Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/HPP-Y8CcP39de0XZZOWjFIJ96v4.roa
File:                     HPP-Y8CcP39de0XZZOWjFIJ96v4.roa (raw, json)
Hash identifier:          wqE/NVLKIIjuJJuVTQbIHrmfJEIIZJeODzcidgoveO0=
Subject key identifier:   1C:F3:FE:63:C0:9C:3F:7F:5D:7B:45:D9:64:E5:A3:14:82:7D:EA:FE
Certificate issuer:       /CN=e4b4c53af65f0b8396b95b4d07d4ec4e7be277e5
Certificate serial:       01942143F3501E58CFF39C73BB430C4919E5
Authority key identifier: E4:B4:C5:3A:F6:5F:0B:83:96:B9:5B:4D:07:D4:EC:4E:7B:E2:77:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5LTFOvZfC4OWuVtNB9TsTnvid-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/HPP-Y8CcP39de0XZZOWjFIJ96v4.roa
Signing time:             Wed 01 Jan 2025 09:48:08 +0000
ROA not before:           Wed 01 Jan 2025 09:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33823
IP address blocks:        193.25.110.0/23 maxlen: 24
                          195.12.52.0/22 maxlen: 24
                          195.28.184.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/5LTFOvZfC4OWuVtNB9TsTnvid-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/5LTFOvZfC4OWuVtNB9TsTnvid-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5LTFOvZfC4OWuVtNB9TsTnvid-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f3:50:1e:58:cf:f3:9c:73:bb:43:0c:49:19:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4b4c53af65f0b8396b95b4d07d4ec4e7be277e5
        Validity
            Not Before: Jan  1 09:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cf3fe63c09c3f7f5d7b45d964e5a314827deafe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:38:5e:6f:2e:f7:8e:31:79:f1:50:d3:a8:dd:
                    fd:44:73:2b:ea:56:57:d9:c4:4f:b9:42:f8:09:63:
                    c1:e1:5f:eb:d3:3c:04:68:f1:d7:43:3a:05:bd:fd:
                    ea:34:4a:7c:cd:dd:93:6d:14:f1:86:6a:c0:2c:75:
                    93:47:ee:6b:4e:98:bd:5a:56:fa:46:2e:e7:7e:c9:
                    70:09:d9:61:28:9a:ae:25:4d:68:d6:47:e9:ed:6a:
                    16:0e:6c:68:f9:15:c9:67:2a:11:c6:af:c4:be:1d:
                    f2:2b:3a:1d:de:6b:34:4c:cd:b8:42:c4:76:7f:07:
                    78:1a:c3:47:f0:51:fb:fc:0b:b6:cb:75:89:c7:a9:
                    32:04:9c:84:5b:ad:0d:a8:fa:b3:03:25:f2:30:93:
                    d9:a1:85:d4:3a:66:22:21:eb:d5:3c:00:80:d4:0f:
                    20:8c:97:db:cd:cb:bf:2e:9b:a4:14:8e:f1:e2:a0:
                    fa:70:a4:9f:00:1a:b9:7c:5e:04:8e:2a:40:1c:a3:
                    3c:08:27:e4:c3:3d:53:fb:fa:8c:f8:cc:31:5d:10:
                    e3:81:7c:ba:7f:7f:79:39:b7:a3:35:49:cd:97:2d:
                    a4:1b:a2:ca:b3:a2:ae:e0:82:5f:f5:93:df:b6:3f:
                    11:b8:fa:92:aa:e8:d1:5c:9a:65:13:b3:89:ee:83:
                    ae:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:F3:FE:63:C0:9C:3F:7F:5D:7B:45:D9:64:E5:A3:14:82:7D:EA:FE
            X509v3 Authority Key Identifier:
                keyid:E4:B4:C5:3A:F6:5F:0B:83:96:B9:5B:4D:07:D4:EC:4E:7B:E2:77:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LTFOvZfC4OWuVtNB9TsTnvid-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/HPP-Y8CcP39de0XZZOWjFIJ96v4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/46aabf-dad0-4d76-a5b5-88db0125a6b8/1/5LTFOvZfC4OWuVtNB9TsTnvid-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.110.0/23
                  195.12.52.0/22
                  195.28.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:d9:b2:13:e3:65:d1:da:e5:df:e6:82:ff:9c:78:74:78:e3:
         1f:a7:82:f6:1d:c2:83:92:fc:da:12:e5:5d:6c:bc:df:cb:eb:
         80:53:6c:0c:fa:16:22:43:d0:6f:22:f8:26:cd:54:4c:48:d7:
         cf:f7:3b:a6:7d:e1:f9:2c:6f:fe:c5:a3:33:68:1e:bc:b7:a9:
         60:23:6a:e5:af:dc:1a:60:e1:85:d8:9e:b8:30:80:77:2a:93:
         9d:7f:8c:47:55:3e:ab:12:31:1a:4b:c4:08:2d:b4:da:1f:38:
         19:b3:8b:66:df:89:19:89:50:e7:61:ca:a4:d5:90:ff:59:45:
         ff:81:ee:ae:90:51:ea:fe:ee:24:1a:01:f1:8c:9d:ee:ec:4e:
         0b:cc:72:eb:74:d9:ce:72:06:0d:ca:3d:17:9b:2e:27:f8:f2:
         ca:d6:d2:5c:b9:f3:78:cb:3e:c6:6e:b6:86:2e:c3:ba:6a:cf:
         c7:77:ed:97:f5:02:8e:2a:80:78:a3:39:0e:e4:49:41:78:a7:
         56:7e:b3:58:3e:dc:a2:98:36:02:3f:4f:81:23:c8:dc:72:00:
         7e:3c:ce:13:90:6b:f2:8a:98:58:ba:17:fb:51:ca:8e:3f:2a:
         b6:20:27:42:a9:b5:4c:06:8d:b6:ae:31:ad:d1:dd:0e:33:d4:
         3d:cc:16:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhQ/NQHljP85xzu0MMSRnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YjRjNTNhZjY1ZjBiODM5NmI5NWI0ZDA3ZDRlYzRlN2Jl
Mjc3ZTUwHhcNMjUwMTAxMDk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2YzZmU2M2MwOWMzZjdmNWQ3YjQ1ZDk2NGU1YTMxNDgyN2RlYWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDheby73jjF58VDTqN39RHMr6lZX
2cRPuUL4CWPB4V/r0zwEaPHXQzoFvf3qNEp8zd2TbRTxhmrALHWTR+5rTpi9Wlb6
Ri7nfslwCdlhKJquJU1o1kfp7WoWDmxo+RXJZyoRxq/Evh3yKzod3ms0TM24QsR2
fwd4GsNH8FH7/Au2y3WJx6kyBJyEW60NqPqzAyXyMJPZoYXUOmYiIevVPACA1A8g
jJfbzcu/LpukFI7x4qD6cKSfABq5fF4EjipAHKM8CCfkwz1T+/qM+MwxXRDjgXy6
f395ObejNUnNly2kG6LKs6Ku4IJf9ZPftj8RuPqSqujRXJplE7OJ7oOuPQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBzz/mPAnD9/XXtF2WTloxSCfer+MB8GA1UdIwQY
MBaAFOS0xTr2XwuDlrlbTQfU7E574nflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUxURk92WmZDNE9XdVZ0TkI5VHNUbnZpZC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80NmFhYmYtZGFkMC00ZDc2LWE1YjUt
ODhkYjAxMjVhNmI4LzEvSFBQLVk4Q2NQMzlkZTBYWlpPV2pGSUo5NnY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80NmFhYmYtZGFkMC00ZDc2LWE1YjUtODhkYjAxMjVhNmI4
LzEvNUxURk92WmZDNE9XdVZ0TkI5VHNUbnZpZC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBwRluAwQC
www0AwQBwxy4MA0GCSqGSIb3DQEBCwUAA4IBAQBd2bIT42XR2uXf5oL/nHh0eOMf
p4L2HcKDkvzaEuVdbLzfy+uAU2wM+hYiQ9BvIvgmzVRMSNfP9zumfeH5LG/+xaMz
aB68t6lgI2rlr9waYOGF2J64MIB3KpOdf4xHVT6rEjEaS8QILbTaHzgZs4tm34kZ
iVDnYcqk1ZD/WUX/ge6ukFHq/u4kGgHxjJ3u7E4LzHLrdNnOcgYNyj0Xmy4n+PLK
1tJcufN4yz7GbraGLsO6as/Hd+2X9QKOKoB4ozkO5ElBeKdWfrNYPtyimDYCP0+B
I8jccgB+PM4TkGvyiphYuhf7UcqOPyq2ICdCqbVMBo22rjGt0d0OM9Q9zBYo
-----END CERTIFICATE-----