Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HdV-1qqDFUqAEARLzWvGIDu7p3w.roa
File:                     HdV-1qqDFUqAEARLzWvGIDu7p3w.roa (raw, json)
Hash identifier:          oxMCVKMdra3dwkvFvrCJlIzXTpLpoX+32LNW/mNBCq8=
Subject key identifier:   1D:D5:7E:D6:AA:83:15:4A:80:10:04:4B:CD:6B:C6:20:3B:BB:A7:7C
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0194D08296A40832C1D0BBBDC4F6B0A21BAC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HdV-1qqDFUqAEARLzWvGIDu7p3w.roa
Signing time:             Tue 04 Feb 2025 10:30:06 +0000
ROA not before:           Tue 04 Feb 2025 10:30:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8881
IP address blocks:        151.243.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d0:82:96:a4:08:32:c1:d0:bb:bd:c4:f6:b0:a2:1b:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Feb  4 10:30:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dd57ed6aa83154a8010044bcd6bc6203bbba77c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:7c:bf:75:50:6d:32:3a:28:97:9b:5c:d5:3b:
                    8f:00:19:bb:74:1d:c5:c2:99:3a:d4:e1:ae:12:25:
                    23:7d:1c:6b:9f:27:b7:27:3c:bb:94:d8:0e:c4:1f:
                    16:4c:b1:b2:fd:e7:df:c3:79:e8:b8:bb:0b:04:69:
                    1a:a5:ce:5b:4b:4f:27:ae:63:4c:64:2c:fd:70:75:
                    36:83:ae:f5:6a:fe:94:22:dd:82:9b:d3:82:1e:4b:
                    36:c6:09:b3:29:3a:b1:fe:d0:3c:e0:79:fb:d8:12:
                    59:48:b3:12:2e:23:7d:28:74:ec:28:b1:b8:a0:82:
                    87:a8:ac:1f:ac:33:c3:e6:b8:fe:b8:f0:0f:16:cb:
                    d4:cc:ca:ae:8b:bd:b3:5f:98:b5:c2:75:98:e5:c8:
                    95:43:90:c4:0c:a5:7f:9c:cb:ce:36:1a:8e:e9:5e:
                    8e:a1:32:93:b2:85:28:56:94:ca:d9:76:4c:31:0b:
                    2d:d5:2b:be:3f:4a:75:13:56:6d:2a:5d:aa:95:61:
                    df:4c:dc:c6:71:9f:dd:8e:4f:8c:d1:89:2d:0c:be:
                    37:90:1a:97:12:70:6a:9d:b5:ae:fe:98:0e:0a:1a:
                    86:e1:9b:4e:6a:1b:b4:d3:6a:3d:b0:e7:81:a8:08:
                    97:b8:31:c5:9c:83:37:70:11:2e:ba:c5:55:02:91:
                    eb:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D5:7E:D6:AA:83:15:4A:80:10:04:4B:CD:6B:C6:20:3B:BB:A7:7C
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/HdV-1qqDFUqAEARLzWvGIDu7p3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.243.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:da:e3:04:18:79:e2:34:c1:be:46:9b:cf:ca:2c:66:0c:23:
         93:75:a2:ba:45:88:be:40:dc:be:bb:15:a7:74:30:c1:3f:ac:
         ce:c9:a1:5f:7f:47:f0:38:18:fd:fb:bb:6f:63:1b:01:fd:e2:
         e8:6e:4d:fd:da:ba:c0:84:82:a1:4b:73:8f:69:e2:7c:36:1b:
         c5:17:8b:c0:fc:21:04:62:28:23:7e:5d:3b:ca:7c:fb:7c:64:
         a5:19:35:74:15:9e:c7:df:99:f3:e6:02:6d:5b:b5:3e:cc:21:
         f7:d0:f7:28:2f:ed:3d:d6:d2:86:17:05:99:39:57:60:6f:1c:
         9a:4e:86:fc:79:d9:a1:fa:39:3d:9b:3a:27:7e:51:d3:58:4d:
         b9:2b:15:50:eb:74:a7:4f:97:67:75:e6:f9:b1:7e:1d:d4:97:
         c4:c9:15:c8:fb:3d:5f:7b:53:8f:23:2b:46:16:53:3b:dc:6a:
         7f:bf:0d:cd:b6:fa:01:65:19:54:4f:17:a2:6e:53:2f:d1:8d:
         82:cc:63:0f:c5:8a:5b:43:5a:f9:eb:47:7f:a5:c9:41:db:57:
         5e:1b:c9:c0:2f:f9:2f:19:f3:65:3f:c8:a7:9d:1f:03:6b:81:
         55:8f:96:ab:2b:79:3d:ef:2b:24:d9:db:0e:09:8c:1d:17:c9:
         f9:da:dd:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTQgpakCDLB0Lu9xPawohusMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjA0MTAzMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQ1N2VkNmFhODMxNTRhODAxMDA0NGJjZDZiYzYyMDNiYmJhNzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHy/dVBtMjool5tc1TuPABm7dB3F
wpk61OGuEiUjfRxrnye3Jzy7lNgOxB8WTLGy/effw3nouLsLBGkapc5bS08nrmNM
ZCz9cHU2g671av6UIt2Cm9OCHks2xgmzKTqx/tA84Hn72BJZSLMSLiN9KHTsKLG4
oIKHqKwfrDPD5rj+uPAPFsvUzMqui72zX5i1wnWY5ciVQ5DEDKV/nMvONhqO6V6O
oTKTsoUoVpTK2XZMMQst1Su+P0p1E1ZtKl2qlWHfTNzGcZ/djk+M0YktDL43kBqX
EnBqnbWu/pgOChqG4ZtOahu002o9sOeBqAiXuDHFnIM3cBEuusVVApHrGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3VftaqgxVKgBAES81rxiA7u6d8MB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSGRWLTFxcURGVXFBRUFSTHpXdkdJRHU3cDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/NfMA0G
CSqGSIb3DQEBCwUAA4IBAQBH2uMEGHniNMG+RpvPyixmDCOTdaK6RYi+QNy+uxWn
dDDBP6zOyaFff0fwOBj9+7tvYxsB/eLobk392rrAhIKhS3OPaeJ8NhvFF4vA/CEE
Yigjfl07ynz7fGSlGTV0FZ7H35nz5gJtW7U+zCH30PcoL+091tKGFwWZOVdgbxya
Tob8edmh+jk9mzonflHTWE25KxVQ63SnT5dndeb5sX4d1JfEyRXI+z1fe1OPIytG
FlM73Gp/vw3NtvoBZRlUTxeiblMv0Y2CzGMPxYpbQ1r560d/pclB21deG8nAL/kv
GfNlP8innR8Da4FVj5arK3k97ysk2dsOCYwdF8n52t1l
-----END CERTIFICATE-----