Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/HUIjR9WK2Lr5ogt7lVoiyA1Q06s.roa
File:                     HUIjR9WK2Lr5ogt7lVoiyA1Q06s.roa (raw, json)
Hash identifier:          PMZpn3mSe7dzqUCZsgF/pY1r/L52E+g3ibBHFvHVhL0=
Subject key identifier:   1D:42:23:47:D5:8A:D8:BA:F9:A2:0B:7B:95:5A:22:C8:0D:50:D3:AB
Certificate issuer:       /CN=44348141fc46dc0187087cbc86556e9a449ee1e7
Certificate serial:       019426D8C3D43490153379025EFE01EBA0BB
Authority key identifier: 44:34:81:41:FC:46:DC:01:87:08:7C:BC:86:55:6E:9A:44:9E:E1:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RDSBQfxG3AGHCHy8hlVumkSe4ec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/HUIjR9WK2Lr5ogt7lVoiyA1Q06s.roa
Signing time:             Thu 02 Jan 2025 11:48:47 +0000
ROA not before:           Thu 02 Jan 2025 11:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25367
IP address blocks:        212.63.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/RDSBQfxG3AGHCHy8hlVumkSe4ec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/RDSBQfxG3AGHCHy8hlVumkSe4ec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RDSBQfxG3AGHCHy8hlVumkSe4ec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:c3:d4:34:90:15:33:79:02:5e:fe:01:eb:a0:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44348141fc46dc0187087cbc86556e9a449ee1e7
        Validity
            Not Before: Jan  2 11:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d422347d58ad8baf9a20b7b955a22c80d50d3ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9d:75:7e:b0:8d:85:13:22:f3:4f:53:c4:d9:
                    2b:da:31:02:b0:2c:28:f5:ca:a1:49:38:e7:72:a1:
                    e4:8a:28:39:8e:81:20:69:75:5a:d2:36:04:63:87:
                    54:70:f3:f2:da:9c:fc:2c:62:cf:15:61:9d:dd:3b:
                    32:36:78:41:d2:6b:d3:37:06:65:a7:56:9c:4d:5f:
                    47:98:88:77:60:bc:ce:2f:0c:27:31:5e:7a:48:e0:
                    0b:5c:b8:36:2c:c3:51:b8:3b:c5:b6:54:0c:58:16:
                    54:1b:37:a6:47:f4:6c:58:50:ec:2e:60:9a:22:2e:
                    fe:1a:25:25:b9:99:ce:05:a4:b3:b1:6d:b8:18:16:
                    87:79:e3:72:53:6a:b7:d1:58:e5:88:92:4c:89:af:
                    39:cd:59:3f:e9:f0:58:0f:83:83:34:b5:71:5a:26:
                    8e:d3:b2:03:b4:85:81:31:83:15:94:47:a3:b3:09:
                    b4:f8:29:01:c0:bf:5e:3f:49:0c:19:94:fd:b9:8a:
                    42:9c:90:a0:53:c9:6e:05:5a:b0:87:58:30:16:ca:
                    d3:b6:27:4d:2c:67:a4:ab:50:91:3b:b3:00:f2:47:
                    09:d6:72:b2:8f:88:20:a9:48:a2:7b:7b:e2:0c:42:
                    64:10:86:c5:eb:a0:80:00:56:b4:4d:c2:0b:3b:aa:
                    aa:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:42:23:47:D5:8A:D8:BA:F9:A2:0B:7B:95:5A:22:C8:0D:50:D3:AB
            X509v3 Authority Key Identifier:
                keyid:44:34:81:41:FC:46:DC:01:87:08:7C:BC:86:55:6E:9A:44:9E:E1:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RDSBQfxG3AGHCHy8hlVumkSe4ec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/HUIjR9WK2Lr5ogt7lVoiyA1Q06s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/22fa42-b02f-4311-90fb-45a112a1e7ac/1/RDSBQfxG3AGHCHy8hlVumkSe4ec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.63.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         63:cc:81:0a:27:94:02:03:1a:b6:89:f9:d6:c7:6a:33:13:98:
         5b:8f:42:fd:49:5e:11:d5:dc:c0:95:56:07:e2:bd:1d:e7:51:
         18:c0:d2:af:24:5c:0a:c8:3b:ed:c6:ab:e8:25:33:b8:0b:d4:
         4d:c9:10:57:cb:d7:5c:19:c2:d9:c5:8c:02:07:14:ea:7e:0b:
         a2:42:04:e6:64:9f:ce:61:a9:37:98:57:c7:04:71:89:1d:f1:
         55:35:1a:a2:c9:6f:e7:d2:5b:c4:25:9a:c3:5b:2d:c2:36:2b:
         65:0e:44:bf:ad:5c:42:a6:90:40:c6:bb:a2:e2:27:68:f4:03:
         36:f5:18:c4:6a:1e:85:7d:89:3d:2e:ed:c6:1e:51:f0:e4:98:
         39:a3:64:f2:36:c1:d3:54:a4:53:87:70:97:8e:d9:31:ae:63:
         16:68:f6:9f:c9:d7:db:02:4b:ca:29:87:c6:a2:ac:32:f3:5e:
         d1:4b:e1:cc:70:64:f5:4d:ce:64:5e:70:11:3f:fe:09:1e:57:
         22:3d:b1:d0:5b:19:c9:e7:b1:e8:bf:a7:94:6e:23:a1:76:44:
         c0:d3:05:98:0a:fa:54:28:90:fd:51:0f:2a:94:2a:3a:71:e6:
         3d:a9:16:ad:ff:a8:6c:03:aa:e1:4c:3c:ce:82:8d:16:7b:0d:
         8d:c4:bb:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2MPUNJAVM3kCXv4B66C7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MzQ4MTQxZmM0NmRjMDE4NzA4N2NiYzg2NTU2ZTlhNDQ5
ZWUxZTcwHhcNMjUwMTAyMTE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDQyMjM0N2Q1OGFkOGJhZjlhMjBiN2I5NTVhMjJjODBkNTBkM2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJ11frCNhRMi809TxNkr2jECsCwo
9cqhSTjncqHkiig5joEgaXVa0jYEY4dUcPPy2pz8LGLPFWGd3TsyNnhB0mvTNwZl
p1acTV9HmIh3YLzOLwwnMV56SOALXLg2LMNRuDvFtlQMWBZUGzemR/RsWFDsLmCa
Ii7+GiUluZnOBaSzsW24GBaHeeNyU2q30VjliJJMia85zVk/6fBYD4ODNLVxWiaO
07IDtIWBMYMVlEejswm0+CkBwL9eP0kMGZT9uYpCnJCgU8luBVqwh1gwFsrTtidN
LGekq1CRO7MA8kcJ1nKyj4ggqUiie3viDEJkEIbF66CAAFa0TcILO6qq8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1CI0fViti6+aILe5VaIsgNUNOrMB8GA1UdIwQY
MBaAFEQ0gUH8RtwBhwh8vIZVbppEnuHnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkRTQlFmeEczQUdIQ0h5OGhsVnVta1NlNGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8yMmZhNDItYjAyZi00MzExLTkwZmIt
NDVhMTEyYTFlN2FjLzEvSFVJalI5V0syTHI1b2d0N2xWb2l5QTFRMDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8yMmZhNDItYjAyZi00MzExLTkwZmItNDVhMTEyYTFlN2Fj
LzEvUkRTQlFmeEczQUdIQ0h5OGhsVnVta1NlNGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1D/gMA0G
CSqGSIb3DQEBCwUAA4IBAQBjzIEKJ5QCAxq2ifnWx2ozE5hbj0L9SV4R1dzAlVYH
4r0d51EYwNKvJFwKyDvtxqvoJTO4C9RNyRBXy9dcGcLZxYwCBxTqfguiQgTmZJ/O
Yak3mFfHBHGJHfFVNRqiyW/n0lvEJZrDWy3CNitlDkS/rVxCppBAxrui4ido9AM2
9RjEah6FfYk9Lu3GHlHw5Jg5o2TyNsHTVKRTh3CXjtkxrmMWaPafydfbAkvKKYfG
oqwy817RS+HMcGT1Tc5kXnARP/4JHlciPbHQWxnJ57Hov6eUbiOhdkTA0wWYCvpU
KJD9UQ8qlCo6ceY9qRat/6hsA6rhTDzOgo0Wew2NxLv0
-----END CERTIFICATE-----