Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/HpNeWOgFzYeAtKUqXPmP4EaSUfw.roa
File:                     HpNeWOgFzYeAtKUqXPmP4EaSUfw.roa (raw, json)
Hash identifier:          CnaUEhftHhVw9GqFf2qY9LZeY2eMV9WRfmCAwfTkKNw=
Subject key identifier:   1E:93:5E:58:E8:05:CD:87:80:B4:A5:2A:5C:F9:8F:E0:46:92:51:FC
Certificate issuer:       /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial:       018EEFBD05499A21519826F989E05FC6D0BD
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/HpNeWOgFzYeAtKUqXPmP4EaSUfw.roa
Signing time:             Thu 18 Apr 2024 05:45:25 +0000
ROA not before:           Thu 18 Apr 2024 05:45:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34766
IP address blocks:        194.59.216.0/22 maxlen: 24
                          194.99.44.0/23 maxlen: 24
                          194.99.46.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ef:bd:05:49:9a:21:51:98:26:f9:89:e0:5f:c6:d0:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
        Validity
            Not Before: Apr 18 05:45:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e935e58e805cd8780b4a52a5cf98fe0469251fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ec:e8:5d:29:e3:97:eb:64:34:11:ce:1a:9f:
                    73:70:56:73:6f:4d:82:c1:59:54:92:20:5f:75:e7:
                    99:32:8c:be:a4:a8:60:86:8b:43:f1:06:e2:2d:ec:
                    a9:1a:7d:f4:b1:1d:a8:37:7b:cb:02:90:98:c2:fe:
                    9e:6b:a3:41:61:04:52:e0:dd:75:c7:58:19:46:c2:
                    01:5f:c2:a7:b2:67:49:ad:ca:c1:26:27:39:c7:23:
                    e2:9f:51:ac:e9:75:37:4a:25:11:e4:43:c2:7a:04:
                    70:58:a7:62:7d:c9:c3:e3:d0:0b:3e:0e:8e:cc:c8:
                    65:58:f2:cd:25:fa:54:77:a5:95:da:25:5f:ad:28:
                    c7:9a:41:40:69:de:17:c4:f6:d7:18:3a:ae:57:1f:
                    ef:9b:80:49:f8:b1:3c:31:a3:ce:8b:0d:43:ab:1b:
                    8f:d9:31:de:b2:14:cf:01:cd:b4:09:1b:2d:ff:bc:
                    0d:c3:ca:2f:e2:cd:9f:44:8f:19:f4:44:de:86:b9:
                    fe:59:cf:0f:1e:e5:c8:6c:97:90:45:86:d3:dc:e6:
                    9c:f9:c2:19:6a:19:5d:17:40:01:e8:2b:09:d8:02:
                    3a:23:d1:5a:9e:73:29:a9:3a:70:ad:0f:fc:b1:01:
                    69:ee:83:4b:2f:cd:ab:8b:5c:4e:11:d9:46:46:88:
                    25:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:93:5E:58:E8:05:CD:87:80:B4:A5:2A:5C:F9:8F:E0:46:92:51:FC
            X509v3 Authority Key Identifier:
                keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/HpNeWOgFzYeAtKUqXPmP4EaSUfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.216.0/22
                  194.99.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:85:94:fe:68:16:d1:43:71:04:50:31:82:e7:cf:36:dd:c9:
         bf:c3:28:c0:42:ef:35:5e:1b:d3:91:0c:82:d6:2a:99:36:ac:
         8a:5a:89:99:9d:5b:87:25:25:df:85:5d:12:81:49:54:8f:ae:
         22:c9:f6:0a:0c:03:b1:d6:56:bb:ac:74:f7:e8:95:af:4c:a9:
         3b:4b:00:f4:57:dc:ca:fd:c0:4c:bc:77:41:42:02:4b:9e:07:
         51:df:62:02:ea:1f:d3:76:7e:8f:3f:92:e7:00:8e:c1:5a:65:
         a7:c4:c4:2c:a0:7a:81:2d:14:11:dc:39:18:f4:f3:13:f1:81:
         de:dc:8c:81:db:24:f3:49:0b:63:24:26:0d:2c:33:0f:13:15:
         7f:c9:43:6e:68:3a:73:66:5e:dd:37:1f:e3:0d:e7:00:d1:4c:
         a2:9d:2d:14:06:aa:d6:67:69:07:d2:50:02:c7:5d:ec:8d:e1:
         2e:7a:fb:b2:7f:07:87:e8:f9:19:34:28:bb:15:c9:c0:f9:63:
         92:99:2f:f1:6c:df:ed:cf:07:5d:09:1c:04:fc:0c:a3:ea:65:
         62:e0:82:bd:1c:a7:90:bb:f6:5d:c8:69:3a:d2:a9:a8:5b:95:
         a0:3b:09:f2:6c:98:f6:18:ab:a4:17:07:fe:b0:43:da:b4:5d:
         a8:24:26:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7vvQVJmiFRmCb5ieBfxtC9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNGZlZmZiNTc2ZTQxMWRlNTExODcxZGMxZTBiZDdhMjBl
MmM0ZDcwHhcNMjQwNDE4MDU0NTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTkzNWU1OGU4MDVjZDg3ODBiNGE1MmE1Y2Y5OGZlMDQ2OTI1MWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOzoXSnjl+tkNBHOGp9zcFZzb02C
wVlUkiBfdeeZMoy+pKhghotD8QbiLeypGn30sR2oN3vLApCYwv6ea6NBYQRS4N11
x1gZRsIBX8KnsmdJrcrBJic5xyPin1Gs6XU3SiUR5EPCegRwWKdifcnD49ALPg6O
zMhlWPLNJfpUd6WV2iVfrSjHmkFAad4XxPbXGDquVx/vm4BJ+LE8MaPOiw1DqxuP
2THeshTPAc20CRst/7wNw8ov4s2fRI8Z9ETehrn+Wc8PHuXIbJeQRYbT3Oac+cIZ
ahldF0AB6CsJ2AI6I9FannMpqTpwrQ/8sQFp7oNLL82ri1xOEdlGRoglkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB6TXljoBc2HgLSlKlz5j+BGklH8MB8GA1UdIwQY
MBaAFEJP7/tXbkEd5RGHHcHgvXog4sTXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjct
ODMxZjdlNmY1Y2NkLzEvSHBOZVdPZ0Z6WWVBdEtVcVhQbVA0RWFTVWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy82MTM1MDgtMDgzMi00MWY2LWFjYjctODMxZjdlNmY1Y2Nk
LzEvUWtfdi0xZHVRUjNsRVljZHdlQzllaURpeE5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwjvYAwQC
wmMsMA0GCSqGSIb3DQEBCwUAA4IBAQCshZT+aBbRQ3EEUDGC58823cm/wyjAQu81
XhvTkQyC1iqZNqyKWomZnVuHJSXfhV0SgUlUj64iyfYKDAOx1la7rHT36JWvTKk7
SwD0V9zK/cBMvHdBQgJLngdR32IC6h/Tdn6PP5LnAI7BWmWnxMQsoHqBLRQR3DkY
9PMT8YHe3IyB2yTzSQtjJCYNLDMPExV/yUNuaDpzZl7dNx/jDecA0UyinS0UBqrW
Z2kH0lACx13sjeEuevuyfweH6PkZNCi7FcnA+WOSmS/xbN/tzwddCRwE/Ayj6mVi
4IK9HKeQu/ZdyGk60qmoW5WgOwnybJj2GKukFwf+sEPatF2oJCb0
-----END CERTIFICATE-----