:
                    2b:63:9b:af:dd:fe:ef:48:35:01:13:90:d5:89:1f:
                    cf:52:0b:ed:b4:62:30:62:40:da:0e:d0:21:43:58:
                    4a:05:c8:7a:b4:b8:85:26:63:95:fe:2b:0f:73:12:
                    1a:b9:74:fc:4c:23:12:4f:60:7d:e7:77:b2:53:dc:
                    8a:0b:7b:ca:10:7c:b1:df:fc:3a:4c:18:87:46:15:
                    27:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:13:E0:5E:F5:1C:46:60:B6:4D:43:BF:AB:E4:CA:5E:36:0F:4E:45
            X509v3 Authority Key Identifier:
                keyid:AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/hhPgXvUcRmC2TUO_q-TKXjYPTkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.92.0/22
                IPv6:
                  2a09:7440::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:85:f9:1c:99:b4:6a:e8:ba:2b:19:0a:e5:15:ad:9a:8b:38:
         ec:17:28:7e:1f:e3:ef:e3:60:63:bf:66:82:bb:b8:42:34:cf:
         89:0f:9f:95:64:03:69:3c:d9:d6:3d:cd:8f:61:a5:c0:e7:be:
         d0:e5:ad:a8:e9:bd:ed:e6:51:9f:8c:04:f1:e0:00:14:f7:2d:
         33:8a:99:95:4c:47:41:08:c4:58:ab:c2:6b:00:f7:32:0f:cc:
         46:cc:2a:88:d2:e4:60:f7:f7:b6:0e:3b:67:c3:e3:5d:da:04:
         69:ea:b5:4c:a9:36:c3:19:ef:a6:ca:52:9b:f4:e2:84:a4:b9:
         39:d9:bb:73:eb:d9:04:37:e2:39:4a:f9:f6:19:0d:cb:1a:0f:
         27:5e:98:8a:f0:3a:fe:e9:d7:30:70:3d:d4:31:c6:98:22:bb:
         05:33:76:34:96:22:09:c1:16:b0:ba:81:24:1e:6f:86:77:fe:
         7c:5c:5c:f4:64:ac:5f:a4:3a:a5:ff:cb:d2:aa:18:6a:38:49:
         0d:8c:b2:fa:72:90:41:55:1e:28:e9:16:29:68:68:d0:ef:84:
         12:1e:15:00:21:0a:d3:e9:37:fa:00:0a:56:eb:be:b4:02:e5:
         25:a4:ad:7e:18:40:01:3b:8c:a6:e5:1f:cf:80:6c:d4:32:48:
         2b:5e:e5:11
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJyqaDzEG4zP7zBuhCcdcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZmM0MWFhZmJiY2NhYTk2NzExODQ5NzQ1ZWY3MjJhNTI2
MGFjN2UwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjEzZTA1ZWY1MWM0NjYwYjY0ZDQzYmZhYmU0Y2E1ZTM2MGY0ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMdQL0oqZTr1gH7O9kucKBnanoEZ
Tv2biHq9yv3gYWeUt+Lj/DRPPBmlzlEshjDheIxr5CeKGIKN0ycZG2OeZYxuAAAi
OD+C7enxxY+ggVLaWG3iusov7TAk24KOE4HaqSUDrB4HtYvPKxUB934HrmOiRAHy
69M6p3zqrIuFvuJomnTKMtb9/GmG3oxsCDYolw4sJ1gzukAj23keqhaS4nsXiDPj
Aws8n1HI45NPhE8hgqgrY5uv3f7vSDUBE5DViR/PUgvttGIwYkDaDtAhQ1hKBch6
tLiFJmOV/isPcxIauXT8TCMST2B953eyU9yKC3vKEHyx3/w6TBiHRhUnnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIYT4F71HEZgtk1Dv6vkyl42D05FMB8GA1UdIwQY
MBaAFKr8Qar7vMqpZxGEl0XvcipSYKx+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjct
MWJjMzFjNjI0MDFmLzEvaGhQZ1h2VWNSbUMyVFVPX3EtVEtYallQVGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjctMWJjMzFjNjI0MDFm
LzEvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUNcMA0E
AgACMAcDBQAqCXRAMA0GCSqGSIb3DQEBCwUAA4IBAQBMhfkcmbRq6LorGQrlFa2a
izjsFyh+H+Pv42Bjv2aCu7hCNM+JD5+VZANpPNnWPc2PYaXA577Q5a2o6b3t5lGf
jATx4AAU9y0zipmVTEdBCMRYq8JrAPcyD8xGzCqI0uRg9/e2Djtnw+Nd2gRp6rVM
qTbDGe+mylKb9OKEpLk52btz69kEN+I5Svn2GQ3LGg8nXpiK8Dr+6dcwcD3UMcaY
IrsFM3Y0liIJwRawuoEkHm+Gd/58XFz0ZKxfpDql/8vSqhhqOEkNjLL6cpBBVR4o
6RYpaGjQ74QSHhUAIQrT6Tf6AApW6760AuUlpK1+GEABO4ym5R/PgGzUMkgrXuUR
-----END CERTIFICATE-----