Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/HQkhRYiD0XxyUu3TfEVO3y8bhGU.roa
File:                     HQkhRYiD0XxyUu3TfEVO3y8bhGU.roa (raw, json)
Hash identifier:          aunmLPn+9zXHjk+ncsOCe86B2O/UOASQkCEqh4iRLLM=
Subject key identifier:   1D:09:21:45:88:83:D1:7C:72:52:ED:D3:7C:45:4E:DF:2F:1B:84:65
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFA8F6DD3D1385AA7306ABFC0E61C60
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/HQkhRYiD0XxyUu3TfEVO3y8bhGU.roa
Signing time:             Wed 01 Jan 2025 03:48:21 +0000
ROA not before:           Wed 01 Jan 2025 03:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        188.72.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:53:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8f:6d:d3:d1:38:5a:a7:30:6a:bf:c0:e6:1c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d0921458883d17c7252edd37c454edf2f1b8465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e9:68:dd:e8:56:f9:ee:11:7a:41:04:97:85:
                    b0:96:a6:94:2b:98:0d:a4:b8:65:8b:e0:6e:66:6c:
                    61:d1:1f:d4:46:39:4e:fa:57:a8:51:0a:1d:7b:80:
                    18:a7:41:e5:ff:68:8a:c4:39:9f:75:48:cc:15:2e:
                    21:c8:24:89:97:dd:72:92:ad:c5:85:40:f6:6a:fc:
                    93:85:8a:04:77:b9:ef:fe:e6:b8:22:df:95:8a:97:
                    9a:4f:fc:41:ef:fd:e1:09:b8:ae:88:25:a0:46:5a:
                    95:a0:f4:3b:72:1e:e4:d1:f5:dd:51:7e:cd:21:ae:
                    73:dc:98:a1:50:d0:f3:ea:a4:60:a8:06:8a:82:66:
                    d3:cd:28:53:a7:75:20:c0:09:ac:b0:e5:1a:4f:6a:
                    dc:d0:08:6f:f8:aa:2a:f7:dc:5a:2e:de:54:49:71:
                    3a:c0:70:d1:96:d6:4e:27:9f:70:0a:a3:74:84:36:
                    20:4c:82:92:57:1b:fb:f1:59:22:a5:22:98:ba:0a:
                    57:23:7e:14:bf:ea:67:78:b3:fd:74:38:b4:f9:e8:
                    6d:91:a3:08:f8:e8:b7:ed:4b:47:01:c9:68:b1:44:
                    c3:0e:ee:72:57:74:45:28:e3:2c:52:1e:90:96:17:
                    d3:a4:1b:1b:3b:32:16:9a:6d:69:ca:29:c5:92:d7:
                    0a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:09:21:45:88:83:D1:7C:72:52:ED:D3:7C:45:4E:DF:2F:1B:84:65
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/HQkhRYiD0XxyUu3TfEVO3y8bhGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:b3:0d:75:ff:9c:95:98:8d:36:f4:e0:69:a0:03:fb:c4:01:
         64:bc:22:c9:78:4c:d3:29:de:4e:1d:80:56:11:fc:cf:55:57:
         9b:b4:7c:34:de:7e:33:db:d8:98:72:69:3e:d1:d6:71:56:c5:
         2e:ae:b7:bb:44:a7:52:f1:cb:04:0a:fb:20:dc:90:ff:be:21:
         66:bc:0d:d6:c8:0e:60:8a:54:b3:46:21:ba:e3:3f:ee:83:a6:
         ea:0c:2d:83:07:8d:59:89:b8:aa:1a:fd:02:41:47:2a:ba:e8:
         7d:76:c8:3c:66:a6:c8:6d:b7:36:99:4d:b4:19:f0:d7:24:ef:
         9d:06:ec:c4:b1:28:6f:96:45:85:1e:b6:18:20:37:10:19:1a:
         10:e9:59:bd:9c:f4:5d:30:22:f1:ab:3b:ec:e5:c1:3f:b2:39:
         bb:f3:02:a7:72:6c:c3:8a:8b:25:c4:66:f2:4a:e8:89:00:db:
         32:6e:33:4e:d1:5c:0a:ce:fc:73:0e:55:fa:bf:de:3f:c8:1c:
         f6:79:43:f2:00:43:0f:54:eb:9f:13:40:91:a5:83:fa:1c:92:
         0f:7f:8f:0c:2b:3b:fd:fe:d4:67:d4:74:d8:d1:65:e1:77:9b:
         09:9e:67:05:c9:68:26:15:fb:d2:6e:fc:07:63:17:34:1e:f9:
         9e:c2:e9:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+o9t09E4Wqcwar/A5hxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDA5MjE0NTg4ODNkMTdjNzI1MmVkZDM3YzQ1NGVkZjJmMWI4NDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmelo3ehW+e4RekEEl4WwlqaUK5gN
pLhli+BuZmxh0R/URjlO+leoUQode4AYp0Hl/2iKxDmfdUjMFS4hyCSJl91ykq3F
hUD2avyThYoEd7nv/ua4It+VipeaT/xB7/3hCbiuiCWgRlqVoPQ7ch7k0fXdUX7N
Ia5z3JihUNDz6qRgqAaKgmbTzShTp3UgwAmssOUaT2rc0Ahv+Koq99xaLt5USXE6
wHDRltZOJ59wCqN0hDYgTIKSVxv78VkipSKYugpXI34Uv+pneLP9dDi0+ehtkaMI
+Oi37UtHAclosUTDDu5yV3RFKOMsUh6QlhfTpBsbOzIWmm1pyinFktcKEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0JIUWIg9F8clLt03xFTt8vG4RlMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvSFFraFJZaUQwWHh5VXUzVGZFVk8zeThiaEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvEhdMA0G
CSqGSIb3DQEBCwUAA4IBAQDFsw11/5yVmI029OBpoAP7xAFkvCLJeEzTKd5OHYBW
EfzPVVebtHw03n4z29iYcmk+0dZxVsUurre7RKdS8csECvsg3JD/viFmvA3WyA5g
ilSzRiG64z/ug6bqDC2DB41ZibiqGv0CQUcquuh9dsg8ZqbIbbc2mU20GfDXJO+d
BuzEsShvlkWFHrYYIDcQGRoQ6Vm9nPRdMCLxqzvs5cE/sjm78wKncmzDioslxGby
SuiJANsybjNO0VwKzvxzDlX6v94/yBz2eUPyAEMPVOufE0CRpYP6HJIPf48MKzv9
/tRn1HTY0WXhd5sJnmcFyWgmFfvSbvwHYxc0HvmewulJ
-----END CERTIFICATE-----