Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/hkgpkg305klm4CMNVK857IDYoSc.roa
File:                     hkgpkg305klm4CMNVK857IDYoSc.roa (raw, json)
Hash identifier:          B8gDbHqGjGYC9ThaOTE1g2fI4Y4T6RsiXmcJl+ZQjpg=
Subject key identifier:   86:48:29:92:0D:F4:E6:49:66:E0:23:0D:54:AF:39:EC:80:D8:A1:27
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       018DEB42ED5C2DC2B783C3144C068FC7E4B2
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/hkgpkg305klm4CMNVK857IDYoSc.roa
Signing time:             Tue 27 Feb 2024 15:50:48 +0000
ROA not before:           Tue 27 Feb 2024 15:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211804
IP address blocks:        45.131.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:42:ed:5c:2d:c2:b7:83:c3:14:4c:06:8f:c7:e4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Feb 27 15:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=864829920df4e64966e0230d54af39ec80d8a127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0d:c4:d9:c7:f1:22:f9:65:04:91:a8:81:fa:
                    12:08:b6:a2:ea:0e:13:66:aa:76:5d:d0:06:5d:03:
                    e8:0b:8d:dc:f2:d0:d5:b2:da:db:99:ee:c1:09:3b:
                    67:3c:c0:1d:50:97:0d:d9:e1:5b:a1:e0:cb:ba:a8:
                    ec:ac:1f:b0:84:f0:ab:da:4d:de:8b:71:08:ee:85:
                    2a:d7:aa:87:28:2a:a4:b4:40:10:f3:60:5f:27:97:
                    81:91:88:58:08:94:16:77:27:77:bf:41:dd:95:eb:
                    1d:95:7e:7a:f6:74:45:00:79:20:d6:1a:c2:ed:d8:
                    09:9b:73:6b:7e:aa:0e:3f:ed:7c:02:d0:9f:25:d5:
                    19:1c:c1:77:35:58:96:e8:2d:6e:c4:58:52:13:86:
                    b4:1b:a1:fb:7a:04:74:9c:11:73:2a:e1:31:a6:bc:
                    d4:e9:ea:02:91:12:c0:2b:16:b2:69:77:03:5e:e9:
                    b2:83:07:25:59:ff:ac:8c:20:43:bc:d8:ed:30:ee:
                    b2:6a:19:c5:ad:6e:d2:88:19:3d:a3:21:4b:7d:e8:
                    12:cb:5c:9f:98:1e:4b:79:05:4b:e0:2e:91:ec:4e:
                    b9:1a:ba:d4:84:bd:d7:78:b2:d1:1a:12:c1:f0:c5:
                    61:2a:a1:5c:c4:52:8b:5d:ab:1a:e6:23:4b:7d:c4:
                    03:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:48:29:92:0D:F4:E6:49:66:E0:23:0D:54:AF:39:EC:80:D8:A1:27
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/hkgpkg305klm4CMNVK857IDYoSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:32:ba:80:46:9e:0c:f1:ca:3a:56:a6:8e:ce:c3:f0:46:2c:
         04:61:2c:61:40:4b:e0:4b:76:25:c6:55:02:c5:c5:4b:aa:dd:
         96:c6:29:85:aa:c7:6c:b6:0c:b5:96:a7:40:9e:82:56:98:5d:
         d9:32:64:c4:d3:4c:2a:21:61:81:04:bd:e2:ad:ff:2a:76:2a:
         b5:a0:c8:39:a4:08:e4:8a:f0:94:2e:9a:2a:86:f0:f7:09:7c:
         28:4a:5c:68:64:e3:63:bd:8a:f5:3d:06:a7:50:67:f6:3c:6a:
         46:ad:df:a8:7a:0a:dc:f7:fe:b0:7e:2a:97:79:2c:9c:72:74:
         15:b9:23:30:fb:73:87:af:fc:f7:aa:00:92:06:6a:79:ff:31:
         6b:b2:59:a0:3c:eb:4d:b0:bf:73:94:e7:bd:02:7e:1b:53:5b:
         f0:25:70:42:b3:b8:6f:21:c0:1e:52:db:8a:6b:2e:4e:f2:79:
         1d:72:88:4c:58:e5:b9:f9:a1:a1:83:82:ee:e3:b1:23:1e:a4:
         c2:d0:a4:5c:42:52:af:df:e0:95:a4:01:d1:68:45:1b:16:a7:
         6f:8d:7c:1b:c2:90:44:0d:42:04:4e:62:8f:14:4d:1d:85:03:
         73:43:44:bc:97:ef:98:a0:80:08:d4:23:e0:17:da:fc:bb:84:
         95:ab:8c:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3rQu1cLcK3g8MUTAaPx+SyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjQwMjI3MTU1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ4Mjk5MjBkZjRlNjQ5NjZlMDIzMGQ1NGFmMzllYzgwZDhhMTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA3E2cfxIvllBJGogfoSCLai6g4T
Zqp2XdAGXQPoC43c8tDVstrbme7BCTtnPMAdUJcN2eFboeDLuqjsrB+whPCr2k3e
i3EI7oUq16qHKCqktEAQ82BfJ5eBkYhYCJQWdyd3v0HdlesdlX569nRFAHkg1hrC
7dgJm3NrfqoOP+18AtCfJdUZHMF3NViW6C1uxFhSE4a0G6H7egR0nBFzKuExprzU
6eoCkRLAKxayaXcDXumygwclWf+sjCBDvNjtMO6yahnFrW7SiBk9oyFLfegSy1yf
mB5LeQVL4C6R7E65GrrUhL3XeLLRGhLB8MVhKqFcxFKLXasa5iNLfcQDDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZIKZIN9OZJZuAjDVSvOeyA2KEnMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvaGtncGtnMzA1a2xtNENNTlZLODU3SURZb1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYMCMA0G
CSqGSIb3DQEBCwUAA4IBAQCnMrqARp4M8co6VqaOzsPwRiwEYSxhQEvgS3YlxlUC
xcVLqt2WximFqsdstgy1lqdAnoJWmF3ZMmTE00wqIWGBBL3irf8qdiq1oMg5pAjk
ivCULpoqhvD3CXwoSlxoZONjvYr1PQanUGf2PGpGrd+oegrc9/6wfiqXeSyccnQV
uSMw+3OHr/z3qgCSBmp5/zFrslmgPOtNsL9zlOe9An4bU1vwJXBCs7hvIcAeUtuK
ay5O8nkdcohMWOW5+aGhg4Lu47EjHqTC0KRcQlKv3+CVpAHRaEUbFqdvjXwbwpBE
DUIETmKPFE0dhQNzQ0S8l++YoIAI1CPgF9r8u4SVq4zt
-----END CERTIFICATE-----