Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/HZES0nqUFPHbqUzO2ackP64VgM4.roa
File:                     HZES0nqUFPHbqUzO2ackP64VgM4.roa (raw, json)
Hash identifier:          /vuyfiZXEh7HP/aqyRfj3GxKMc5vsn2VHOnF35sKukE=
Subject key identifier:   1D:91:12:D2:7A:94:14:F1:DB:A9:4C:CE:D9:A7:24:3F:AE:15:80:CE
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747E70F4C7B527258A4927231071FE2
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/HZES0nqUFPHbqUzO2ackP64VgM4.roa
Signing time:             Thu 02 Jan 2025 13:50:11 +0000
ROA not before:           Thu 02 Jan 2025 13:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31527
IP address blocks:        213.91.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e7:0f:4c:7b:52:72:58:a4:92:72:31:07:1f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d9112d27a9414f1dba94cced9a7243fae1580ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b3:b1:7a:6a:94:ff:b7:4b:e5:34:12:bf:2e:
                    65:b3:6f:8d:b5:6c:78:2b:28:e5:e6:d2:c3:83:2b:
                    ce:71:13:3c:42:c2:00:3c:2b:7a:05:62:4e:91:20:
                    a5:d7:d2:4b:7d:dc:1c:a1:8a:04:18:dd:9d:df:b5:
                    64:ab:12:ff:4b:52:cf:73:e0:67:99:12:28:e7:73:
                    c1:10:97:b7:31:2c:d4:af:0b:95:9d:95:32:fc:6f:
                    33:e8:2d:3e:f3:f0:90:a9:8d:7d:21:c6:da:ab:fc:
                    2b:df:ae:cb:6e:37:08:97:b2:ee:48:ef:3b:13:9e:
                    12:0a:03:33:8f:98:1f:1a:c6:37:b2:93:d2:61:c0:
                    86:8d:33:57:c4:84:21:fc:ac:8c:8d:58:4d:31:39:
                    d0:1e:bf:e8:85:2d:88:95:1c:70:df:01:f8:77:bb:
                    93:f0:8d:8d:b1:7f:f2:5e:00:da:8b:21:49:2c:97:
                    ad:21:3f:07:21:a6:3b:57:b0:8d:6a:4a:d4:89:54:
                    08:44:5a:cc:79:c7:9d:09:62:17:35:3a:c2:70:45:
                    b6:5e:2f:7c:47:14:5e:75:96:24:61:d5:8c:fb:84:
                    e0:0e:e6:d7:d1:38:bd:bf:8b:63:a0:8f:10:40:f6:
                    1e:c0:72:11:70:57:92:1c:0f:e7:72:9b:1f:97:7f:
                    7d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:91:12:D2:7A:94:14:F1:DB:A9:4C:CE:D9:A7:24:3F:AE:15:80:CE
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/HZES0nqUFPHbqUzO2ackP64VgM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:eb:22:78:e5:8d:8c:d2:9e:b3:33:fa:65:1b:bb:b8:c8:77:
         8c:f8:5f:ce:17:cd:ba:69:d0:48:e9:da:68:fb:f6:c4:c2:69:
         74:bc:a3:20:7b:7f:23:d4:b1:66:4a:02:08:f8:e0:14:70:1c:
         0c:97:6b:43:46:df:78:99:f9:3d:64:c0:26:ce:21:b2:15:76:
         8e:9a:d4:cd:2d:70:bc:01:33:b9:04:bf:50:24:cd:6e:b9:b5:
         99:19:ce:ce:78:c5:d9:8f:a4:0d:9c:48:92:02:9e:d9:02:ec:
         be:ed:0a:58:bf:57:de:2b:46:3c:c5:a8:35:f2:7b:85:16:35:
         18:a3:83:98:97:73:b4:56:7a:12:a2:d9:67:77:e4:27:3f:14:
         dc:bf:54:cc:3f:05:a0:16:b2:d7:9d:a0:ad:90:77:13:04:3b:
         cc:98:f0:ad:08:de:4c:5c:c9:a7:3e:9a:5e:bb:d4:8d:8b:36:
         b9:9b:a5:96:c5:06:23:cc:f7:5a:ec:76:92:2b:83:62:46:ef:
         7b:9c:38:14:24:dc:d8:c8:46:07:a1:9c:ce:8b:5f:fe:1f:88:
         c6:9f:03:fa:ff:f4:3e:96:ce:5e:ff:c2:75:60:03:70:4a:91:
         47:5b:e8:1b:8d:89:49:65:f1:00:a4:ab:79:04:3a:da:a0:b3:
         38:e8:b5:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+cPTHtSclikknIxBx/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDkxMTJkMjdhOTQxNGYxZGJhOTRjY2VkOWE3MjQzZmFlMTU4MGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrOxemqU/7dL5TQSvy5ls2+NtWx4
Kyjl5tLDgyvOcRM8QsIAPCt6BWJOkSCl19JLfdwcoYoEGN2d37VkqxL/S1LPc+Bn
mRIo53PBEJe3MSzUrwuVnZUy/G8z6C0+8/CQqY19Icbaq/wr367LbjcIl7LuSO87
E54SCgMzj5gfGsY3spPSYcCGjTNXxIQh/KyMjVhNMTnQHr/ohS2IlRxw3wH4d7uT
8I2NsX/yXgDaiyFJLJetIT8HIaY7V7CNakrUiVQIRFrMecedCWIXNTrCcEW2Xi98
RxRedZYkYdWM+4TgDubX0Ti9v4tjoI8QQPYewHIRcFeSHA/ncpsfl399gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2REtJ6lBTx26lMztmnJD+uFYDOMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvSFpFUzBucVVGUEhicVV6TzJhY2tQNjRWZ000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Vv8MA0G
CSqGSIb3DQEBCwUAA4IBAQCf6yJ45Y2M0p6zM/plG7u4yHeM+F/OF826adBI6dpo
+/bEwml0vKMge38j1LFmSgII+OAUcBwMl2tDRt94mfk9ZMAmziGyFXaOmtTNLXC8
ATO5BL9QJM1uubWZGc7OeMXZj6QNnEiSAp7ZAuy+7QpYv1feK0Y8xag18nuFFjUY
o4OYl3O0VnoSotlnd+QnPxTcv1TMPwWgFrLXnaCtkHcTBDvMmPCtCN5MXMmnPppe
u9SNiza5m6WWxQYjzPda7HaSK4NiRu97nDgUJNzYyEYHoZzOi1/+H4jGnwP6//Q+
ls5e/8J1YANwSpFHW+gbjYlJZfEApKt5BDraoLM46LWu
-----END CERTIFICATE-----