Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HXE-Qg91i-AvbKPzMsInKc85owI.roa
File:                     HXE-Qg91i-AvbKPzMsInKc85owI.roa (raw, json)
Hash identifier:          chSXVER8oRX4zpWQcZtl6NUhmD1tj29sw6Twj6RD7r4=
Subject key identifier:   1D:71:3E:42:0F:75:8B:E0:2F:6C:A3:F3:32:C2:27:29:CF:39:A3:02
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0192E7D532621D8EE9030FFC1054DD36D665
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HXE-Qg91i-AvbKPzMsInKc85owI.roa
Signing time:             Fri 01 Nov 2024 13:06:01 +0000
ROA not before:           Fri 01 Nov 2024 13:06:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29066
IP address blocks:        185.217.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:d5:32:62:1d:8e:e9:03:0f:fc:10:54:dd:36:d6:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Nov  1 13:06:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d713e420f758be02f6ca3f332c22729cf39a302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:75:93:ea:e5:aa:c5:f6:dc:30:ff:c4:4c:62:
                    e6:38:03:cb:0f:59:09:93:32:4b:b8:7f:12:47:e6:
                    d3:74:31:65:3c:20:3e:2c:bd:64:7f:f4:6f:57:66:
                    7d:e2:87:71:62:1d:6e:41:74:ba:1c:23:dd:75:4b:
                    64:40:f2:fa:6c:58:59:fa:0c:c1:47:0f:de:bd:4a:
                    67:54:8c:e1:ba:9c:51:65:25:40:8c:c7:b1:17:29:
                    70:5b:22:14:27:41:b1:bc:85:c4:01:40:95:cd:24:
                    b3:8a:d8:1b:06:7e:9f:98:b7:de:64:c7:66:08:b6:
                    98:0a:b3:ce:23:ae:c5:92:a8:8c:55:ab:83:e0:73:
                    83:a8:ed:94:f2:cf:af:a4:1c:18:d0:8b:f8:4a:48:
                    f4:37:33:31:a4:12:68:36:70:92:ba:1c:d6:c4:38:
                    5d:fe:9d:d5:ba:6f:7d:b8:c5:2e:66:fd:25:48:9f:
                    8c:3a:5e:9a:93:ed:54:cc:1a:f6:85:83:4c:ff:83:
                    2c:36:03:c6:61:cb:13:d5:c4:c7:ea:ac:92:95:34:
                    21:d3:de:3d:35:4c:18:b9:03:de:8b:91:eb:20:2f:
                    20:10:8f:a4:d4:85:5b:90:f4:7a:2b:d0:0c:48:5f:
                    15:98:4b:d3:74:4d:f0:f3:d4:6b:da:d3:42:eb:ee:
                    e1:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:71:3E:42:0F:75:8B:E0:2F:6C:A3:F3:32:C2:27:29:CF:39:A3:02
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HXE-Qg91i-AvbKPzMsInKc85owI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:3b:29:b5:d7:79:b9:b6:0d:25:59:f8:23:6d:94:48:ce:82:
         57:c2:b0:ba:ba:7f:1f:26:e8:22:49:a1:38:32:a6:f0:69:a5:
         ea:a6:61:5a:8a:f9:2c:e6:84:91:d0:32:ea:08:2c:d4:cf:45:
         1a:63:84:d6:9b:09:01:60:95:3e:bb:32:a6:21:7e:98:50:55:
         cc:49:18:d3:57:3b:27:b7:5c:cb:1b:04:74:6a:51:b7:93:a2:
         19:67:eb:06:67:57:c3:45:52:f7:7c:12:99:be:c2:0f:a3:33:
         31:e5:4f:e8:1e:1b:e1:ae:23:0f:16:c4:93:ce:15:e6:49:34:
         f7:a0:c1:67:85:ba:50:2a:e6:b8:b3:43:57:e4:e9:7f:7e:3b:
         18:2f:7d:9f:65:d3:32:3a:37:81:1a:a7:c1:37:bb:ea:80:08:
         ed:b8:3b:70:5c:9f:10:56:79:80:4d:75:2a:8f:ea:af:66:be:
         98:dd:c2:f0:a4:ff:7e:65:33:9a:7b:c9:ce:2e:16:28:10:d9:
         b8:f2:d8:38:13:44:87:ce:ab:93:40:de:92:32:61:49:d3:4d:
         fe:1e:a4:11:f2:8c:78:b3:57:31:e1:fd:a2:42:bd:87:e1:4b:
         9c:fe:1b:49:4d:9a:ae:74:f4:9d:b5:3c:f4:c4:26:90:e3:62:
         64:f7:b7:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLn1TJiHY7pAw/8EFTdNtZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQxMTAxMTMwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDcxM2U0MjBmNzU4YmUwMmY2Y2EzZjMzMmMyMjcyOWNmMzlhMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nWT6uWqxfbcMP/ETGLmOAPLD1kJ
kzJLuH8SR+bTdDFlPCA+LL1kf/RvV2Z94odxYh1uQXS6HCPddUtkQPL6bFhZ+gzB
Rw/evUpnVIzhupxRZSVAjMexFylwWyIUJ0GxvIXEAUCVzSSzitgbBn6fmLfeZMdm
CLaYCrPOI67FkqiMVauD4HODqO2U8s+vpBwY0Iv4Skj0NzMxpBJoNnCSuhzWxDhd
/p3Vum99uMUuZv0lSJ+MOl6ak+1UzBr2hYNM/4MsNgPGYcsT1cTH6qySlTQh0949
NUwYuQPei5HrIC8gEI+k1IVbkPR6K9AMSF8VmEvTdE3w89Rr2tNC6+7h4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1xPkIPdYvgL2yj8zLCJynPOaMCMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSFhFLVFnOTFpLUF2YktQek1zSW5LYzg1b3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudl3MA0G
CSqGSIb3DQEBCwUAA4IBAQAGOym113m5tg0lWfgjbZRIzoJXwrC6un8fJugiSaE4
MqbwaaXqpmFaivks5oSR0DLqCCzUz0UaY4TWmwkBYJU+uzKmIX6YUFXMSRjTVzsn
t1zLGwR0alG3k6IZZ+sGZ1fDRVL3fBKZvsIPozMx5U/oHhvhriMPFsSTzhXmSTT3
oMFnhbpQKua4s0NX5Ol/fjsYL32fZdMyOjeBGqfBN7vqgAjtuDtwXJ8QVnmATXUq
j+qvZr6Y3cLwpP9+ZTOae8nOLhYoENm48tg4E0SHzquTQN6SMmFJ003+HqQR8ox4
s1cx4f2iQr2H4Uuc/htJTZqudPSdtTz0xCaQ42Jk97eB
-----END CERTIFICATE-----