Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/HfKnCeLI0VAtCDxqG2gVHB92Dg8.roa
File:                     HfKnCeLI0VAtCDxqG2gVHB92Dg8.roa (raw, json)
Hash identifier:          EwzHdPUcFcsWXEwoIMqBtYJAGh4q85SVK3E5WVlQedI=
Subject key identifier:   1D:F2:A7:09:E2:C8:D1:50:2D:08:3C:6A:1B:68:15:1C:1F:76:0E:0F
Certificate issuer:       /CN=8a16618b71ffc80e1c3f41ed0dfc89ab5e963fd2
Certificate serial:       018E5188365E4094C052040749946E8E6EF8
Authority key identifier: 8A:16:61:8B:71:FF:C8:0E:1C:3F:41:ED:0D:FC:89:AB:5E:96:3F:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ihZhi3H_yA4cP0HtDfyJq16WP9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/HfKnCeLI0VAtCDxqG2gVHB92Dg8.roa
Signing time:             Mon 18 Mar 2024 12:27:45 +0000
ROA not before:           Mon 18 Mar 2024 12:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208033
IP address blocks:        45.158.206.0/23 maxlen: 23
                          2a0c:dc80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/ihZhi3H_yA4cP0HtDfyJq16WP9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/ihZhi3H_yA4cP0HtDfyJq16WP9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ihZhi3H_yA4cP0HtDfyJq16WP9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:88:36:5e:40:94:c0:52:04:07:49:94:6e:8e:6e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a16618b71ffc80e1c3f41ed0dfc89ab5e963fd2
        Validity
            Not Before: Mar 18 12:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1df2a709e2c8d1502d083c6a1b68151c1f760e0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3e:eb:fb:4c:b5:65:3f:36:d6:20:67:2f:ff:
                    46:b1:ba:dc:58:0a:ec:4c:f8:43:1a:0a:68:25:f4:
                    b9:a9:9d:a8:58:1f:80:6b:18:3a:8b:cb:36:21:d6:
                    a7:51:d1:10:69:95:c0:31:0f:d1:88:f1:07:53:7b:
                    0d:23:44:f6:25:cd:aa:fc:51:4a:98:ae:7e:49:9d:
                    ca:1d:93:3b:72:29:ca:6d:a8:2c:64:18:48:a5:e2:
                    94:c5:c1:2f:11:a1:49:eb:c9:dc:84:bb:66:b3:2b:
                    f8:e8:13:f0:4c:a3:68:2d:1f:39:9c:16:4b:f5:2f:
                    f3:ee:6a:fa:f3:3d:a6:5b:c3:1c:bc:fc:32:98:74:
                    db:ab:ff:40:b2:8a:9f:3e:06:12:d3:3e:60:c9:b3:
                    2b:06:65:11:26:84:44:7c:02:78:60:ff:dd:85:41:
                    9c:6e:7a:e3:b1:d0:0a:ae:19:ab:b3:a5:7c:89:6e:
                    15:e5:fa:3f:d2:94:df:53:78:6e:db:c0:4f:01:46:
                    d4:e8:61:cd:11:0b:ff:63:a8:5d:65:d8:3d:2c:40:
                    6d:76:73:f8:f1:c9:9b:d0:53:f6:9c:9e:8c:d2:19:
                    d3:22:e4:dd:53:64:4e:0a:2f:8f:5b:55:c0:ff:7e:
                    c3:05:dc:74:3f:69:81:0c:1d:2a:30:3e:9d:56:0b:
                    76:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F2:A7:09:E2:C8:D1:50:2D:08:3C:6A:1B:68:15:1C:1F:76:0E:0F
            X509v3 Authority Key Identifier:
                keyid:8A:16:61:8B:71:FF:C8:0E:1C:3F:41:ED:0D:FC:89:AB:5E:96:3F:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihZhi3H_yA4cP0HtDfyJq16WP9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/HfKnCeLI0VAtCDxqG2gVHB92Dg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/ihZhi3H_yA4cP0HtDfyJq16WP9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.206.0/23
                IPv6:
                  2a0c:dc80::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:7e:e3:ed:1e:91:04:19:a6:3d:9c:f7:a3:d6:a7:86:27:7f:
         47:9c:6d:62:a3:fe:40:56:1c:03:f6:c7:36:62:1e:14:72:3d:
         81:f4:24:ae:4f:e8:a8:f7:df:09:ea:6d:a0:3b:b9:a4:ae:17:
         4c:d0:97:d3:6a:70:ec:10:97:7e:e2:93:12:ac:c3:8a:d4:36:
         7a:29:c7:ed:ae:92:15:32:a7:5e:0c:1b:7e:41:a6:8f:0b:2f:
         0d:07:0a:4b:9d:45:65:64:24:2f:4f:09:63:f5:d4:b3:34:9b:
         82:9d:e9:d8:51:86:08:04:df:85:7e:38:f8:27:7b:2a:c3:61:
         46:08:0b:bf:ef:68:3a:eb:a4:22:cf:74:39:65:4d:ad:0e:2d:
         bb:40:37:91:28:d6:42:4c:9a:f3:7e:59:e6:1b:58:5e:db:bb:
         bd:9a:a3:fc:84:a5:b5:94:27:ca:03:5b:16:10:4c:d8:7f:b9:
         e9:8c:31:83:79:32:06:19:a4:61:aa:b7:8f:d3:8a:49:b1:31:
         af:f6:82:cf:c0:e0:3b:90:ca:88:9c:97:8c:90:2c:dc:72:5a:
         d0:eb:9f:f9:29:fc:b6:8b:ab:d0:5c:82:b0:3e:4b:c7:b6:e2:
         db:99:db:69:d6:22:ce:5b:55:a5:3b:b3:aa:aa:08:59:a7:03:
         43:fe:7c:02
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY5RiDZeQJTAUgQHSZRujm74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMTY2MThiNzFmZmM4MGUxYzNmNDFlZDBkZmM4OWFiNWU5
NjNmZDIwHhcNMjQwMzE4MTIyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGYyYTcwOWUyYzhkMTUwMmQwODNjNmExYjY4MTUxYzFmNzYwZTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj7r+0y1ZT821iBnL/9GsbrcWArs
TPhDGgpoJfS5qZ2oWB+Aaxg6i8s2IdanUdEQaZXAMQ/RiPEHU3sNI0T2Jc2q/FFK
mK5+SZ3KHZM7cinKbagsZBhIpeKUxcEvEaFJ68nchLtmsyv46BPwTKNoLR85nBZL
9S/z7mr68z2mW8McvPwymHTbq/9AsoqfPgYS0z5gybMrBmURJoREfAJ4YP/dhUGc
bnrjsdAKrhmrs6V8iW4V5fo/0pTfU3hu28BPAUbU6GHNEQv/Y6hdZdg9LEBtdnP4
8cmb0FP2nJ6M0hnTIuTdU2ROCi+PW1XA/37DBdx0P2mBDB0qMD6dVgt20wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB3ypwniyNFQLQg8ahtoFRwfdg4PMB8GA1UdIwQY
MBaAFIoWYYtx/8gOHD9B7Q38iatelj/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWhaaGkzSF95QTRjUDBIdERmeUpxMTZXUDlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC81NWNmNzctNjM5NC00ODEyLTlmYjUt
MjkxYWFlZGQ1OGNjLzEvSGZLbkNlTEkwVkF0Q0R4cUcyZ1ZIQjkyRGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC81NWNmNzctNjM5NC00ODEyLTlmYjUtMjkxYWFlZGQ1OGNj
LzEvaWhaaGkzSF95QTRjUDBIdERmeUpxMTZXUDlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLZ7OMA0E
AgACMAcDBQAqDNyAMA0GCSqGSIb3DQEBCwUAA4IBAQBlfuPtHpEEGaY9nPej1qeG
J39HnG1io/5AVhwD9sc2Yh4Ucj2B9CSuT+io998J6m2gO7mkrhdM0JfTanDsEJd+
4pMSrMOK1DZ6KcftrpIVMqdeDBt+QaaPCy8NBwpLnUVlZCQvTwlj9dSzNJuCnenY
UYYIBN+Ffjj4J3sqw2FGCAu/72g666Qiz3Q5ZU2tDi27QDeRKNZCTJrzflnmG1he
27u9mqP8hKW1lCfKA1sWEEzYf7npjDGDeTIGGaRhqreP04pJsTGv9oLPwOA7kMqI
nJeMkCzcclrQ65/5Kfy2i6vQXIKwPkvHtuLbmdtp1iLOW1WlO7OqqghZpwND/nwC
-----END CERTIFICATE-----