Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/HQKTK8IX9OSL7OWf6c-Mjr6KGKU.roa
File:                     HQKTK8IX9OSL7OWf6c-Mjr6KGKU.roa (raw, json)
Hash identifier:          eulrcAEwXCYc0JEhm9epX49atadlGQKR7gDn+Gjq2/0=
Subject key identifier:   1D:02:93:2B:C2:17:F4:E4:8B:EC:E5:9F:E9:CF:8C:8E:BE:8A:18:A5
Certificate issuer:       /CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
Certificate serial:       019550C199556E28DC64C41ABCE81C6B0F8C
Authority key identifier: 81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/HQKTK8IX9OSL7OWf6c-Mjr6KGKU.roa
Signing time:             Sat 01 Mar 2025 08:10:19 +0000
ROA not before:           Sat 01 Mar 2025 08:10:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213527
IP address blocks:        45.157.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:50:c1:99:55:6e:28:dc:64:c4:1a:bc:e8:1c:6b:0f:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8133d89c06a8a1cc9dbc362201f7ec559d7fdd48
        Validity
            Not Before: Mar  1 08:10:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d02932bc217f4e48bece59fe9cf8c8ebe8a18a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:02:f0:7f:60:05:7c:3f:a0:dd:e1:05:af:2b:
                    9f:b5:31:e8:fa:d8:d8:0d:fc:23:e1:d8:2d:ac:5f:
                    57:a0:67:35:19:5d:fa:e0:31:96:38:50:49:60:d6:
                    b3:7a:a2:95:1d:fb:75:02:5e:01:3c:df:e4:51:5d:
                    5b:ba:a9:ed:8f:72:13:71:7a:da:52:29:f5:07:d0:
                    1c:31:bb:5f:9b:d2:14:9e:55:e5:16:5c:ca:e5:28:
                    40:3f:60:6c:98:61:72:7a:9d:8d:15:3e:ae:00:ef:
                    1f:90:84:d7:c8:21:c2:b0:fb:fb:c0:ff:ed:b0:4f:
                    30:cc:cc:76:95:fd:13:d6:68:5e:74:58:84:71:cd:
                    47:86:33:73:dc:fe:17:5c:d2:d7:db:f7:97:0c:7f:
                    4c:ea:cd:b5:7e:0b:dd:c8:31:db:58:27:0c:02:47:
                    e3:c4:b0:9a:4e:b6:8e:d0:4b:96:d1:0f:bc:ce:93:
                    e4:6a:e3:56:1a:3a:d2:a8:f9:20:38:80:a2:fe:a1:
                    a4:44:79:ab:d2:46:31:33:c3:58:e6:64:21:e0:15:
                    e2:bb:ec:d6:8b:be:0c:8f:b5:46:0a:7b:65:92:32:
                    e0:74:b1:07:7d:49:9f:94:97:db:51:ad:47:df:11:
                    b7:87:2c:8f:f6:76:4a:6d:bd:79:ef:37:a0:28:09:
                    2c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:02:93:2B:C2:17:F4:E4:8B:EC:E5:9F:E9:CF:8C:8E:BE:8A:18:A5
            X509v3 Authority Key Identifier:
                keyid:81:33:D8:9C:06:A8:A1:CC:9D:BC:36:22:01:F7:EC:55:9D:7F:DD:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gTPYnAaoocydvDYiAffsVZ1_3Ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/HQKTK8IX9OSL7OWf6c-Mjr6KGKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/e90ff2-6c91-4eb8-a4b1-c5febe487c40/1/gTPYnAaoocydvDYiAffsVZ1_3Ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:2b:59:2f:ac:fa:7b:80:d6:4b:fc:07:b8:3b:0a:02:8c:5c:
         85:5e:b0:e7:1f:1a:df:be:13:43:6e:04:9a:8d:b0:ba:78:a9:
         53:b0:2b:a4:53:cd:6c:58:1c:07:90:a0:ec:2c:69:c1:6a:5b:
         ae:6e:3d:a4:62:32:b2:6f:7c:c3:03:dc:61:63:09:f5:35:62:
         c3:8a:14:05:0e:9f:ac:9a:39:83:c3:d3:70:0e:14:ac:5f:df:
         3f:48:1f:72:2e:f9:fc:a1:b1:c1:b2:0f:cc:56:b2:ac:fa:9a:
         46:32:37:28:64:6d:e9:7d:25:cf:4e:af:3a:0d:17:40:5c:ab:
         fc:56:b6:67:f9:fd:34:45:bb:5c:3c:94:f3:29:e3:91:4b:ba:
         9b:5a:61:1d:f1:40:e5:1c:6a:96:88:74:58:76:04:46:bb:f6:
         06:f8:09:e5:75:d7:98:84:bd:fc:0e:ed:6b:1b:7a:b7:b6:2f:
         24:d5:3f:27:63:a0:e9:3c:11:39:26:04:f1:d1:b9:24:10:9e:
         ca:37:54:53:35:1e:3e:a1:9b:37:18:d8:c0:43:3b:8c:eb:56:
         07:d3:48:52:bd:8f:c2:5a:e4:62:33:04:e8:ab:b3:30:25:1a:
         d0:ff:7e:1c:55:01:77:ef:1a:ff:86:43:82:ff:7a:c6:e7:d3:
         25:70:3d:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVQwZlVbijcZMQavOgcaw+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxMzNkODljMDZhOGExY2M5ZGJjMzYyMjAxZjdlYzU1OWQ3
ZmRkNDgwHhcNMjUwMzAxMDgxMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDAyOTMyYmMyMTdmNGU0OGJlY2U1OWZlOWNmOGM4ZWJlOGExOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvALwf2AFfD+g3eEFryuftTHo+tjY
Dfwj4dgtrF9XoGc1GV364DGWOFBJYNazeqKVHft1Al4BPN/kUV1buqntj3ITcXra
Uin1B9AcMbtfm9IUnlXlFlzK5ShAP2BsmGFyep2NFT6uAO8fkITXyCHCsPv7wP/t
sE8wzMx2lf0T1mhedFiEcc1HhjNz3P4XXNLX2/eXDH9M6s21fgvdyDHbWCcMAkfj
xLCaTraO0EuW0Q+8zpPkauNWGjrSqPkgOICi/qGkRHmr0kYxM8NY5mQh4BXiu+zW
i74Mj7VGCntlkjLgdLEHfUmflJfbUa1H3xG3hyyP9nZKbb157zegKAksJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0CkyvCF/Tki+zln+nPjI6+ihilMB8GA1UdIwQY
MBaAFIEz2JwGqKHMnbw2IgH37FWdf91IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEt
YzVmZWJlNDg3YzQwLzEvSFFLVEs4SVg5T1NMN09XZjZjLU1qcjZLR0tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9lOTBmZjItNmM5MS00ZWI4LWE0YjEtYzVmZWJlNDg3YzQw
LzEvZ1RQWW5BYW9vY3lkdkRZaUFmZnNWWjFfM1VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0LMA0G
CSqGSIb3DQEBCwUAA4IBAQAJK1kvrPp7gNZL/Ae4OwoCjFyFXrDnHxrfvhNDbgSa
jbC6eKlTsCukU81sWBwHkKDsLGnBaluubj2kYjKyb3zDA9xhYwn1NWLDihQFDp+s
mjmDw9NwDhSsX98/SB9yLvn8obHBsg/MVrKs+ppGMjcoZG3pfSXPTq86DRdAXKv8
VrZn+f00RbtcPJTzKeORS7qbWmEd8UDlHGqWiHRYdgRGu/YG+AnlddeYhL38Du1r
G3q3ti8k1T8nY6DpPBE5JgTx0bkkEJ7KN1RTNR4+oZs3GNjAQzuM61YH00hSvY/C
WuRiMwToq7MwJRrQ/34cVQF37xr/hkOC/3rG59MlcD0X
-----END CERTIFICATE-----