Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/e7ef54-bdb0-450a-8646-ee08146e3713/1/HhawQSpCA1Qu6lmBsKMxsEmab30.roa
File:                     HhawQSpCA1Qu6lmBsKMxsEmab30.roa (raw, json)
Hash identifier:          I08bPcEUFSnzt9C/+8keU57kDAZLLlmDNMI0zvaFHGo=
Subject key identifier:   1E:16:B0:41:2A:42:03:54:2E:EA:59:81:B0:A3:31:B0:49:9A:6F:7D
Certificate issuer:       /CN=aa31ee512c1a562ab9e9410a831f72fd4318892e
Certificate serial:       018CC86F0314765ECDCED81650168B0C5030
Authority key identifier: AA:31:EE:51:2C:1A:56:2A:B9:E9:41:0A:83:1F:72:FD:43:18:89:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qjHuUSwaViq56UEKgx9y_UMYiS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/e7ef54-bdb0-450a-8646-ee08146e3713/1/HhawQSpCA1Qu6lmBsKMxsEmab30.roa
Signing time:             Tue 02 Jan 2024 04:29:27 +0000
ROA not before:           Tue 02 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35677
IP address blocks:        185.92.76.0/22 maxlen: 22
                          2a03:8ae0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/e7ef54-bdb0-450a-8646-ee08146e3713/1/qjHuUSwaViq56UEKgx9y_UMYiS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/e7ef54-bdb0-450a-8646-ee08146e3713/1/qjHuUSwaViq56UEKgx9y_UMYiS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qjHuUSwaViq56UEKgx9y_UMYiS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:03:14:76:5e:cd:ce:d8:16:50:16:8b:0c:50:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa31ee512c1a562ab9e9410a831f72fd4318892e
        Validity
            Not Before: Jan  2 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e16b0412a4203542eea5981b0a331b0499a6f7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:fe:d1:38:bd:14:ae:15:5f:b9:79:2c:bf:f6:
                    b7:cb:39:e2:4e:75:7b:80:54:aa:06:5c:15:25:3d:
                    cb:c6:98:c8:24:bb:eb:2d:7c:2d:93:cf:bf:a3:40:
                    9d:93:fd:52:34:8c:f1:e2:0d:eb:b0:7c:4d:db:95:
                    4a:e4:76:47:fe:e8:94:fa:70:cf:40:fd:4f:5a:b2:
                    94:2c:bc:31:f1:71:6a:da:bc:9a:db:38:ff:ad:15:
                    30:25:b3:dd:09:0c:b6:64:d0:51:30:70:ff:37:45:
                    05:af:82:21:fb:fa:23:92:90:8c:91:ce:5d:aa:96:
                    65:b5:52:82:aa:9c:5a:ab:cb:48:1f:0b:2b:91:e0:
                    2c:e9:be:0e:22:b7:6f:64:2a:e8:8c:b8:ab:bf:35:
                    f5:1f:b5:79:f9:61:ee:d7:cf:de:5c:f9:bb:25:86:
                    64:7e:72:13:66:18:c5:dd:84:30:35:4f:5e:e4:8b:
                    56:50:24:06:48:80:2d:8f:ab:21:bd:3f:dd:b3:ba:
                    30:1c:56:b6:ef:0c:ca:57:6f:70:62:6c:73:08:b5:
                    9b:a0:51:1e:02:84:ac:b5:16:58:4a:16:37:17:53:
                    fc:0a:a4:65:a6:21:43:93:9f:09:4c:5f:7a:d0:72:
                    cf:e0:e9:38:e3:72:8a:bd:cd:f6:9e:89:94:bd:f5:
                    72:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:16:B0:41:2A:42:03:54:2E:EA:59:81:B0:A3:31:B0:49:9A:6F:7D
            X509v3 Authority Key Identifier:
                keyid:AA:31:EE:51:2C:1A:56:2A:B9:E9:41:0A:83:1F:72:FD:43:18:89:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qjHuUSwaViq56UEKgx9y_UMYiS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e7ef54-bdb0-450a-8646-ee08146e3713/1/HhawQSpCA1Qu6lmBsKMxsEmab30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/e7ef54-bdb0-450a-8646-ee08146e3713/1/qjHuUSwaViq56UEKgx9y_UMYiS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.76.0/22
                IPv6:
                  2a03:8ae0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:b3:44:a5:90:05:cc:64:a1:b5:d4:ac:a3:2c:25:e9:ec:ba:
         29:d0:a8:d4:aa:c8:a7:b8:38:58:b2:4a:a7:e4:30:0a:00:ef:
         97:3a:45:d9:7c:17:1f:e1:a6:b1:31:3c:77:96:f2:ef:b7:9f:
         59:30:ae:1f:cb:60:d0:25:3c:3f:09:d1:0c:77:92:30:38:77:
         77:73:e1:8b:8d:6b:c6:c1:27:c1:86:97:fb:6b:79:e5:17:3c:
         7d:f4:ea:c1:cc:00:51:cb:10:2b:af:e7:5a:c6:43:e1:3a:d1:
         af:41:a4:8d:08:b7:82:5a:60:be:d1:41:c6:4d:97:41:4f:52:
         e4:ab:72:b7:08:25:f1:08:85:9a:6c:7a:bc:b5:a2:f2:5a:0a:
         31:ad:20:ce:77:09:3b:95:5a:fe:b0:0a:1e:2c:75:dc:d6:a8:
         0d:ba:42:80:7f:f8:b0:00:ca:61:0d:88:38:2f:f9:7b:91:94:
         61:45:f6:cd:b4:12:ca:66:53:62:a6:10:08:6b:8f:33:0f:fd:
         cd:e9:c5:13:63:57:6b:f2:36:35:a3:76:c4:ac:2d:19:11:eb:
         8f:ad:28:4f:07:8a:4b:f1:23:58:23:11:27:56:27:c3:b9:a1:
         63:08:e8:32:44:b8:9a:da:8d:88:58:8d:53:3c:d7:70:ad:25:
         7c:f9:86:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbwMUdl7NztgWUBaLDFAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMzFlZTUxMmMxYTU2MmFiOWU5NDEwYTgzMWY3MmZkNDMx
ODg5MmUwHhcNMjQwMTAyMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTE2YjA0MTJhNDIwMzU0MmVlYTU5ODFiMGEzMzFiMDQ5OWE2ZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7f7ROL0UrhVfuXksv/a3yzniTnV7
gFSqBlwVJT3LxpjIJLvrLXwtk8+/o0Cdk/1SNIzx4g3rsHxN25VK5HZH/uiU+nDP
QP1PWrKULLwx8XFq2rya2zj/rRUwJbPdCQy2ZNBRMHD/N0UFr4Ih+/ojkpCMkc5d
qpZltVKCqpxaq8tIHwsrkeAs6b4OIrdvZCrojLirvzX1H7V5+WHu18/eXPm7JYZk
fnITZhjF3YQwNU9e5ItWUCQGSIAtj6shvT/ds7owHFa27wzKV29wYmxzCLWboFEe
AoSstRZYShY3F1P8CqRlpiFDk58JTF960HLP4Ok443KKvc32nomUvfVybQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB4WsEEqQgNULupZgbCjMbBJmm99MB8GA1UdIwQY
MBaAFKox7lEsGlYquelBCoMfcv1DGIkuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWpIdVVTd2FWaXE1NlVFS2d4OXlfVU1ZaVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9lN2VmNTQtYmRiMC00NTBhLTg2NDYt
ZWUwODE0NmUzNzEzLzEvSGhhd1FTcENBMVF1NmxtQnNLTXhzRW1hYjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9lN2VmNTQtYmRiMC00NTBhLTg2NDYtZWUwODE0NmUzNzEz
LzEvcWpIdVVTd2FWaXE1NlVFS2d4OXlfVU1ZaVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVxMMA0E
AgACMAcDBQAqA4rgMA0GCSqGSIb3DQEBCwUAA4IBAQDBs0SlkAXMZKG11KyjLCXp
7Lop0KjUqsinuDhYskqn5DAKAO+XOkXZfBcf4aaxMTx3lvLvt59ZMK4fy2DQJTw/
CdEMd5IwOHd3c+GLjWvGwSfBhpf7a3nlFzx99OrBzABRyxArr+daxkPhOtGvQaSN
CLeCWmC+0UHGTZdBT1Lkq3K3CCXxCIWabHq8taLyWgoxrSDOdwk7lVr+sAoeLHXc
1qgNukKAf/iwAMphDYg4L/l7kZRhRfbNtBLKZlNiphAIa48zD/3N6cUTY1dr8jY1
o3bErC0ZEeuPrShPB4pL8SNYIxEnVifDuaFjCOgyRLia2o2IWI1TPNdwrSV8+YZ+
-----END CERTIFICATE-----