Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/HoHV6oB56OQOYjfzKdWf1W7Z3Hw.roa
File:                     HoHV6oB56OQOYjfzKdWf1W7Z3Hw.roa (raw, json)
Hash identifier:          BMsHm6BuN7OesCAA9BY5qbcyRwfR8haiuhUUXMZvdC8=
Subject key identifier:   1E:81:D5:EA:80:79:E8:E4:0E:62:37:F3:29:D5:9F:D5:6E:D9:DC:7C
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       018CCA2BB87C0494D969856323FDE7F6CF1C
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/HoHV6oB56OQOYjfzKdWf1W7Z3Hw.roa
Signing time:             Tue 02 Jan 2024 12:35:12 +0000
ROA not before:           Tue 02 Jan 2024 12:35:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200055
IP address blocks:        85.248.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:b8:7c:04:94:d9:69:85:63:23:fd:e7:f6:cf:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:35:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e81d5ea8079e8e40e6237f329d59fd56ed9dc7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:29:50:a1:4d:45:b8:68:52:40:25:d2:f2:62:
                    c0:47:1e:0b:cb:69:09:d3:bc:e4:9e:28:ed:6e:1c:
                    3a:8d:0d:23:69:59:4d:2c:51:bb:18:50:90:79:5d:
                    20:43:a8:89:93:d8:b9:29:09:4a:f2:cc:10:8a:11:
                    6f:09:48:2e:dd:05:5b:75:fd:a2:83:a7:51:29:01:
                    a1:0f:91:2b:c9:4a:d0:c6:dc:eb:f3:b0:8a:34:08:
                    60:3d:f6:17:3c:33:a3:3f:2f:cb:46:2d:f3:c5:78:
                    f5:37:0d:00:34:0f:89:a4:36:f2:37:98:35:99:31:
                    36:d6:b5:11:aa:ba:f7:bf:fa:b2:fe:d7:ed:c4:a4:
                    f3:e4:cd:1a:13:64:5d:04:18:1a:06:7a:7e:7f:d8:
                    cc:f8:3b:08:f5:88:f5:61:ee:90:13:8d:8f:f2:9d:
                    8b:ee:41:56:06:b9:e4:56:41:b6:62:e4:97:a7:ad:
                    77:08:47:62:e5:3c:c1:72:32:2a:c7:c5:d6:af:3a:
                    08:fe:76:76:cc:e6:cf:91:e8:0c:3f:d8:6d:03:5f:
                    cb:2a:1a:d7:3d:89:ca:b1:e5:20:d1:2d:69:ac:04:
                    76:06:fb:b5:bb:63:27:29:4f:de:64:c2:f0:97:d8:
                    45:6b:ef:7f:91:a3:04:a3:a3:37:c2:35:87:99:54:
                    b0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:81:D5:EA:80:79:E8:E4:0E:62:37:F3:29:D5:9F:D5:6E:D9:DC:7C
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/HoHV6oB56OQOYjfzKdWf1W7Z3Hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.248.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:cf:71:50:00:39:67:ed:7e:e1:f0:36:08:0f:49:34:6d:c8:
         33:21:55:9c:4a:14:6e:4b:94:0d:ed:2c:4d:99:32:b3:c3:bf:
         e7:2d:89:0c:17:16:af:38:ed:8c:98:3f:84:12:6b:d4:22:a0:
         d9:43:ef:97:b2:00:f8:86:40:3c:8c:6b:7b:b1:3b:7d:d1:dc:
         b3:19:8f:57:17:e1:55:87:0c:13:9f:82:63:f3:b0:30:7c:c1:
         99:89:c4:96:dc:b8:97:ef:9e:2d:d6:03:bb:1c:f7:6b:6d:3b:
         69:4a:40:fe:3f:25:77:fb:5b:91:fa:f7:f1:3f:a2:b1:9f:aa:
         cf:07:69:cc:ab:9f:83:e3:7b:82:13:c1:c5:b0:af:4b:ba:74:
         31:8f:af:9d:05:c5:5b:58:d7:c5:ea:59:2b:80:1e:bb:f0:9a:
         cc:ab:17:f0:33:f8:93:5e:87:1a:6d:6a:e1:97:59:68:87:f3:
         d6:24:4b:d3:6d:8e:90:98:0b:a1:3d:7e:a3:84:3f:1d:70:87:
         31:56:86:43:c0:f8:84:63:00:cc:3d:af:42:8b:e0:77:50:d5:
         74:50:8b:e7:e2:a1:f5:18:d9:93:5a:49:f9:97:21:a1:29:b9:
         0e:4b:6a:9c:3b:fd:25:5b:d7:fd:f7:f4:62:47:0c:12:15:22:
         18:24:be:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK7h8BJTZaYVjI/3n9s8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjQwMTAyMTIzNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTgxZDVlYTgwNzllOGU0MGU2MjM3ZjMyOWQ1OWZkNTZlZDlkYzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApClQoU1FuGhSQCXS8mLARx4Ly2kJ
07zknijtbhw6jQ0jaVlNLFG7GFCQeV0gQ6iJk9i5KQlK8swQihFvCUgu3QVbdf2i
g6dRKQGhD5EryUrQxtzr87CKNAhgPfYXPDOjPy/LRi3zxXj1Nw0ANA+JpDbyN5g1
mTE21rURqrr3v/qy/tftxKTz5M0aE2RdBBgaBnp+f9jM+DsI9Yj1Ye6QE42P8p2L
7kFWBrnkVkG2YuSXp613CEdi5TzBcjIqx8XWrzoI/nZ2zObPkegMP9htA1/LKhrX
PYnKseUg0S1prAR2Bvu1u2MnKU/eZMLwl9hFa+9/kaMEo6M3wjWHmVSw+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6B1eqAeejkDmI38ynVn9Vu2dx8MB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvSG9IVjZvQjU2T1FPWWpmektkV2YxVzdaM0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVfj5MA0G
CSqGSIb3DQEBCwUAA4IBAQBtz3FQADln7X7h8DYID0k0bcgzIVWcShRuS5QN7SxN
mTKzw7/nLYkMFxavOO2MmD+EEmvUIqDZQ++XsgD4hkA8jGt7sTt90dyzGY9XF+FV
hwwTn4Jj87AwfMGZicSW3LiX754t1gO7HPdrbTtpSkD+PyV3+1uR+vfxP6Kxn6rP
B2nMq5+D43uCE8HFsK9LunQxj6+dBcVbWNfF6lkrgB678JrMqxfwM/iTXocabWrh
l1loh/PWJEvTbY6QmAuhPX6jhD8dcIcxVoZDwPiEYwDMPa9Ci+B3UNV0UIvn4qH1
GNmTWkn5lyGhKbkOS2qcO/0lW9f99/RiRwwSFSIYJL7j
-----END CERTIFICATE-----