Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/HP2FHewdoZN8ZY5bVEyUCiecO0c.roa
File:                     HP2FHewdoZN8ZY5bVEyUCiecO0c.roa (raw, json)
Hash identifier:          vt+8RarvjtQeXFctIpzFmNylT9CPN0a4MQdmZufzmJg=
Subject key identifier:   1C:FD:85:1D:EC:1D:A1:93:7C:65:8E:5B:54:4C:94:0A:27:9C:3B:47
Certificate issuer:       /CN=423d93054f063cf8a291861735f90059ab9ec169
Certificate serial:       018CC86F798E4E960F381FA0DD079473F161
Authority key identifier: 42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/HP2FHewdoZN8ZY5bVEyUCiecO0c.roa
Signing time:             Tue 02 Jan 2024 04:29:57 +0000
ROA not before:           Tue 02 Jan 2024 04:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42163
IP address blocks:        2a00:94c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:79:8e:4e:96:0f:38:1f:a0:dd:07:94:73:f1:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=423d93054f063cf8a291861735f90059ab9ec169
        Validity
            Not Before: Jan  2 04:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cfd851dec1da1937c658e5b544c940a279c3b47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c3:93:1f:5e:8d:02:0c:21:a2:de:04:21:f3:
                    6b:ab:d4:84:27:b8:81:25:7d:3f:58:2e:cb:32:fe:
                    2e:31:11:de:46:bd:f8:3a:92:c3:43:82:f2:0b:54:
                    dc:74:9e:5d:f5:00:c9:fc:5e:06:8d:0c:11:63:d7:
                    43:94:17:79:2b:b5:6c:f6:ed:ea:93:fa:ae:73:33:
                    40:c2:7e:7c:ab:82:f2:8e:f7:df:e1:41:ef:6d:04:
                    cb:75:a9:41:e7:eb:b4:de:df:38:72:56:fe:96:b7:
                    e0:e7:2c:e5:04:b8:75:57:5b:14:51:90:5a:a4:5b:
                    cb:76:c7:71:4b:8f:f5:05:60:f7:73:4c:23:cc:94:
                    e3:32:0b:b5:c4:c6:10:36:9a:bb:37:95:c6:99:47:
                    92:9f:6d:86:ea:24:e3:4f:d2:01:ca:36:7c:a2:10:
                    dc:d6:04:c9:0b:03:35:7b:2f:89:c9:25:df:bc:a3:
                    16:72:5b:a3:23:bd:20:f1:8f:25:a7:9c:3a:ca:20:
                    b0:84:e8:8e:b7:53:bb:1b:fc:79:27:22:98:5e:df:
                    32:39:76:50:1c:46:ed:0f:5f:e3:9b:1e:c9:b4:b3:
                    71:d8:bf:52:9b:ab:ed:99:33:72:25:9f:86:e4:e9:
                    82:a5:5f:d7:c1:a5:2e:5e:f2:b8:cb:9f:82:d0:3a:
                    5e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:FD:85:1D:EC:1D:A1:93:7C:65:8E:5B:54:4C:94:0A:27:9C:3B:47
            X509v3 Authority Key Identifier:
                keyid:42:3D:93:05:4F:06:3C:F8:A2:91:86:17:35:F9:00:59:AB:9E:C1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qj2TBU8GPPiikYYXNfkAWauewWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/HP2FHewdoZN8ZY5bVEyUCiecO0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0c2ec3-3844-4b5f-9f58-5f1b69048fe2/1/Qj2TBU8GPPiikYYXNfkAWauewWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:94c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:eb:75:77:a3:2a:57:9f:1d:fe:8c:ca:91:e3:5a:be:16:f5:
         d5:fa:0e:09:ab:72:4b:1b:bc:83:b8:e8:34:b1:b2:18:81:10:
         bf:00:f6:ae:0d:cf:ee:e5:48:5c:fc:0e:8a:44:9c:d9:7e:ef:
         dd:ce:40:48:bf:49:ea:7b:eb:91:88:55:bd:82:2e:df:2d:4d:
         a2:d5:bf:0c:6a:7e:d5:c7:21:e6:a7:85:55:bb:de:8c:2a:27:
         46:eb:f6:c6:3d:ac:9f:d6:d8:c2:02:83:f4:81:c8:f6:bf:7b:
         d6:82:bb:51:cf:08:c8:55:cc:12:9f:cb:2e:8d:99:8e:aa:1c:
         b0:63:3d:b0:1a:6b:d1:3d:be:f8:1f:93:fa:aa:f8:12:7c:a6:
         4c:09:db:d5:be:bb:0a:65:3f:a9:2c:9d:c7:3d:32:01:be:e6:
         2b:8d:6d:48:72:dd:04:b3:0d:e0:43:10:2b:22:b2:43:a7:1f:
         ee:0c:67:d2:ef:f5:8a:aa:6b:c7:3a:61:05:5f:4b:4c:ca:d5:
         25:6b:13:52:f5:a8:b7:99:d6:31:d1:12:0e:d1:8a:e5:98:c6:
         37:7c:09:c5:8e:6e:77:32:fd:a1:25:44:39:90:43:e4:00:86:
         4d:50:7f:70:1a:73:28:87:69:94:75:f5:8d:b4:3a:ff:00:45:
         7b:54:f2:b3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb3mOTpYPOB+g3QeUc/FhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyM2Q5MzA1NGYwNjNjZjhhMjkxODYxNzM1ZjkwMDU5YWI5
ZWMxNjkwHhcNMjQwMTAyMDQyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2ZkODUxZGVjMWRhMTkzN2M2NThlNWI1NDRjOTQwYTI3OWMzYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcOTH16NAgwhot4EIfNrq9SEJ7iB
JX0/WC7LMv4uMRHeRr34OpLDQ4LyC1TcdJ5d9QDJ/F4GjQwRY9dDlBd5K7Vs9u3q
k/quczNAwn58q4Lyjvff4UHvbQTLdalB5+u03t84clb+lrfg5yzlBLh1V1sUUZBa
pFvLdsdxS4/1BWD3c0wjzJTjMgu1xMYQNpq7N5XGmUeSn22G6iTjT9IByjZ8ohDc
1gTJCwM1ey+JySXfvKMWclujI70g8Y8lp5w6yiCwhOiOt1O7G/x5JyKYXt8yOXZQ
HEbtD1/jmx7JtLNx2L9Sm6vtmTNyJZ+G5OmCpV/XwaUuXvK4y5+C0DpeFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBz9hR3sHaGTfGWOW1RMlAonnDtHMB8GA1UdIwQY
MBaAFEI9kwVPBjz4opGGFzX5AFmrnsFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgt
NWYxYjY5MDQ4ZmUyLzEvSFAyRkhld2RvWk44Wlk1YlZFeVVDaWVjTzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYzJlYzMtMzg0NC00YjVmLTlmNTgtNWYxYjY5MDQ4ZmUy
LzEvUWoyVEJVOEdQUGlpa1lZWE5ma0FXYXVld1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgCUwDAN
BgkqhkiG9w0BAQsFAAOCAQEAhut1d6MqV58d/ozKkeNavhb11foOCatySxu8g7jo
NLGyGIEQvwD2rg3P7uVIXPwOikSc2X7v3c5ASL9J6nvrkYhVvYIu3y1NotW/DGp+
1cch5qeFVbvejConRuv2xj2sn9bYwgKD9IHI9r971oK7Uc8IyFXMEp/LLo2Zjqoc
sGM9sBpr0T2++B+T+qr4EnymTAnb1b67CmU/qSydxz0yAb7mK41tSHLdBLMN4EMQ
KyKyQ6cf7gxn0u/1iqprxzphBV9LTMrVJWsTUvWot5nWMdESDtGK5ZjGN3wJxY5u
dzL9oSVEOZBD5ACGTVB/cBpzKIdplHX1jbQ6/wBFe1Tysw==
-----END CERTIFICATE-----