Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HWKJvUTwxG81VnwUYkuK-HThFm4.roa
File:                     HWKJvUTwxG81VnwUYkuK-HThFm4.roa (raw, json)
Hash identifier:          Y0q0IfCEnBUz6UgBIIXNIaQ6W7JoGDxNTWeJzTPF5/k=
Subject key identifier:   1D:62:89:BD:44:F0:C4:6F:35:56:7C:14:62:4B:8A:F8:74:E1:16:6E
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196DCECD76930998454FAC39A9A7B0378EA
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HWKJvUTwxG81VnwUYkuK-HThFm4.roa
Signing time:             Sat 17 May 2025 06:27:11 +0000
ROA not before:           Sat 17 May 2025 06:27:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        151.242.156.0/24 maxlen: 24
                          151.243.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 21:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:dc:ec:d7:69:30:99:84:54:fa:c3:9a:9a:7b:03:78:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 17 06:27:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d6289bd44f0c46f35567c14624b8af874e1166e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:60:e7:c3:16:55:b3:df:a2:4f:ae:a9:f1:9a:
                    fd:d5:94:21:ec:21:e2:5a:16:b0:cf:9c:f7:6a:f3:
                    48:73:b6:20:87:c9:0f:d3:09:e5:48:bb:49:2f:cd:
                    86:e2:58:62:ce:f6:89:39:64:11:d6:8b:97:65:5a:
                    a7:a9:71:2c:5c:9c:ed:79:f6:e0:ee:40:d1:e9:3f:
                    89:32:8d:5a:26:c1:db:9e:55:a0:3c:86:0e:aa:9f:
                    cb:20:8b:aa:bd:5d:92:fa:a6:9b:8a:eb:46:f4:27:
                    e7:fa:2d:da:9d:cb:b4:a0:f2:0c:76:ca:cd:0e:60:
                    1c:44:24:03:97:d0:d4:4a:2c:21:69:bb:ce:6a:80:
                    af:97:57:63:16:f1:34:23:a4:3b:ad:fa:0a:bb:ff:
                    5e:fa:93:a6:3e:7e:86:f6:fe:f3:b7:d0:f1:91:70:
                    6e:37:82:30:c9:a8:c5:88:cd:41:79:7d:ce:bc:5e:
                    1b:18:8c:d7:39:25:58:9d:f9:e8:d4:ce:ec:ff:0d:
                    da:a1:53:0c:e5:5c:a7:b4:f6:11:6b:df:b6:8f:6c:
                    ab:44:07:fc:24:9e:ca:cd:a6:f0:79:53:a7:0f:3e:
                    37:53:b9:da:01:a7:8f:05:f4:3b:23:30:ff:c1:fc:
                    ed:7e:60:13:0b:dc:c0:03:e2:bc:3a:5b:27:71:20:
                    b1:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:62:89:BD:44:F0:C4:6F:35:56:7C:14:62:4B:8A:F8:74:E1:16:6E
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HWKJvUTwxG81VnwUYkuK-HThFm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.156.0/24
                  151.243.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:7b:52:55:97:de:a1:a6:7d:70:f4:ae:5e:3e:fa:d6:cb:e5:
         fd:20:c9:f2:11:02:48:74:35:37:61:8d:eb:10:75:79:48:c5:
         f3:70:52:2c:7c:4c:15:0a:28:40:40:41:0b:7c:4c:62:57:07:
         b1:77:1a:eb:a0:ba:be:11:ed:74:f6:7a:97:7b:34:c1:f0:08:
         4e:81:8e:59:7e:68:7d:da:18:ca:e3:a1:ab:ec:5b:28:80:a1:
         95:de:d3:f1:18:93:10:bc:f5:a7:60:c0:43:fb:de:99:16:33:
         fd:fa:d0:24:7d:8a:db:72:5d:3e:43:e4:75:68:70:79:85:0b:
         e0:3b:f1:82:d5:d6:3e:1d:ea:fb:c9:78:0a:38:58:7c:15:9f:
         52:79:5a:78:7b:41:a9:0e:5c:c2:cd:a7:d2:91:56:18:24:17:
         c8:8f:cc:a9:96:88:42:a0:20:82:fc:a3:17:f6:a3:c6:eb:fc:
         20:09:72:5e:4e:95:d7:4b:1c:61:bc:bd:d7:82:b6:69:cf:d5:
         18:ee:f7:2b:78:93:ac:ff:05:a0:01:ec:a6:e8:64:b2:6c:7a:
         79:1d:82:a7:cb:4e:ee:42:9a:7e:b8:12:71:de:ab:5c:10:da:
         88:8b:86:b6:a8:ad:7c:d2:6d:c6:85:1c:f0:f4:b8:77:e7:14:
         9e:7f:78:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbc7NdpMJmEVPrDmpp7A3jqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE3MDYyNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDYyODliZDQ0ZjBjNDZmMzU1NjdjMTQ2MjRiOGFmODc0ZTExNjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/WDnwxZVs9+iT66p8Zr91ZQh7CHi
Whawz5z3avNIc7Ygh8kP0wnlSLtJL82G4lhizvaJOWQR1ouXZVqnqXEsXJztefbg
7kDR6T+JMo1aJsHbnlWgPIYOqp/LIIuqvV2S+qabiutG9Cfn+i3ancu0oPIMdsrN
DmAcRCQDl9DUSiwhabvOaoCvl1djFvE0I6Q7rfoKu/9e+pOmPn6G9v7zt9DxkXBu
N4IwyajFiM1BeX3OvF4bGIzXOSVYnfno1M7s/w3aoVMM5VyntPYRa9+2j2yrRAf8
JJ7KzabweVOnDz43U7naAaePBfQ7IzD/wfztfmATC9zAA+K8OlsncSCxyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB1iib1E8MRvNVZ8FGJLivh04RZuMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSFdLSnZVVHd4RzgxVm53VVlrdUstSFRoRm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/KcAwQB
l/M8MA0GCSqGSIb3DQEBCwUAA4IBAQBCe1JVl96hpn1w9K5ePvrWy+X9IMnyEQJI
dDU3YY3rEHV5SMXzcFIsfEwVCihAQEELfExiVwexdxrroLq+Ee109nqXezTB8AhO
gY5Zfmh92hjK46Gr7FsogKGV3tPxGJMQvPWnYMBD+96ZFjP9+tAkfYrbcl0+Q+R1
aHB5hQvgO/GC1dY+Her7yXgKOFh8FZ9SeVp4e0GpDlzCzafSkVYYJBfIj8yplohC
oCCC/KMX9qPG6/wgCXJeTpXXSxxhvL3XgrZpz9UY7vcreJOs/wWgAeym6GSybHp5
HYKny07uQpp+uBJx3qtcENqIi4a2qK180m3GhRzw9Lh35xSef3gl
-----END CERTIFICATE-----