Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/Hl-LGslDYIhPlAkXHQHVv-RvB0w.roa
File:                     Hl-LGslDYIhPlAkXHQHVv-RvB0w.roa (raw, json)
Hash identifier:          O2E13yhrehXyHLH26oeDji6bWmBZEWAoPwvjmCy5UcQ=
Subject key identifier:   1E:5F:8B:1A:C9:43:60:88:4F:94:09:17:1D:01:D5:BF:E4:6F:07:4C
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       019426D8ADC9F4ADD7FFFB878C4F15825A8B
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/Hl-LGslDYIhPlAkXHQHVv-RvB0w.roa
Signing time:             Thu 02 Jan 2025 11:48:41 +0000
ROA not before:           Thu 02 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43754
IP address blocks:        164.215.128.0/17 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:ad:c9:f4:ad:d7:ff:fb:87:8c:4f:15:82:5a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Jan  2 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e5f8b1ac94360884f9409171d01d5bfe46f074c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:4a:77:fc:b4:fe:f4:39:e1:e0:e1:2b:7a:0f:
                    cd:42:59:01:b3:d3:b6:7f:56:cf:98:40:20:ba:d8:
                    15:40:fb:15:fa:d9:ef:c7:31:7c:3b:09:6a:8d:c2:
                    71:3a:e8:3c:43:99:95:17:d0:7b:ab:61:ae:8a:ad:
                    f1:b0:00:9b:82:f5:2a:24:b1:56:43:42:ee:63:da:
                    30:5f:bb:ad:9a:22:1f:72:ff:d2:08:7c:3d:df:50:
                    6e:41:97:1c:78:be:7d:1f:9f:fe:4f:0d:7e:ab:e4:
                    0e:e0:c6:c3:a5:67:82:a8:6c:c5:43:c8:6e:09:45:
                    10:db:3b:53:b3:cd:f9:69:0f:89:a9:cd:64:e9:1d:
                    2b:a7:ca:43:d4:bf:75:82:cb:48:9e:a2:ff:dd:08:
                    cc:58:c1:ec:b8:67:7d:64:5c:ed:4a:bd:ed:55:31:
                    3d:13:14:7e:de:a5:54:e9:99:02:6d:8e:10:43:77:
                    6b:05:15:af:6c:4a:42:9e:fe:de:d0:2a:37:7a:53:
                    23:52:f5:18:2d:a5:67:cb:2e:41:7d:53:3e:54:1c:
                    d4:d4:be:c3:ec:94:81:45:d9:5f:e8:46:af:00:a1:
                    63:f3:45:56:55:c7:da:60:df:a2:38:cb:c6:b6:e2:
                    5f:aa:2a:fb:83:46:30:eb:be:48:ab:ce:f3:b5:e3:
                    29:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:5F:8B:1A:C9:43:60:88:4F:94:09:17:1D:01:D5:BF:E4:6F:07:4C
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/Hl-LGslDYIhPlAkXHQHVv-RvB0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.215.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         63:82:12:c2:71:16:97:18:53:d3:53:11:2a:31:43:48:e3:79:
         bf:35:37:10:7c:f3:ca:c4:b9:a3:ad:5b:f7:76:78:92:47:9d:
         e2:f1:56:68:a4:2c:df:2a:7b:04:13:54:f3:d6:15:0b:0a:ca:
         fd:99:e1:3b:52:62:e4:ab:87:19:d7:54:dd:54:b1:2d:5b:12:
         89:4a:1a:52:4a:67:b3:c5:d9:3f:c7:f2:32:b8:d7:60:69:09:
         72:87:c7:a1:af:3e:9d:7a:28:20:14:42:6c:9e:aa:db:7f:1b:
         2a:c2:08:2b:b8:76:5d:27:d3:8e:3e:26:ad:cb:c4:0c:57:4c:
         14:89:16:94:fd:b0:ff:12:f1:19:5a:75:42:f9:46:c1:f2:7c:
         70:85:5f:2e:26:b4:c4:09:8f:4d:63:d1:1f:db:9f:ed:65:94:
         7e:47:f8:71:aa:a1:f3:9b:42:18:d0:28:43:5e:42:d8:92:64:
         5c:6b:ba:e2:c3:93:5d:c0:4e:38:77:3b:68:70:cd:da:2d:bd:
         5a:d5:ba:d8:55:1a:84:85:2f:bf:58:54:cf:1b:53:26:3e:ea:
         14:37:63:6a:0c:35:bc:70:77:fe:be:dc:b7:32:77:d7:44:12:
         2a:b0:05:1c:a6:d1:3c:9f:da:8b:62:ce:af:d5:09:ed:97:48:
         9f:eb:ea:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2K3J9K3X//uHjE8VglqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjUwMTAyMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTVmOGIxYWM5NDM2MDg4NGY5NDA5MTcxZDAxZDViZmU0NmYwNzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUp3/LT+9Dnh4OEreg/NQlkBs9O2
f1bPmEAgutgVQPsV+tnvxzF8OwlqjcJxOug8Q5mVF9B7q2Guiq3xsACbgvUqJLFW
Q0LuY9owX7utmiIfcv/SCHw931BuQZcceL59H5/+Tw1+q+QO4MbDpWeCqGzFQ8hu
CUUQ2ztTs835aQ+Jqc1k6R0rp8pD1L91gstInqL/3QjMWMHsuGd9ZFztSr3tVTE9
ExR+3qVU6ZkCbY4QQ3drBRWvbEpCnv7e0Co3elMjUvUYLaVnyy5BfVM+VBzU1L7D
7JSBRdlf6EavAKFj80VWVcfaYN+iOMvGtuJfqir7g0Yw675Iq87zteMp7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5fixrJQ2CIT5QJFx0B1b/kbwdMMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvSGwtTEdzbERZSWhQbEFrWEhRSFZ2LVJ2QjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHpNeAMA0G
CSqGSIb3DQEBCwUAA4IBAQBjghLCcRaXGFPTUxEqMUNI43m/NTcQfPPKxLmjrVv3
dniSR53i8VZopCzfKnsEE1Tz1hULCsr9meE7UmLkq4cZ11TdVLEtWxKJShpSSmez
xdk/x/IyuNdgaQlyh8ehrz6deiggFEJsnqrbfxsqwggruHZdJ9OOPiaty8QMV0wU
iRaU/bD/EvEZWnVC+UbB8nxwhV8uJrTECY9NY9Ef25/tZZR+R/hxqqHzm0IY0ChD
XkLYkmRca7riw5NdwE44dztocM3aLb1a1brYVRqEhS+/WFTPG1MmPuoUN2NqDDW8
cHf+vty3MnfXRBIqsAUcptE8n9qLYs6v1Qntl0if6+pz
-----END CERTIFICATE-----