Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/HBQ9odudt8FtC2hg2PdPFEmL6sY.roa
File:                     HBQ9odudt8FtC2hg2PdPFEmL6sY.roa (raw, json)
Hash identifier:          qLOlhGmFNavd+EfWsRToyvlmrGX+k5BkUmneKAiMnB0=
Subject key identifier:   1C:14:3D:A1:DB:9D:B7:C1:6D:0B:68:60:D8:F7:4F:14:49:8B:EA:C6
Certificate issuer:       /CN=5d4728bd1f5d136d768bf1753461c53da45746cb
Certificate serial:       019420D61E6DD5CD7D5344B0F732B0AFFBA4
Authority key identifier: 5D:47:28:BD:1F:5D:13:6D:76:8B:F1:75:34:61:C5:3D:A4:57:46:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XUcovR9dE212i_F1NGHFPaRXRss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/HBQ9odudt8FtC2hg2PdPFEmL6sY.roa
Signing time:             Wed 01 Jan 2025 07:48:10 +0000
ROA not before:           Wed 01 Jan 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57623
IP address blocks:        91.233.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/XUcovR9dE212i_F1NGHFPaRXRss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/XUcovR9dE212i_F1NGHFPaRXRss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XUcovR9dE212i_F1NGHFPaRXRss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:1e:6d:d5:cd:7d:53:44:b0:f7:32:b0:af:fb:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d4728bd1f5d136d768bf1753461c53da45746cb
        Validity
            Not Before: Jan  1 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c143da1db9db7c16d0b6860d8f74f14498beac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f6:8c:2b:26:9c:52:63:81:9e:75:0d:bb:d8:
                    33:c9:e3:e8:36:fc:cd:c8:db:2b:ee:1f:6d:8d:54:
                    c2:c5:81:77:3e:31:7a:4d:58:b0:8e:74:87:c1:6b:
                    86:d9:88:b7:39:2f:99:2a:49:a9:90:bf:46:87:31:
                    5d:91:b5:be:d5:85:aa:77:23:39:96:76:d7:48:29:
                    31:db:83:cd:31:36:52:a2:b8:0e:fd:e8:70:17:9d:
                    84:e4:f7:50:63:54:33:6e:22:f6:84:05:d9:ca:b7:
                    0f:7a:ae:17:39:fe:b4:56:0c:aa:77:ac:fd:89:6f:
                    b0:60:1f:73:02:94:0d:ee:40:1c:dc:0e:b9:bf:8f:
                    f8:7b:d1:ad:01:5a:35:22:6a:ed:3d:5e:f9:fb:4e:
                    87:67:84:06:04:e1:06:db:2e:ab:5e:47:42:41:80:
                    97:15:48:6e:c5:ba:76:0a:a6:26:ed:e0:15:a4:0c:
                    e1:ca:4a:34:b0:1f:8c:92:b2:17:ab:a8:24:fa:71:
                    01:ae:40:b7:b9:69:6c:b6:22:6d:e0:69:34:0e:a8:
                    65:4a:47:78:4b:dc:01:3b:69:2b:89:70:c5:75:2d:
                    24:6c:f8:5c:43:b2:94:7e:77:a3:48:46:e0:c2:c9:
                    40:5b:0d:e4:99:32:16:01:45:a0:ec:ef:75:bd:90:
                    d6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:14:3D:A1:DB:9D:B7:C1:6D:0B:68:60:D8:F7:4F:14:49:8B:EA:C6
            X509v3 Authority Key Identifier:
                keyid:5D:47:28:BD:1F:5D:13:6D:76:8B:F1:75:34:61:C5:3D:A4:57:46:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XUcovR9dE212i_F1NGHFPaRXRss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/HBQ9odudt8FtC2hg2PdPFEmL6sY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/dbe773-befc-4a77-b513-5e23672673d2/1/XUcovR9dE212i_F1NGHFPaRXRss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:52:fd:46:59:7f:d8:ce:d9:cc:9e:04:6b:8c:82:03:6b:60:
         e6:2b:3f:b7:d8:2e:c3:73:d8:4c:37:f7:6b:d3:1f:eb:73:9b:
         d8:76:8a:ba:ae:ff:51:b6:c2:64:66:ca:f2:4b:5f:6a:0a:fb:
         8b:19:81:26:f8:38:47:18:ca:f6:3d:8c:a9:6f:1d:f3:70:49:
         ec:4c:13:ac:d4:cc:61:40:49:27:77:57:f3:51:77:cd:db:fa:
         16:c7:9c:07:04:ea:91:30:93:5e:4c:a4:a3:c6:bf:ca:b9:a1:
         c9:34:d2:90:dd:a9:ba:97:6e:c4:4a:53:80:7c:6b:ce:78:8a:
         02:e6:c6:06:30:56:68:de:76:7c:06:9f:28:a0:3b:4e:a9:e8:
         6e:83:bf:1b:50:79:86:09:8b:e2:85:ef:79:a3:72:dd:1d:4f:
         82:ea:07:a2:fe:0b:3b:2d:f8:f6:6e:be:f3:f7:9e:db:a0:48:
         07:73:c1:04:43:c1:c1:9d:40:13:25:94:41:9a:a5:bf:a6:bf:
         a1:cd:49:1d:92:e7:9e:f0:56:f0:ff:f5:5c:0e:2c:f4:4c:f8:
         c9:a4:40:88:a6:fd:9c:20:a5:be:40:06:b9:c9:82:91:78:ab:
         b4:b1:57:0e:f0:63:8a:80:bc:4e:f3:22:9d:5b:71:d4:d6:4f:
         2e:f6:5b:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1h5t1c19U0Sw9zKwr/ukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNDcyOGJkMWY1ZDEzNmQ3NjhiZjE3NTM0NjFjNTNkYTQ1
NzQ2Y2IwHhcNMjUwMTAxMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzE0M2RhMWRiOWRiN2MxNmQwYjY4NjBkOGY3NGYxNDQ5OGJlYWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/aMKyacUmOBnnUNu9gzyePoNvzN
yNsr7h9tjVTCxYF3PjF6TViwjnSHwWuG2Yi3OS+ZKkmpkL9GhzFdkbW+1YWqdyM5
lnbXSCkx24PNMTZSorgO/ehwF52E5PdQY1QzbiL2hAXZyrcPeq4XOf60Vgyqd6z9
iW+wYB9zApQN7kAc3A65v4/4e9GtAVo1ImrtPV75+06HZ4QGBOEG2y6rXkdCQYCX
FUhuxbp2CqYm7eAVpAzhyko0sB+MkrIXq6gk+nEBrkC3uWlstiJt4Gk0DqhlSkd4
S9wBO2kriXDFdS0kbPhcQ7KUfnejSEbgwslAWw3kmTIWAUWg7O91vZDWEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwUPaHbnbfBbQtoYNj3TxRJi+rGMB8GA1UdIwQY
MBaAFF1HKL0fXRNtdovxdTRhxT2kV0bLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFVjb3ZSOWRFMjEyaV9GMU5HSEZQYVJYUnNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9kYmU3NzMtYmVmYy00YTc3LWI1MTMt
NWUyMzY3MjY3M2QyLzEvSEJROW9kdWR0OEZ0QzJoZzJQZFBGRW1MNnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9kYmU3NzMtYmVmYy00YTc3LWI1MTMtNWUyMzY3MjY3M2Qy
LzEvWFVjb3ZSOWRFMjEyaV9GMU5HSEZQYVJYUnNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+mjMA0G
CSqGSIb3DQEBCwUAA4IBAQArUv1GWX/YztnMngRrjIIDa2DmKz+32C7Dc9hMN/dr
0x/rc5vYdoq6rv9RtsJkZsryS19qCvuLGYEm+DhHGMr2PYypbx3zcEnsTBOs1Mxh
QEknd1fzUXfN2/oWx5wHBOqRMJNeTKSjxr/KuaHJNNKQ3am6l27ESlOAfGvOeIoC
5sYGMFZo3nZ8Bp8ooDtOqehug78bUHmGCYvihe95o3LdHU+C6gei/gs7Lfj2br7z
957boEgHc8EEQ8HBnUATJZRBmqW/pr+hzUkdkuee8Fbw//VcDiz0TPjJpECIpv2c
IKW+QAa5yYKReKu0sVcO8GOKgLxO8yKdW3HU1k8u9lsd
-----END CERTIFICATE-----