Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8e1b5d-77b5-43b6-9f0a-3e171bd5efc3/1/HxP0p-FaT4vxGhomxvuRmWYB788.roa
File:                     HxP0p-FaT4vxGhomxvuRmWYB788.roa (raw, json)
Hash identifier:          F6iZh+wJSfrbzlHzCqzaLbWcjR9R/AJVXsvelepyJI0=
Subject key identifier:   1F:13:F4:A7:E1:5A:4F:8B:F1:1A:1A:26:C6:FB:91:99:66:01:EF:CF
Certificate issuer:       /CN=8007a958e6b3dfd78da350b103d3b9027e0fe3f0
Certificate serial:       019422FBD299361E7F8BB470BD7A1BBF592D
Authority key identifier: 80:07:A9:58:E6:B3:DF:D7:8D:A3:50:B1:03:D3:B9:02:7E:0F:E3:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gAepWOaz39eNo1CxA9O5An4P4_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8e1b5d-77b5-43b6-9f0a-3e171bd5efc3/1/HxP0p-FaT4vxGhomxvuRmWYB788.roa
Signing time:             Wed 01 Jan 2025 17:48:36 +0000
ROA not before:           Wed 01 Jan 2025 17:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60345
IP address blocks:        46.18.110.0/24 maxlen: 24
                          91.228.135.0/24 maxlen: 24
                          2a11:8f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8e1b5d-77b5-43b6-9f0a-3e171bd5efc3/1/gAepWOaz39eNo1CxA9O5An4P4_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8e1b5d-77b5-43b6-9f0a-3e171bd5efc3/1/gAepWOaz39eNo1CxA9O5An4P4_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gAepWOaz39eNo1CxA9O5An4P4_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d2:99:36:1e:7f:8b:b4:70:bd:7a:1b:bf:59:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8007a958e6b3dfd78da350b103d3b9027e0fe3f0
        Validity
            Not Before: Jan  1 17:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f13f4a7e15a4f8bf11a1a26c6fb91996601efcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:22:00:fc:c1:cf:44:d9:3a:c9:dd:af:87:58:
                    27:57:45:97:17:48:71:fa:ea:36:cc:a3:ae:6c:ff:
                    00:0d:b9:7a:9d:9c:78:54:e5:b4:48:2a:69:07:af:
                    d0:97:88:8b:40:10:24:e4:00:d8:5f:6c:c1:c9:82:
                    de:b7:39:ee:a1:b5:7f:69:20:c9:c2:35:5d:ad:eb:
                    63:82:65:26:87:b2:a4:1f:c3:c2:24:88:53:c4:95:
                    de:90:5b:a5:b0:08:8d:a0:d4:97:d7:ac:1f:7f:5e:
                    64:ff:b1:6d:53:43:2c:0f:10:e1:9f:52:90:7a:09:
                    2d:89:28:39:81:e8:39:2c:99:8c:8a:76:4c:02:df:
                    aa:1f:5e:ba:bd:db:0e:8f:51:f0:30:ee:83:e5:dd:
                    f7:3f:11:83:82:99:86:b2:bc:ff:17:64:ae:8b:de:
                    54:0a:97:00:30:d0:44:fc:fb:d4:e7:6a:64:ad:fd:
                    3a:d2:d0:fe:ec:f5:01:11:b1:b7:eb:e3:71:15:5e:
                    c0:7c:c2:02:52:f4:98:71:36:87:59:1d:a9:17:6f:
                    83:64:28:7a:18:f6:c9:d1:6c:cf:2d:d5:56:ae:9b:
                    10:3c:b3:64:c2:65:d9:ee:af:ee:bc:29:04:e7:ac:
                    96:13:41:2e:58:8e:42:99:93:bb:24:9f:e3:0f:14:
                    85:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:13:F4:A7:E1:5A:4F:8B:F1:1A:1A:26:C6:FB:91:99:66:01:EF:CF
            X509v3 Authority Key Identifier:
                keyid:80:07:A9:58:E6:B3:DF:D7:8D:A3:50:B1:03:D3:B9:02:7E:0F:E3:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gAepWOaz39eNo1CxA9O5An4P4_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8e1b5d-77b5-43b6-9f0a-3e171bd5efc3/1/HxP0p-FaT4vxGhomxvuRmWYB788.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8e1b5d-77b5-43b6-9f0a-3e171bd5efc3/1/gAepWOaz39eNo1CxA9O5An4P4_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.110.0/24
                  91.228.135.0/24
                IPv6:
                  2a11:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:ef:c6:e9:ce:78:ac:0d:b4:f0:8d:02:8a:d7:52:70:f1:a0:
         64:77:6b:cd:bb:96:0b:26:e5:0a:d7:77:e2:69:97:52:b0:f7:
         25:85:e1:f7:5a:87:6d:8e:c6:73:e9:01:2a:2c:46:cf:15:ed:
         2e:f5:4d:72:af:f6:c4:e6:02:0c:de:20:fd:12:e6:bb:84:a0:
         93:0a:92:28:35:34:a1:ac:ff:1e:89:28:c5:60:18:a5:75:83:
         0a:ef:b7:33:27:88:4e:0a:7d:e6:36:50:f4:82:bc:04:cd:c8:
         71:03:35:08:77:60:e7:05:68:5a:4c:f3:17:a7:fb:bb:b1:a8:
         57:d3:aa:08:38:1b:50:a0:ca:87:cc:83:8e:59:4e:34:68:16:
         64:ed:c0:2d:4b:35:5c:06:fe:b0:f3:71:25:2f:d2:98:0e:30:
         38:44:5d:dc:e5:91:7d:26:4c:6e:1a:fe:b8:68:dd:fd:b0:92:
         7d:bf:76:c8:13:d6:f7:ba:50:aa:f7:55:a0:90:f8:d5:6a:92:
         4d:f9:94:b7:e2:90:05:49:22:cb:a0:a6:67:ee:42:1d:54:8b:
         05:7a:64:39:99:38:7e:79:2c:ad:10:97:a5:c5:f9:0b:07:e1:
         85:48:f3:14:4a:3c:a6:1f:58:6b:c6:40:43:c7:e0:c5:fa:62:
         41:d5:81:8b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQi+9KZNh5/i7RwvXobv1ktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMDdhOTU4ZTZiM2RmZDc4ZGEzNTBiMTAzZDNiOTAyN2Uw
ZmUzZjAwHhcNMjUwMTAxMTc0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjEzZjRhN2UxNWE0ZjhiZjExYTFhMjZjNmZiOTE5OTY2MDFlZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiIA/MHPRNk6yd2vh1gnV0WXF0hx
+uo2zKOubP8ADbl6nZx4VOW0SCppB6/Ql4iLQBAk5ADYX2zByYLetznuobV/aSDJ
wjVdretjgmUmh7KkH8PCJIhTxJXekFulsAiNoNSX16wff15k/7FtU0MsDxDhn1KQ
egktiSg5geg5LJmMinZMAt+qH166vdsOj1HwMO6D5d33PxGDgpmGsrz/F2Sui95U
CpcAMNBE/PvU52pkrf060tD+7PUBEbG36+NxFV7AfMICUvSYcTaHWR2pF2+DZCh6
GPbJ0WzPLdVWrpsQPLNkwmXZ7q/uvCkE56yWE0EuWI5CmZO7JJ/jDxSFlwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB8T9KfhWk+L8RoaJsb7kZlmAe/PMB8GA1UdIwQY
MBaAFIAHqVjms9/XjaNQsQPTuQJ+D+PwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0FlcFdPYXozOWVObzFDeEE5TzVBbjRQNF9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZTFiNWQtNzdiNS00M2I2LTlmMGEt
M2UxNzFiZDVlZmMzLzEvSHhQMHAtRmFUNHZ4R2hvbXh2dVJtV1lCNzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZTFiNWQtNzdiNS00M2I2LTlmMGEtM2UxNzFiZDVlZmMz
LzEvZ0FlcFdPYXozOWVObzFDeEE5TzVBbjRQNF9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALhJuAwQA
W+SHMA0EAgACMAcDBQMqEY8AMA0GCSqGSIb3DQEBCwUAA4IBAQBM78bpznisDbTw
jQKK11Jw8aBkd2vNu5YLJuUK13fiaZdSsPclheH3WodtjsZz6QEqLEbPFe0u9U1y
r/bE5gIM3iD9Eua7hKCTCpIoNTShrP8eiSjFYBildYMK77czJ4hOCn3mNlD0grwE
zchxAzUId2DnBWhaTPMXp/u7sahX06oIOBtQoMqHzIOOWU40aBZk7cAtSzVcBv6w
83ElL9KYDjA4RF3c5ZF9JkxuGv64aN39sJJ9v3bIE9b3ulCq91WgkPjVapJN+ZS3
4pAFSSLLoKZn7kIdVIsFemQ5mTh+eSytEJelxfkLB+GFSPMUSjymH1hrxkBDx+DF
+mJB1YGL
-----END CERTIFICATE-----