Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/HkMXgQgePY3RdIfive86DixoqU8.roa
File:                     HkMXgQgePY3RdIfive86DixoqU8.roa (raw, json)
Hash identifier:          h2yCtuZwj3/fqFMG17UU9VRSDxZoqPNK7Vzz9Xvacuw=
Subject key identifier:   1E:43:17:81:08:1E:3D:8D:D1:74:87:E2:BD:EF:3A:0E:2C:68:A9:4F
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0191FFD97C60911F61BEF7BDFB19999625DE
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/HkMXgQgePY3RdIfive86DixoqU8.roa
Signing time:             Tue 17 Sep 2024 11:58:48 +0000
ROA not before:           Tue 17 Sep 2024 11:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198160
IP address blocks:        185.236.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:d9:7c:60:91:1f:61:be:f7:bd:fb:19:99:96:25:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Sep 17 11:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e431781081e3d8dd17487e2bdef3a0e2c68a94f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3e:22:61:f4:81:5d:61:00:63:52:ea:16:66:
                    75:9b:2b:25:79:1a:4e:25:1f:74:c8:9c:7f:d0:6a:
                    67:e9:72:92:d6:3e:c4:28:0f:10:e2:3b:0e:f7:d1:
                    69:26:50:6f:e1:c7:33:10:ab:68:ed:01:98:c4:24:
                    5a:1d:6a:54:e6:8e:67:7e:60:77:56:61:a2:ba:a4:
                    ce:36:8b:ed:d5:bd:72:fa:cb:0a:75:ad:d7:b5:b8:
                    94:93:63:9e:8b:83:e6:1b:d5:f8:e5:9e:33:34:f3:
                    47:0c:51:3e:0d:87:13:4d:ab:64:ce:2e:ad:6e:1d:
                    15:2f:af:e2:33:47:d1:b0:53:16:74:65:96:8a:e6:
                    71:a4:29:27:7f:c5:bf:5a:ae:9d:92:e2:7a:e0:a5:
                    2a:7e:bb:f9:15:77:34:6b:13:88:99:7b:f3:30:38:
                    01:e4:bb:e7:98:3f:14:e2:81:99:69:31:62:e1:78:
                    41:6b:4b:6d:ca:bb:13:c7:af:fa:52:51:47:1c:40:
                    18:66:c9:7f:58:32:2b:24:b9:c5:14:c3:7d:7c:4c:
                    74:fd:2e:eb:66:7b:3c:23:e7:d5:df:d6:d6:0a:af:
                    9f:50:1c:10:e9:e2:bd:86:49:fc:44:64:91:17:00:
                    d5:a7:b0:c1:70:62:ae:a9:06:c3:62:84:4d:b1:a5:
                    60:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:43:17:81:08:1E:3D:8D:D1:74:87:E2:BD:EF:3A:0E:2C:68:A9:4F
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/HkMXgQgePY3RdIfive86DixoqU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:09:47:60:39:ed:d7:42:99:6f:2e:79:d4:5b:eb:25:0c:0b:
         dd:06:f8:81:67:e6:fd:25:c4:b3:20:f1:eb:af:04:81:03:30:
         7a:18:a2:47:67:9f:40:89:d7:63:41:f4:88:c5:f0:0a:db:c9:
         b5:38:f1:b4:15:19:93:67:8c:a6:7b:86:e8:39:91:d4:e3:c9:
         55:2d:9f:6d:f5:a9:b0:c5:af:94:20:dc:c6:7b:a0:45:ae:f2:
         21:ef:03:3b:67:75:3c:7c:de:21:33:7e:4b:24:ae:98:8b:67:
         fe:48:9b:1b:d4:b7:51:2d:36:3d:99:7e:bb:e0:ed:70:37:79:
         33:bf:21:a3:2c:ff:21:66:8e:9f:53:cb:f3:bb:6a:b0:46:c7:
         d7:c7:c4:46:3e:4c:b9:fe:79:7d:8c:c6:9e:c8:32:8c:d2:90:
         32:c9:2a:28:fc:02:6c:3d:a7:44:a4:af:9b:16:35:f3:86:f1:
         a5:e2:ce:f1:37:ca:76:24:a9:8b:e6:9c:14:7c:e4:d8:e8:a8:
         b3:5d:d7:68:fd:39:69:1a:0e:55:72:b9:4f:0c:b7:6c:18:70:
         fe:4a:40:ee:12:1c:2d:76:6e:74:71:02:ff:01:7d:8e:54:22:
         33:0a:28:7a:c9:14:fb:01:6a:d3:d2:c8:21:5e:ba:12:c1:a0:
         78:93:63:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH/2XxgkR9hvve9+xmZliXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjQwOTE3MTE1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQzMTc4MTA4MWUzZDhkZDE3NDg3ZTJiZGVmM2EwZTJjNjhhOTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D4iYfSBXWEAY1LqFmZ1mysleRpO
JR90yJx/0Gpn6XKS1j7EKA8Q4jsO99FpJlBv4cczEKto7QGYxCRaHWpU5o5nfmB3
VmGiuqTONovt1b1y+ssKda3XtbiUk2Oei4PmG9X45Z4zNPNHDFE+DYcTTatkzi6t
bh0VL6/iM0fRsFMWdGWWiuZxpCknf8W/Wq6dkuJ64KUqfrv5FXc0axOImXvzMDgB
5LvnmD8U4oGZaTFi4XhBa0ttyrsTx6/6UlFHHEAYZsl/WDIrJLnFFMN9fEx0/S7r
Zns8I+fV39bWCq+fUBwQ6eK9hkn8RGSRFwDVp7DBcGKuqQbDYoRNsaVg6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5DF4EIHj2N0XSH4r3vOg4saKlPMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvSGtNWGdRZ2VQWTNSZElmaXZlODZEaXhvcVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuewLMA0G
CSqGSIb3DQEBCwUAA4IBAQBWCUdgOe3XQplvLnnUW+slDAvdBviBZ+b9JcSzIPHr
rwSBAzB6GKJHZ59AiddjQfSIxfAK28m1OPG0FRmTZ4yme4boOZHU48lVLZ9t9amw
xa+UINzGe6BFrvIh7wM7Z3U8fN4hM35LJK6Yi2f+SJsb1LdRLTY9mX674O1wN3kz
vyGjLP8hZo6fU8vzu2qwRsfXx8RGPky5/nl9jMaeyDKM0pAyySoo/AJsPadEpK+b
FjXzhvGl4s7xN8p2JKmL5pwUfOTY6KizXddo/TlpGg5VcrlPDLdsGHD+SkDuEhwt
dm50cQL/AX2OVCIzCih6yRT7AWrT0sghXroSwaB4k2OM
-----END CERTIFICATE-----