Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/HqPvNlx7UZiRVbk5_3PH9NhbC6A.roa
File:                     HqPvNlx7UZiRVbk5_3PH9NhbC6A.roa (raw, json)
Hash identifier:          +/Uf0WY1OyHo7LRFa5WaahOPnbyyowzO8Q8lBC3l8kM=
Subject key identifier:   1E:A3:EF:36:5C:7B:51:98:91:55:B9:39:FF:73:C7:F4:D8:5B:0B:A0
Certificate issuer:       /CN=c441738baab988b1d68693bb05e29bfbb4f0f671
Certificate serial:       0194252138805C56E67B00CC1C854640A071
Authority key identifier: C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/HqPvNlx7UZiRVbk5_3PH9NhbC6A.roa
Signing time:             Thu 02 Jan 2025 03:48:41 +0000
ROA not before:           Thu 02 Jan 2025 03:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41905
IP address blocks:        195.137.238.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:38:80:5c:56:e6:7b:00:cc:1c:85:46:40:a0:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c441738baab988b1d68693bb05e29bfbb4f0f671
        Validity
            Not Before: Jan  2 03:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ea3ef365c7b51989155b939ff73c7f4d85b0ba0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f3:8c:31:4b:b2:7e:52:c4:9f:ec:e0:a8:54:
                    71:a7:15:49:31:73:5c:34:0e:bf:a2:c4:a8:ed:f8:
                    57:84:ee:b2:45:5e:90:52:e0:53:d3:07:29:95:8f:
                    ff:f5:2b:5f:2c:b5:c3:2f:03:67:cd:44:ed:2f:82:
                    80:ac:27:96:4e:c1:a4:63:70:83:73:da:7b:86:d1:
                    e7:84:98:24:7a:49:03:c4:c6:88:7d:5e:ff:70:5e:
                    0a:69:45:88:8a:9e:fe:80:80:cc:6d:2f:ad:2f:78:
                    84:fa:f6:24:82:7d:c1:e8:a7:7d:5d:01:e9:0a:08:
                    eb:7c:98:cf:c7:66:3b:c5:96:fe:04:60:2a:83:76:
                    24:e7:35:37:91:ef:06:73:20:08:12:b5:28:f3:00:
                    77:7a:b5:ac:42:66:fb:8a:7e:6a:50:66:29:a9:f1:
                    64:55:a3:74:de:40:fe:93:3e:e6:a0:74:dc:81:ee:
                    50:38:4a:55:23:3b:13:79:d7:04:b3:bf:6e:38:6c:
                    86:6f:6c:ba:63:34:ea:ee:d5:56:55:01:e9:cb:1e:
                    a7:e7:57:b2:97:b3:f2:be:80:ed:bf:28:18:02:a8:
                    e9:58:47:3a:97:cd:65:84:db:14:42:84:e6:e0:af:
                    d7:41:9b:dd:4d:5f:b6:80:84:73:a8:c7:28:2c:41:
                    33:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A3:EF:36:5C:7B:51:98:91:55:B9:39:FF:73:C7:F4:D8:5B:0B:A0
            X509v3 Authority Key Identifier:
                keyid:C4:41:73:8B:AA:B9:88:B1:D6:86:93:BB:05:E2:9B:FB:B4:F0:F6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/HqPvNlx7UZiRVbk5_3PH9NhbC6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/f8314e-a3bc-45e9-a9f5-4c98d9a51405/1/xEFzi6q5iLHWhpO7BeKb-7Tw9nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:f5:75:06:b1:9e:cf:c1:9c:85:f0:1e:58:3a:01:c2:41:8a:
         60:f7:19:63:3d:f9:4c:68:99:78:37:91:61:20:5d:33:c4:87:
         87:ec:60:c7:73:f6:0a:7a:62:44:46:8f:a5:38:3a:30:b8:d6:
         6b:e2:58:6e:66:a5:9d:ac:42:9e:ea:e1:22:ab:14:c4:84:db:
         e5:83:23:2b:21:ce:5f:10:cd:df:f2:40:50:82:64:8c:5a:40:
         82:ce:61:94:ba:bf:b1:b1:d4:ac:09:df:c0:91:ff:6f:e9:4c:
         fd:0a:15:2e:85:ee:c7:d2:12:b7:1b:3a:b4:1a:cd:db:97:ce:
         bc:81:fe:b0:d4:22:cb:aa:19:df:d2:7a:33:42:82:9e:db:5a:
         bc:90:2d:a0:5e:92:e6:9a:79:7c:c2:29:ca:d0:69:1f:b9:e7:
         2a:bc:ca:08:6b:38:23:1a:ba:ec:41:86:d2:69:6a:23:41:a8:
         2a:a4:57:62:7a:11:fd:55:8d:5f:6f:fd:b7:84:d5:25:73:69:
         18:bb:48:7b:27:87:15:4d:51:bf:04:d9:b0:4e:47:20:4e:b9:
         3e:0f:c1:56:54:e4:d5:cb:1c:be:5c:a2:8f:5f:08:96:f2:5f:
         6d:da:c7:34:0a:fe:19:fc:9e:4c:a4:63:69:23:d7:27:7c:a1:
         50:2c:62:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlITiAXFbmewDMHIVGQKBxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NDE3MzhiYWFiOTg4YjFkNjg2OTNiYjA1ZTI5YmZiYjRm
MGY2NzEwHhcNMjUwMTAyMDM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWEzZWYzNjVjN2I1MTk4OTE1NWI5MzlmZjczYzdmNGQ4NWIwYmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPOMMUuyflLEn+zgqFRxpxVJMXNc
NA6/osSo7fhXhO6yRV6QUuBT0wcplY//9StfLLXDLwNnzUTtL4KArCeWTsGkY3CD
c9p7htHnhJgkekkDxMaIfV7/cF4KaUWIip7+gIDMbS+tL3iE+vYkgn3B6Kd9XQHp
CgjrfJjPx2Y7xZb+BGAqg3Yk5zU3ke8GcyAIErUo8wB3erWsQmb7in5qUGYpqfFk
VaN03kD+kz7moHTcge5QOEpVIzsTedcEs79uOGyGb2y6YzTq7tVWVQHpyx6n51ey
l7PyvoDtvygYAqjpWEc6l81lhNsUQoTm4K/XQZvdTV+2gIRzqMcoLEEzcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6j7zZce1GYkVW5Of9zx/TYWwugMB8GA1UdIwQY
MBaAFMRBc4uquYix1oaTuwXim/u08PZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUt
NGM5OGQ5YTUxNDA1LzEvSHFQdk5seDdVWmlSVmJrNV8zUEg5TmhiQzZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9mODMxNGUtYTNiYy00NWU5LWE5ZjUtNGM5OGQ5YTUxNDA1
LzEveEVGemk2cTVpTEhXaHBPN0JlS2ItN1R3OW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw4nuMA0G
CSqGSIb3DQEBCwUAA4IBAQAx9XUGsZ7PwZyF8B5YOgHCQYpg9xljPflMaJl4N5Fh
IF0zxIeH7GDHc/YKemJERo+lODowuNZr4lhuZqWdrEKe6uEiqxTEhNvlgyMrIc5f
EM3f8kBQgmSMWkCCzmGUur+xsdSsCd/Akf9v6Uz9ChUuhe7H0hK3Gzq0Gs3bl868
gf6w1CLLqhnf0nozQoKe21q8kC2gXpLmmnl8winK0GkfuecqvMoIazgjGrrsQYbS
aWojQagqpFdiehH9VY1fb/23hNUlc2kYu0h7J4cVTVG/BNmwTkcgTrk+D8FWVOTV
yxy+XKKPXwiW8l9t2sc0Cv4Z/J5MpGNpI9cnfKFQLGIg
-----END CERTIFICATE-----