Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/8d2d0a-2f70-4859-bb44-5b5078625dea/1/HOYPC_jucvsU5CdX7mlbKcsBqMs.roa
File:                     HOYPC_jucvsU5CdX7mlbKcsBqMs.roa (raw, json)
Hash identifier:          TcPzCSiJg0DdEcm/Emhjy8GjCkN/7Uu/g31US2cTTao=
Subject key identifier:   1C:E6:0F:0B:F8:EE:72:FB:14:E4:27:57:EE:69:5B:29:CB:01:A8:CB
Certificate issuer:       /CN=4f8de72e5006af6db55115e1b70932023ceecba4
Certificate serial:       01910D1411742B5BA506B4D295B144247E49
Authority key identifier: 4F:8D:E7:2E:50:06:AF:6D:B5:51:15:E1:B7:09:32:02:3C:EE:CB:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T43nLlAGr221URXhtwkyAjzuy6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/8d2d0a-2f70-4859-bb44-5b5078625dea/1/HOYPC_jucvsU5CdX7mlbKcsBqMs.roa
Signing time:             Thu 01 Aug 2024 08:35:04 +0000
ROA not before:           Thu 01 Aug 2024 08:35:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52026
IP address blocks:        109.206.96.0/19 maxlen: 24
                          109.207.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/8d2d0a-2f70-4859-bb44-5b5078625dea/1/T43nLlAGr221URXhtwkyAjzuy6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/8d2d0a-2f70-4859-bb44-5b5078625dea/1/T43nLlAGr221URXhtwkyAjzuy6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T43nLlAGr221URXhtwkyAjzuy6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0d:14:11:74:2b:5b:a5:06:b4:d2:95:b1:44:24:7e:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8de72e5006af6db55115e1b70932023ceecba4
        Validity
            Not Before: Aug  1 08:35:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ce60f0bf8ee72fb14e42757ee695b29cb01a8cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:40:65:3e:c8:83:00:f7:2f:fe:d8:93:35:0f:
                    db:a2:b6:e1:c3:6b:83:55:3d:48:2a:15:06:98:a8:
                    98:b0:a1:d7:02:6b:2f:62:97:c6:bb:80:7e:1f:f3:
                    cf:87:78:1c:5f:14:ae:1b:c1:5f:4e:77:80:26:1a:
                    8b:ae:8c:61:c1:cd:39:6f:48:fd:1e:cd:56:f9:40:
                    28:74:f1:9d:e4:bb:c3:40:9b:e5:4b:ab:6f:6f:75:
                    58:20:03:1f:7f:56:9c:4e:52:f1:a8:e2:26:59:4e:
                    1c:eb:aa:3e:cb:6d:ac:de:30:97:15:84:cf:7d:14:
                    05:67:68:7b:08:a4:f2:87:76:47:51:dd:38:b3:cb:
                    19:27:4d:cb:a9:d8:e2:7b:95:a0:93:26:28:e9:ca:
                    97:08:8d:fb:06:4b:bf:c8:a3:ad:9e:a9:60:03:2a:
                    0e:9a:19:83:a4:ff:23:46:54:87:82:44:4d:1a:cf:
                    f8:74:0f:1d:69:49:1d:d2:4a:ed:1b:c4:7f:6f:8d:
                    88:9e:50:79:4b:d6:25:0d:b0:70:14:69:47:44:08:
                    2a:ed:ad:02:72:05:bf:0b:ca:36:1b:3d:a3:38:fd:
                    ae:29:b4:f4:03:58:40:89:8e:26:55:7f:87:9c:ea:
                    7e:1b:c8:21:ae:2e:70:51:45:4c:68:8d:ef:0c:a6:
                    c0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:E6:0F:0B:F8:EE:72:FB:14:E4:27:57:EE:69:5B:29:CB:01:A8:CB
            X509v3 Authority Key Identifier:
                keyid:4F:8D:E7:2E:50:06:AF:6D:B5:51:15:E1:B7:09:32:02:3C:EE:CB:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T43nLlAGr221URXhtwkyAjzuy6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/8d2d0a-2f70-4859-bb44-5b5078625dea/1/HOYPC_jucvsU5CdX7mlbKcsBqMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/8d2d0a-2f70-4859-bb44-5b5078625dea/1/T43nLlAGr221URXhtwkyAjzuy6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.206.96.0/19
                  109.207.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7a:12:4a:88:07:8f:64:1e:96:b0:01:bf:bb:38:ea:eb:ff:f7:
         97:30:e2:0a:96:c8:b0:8a:5b:78:c7:7d:d2:64:ee:d5:24:c3:
         07:f1:c0:01:60:fa:ff:19:26:a7:7c:77:09:48:c1:78:2a:d0:
         68:90:5a:9f:28:24:50:80:4c:77:bf:c2:bf:e7:e8:88:d0:c8:
         64:f2:ce:20:1d:b7:f8:fa:e9:b8:ff:28:f8:45:a7:94:54:81:
         20:af:11:34:b4:8c:1f:92:74:f3:bb:4a:14:e3:bc:57:1f:b1:
         de:38:be:eb:a0:a6:df:16:3a:c8:b0:4c:46:8e:bd:fb:a6:08:
         15:a7:d6:5f:67:35:2c:48:93:24:08:ed:35:57:22:ef:c7:8f:
         84:db:4b:79:d4:b8:68:bc:2e:70:0f:b3:11:cb:ab:db:4e:f3:
         83:79:43:09:25:59:f1:8d:07:2a:f2:e1:3d:8b:7d:b4:a9:d8:
         41:fc:fe:10:8a:fc:72:01:af:92:97:8f:e5:cc:cf:c6:50:f3:
         fe:5f:10:d7:53:2f:18:f5:d9:d9:6c:67:27:c4:16:eb:55:c4:
         d8:40:3b:ef:02:e8:93:59:73:5a:70:05:ed:3e:b7:b1:2b:88:
         d3:d7:02:53:a7:72:e3:c0:a2:02:21:9d:33:96:6a:54:b6:9e:
         67:b5:47:f7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZENFBF0K1ulBrTSlbFEJH5JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGRlNzJlNTAwNmFmNmRiNTUxMTVlMWI3MDkzMjAyM2Nl
ZWNiYTQwHhcNMjQwODAxMDgzNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2U2MGYwYmY4ZWU3MmZiMTRlNDI3NTdlZTY5NWIyOWNiMDFhOGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEBlPsiDAPcv/tiTNQ/borbhw2uD
VT1IKhUGmKiYsKHXAmsvYpfGu4B+H/PPh3gcXxSuG8FfTneAJhqLroxhwc05b0j9
Hs1W+UAodPGd5LvDQJvlS6tvb3VYIAMff1acTlLxqOImWU4c66o+y22s3jCXFYTP
fRQFZ2h7CKTyh3ZHUd04s8sZJ03Lqdjie5WgkyYo6cqXCI37Bku/yKOtnqlgAyoO
mhmDpP8jRlSHgkRNGs/4dA8daUkd0krtG8R/b42InlB5S9YlDbBwFGlHRAgq7a0C
cgW/C8o2Gz2jOP2uKbT0A1hAiY4mVX+HnOp+G8ghri5wUUVMaI3vDKbAhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBzmDwv47nL7FOQnV+5pWynLAajLMB8GA1UdIwQY
MBaAFE+N5y5QBq9ttVEV4bcJMgI87sukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDQzbkxsQUdyMjIxVVJYaHR3a3lBanp1eTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy84ZDJkMGEtMmY3MC00ODU5LWJiNDQt
NWI1MDc4NjI1ZGVhLzEvSE9ZUENfanVjdnNVNUNkWDdtbGJLY3NCcU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy84ZDJkMGEtMmY3MC00ODU5LWJiNDQtNWI1MDc4NjI1ZGVh
LzEvVDQzbkxsQUdyMjIxVVJYaHR3a3lBanp1eTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFbc5gAwQE
bc8gMA0GCSqGSIb3DQEBCwUAA4IBAQB6EkqIB49kHpawAb+7OOrr//eXMOIKlsiw
ilt4x33SZO7VJMMH8cABYPr/GSanfHcJSMF4KtBokFqfKCRQgEx3v8K/5+iI0Mhk
8s4gHbf4+um4/yj4RaeUVIEgrxE0tIwfknTzu0oU47xXH7HeOL7roKbfFjrIsExG
jr37pggVp9ZfZzUsSJMkCO01VyLvx4+E20t51LhovC5wD7MRy6vbTvODeUMJJVnx
jQcq8uE9i320qdhB/P4QivxyAa+Sl4/lzM/GUPP+XxDXUy8Y9dnZbGcnxBbrVcTY
QDvvAuiTWXNacAXtPrexK4jT1wJTp3LjwKICIZ0zlmpUtp5ntUf3
-----END CERTIFICATE-----