Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/HVK8Qfn4ncFgeifMWGxTzXIxzbY.roa
File:                     HVK8Qfn4ncFgeifMWGxTzXIxzbY.roa (raw, json)
Hash identifier:          OnNRj4ii+cmjqcLcRxmg3JEEL+InVhAIOGHvqtTxCpY=
Subject key identifier:   1D:52:BC:41:F9:F8:9D:C1:60:7A:27:CC:58:6C:53:CD:72:31:CD:B6
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       018CC7958B9A7F53C4231654EE3B6F85F0FC
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/HVK8Qfn4ncFgeifMWGxTzXIxzbY.roa
Signing time:             Tue 02 Jan 2024 00:31:55 +0000
ROA not before:           Tue 02 Jan 2024 00:31:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201848
IP address blocks:        2a04:ac00:1::/48 maxlen: 48
                          2a04:ac00:4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8b:9a:7f:53:c4:23:16:54:ee:3b:6f:85:f0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  2 00:31:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d52bc41f9f89dc1607a27cc586c53cd7231cdb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ec:f1:55:51:49:61:1a:a0:1b:f2:d8:9a:b9:
                    22:df:ba:e1:ee:c3:b4:ac:06:67:e7:ac:a9:22:80:
                    bb:99:54:24:4b:b0:a5:05:f2:c9:01:ee:23:d7:45:
                    1f:8d:95:aa:a8:d8:aa:52:7a:9f:cf:dd:67:fe:e1:
                    a8:cb:60:5f:18:40:45:f3:a3:5b:0a:aa:f9:3e:44:
                    dc:c6:2b:a8:24:13:eb:05:05:76:9b:9c:20:07:67:
                    5e:e1:ff:a4:40:26:f0:2c:90:bf:83:0c:e3:e8:11:
                    24:a5:99:71:ba:40:40:1c:f1:af:89:5e:eb:c9:30:
                    96:17:41:a3:04:74:0d:80:53:92:2f:3c:68:df:a1:
                    0a:a7:c5:90:93:06:1e:f1:b5:b3:53:54:e6:ef:0c:
                    07:b5:94:ed:66:26:c2:00:fc:4f:73:3b:e5:c9:97:
                    a2:f3:09:80:2c:64:ae:e7:da:ef:ca:30:58:47:d9:
                    ca:c4:a6:98:f2:9a:91:3b:80:65:31:e8:17:b4:50:
                    23:96:8d:98:4f:09:41:e7:6c:18:9a:a3:c4:79:a5:
                    db:4f:7d:bd:36:76:37:38:14:a1:d6:14:77:6a:d0:
                    40:5d:a1:f3:87:bc:cb:4c:42:a1:04:20:b3:1d:23:
                    4e:39:97:18:17:3f:32:8f:23:79:16:56:7d:43:8b:
                    63:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:52:BC:41:F9:F8:9D:C1:60:7A:27:CC:58:6C:53:CD:72:31:CD:B6
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/HVK8Qfn4ncFgeifMWGxTzXIxzbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ac00:1::/48
                  2a04:ac00:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:7e:b5:47:f0:f4:cf:33:6e:fe:8f:93:dd:ef:aa:03:02:61:
         ac:49:b7:f9:07:c3:52:fb:50:6e:00:f9:56:2b:6b:f9:96:a7:
         f3:f0:ce:70:fc:03:3d:9e:f7:e0:9e:9f:58:58:9c:d6:c6:f0:
         69:77:9f:a4:5c:af:1a:5a:b1:41:10:69:a7:c2:dc:99:77:93:
         29:cf:b0:3b:e8:1b:b1:d3:f9:20:ee:6b:97:cc:30:16:c8:f4:
         a6:ae:f3:5d:4d:f1:f2:ef:1b:fe:b1:2c:f2:db:8d:66:c7:ee:
         a7:27:e4:40:8f:14:e1:1c:d3:09:6c:1c:99:14:7f:c4:8d:dd:
         2b:a7:e9:82:5d:f1:4a:aa:ea:50:b1:2d:87:90:f1:c6:d5:52:
         ed:c4:c3:7b:b4:39:0e:23:b5:5b:b5:c8:06:26:3c:f0:c2:4a:
         26:79:d2:7c:4c:21:b1:f1:82:26:f8:e4:ca:8a:44:86:97:6c:
         84:00:da:34:d7:57:31:e5:9e:9d:c1:72:b4:5d:b7:a4:e8:7b:
         05:f6:7f:f8:94:1c:20:0c:17:06:a7:8f:d7:6a:19:97:54:46:
         54:90:7a:fd:b6:2a:98:68:7d:92:ba:16:0d:ba:3b:c9:36:b3:
         21:ea:26:7a:93:ac:60:f6:8c:a1:d5:ac:12:86:b2:b4:07:ce:
         fb:6a:f2:7e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlYuaf1PEIxZU7jtvhfD8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjQwMTAyMDAzMTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDUyYmM0MWY5Zjg5ZGMxNjA3YTI3Y2M1ODZjNTNjZDcyMzFjZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOzxVVFJYRqgG/LYmrki37rh7sO0
rAZn56ypIoC7mVQkS7ClBfLJAe4j10UfjZWqqNiqUnqfz91n/uGoy2BfGEBF86Nb
Cqr5PkTcxiuoJBPrBQV2m5wgB2de4f+kQCbwLJC/gwzj6BEkpZlxukBAHPGviV7r
yTCWF0GjBHQNgFOSLzxo36EKp8WQkwYe8bWzU1Tm7wwHtZTtZibCAPxPczvlyZei
8wmALGSu59rvyjBYR9nKxKaY8pqRO4BlMegXtFAjlo2YTwlB52wYmqPEeaXbT329
NnY3OBSh1hR3atBAXaHzh7zLTEKhBCCzHSNOOZcYFz8yjyN5FlZ9Q4tjrQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB1SvEH5+J3BYHonzFhsU81yMc22MB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvSFZLOFFmbjRuY0ZnZWlmTVdHeFR6WEl4emJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgSsAAAB
AwcAKgSsAAAEMA0GCSqGSIb3DQEBCwUAA4IBAQAdfrVH8PTPM27+j5Pd76oDAmGs
Sbf5B8NS+1BuAPlWK2v5lqfz8M5w/AM9nvfgnp9YWJzWxvBpd5+kXK8aWrFBEGmn
wtyZd5Mpz7A76Bux0/kg7muXzDAWyPSmrvNdTfHy7xv+sSzy241mx+6nJ+RAjxTh
HNMJbByZFH/Ejd0rp+mCXfFKqupQsS2HkPHG1VLtxMN7tDkOI7VbtcgGJjzwwkom
edJ8TCGx8YIm+OTKikSGl2yEANo011cx5Z6dwXK0Xbek6HsF9n/4lBwgDBcGp4/X
ahmXVEZUkHr9tiqYaH2SuhYNujvJNrMh6iZ6k6xg9oyh1awShrK0B877avJ+
-----END CERTIFICATE-----