Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/dhxjZXga5HQ-Nlop2lX4sWTaXFY.roa
File:                     dhxjZXga5HQ-Nlop2lX4sWTaXFY.roa (raw, json)
Hash identifier:          m6vwqkglds4xxYLdp1RbIIfeBbsIchd3ZYd3C/wnz4Q=
Subject key identifier:   76:1C:63:65:78:1A:E4:74:3E:36:5A:29:DA:55:F8:B1:64:DA:5C:56
Certificate issuer:       /CN=1d15000772b3c3fa2bbd7727d3d389391a14633e
Certificate serial:       019299B21231FEBA8A69EE4328D41559BEA4
Authority key identifier: 1D:15:00:07:72:B3:C3:FA:2B:BD:77:27:D3:D3:89:39:1A:14:63:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/dhxjZXga5HQ-Nlop2lX4sWTaXFY.roa
Signing time:             Thu 17 Oct 2024 08:57:17 +0000
ROA not before:           Thu 17 Oct 2024 08:57:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5483
IP address blocks:        185.224.44.0/23 maxlen: 23
                          2a14:6940::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:b2:12:31:fe:ba:8a:69:ee:43:28:d4:15:59:be:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d15000772b3c3fa2bbd7727d3d389391a14633e
        Validity
            Not Before: Oct 17 08:57:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=761c6365781ae4743e365a29da55f8b164da5c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8b:3a:21:75:bf:76:56:9a:58:9c:1a:4c:e9:
                    f9:1e:17:57:8a:03:20:a6:f1:57:5b:43:a6:a7:2d:
                    7a:e2:f6:2f:35:13:b0:5f:32:3f:34:12:15:dd:6a:
                    38:ea:51:54:6f:11:a5:1f:ae:3f:b2:9c:96:d2:54:
                    52:13:24:44:0b:25:54:66:97:94:09:a7:9b:5a:70:
                    38:4d:e3:80:75:be:82:e8:ee:09:3a:b8:d6:3c:07:
                    d7:81:7d:b6:89:87:82:dc:dc:33:f5:f5:d1:c0:bd:
                    b8:00:4f:06:75:0c:ff:7b:fb:86:f4:8f:34:d5:06:
                    c2:44:d9:45:9a:14:ff:e2:ee:ef:2b:37:1d:6e:fe:
                    fb:d9:98:45:12:bc:3b:13:a9:7c:a7:24:76:3e:1b:
                    b6:e8:cd:ff:2f:90:c6:fe:18:a2:ec:0a:4b:b3:3c:
                    ae:c2:31:14:72:a3:9c:b7:12:2b:2d:2f:71:27:61:
                    2d:67:5d:74:97:32:a5:6a:e2:1c:b3:6c:be:c3:34:
                    e1:0d:7f:48:cf:16:79:a6:67:3c:45:77:38:e8:2b:
                    b6:e4:61:02:d7:b4:3b:95:33:81:f1:6f:25:2f:f3:
                    e7:69:65:1f:e4:04:6b:58:00:62:74:78:cc:3c:ba:
                    1d:b2:32:38:03:d9:03:b6:09:c9:32:4f:0c:25:d7:
                    ce:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1C:63:65:78:1A:E4:74:3E:36:5A:29:DA:55:F8:B1:64:DA:5C:56
            X509v3 Authority Key Identifier:
                keyid:1D:15:00:07:72:B3:C3:FA:2B:BD:77:27:D3:D3:89:39:1A:14:63:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRUAB3Kzw_orvXcn09OJORoUYz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/dhxjZXga5HQ-Nlop2lX4sWTaXFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/cd6478-cef6-4a70-b488-b2129fb4ca5a/1/HRUAB3Kzw_orvXcn09OJORoUYz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.44.0/23
                IPv6:
                  2a14:6940::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:4b:b6:00:a3:14:a1:69:78:ed:46:21:30:e3:9e:c4:be:0c:
         83:e1:cb:9e:bc:6b:74:86:6b:68:86:22:35:ab:9c:eb:0f:0a:
         20:fc:50:7d:a9:1a:9b:0d:46:ae:02:af:be:d9:30:76:eb:2b:
         b0:d9:3d:15:79:1c:bb:60:ca:4e:ea:9f:7e:e1:12:5f:5d:55:
         58:84:da:8a:66:b5:0b:45:11:8a:cd:63:44:b1:e7:b2:0f:8a:
         4e:a5:dd:cf:4e:9f:6a:c1:09:90:60:ea:20:54:8e:3b:eb:8d:
         1e:f0:db:f4:ac:6d:97:bb:5b:c9:a0:d0:62:e7:04:b9:e5:41:
         14:69:e3:a7:26:d8:2f:22:a4:2c:ea:26:84:7d:05:6d:d5:e3:
         99:12:db:85:a9:bd:d3:5e:a1:74:31:bb:f7:89:fc:40:e0:3c:
         35:c6:fa:40:3b:44:62:e9:3d:e4:41:8c:f4:b0:99:dd:09:b4:
         53:e1:ed:1c:a5:32:9e:f8:51:76:2d:cc:e1:4f:b0:ff:e8:be:
         13:67:29:a8:91:95:a4:22:d7:14:16:d9:80:7b:22:31:f4:04:
         3c:8b:26:61:e3:97:35:c4:75:5f:c6:5b:24:aa:38:92:aa:4a:
         c6:1b:61:ae:5f:b6:e5:97:76:5c:a1:70:75:c5:7d:05:87:81:
         49:6a:09:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZKZshIx/rqKae5DKNQVWb6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTUwMDA3NzJiM2MzZmEyYmJkNzcyN2QzZDM4OTM5MWEx
NDYzM2UwHhcNMjQxMDE3MDg1NzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFjNjM2NTc4MWFlNDc0M2UzNjVhMjlkYTU1ZjhiMTY0ZGE1YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIs6IXW/dlaaWJwaTOn5HhdXigMg
pvFXW0Ompy164vYvNROwXzI/NBIV3Wo46lFUbxGlH64/spyW0lRSEyRECyVUZpeU
CaebWnA4TeOAdb6C6O4JOrjWPAfXgX22iYeC3Nwz9fXRwL24AE8GdQz/e/uG9I80
1QbCRNlFmhT/4u7vKzcdbv772ZhFErw7E6l8pyR2Phu26M3/L5DG/hii7ApLszyu
wjEUcqOctxIrLS9xJ2EtZ110lzKlauIcs2y+wzThDX9IzxZ5pmc8RXc46Cu25GEC
17Q7lTOB8W8lL/PnaWUf5ARrWABidHjMPLodsjI4A9kDtgnJMk8MJdfOWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHYcY2V4GuR0PjZaKdpV+LFk2lxWMB8GA1UdIwQY
MBaAFB0VAAdys8P6K713J9PTiTkaFGM+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJVQUIzS3p3X29ydlhjbjA5T0pPUm9VWXo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9jZDY0NzgtY2VmNi00YTcwLWI0ODgt
YjIxMjlmYjRjYTVhLzEvZGh4alpYZ2E1SFEtTmxvcDJsWDRzV1RhWEZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9jZDY0NzgtY2VmNi00YTcwLWI0ODgtYjIxMjlmYjRjYTVh
LzEvSFJVQUIzS3p3X29ydlhjbjA5T0pPUm9VWXo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBueAsMA0E
AgACMAcDBQAqFGlAMA0GCSqGSIb3DQEBCwUAA4IBAQAcS7YAoxShaXjtRiEw457E
vgyD4cuevGt0hmtohiI1q5zrDwog/FB9qRqbDUauAq++2TB26yuw2T0VeRy7YMpO
6p9+4RJfXVVYhNqKZrULRRGKzWNEseeyD4pOpd3PTp9qwQmQYOogVI47640e8Nv0
rG2Xu1vJoNBi5wS55UEUaeOnJtgvIqQs6iaEfQVt1eOZEtuFqb3TXqF0Mbv3ifxA
4Dw1xvpAO0Ri6T3kQYz0sJndCbRT4e0cpTKe+FF2LczhT7D/6L4TZymokZWkItcU
FtmAeyIx9AQ8iyZh45c1xHVfxlskqjiSqkrGG2GuX7bll3ZcoXB1xX0Fh4FJagkH
-----END CERTIFICATE-----