Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HJbfnmVXUIzFAaPysffua9sO6bM.roa
File:                     HJbfnmVXUIzFAaPysffua9sO6bM.roa (raw, json)
Hash identifier:          s1zYVIXlcjt0c/VAQX6feReeqo382d47NT573+8ERPc=
Subject key identifier:   1C:96:DF:9E:65:57:50:8C:C5:01:A3:F2:B1:F7:EE:6B:DB:0E:E9:B3
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       01941FFA095FC0E589F80077A8497BEE5A65
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HJbfnmVXUIzFAaPysffua9sO6bM.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        91.239.62.0/24 maxlen: 24
                          185.138.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:09:5f:c0:e5:89:f8:00:77:a8:49:7b:ee:5a:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c96df9e6557508cc501a3f2b1f7ee6bdb0ee9b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:58:34:91:ba:22:8d:dc:c3:91:54:20:5a:90:
                    17:25:b0:00:66:35:d7:8b:a0:09:74:a1:76:b2:9c:
                    01:81:43:bf:80:86:c4:7f:f9:4f:bc:c6:d4:a7:cd:
                    c3:dd:c6:0f:a0:85:b7:2e:8a:28:50:05:0b:3a:db:
                    4f:6b:03:03:c8:3e:2e:cf:e0:0a:98:80:6d:7e:b6:
                    50:3f:fa:26:4d:14:43:0a:a6:b0:b9:97:09:e2:4d:
                    8f:cc:3c:75:7e:43:19:d5:a6:95:a1:ad:ad:01:31:
                    34:96:c9:fa:77:1f:82:6e:37:e8:3c:71:d9:13:3f:
                    95:a4:a5:e5:77:fc:d5:c4:e8:f0:5e:ac:09:b9:ab:
                    bd:43:33:53:b3:b8:85:61:75:79:31:18:6d:f8:42:
                    eb:d4:5c:7e:3f:52:f1:69:8b:30:df:fc:6f:69:f1:
                    24:5e:bb:e9:56:34:cb:e6:bf:07:9a:25:ee:54:e6:
                    e2:af:48:f5:ca:41:fd:b3:28:aa:73:0e:9b:3c:06:
                    00:81:50:86:bd:f5:44:11:b1:6d:33:a8:41:dd:86:
                    fd:0f:c8:c4:35:31:af:d0:bd:58:52:a1:bf:e2:42:
                    46:49:4e:1f:07:0f:40:f7:1c:7d:c4:2c:c9:ad:e8:
                    dc:1b:d5:91:70:67:a1:df:95:aa:a7:53:61:20:f3:
                    9b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:96:DF:9E:65:57:50:8C:C5:01:A3:F2:B1:F7:EE:6B:DB:0E:E9:B3
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HJbfnmVXUIzFAaPysffua9sO6bM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.62.0/24
                  185.138.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:cc:54:34:85:fa:17:15:2b:e8:e9:9a:81:34:d6:0f:27:b4:
         82:15:ff:ed:a0:9c:71:7b:13:25:80:89:65:da:0a:a8:b5:76:
         c0:aa:c7:33:56:8f:b6:58:a3:66:25:6c:7f:74:69:e1:8a:7d:
         97:78:45:19:a4:db:01:19:06:36:95:cd:5e:ea:ce:a7:0a:8f:
         82:be:f1:f1:18:d5:b9:3d:03:24:3f:36:50:18:d6:9d:45:f4:
         ca:0e:c8:19:c5:a0:bf:14:af:8e:80:fa:ec:2d:21:23:9d:dc:
         d0:a4:c5:f5:f4:1b:2c:7c:48:af:89:13:d7:01:21:4b:1e:04:
         9a:e7:48:76:3e:db:1f:ef:9d:af:9a:f4:9f:15:1d:c8:bd:43:
         d3:fc:45:38:b0:9f:ba:5c:48:84:de:af:e3:97:40:b7:77:46:
         4e:38:51:ac:c4:b5:2a:7c:c6:89:e1:c0:38:8f:19:54:2a:06:
         1e:91:ba:52:91:25:11:96:3e:a6:5f:d8:b6:b0:81:3d:f1:9f:
         c9:67:9f:a9:5f:68:68:81:58:ba:0a:b8:41:9b:c0:05:b7:ee:
         69:31:fc:53:d4:e1:c6:bd:e8:90:cc:3f:3d:7d:50:cc:82:9e:
         df:ff:30:bc:39:25:e3:f0:9c:65:a9:87:c2:a6:15:de:9b:e0:
         a4:8e:44:bb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+glfwOWJ+AB3qEl77lplMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzk2ZGY5ZTY1NTc1MDhjYzUwMWEzZjJiMWY3ZWU2YmRiMGVlOWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlg0kboijdzDkVQgWpAXJbAAZjXX
i6AJdKF2spwBgUO/gIbEf/lPvMbUp83D3cYPoIW3LoooUAULOttPawMDyD4uz+AK
mIBtfrZQP/omTRRDCqawuZcJ4k2PzDx1fkMZ1aaVoa2tATE0lsn6dx+CbjfoPHHZ
Ez+VpKXld/zVxOjwXqwJuau9QzNTs7iFYXV5MRht+ELr1Fx+P1LxaYsw3/xvafEk
XrvpVjTL5r8HmiXuVObir0j1ykH9syiqcw6bPAYAgVCGvfVEEbFtM6hB3Yb9D8jE
NTGv0L1YUqG/4kJGSU4fBw9A9xx9xCzJrejcG9WRcGeh35Wqp1NhIPOb+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFByW355lV1CMxQGj8rH37mvbDumzMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvSEpiZm5tVlhVSXpGQWFQeXNmZnVhOXNPNmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+8+AwQA
uYrpMA0GCSqGSIb3DQEBCwUAA4IBAQARzFQ0hfoXFSvo6ZqBNNYPJ7SCFf/toJxx
exMlgIll2gqotXbAqsczVo+2WKNmJWx/dGnhin2XeEUZpNsBGQY2lc1e6s6nCo+C
vvHxGNW5PQMkPzZQGNadRfTKDsgZxaC/FK+OgPrsLSEjndzQpMX19BssfEiviRPX
ASFLHgSa50h2Ptsf752vmvSfFR3IvUPT/EU4sJ+6XEiE3q/jl0C3d0ZOOFGsxLUq
fMaJ4cA4jxlUKgYekbpSkSURlj6mX9i2sIE98Z/JZ5+pX2hogVi6CrhBm8AFt+5p
MfxT1OHGveiQzD89fVDMgp7f/zC8OSXj8JxlqYfCphXem+CkjkS7
-----END CERTIFICATE-----