Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/HQ0lcv016l-GbuhDPKdpzMRiupc.roa
File:                     HQ0lcv016l-GbuhDPKdpzMRiupc.roa (raw, json)
Hash identifier:          thjhyHptsGaNiRA5wd++pewVbqEpYUIeZYigF4dF3jU=
Subject key identifier:   1D:0D:25:72:FD:35:EA:5F:86:6E:E8:43:3C:A7:69:CC:C4:62:BA:97
Certificate issuer:       /CN=241ed58e426975e299875897caff9552640d9c09
Certificate serial:       018CC8703EDFCFEACDFF9E6D428394BA5705
Authority key identifier: 24:1E:D5:8E:42:69:75:E2:99:87:58:97:CA:FF:95:52:64:0D:9C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JB7VjkJpdeKZh1iXyv-VUmQNnAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/HQ0lcv016l-GbuhDPKdpzMRiupc.roa
Signing time:             Tue 02 Jan 2024 04:30:48 +0000
ROA not before:           Tue 02 Jan 2024 04:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15826
IP address blocks:        80.247.224.0/20 maxlen: 20
                          185.20.84.0/22 maxlen: 22
                          2a00:1a60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/JB7VjkJpdeKZh1iXyv-VUmQNnAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/JB7VjkJpdeKZh1iXyv-VUmQNnAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JB7VjkJpdeKZh1iXyv-VUmQNnAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:3e:df:cf:ea:cd:ff:9e:6d:42:83:94:ba:57:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=241ed58e426975e299875897caff9552640d9c09
        Validity
            Not Before: Jan  2 04:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d0d2572fd35ea5f866ee8433ca769ccc462ba97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b8:58:2b:58:9b:30:ce:04:2b:fb:c2:da:d3:
                    9a:30:bf:90:42:4d:54:41:41:e3:bf:f0:9c:4c:89:
                    9f:ca:f6:c4:fe:ef:5f:c1:f2:94:9a:60:14:85:57:
                    6c:c1:60:06:de:e9:1d:59:18:31:78:86:22:95:ff:
                    93:86:ea:e1:91:70:23:f0:60:e0:d9:3c:58:6a:05:
                    4a:9a:da:84:92:3e:ba:cc:40:d3:77:83:cc:2e:b1:
                    a2:3e:d7:93:08:e5:f8:a8:ea:32:b8:17:eb:9f:51:
                    64:83:b5:4a:2d:52:3d:dd:b1:78:28:cb:d6:e6:0d:
                    2e:56:b5:0a:b5:e0:45:69:86:4d:ec:e8:a7:a5:0b:
                    43:bc:61:13:f3:79:e2:3e:ba:93:16:6b:5f:8d:cd:
                    03:4f:3f:5e:88:28:df:a8:10:75:d0:7e:47:12:7f:
                    a7:5f:c3:a6:6d:0f:e7:bb:36:b3:d1:94:ec:d0:4a:
                    a4:23:04:7a:5d:8f:03:8c:4f:32:d5:51:e3:dd:c5:
                    3a:20:bc:da:2e:50:b3:b6:40:cf:4a:14:0b:0d:4b:
                    f8:8d:db:32:14:74:d2:f0:b7:2a:66:96:a2:79:c2:
                    cb:ad:c7:62:9f:9d:ca:a3:92:46:55:3f:ac:ad:ef:
                    9e:b4:18:19:e8:4b:29:07:00:f9:53:f3:8a:a2:ec:
                    16:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0D:25:72:FD:35:EA:5F:86:6E:E8:43:3C:A7:69:CC:C4:62:BA:97
            X509v3 Authority Key Identifier:
                keyid:24:1E:D5:8E:42:69:75:E2:99:87:58:97:CA:FF:95:52:64:0D:9C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JB7VjkJpdeKZh1iXyv-VUmQNnAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/HQ0lcv016l-GbuhDPKdpzMRiupc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f5dc62-be68-4663-84de-5545b8901438/1/JB7VjkJpdeKZh1iXyv-VUmQNnAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.224.0/20
                  185.20.84.0/22
                IPv6:
                  2a00:1a60::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:1c:70:10:4a:6f:59:96:c7:da:13:12:bf:0e:46:b6:4f:45:
         95:f0:5a:b0:0d:d4:d1:fb:dc:5b:7a:7a:46:ba:22:24:e0:7c:
         7c:e0:de:34:cf:b7:a6:36:b3:b7:60:a7:be:47:08:bb:bc:03:
         e6:0f:89:bc:04:8a:d3:5d:60:7f:ae:c7:1a:cc:13:73:f5:79:
         6e:7f:0b:ff:21:16:16:eb:af:ec:3e:b5:14:0a:a0:93:f0:61:
         9c:72:6a:dc:b7:7d:b4:24:98:aa:f8:be:5f:8f:4c:89:ed:6b:
         cf:95:96:91:87:76:6c:b3:7e:b3:28:a0:7f:5f:1d:9a:32:63:
         20:82:69:26:2b:fe:c5:0b:10:03:3b:04:1d:90:9a:d9:69:b4:
         93:fd:c4:f4:3b:fd:73:14:64:56:ab:ed:e5:b4:b4:4a:66:fd:
         8d:18:48:09:e5:56:20:b3:ff:21:b4:8c:bc:1a:9b:10:20:43:
         47:fb:e0:8f:42:39:a1:a4:9b:f9:7f:c5:57:1c:68:d1:79:7d:
         6c:0c:ba:77:18:bc:79:db:e8:26:21:11:8c:4d:d1:06:05:0b:
         40:f5:21:2b:d9:9e:89:09:9f:e7:27:d3:1b:a1:20:cc:34:25:
         46:93:15:27:0e:b5:b6:a7:a8:34:ed:da:12:69:b6:76:07:79:
         6e:b1:52:4e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIcD7fz+rN/55tQoOUulcFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MWVkNThlNDI2OTc1ZTI5OTg3NTg5N2NhZmY5NTUyNjQw
ZDljMDkwHhcNMjQwMTAyMDQzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDBkMjU3MmZkMzVlYTVmODY2ZWU4NDMzY2E3NjljY2M0NjJiYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7hYK1ibMM4EK/vC2tOaML+QQk1U
QUHjv/CcTImfyvbE/u9fwfKUmmAUhVdswWAG3ukdWRgxeIYilf+ThurhkXAj8GDg
2TxYagVKmtqEkj66zEDTd4PMLrGiPteTCOX4qOoyuBfrn1Fkg7VKLVI93bF4KMvW
5g0uVrUKteBFaYZN7OinpQtDvGET83niPrqTFmtfjc0DTz9eiCjfqBB10H5HEn+n
X8OmbQ/nuzaz0ZTs0EqkIwR6XY8DjE8y1VHj3cU6ILzaLlCztkDPShQLDUv4jdsy
FHTS8LcqZpaiecLLrcdin53Ko5JGVT+sre+etBgZ6EspBwD5U/OKouwWvwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB0NJXL9Nepfhm7oQzynaczEYrqXMB8GA1UdIwQY
MBaAFCQe1Y5CaXXimYdYl8r/lVJkDZwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkI3VmprSnBkZUtaaDFpWHl2LVZVbVFObkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mNWRjNjItYmU2OC00NjYzLTg0ZGUt
NTU0NWI4OTAxNDM4LzEvSFEwbGN2MDE2bC1HYnVoRFBLZHB6TVJpdXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mNWRjNjItYmU2OC00NjYzLTg0ZGUtNTU0NWI4OTAxNDM4
LzEvSkI3VmprSnBkZUtaaDFpWHl2LVZVbVFObkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUPfgAwQC
uRRUMA0EAgACMAcDBQAqABpgMA0GCSqGSIb3DQEBCwUAA4IBAQCrHHAQSm9Zlsfa
ExK/Dka2T0WV8FqwDdTR+9xbenpGuiIk4Hx84N40z7emNrO3YKe+Rwi7vAPmD4m8
BIrTXWB/rscazBNz9Xlufwv/IRYW66/sPrUUCqCT8GGccmrct320JJiq+L5fj0yJ
7WvPlZaRh3Zss36zKKB/Xx2aMmMggmkmK/7FCxADOwQdkJrZabST/cT0O/1zFGRW
q+3ltLRKZv2NGEgJ5VYgs/8htIy8GpsQIENH++CPQjmhpJv5f8VXHGjReX1sDLp3
GLx52+gmIRGMTdEGBQtA9SEr2Z6JCZ/nJ9MboSDMNCVGkxUnDrW2p6g07doSabZ2
B3lusVJO
-----END CERTIFICATE-----