Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/HRqfEE2BQVLPrz-DB1cDCimeDXs.roa
File:                     HRqfEE2BQVLPrz-DB1cDCimeDXs.roa (raw, json)
Hash identifier:          1hdSxRdGdGY22qeCSrDPw/oFbmGuej9lyuA7QF5gJaE=
Subject key identifier:   1D:1A:9F:10:4D:81:41:52:CF:AF:3F:83:07:57:03:0A:29:9E:0D:7B
Certificate issuer:       /CN=56b4bfcd0164ad7c6688af22246c82e1995dd351
Certificate serial:       018CC56E13F1167B1534A22E22509EA11517
Authority key identifier: 56:B4:BF:CD:01:64:AD:7C:66:88:AF:22:24:6C:82:E1:99:5D:D3:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrS_zQFkrXxmiK8iJGyC4Zld01E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/HRqfEE2BQVLPrz-DB1cDCimeDXs.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15694
IP address blocks:        185.123.124.0/23 maxlen: 23
                          185.123.126.0/23 maxlen: 23
                          2a06:af00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/VrS_zQFkrXxmiK8iJGyC4Zld01E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/VrS_zQFkrXxmiK8iJGyC4Zld01E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrS_zQFkrXxmiK8iJGyC4Zld01E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:f1:16:7b:15:34:a2:2e:22:50:9e:a1:15:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b4bfcd0164ad7c6688af22246c82e1995dd351
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d1a9f104d814152cfaf3f830757030a299e0d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:44:46:61:a8:ea:d2:7d:21:14:87:21:35:5c:
                    10:90:e5:72:66:5a:5c:2c:17:3b:91:f9:eb:c8:5b:
                    9a:7c:7b:05:68:53:c3:74:06:88:95:57:78:57:ae:
                    f8:fe:26:17:a5:3c:f9:2b:4d:dd:35:9c:47:1d:4d:
                    09:98:e4:21:c7:ac:96:24:7a:80:0c:f9:4a:58:a2:
                    bc:94:9b:49:62:7c:78:df:77:65:70:00:5d:5c:fb:
                    1a:06:38:0d:50:f2:1d:4a:df:94:74:2f:74:eb:78:
                    ed:fb:a5:9c:d2:1b:e9:56:39:79:d2:32:de:11:cc:
                    60:6c:4e:f0:ca:6d:92:c6:95:1f:a0:da:f0:24:13:
                    5d:da:3c:43:af:91:2c:fe:0d:50:eb:29:ec:59:1a:
                    45:d9:70:90:5f:b1:31:a9:6f:61:f5:c5:00:38:5a:
                    1f:70:ab:d0:79:97:04:a9:df:3b:12:ca:8b:7f:03:
                    cb:12:dc:00:ce:5b:f0:08:af:47:62:53:3b:0d:ea:
                    01:cd:fb:25:b3:35:12:7b:50:fe:13:07:d5:d6:82:
                    40:8c:de:7a:c1:6c:3d:c8:8f:1f:40:f8:85:5a:64:
                    ed:8b:96:f7:7d:ca:1f:45:a7:08:93:bd:06:62:80:
                    ed:35:d1:af:9a:08:9d:ed:4c:43:df:6e:37:95:4a:
                    f0:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:1A:9F:10:4D:81:41:52:CF:AF:3F:83:07:57:03:0A:29:9E:0D:7B
            X509v3 Authority Key Identifier:
                keyid:56:B4:BF:CD:01:64:AD:7C:66:88:AF:22:24:6C:82:E1:99:5D:D3:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrS_zQFkrXxmiK8iJGyC4Zld01E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/HRqfEE2BQVLPrz-DB1cDCimeDXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/e03e0f-f3a6-4c55-addd-241665f49d25/1/VrS_zQFkrXxmiK8iJGyC4Zld01E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.124.0/22
                IPv6:
                  2a06:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:92:1a:3d:57:09:7a:c3:8a:52:99:7c:13:ce:39:3a:e2:74:
         31:83:05:3c:5a:83:ce:39:85:81:41:f3:5d:df:40:1e:92:2d:
         aa:16:73:2c:c5:87:88:4d:28:ce:69:19:48:1b:f5:c7:04:e5:
         00:c4:21:23:4b:cd:a1:2d:e0:be:24:13:2e:ce:df:f3:9c:fb:
         8b:22:09:cc:af:e2:e0:53:b6:2f:a6:2d:48:2e:2a:df:3a:e5:
         f4:41:3a:e3:0b:6e:bb:83:b5:54:31:5a:83:af:d9:c1:8d:80:
         eb:05:e1:15:a4:84:c2:9c:61:53:50:32:f0:7a:db:7e:ad:27:
         9e:86:3d:3d:e0:ed:0e:17:3a:66:09:e3:60:e5:5e:18:d2:a4:
         9c:69:46:3d:37:c5:f0:8b:a3:95:33:21:c3:63:3d:1b:20:d9:
         ae:b2:0c:cb:70:97:00:48:75:ef:bf:11:b3:28:01:8c:06:da:
         8e:de:e9:17:eb:f5:bb:ba:8d:6a:79:e2:12:6e:cd:89:ea:37:
         c9:e1:6a:86:4a:d7:72:3a:ab:c0:ad:68:d6:c8:ae:19:66:b5:
         57:b7:25:c7:81:f2:91:ed:8f:ea:44:5f:71:ea:0a:3e:fb:27:
         88:13:b4:8e:3b:dd:e5:90:83:88:b0:29:23:4a:5b:62:6f:e0:
         7f:1d:aa:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbhPxFnsVNKIuIlCeoRUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YjRiZmNkMDE2NGFkN2M2Njg4YWYyMjI0NmM4MmUxOTk1
ZGQzNTEwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDFhOWYxMDRkODE0MTUyY2ZhZjNmODMwNzU3MDMwYTI5OWUwZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiERGYajq0n0hFIchNVwQkOVyZlpc
LBc7kfnryFuafHsFaFPDdAaIlVd4V674/iYXpTz5K03dNZxHHU0JmOQhx6yWJHqA
DPlKWKK8lJtJYnx433dlcABdXPsaBjgNUPIdSt+UdC9063jt+6Wc0hvpVjl50jLe
EcxgbE7wym2SxpUfoNrwJBNd2jxDr5Es/g1Q6ynsWRpF2XCQX7ExqW9h9cUAOFof
cKvQeZcEqd87EsqLfwPLEtwAzlvwCK9HYlM7DeoBzfslszUSe1D+EwfV1oJAjN56
wWw9yI8fQPiFWmTti5b3fcofRacIk70GYoDtNdGvmgid7UxD3243lUrw8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB0anxBNgUFSz68/gwdXAwopng17MB8GA1UdIwQY
MBaAFFa0v80BZK18ZoivIiRsguGZXdNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJTX3pRRmtyWHhtaUs4aUpHeUM0WmxkMDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9lMDNlMGYtZjNhNi00YzU1LWFkZGQt
MjQxNjY1ZjQ5ZDI1LzEvSFJxZkVFMkJRVkxQcnotREIxY0RDaW1lRFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9lMDNlMGYtZjNhNi00YzU1LWFkZGQtMjQxNjY1ZjQ5ZDI1
LzEvVnJTX3pRRmtyWHhtaUs4aUpHeUM0WmxkMDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXt8MA0E
AgACMAcDBQMqBq8AMA0GCSqGSIb3DQEBCwUAA4IBAQBSkho9Vwl6w4pSmXwTzjk6
4nQxgwU8WoPOOYWBQfNd30Aeki2qFnMsxYeITSjOaRlIG/XHBOUAxCEjS82hLeC+
JBMuzt/znPuLIgnMr+LgU7Yvpi1ILirfOuX0QTrjC267g7VUMVqDr9nBjYDrBeEV
pITCnGFTUDLwett+rSeehj094O0OFzpmCeNg5V4Y0qScaUY9N8Xwi6OVMyHDYz0b
INmusgzLcJcASHXvvxGzKAGMBtqO3ukX6/W7uo1qeeISbs2J6jfJ4WqGStdyOqvA
rWjWyK4ZZrVXtyXHgfKR7Y/qRF9x6go++yeIE7SOO93lkIOIsCkjSltib+B/HarY
-----END CERTIFICATE-----