Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/HP_FDxYUJq9Rk1AN2nw7XIt7w9w.roa
File:                     HP_FDxYUJq9Rk1AN2nw7XIt7w9w.roa (raw, json)
Hash identifier:          CFHlGZyeZrK5WP/tbsBus6PmVm/oXWDrqbyi9WBgRaw=
Subject key identifier:   1C:FF:C5:0F:16:14:26:AF:51:93:50:0D:DA:7C:3B:5C:8B:7B:C3:DC
Certificate issuer:       /CN=24a55bd68397566895b15ecb97fc1d65c0c879ce
Certificate serial:       018CC8DD04247F1FC9745657EC8A7B491CB2
Authority key identifier: 24:A5:5B:D6:83:97:56:68:95:B1:5E:CB:97:FC:1D:65:C0:C8:79:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/HP_FDxYUJq9Rk1AN2nw7XIt7w9w.roa
Signing time:             Tue 02 Jan 2024 06:29:36 +0000
ROA not before:           Tue 02 Jan 2024 06:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210947
IP address blocks:        185.110.136.0/22 maxlen: 24
                          2a06:5680::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:04:24:7f:1f:c9:74:56:57:ec:8a:7b:49:1c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24a55bd68397566895b15ecb97fc1d65c0c879ce
        Validity
            Not Before: Jan  2 06:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cffc50f161426af5193500dda7c3b5c8b7bc3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:01:0d:92:ee:51:ed:48:89:a0:36:ce:0a:a1:
                    09:e9:74:8c:f5:ef:ba:96:9d:c5:35:16:4e:44:33:
                    86:46:a8:55:25:39:f1:36:fb:cb:02:36:28:d3:26:
                    0d:88:0d:73:38:66:0b:36:c7:e8:b3:fb:ab:93:79:
                    df:04:c7:63:34:03:0a:2a:60:65:bd:e2:e5:1a:4e:
                    16:b5:06:87:86:62:d4:97:95:2f:54:4e:78:eb:38:
                    f5:c4:0a:dc:ca:cb:73:91:c9:85:df:f5:8d:ca:1d:
                    48:26:c3:ab:f6:1c:a3:06:a1:5f:11:18:bb:b9:ee:
                    e1:3a:69:e4:10:06:12:19:d8:3f:3c:6e:b7:e4:ea:
                    6e:fd:ca:f2:90:70:2a:f5:22:d8:72:12:13:16:ff:
                    e3:fe:f3:2a:29:b9:b6:24:ed:ee:90:6d:eb:60:b5:
                    a2:2c:96:7b:93:4c:06:fc:c1:29:9b:f9:09:0c:b0:
                    50:4e:40:63:9a:a1:b3:d9:9d:bd:85:f4:f6:96:87:
                    55:05:48:b3:8f:c4:ab:37:5a:3d:07:e2:6e:bf:89:
                    7c:90:46:d6:09:bd:86:96:2e:a7:09:ae:e7:59:c7:
                    78:06:c3:00:f1:14:fd:b8:25:9f:94:45:d2:49:3d:
                    18:29:07:86:52:fb:a4:ab:df:28:ca:fa:fc:fd:54:
                    1b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:FF:C5:0F:16:14:26:AF:51:93:50:0D:DA:7C:3B:5C:8B:7B:C3:DC
            X509v3 Authority Key Identifier:
                keyid:24:A5:5B:D6:83:97:56:68:95:B1:5E:CB:97:FC:1D:65:C0:C8:79:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JKVb1oOXVmiVsV7Ll_wdZcDIec4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/HP_FDxYUJq9Rk1AN2nw7XIt7w9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/0de899-22e1-463c-a4dd-c34e90d7f8ea/1/JKVb1oOXVmiVsV7Ll_wdZcDIec4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.136.0/22
                IPv6:
                  2a06:5680::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:4d:f6:67:b3:ea:69:fb:e0:61:43:2d:9b:ba:cd:52:63:c8:
         af:2d:2b:15:1f:de:fa:36:df:57:e5:e3:96:a3:e9:28:93:b6:
         42:48:78:ec:5e:72:c8:e2:8d:03:84:05:ca:d8:d9:3e:22:b8:
         0a:67:d6:d4:d3:f3:4b:d9:f6:33:eb:c6:43:6d:4a:2a:cd:02:
         53:74:7f:a3:21:a8:8d:9a:11:b4:7c:b4:6b:38:e7:1a:8b:1a:
         0f:2f:e3:7a:11:b9:c9:e9:5b:11:c5:66:bd:7f:ea:c8:1a:3e:
         8f:8c:3d:0d:d4:37:46:2c:42:04:c6:19:38:5c:06:4c:62:a6:
         1d:a6:89:c9:db:23:7f:4c:5f:49:35:51:12:34:cd:39:eb:53:
         8f:00:57:a2:c0:ac:66:ff:56:c2:7e:98:9b:31:37:a7:32:a8:
         32:c0:dc:21:4a:b5:b0:5b:77:18:a2:03:ab:23:07:62:2a:63:
         b0:d9:fe:28:b5:87:2b:af:ef:95:bf:fc:26:fd:22:90:a5:77:
         b7:91:48:f1:dc:0b:af:76:a8:51:31:6f:49:9e:44:c0:f7:0a:
         c4:e6:e9:9e:27:1b:75:30:5c:6e:96:64:72:65:3e:55:62:05:
         c3:dd:50:d1:03:58:58:49:78:68:aa:be:e0:4d:42:c6:ff:b3:
         f1:0a:ec:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3QQkfx/JdFZX7Ip7SRyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YTU1YmQ2ODM5NzU2Njg5NWIxNWVjYjk3ZmMxZDY1YzBj
ODc5Y2UwHhcNMjQwMTAyMDYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2ZmYzUwZjE2MTQyNmFmNTE5MzUwMGRkYTdjM2I1YzhiN2JjM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAENku5R7UiJoDbOCqEJ6XSM9e+6
lp3FNRZORDOGRqhVJTnxNvvLAjYo0yYNiA1zOGYLNsfos/urk3nfBMdjNAMKKmBl
veLlGk4WtQaHhmLUl5UvVE546zj1xArcystzkcmF3/WNyh1IJsOr9hyjBqFfERi7
ue7hOmnkEAYSGdg/PG635Opu/crykHAq9SLYchITFv/j/vMqKbm2JO3ukG3rYLWi
LJZ7k0wG/MEpm/kJDLBQTkBjmqGz2Z29hfT2lodVBUizj8SrN1o9B+Juv4l8kEbW
Cb2Gli6nCa7nWcd4BsMA8RT9uCWflEXSST0YKQeGUvukq98oyvr8/VQbcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBz/xQ8WFCavUZNQDdp8O1yLe8PcMB8GA1UdIwQY
MBaAFCSlW9aDl1ZolbFey5f8HWXAyHnOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSktWYjFvT1hWbWlWc1Y3TGxfd2RaY0RJZWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wZGU4OTktMjJlMS00NjNjLWE0ZGQt
YzM0ZTkwZDdmOGVhLzEvSFBfRkR4WVVKcTlSazFBTjJudzdYSXQ3dzl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wZGU4OTktMjJlMS00NjNjLWE0ZGQtYzM0ZTkwZDdmOGVh
LzEvSktWYjFvT1hWbWlWc1Y3TGxfd2RaY0RJZWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW6IMA0E
AgACMAcDBQMqBlaAMA0GCSqGSIb3DQEBCwUAA4IBAQAITfZns+pp++BhQy2bus1S
Y8ivLSsVH976Nt9X5eOWo+kok7ZCSHjsXnLI4o0DhAXK2Nk+IrgKZ9bU0/NL2fYz
68ZDbUoqzQJTdH+jIaiNmhG0fLRrOOcaixoPL+N6EbnJ6VsRxWa9f+rIGj6PjD0N
1DdGLEIExhk4XAZMYqYdponJ2yN/TF9JNVESNM0561OPAFeiwKxm/1bCfpibMTen
MqgywNwhSrWwW3cYogOrIwdiKmOw2f4otYcrr++Vv/wm/SKQpXe3kUjx3AuvdqhR
MW9JnkTA9wrE5umeJxt1MFxulmRyZT5VYgXD3VDRA1hYSXhoqr7gTULG/7PxCuzD
-----END CERTIFICATE-----