Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/HK2Vi8L-VSUrFJS43CFHzQJcbz8.roa
File:                     HK2Vi8L-VSUrFJS43CFHzQJcbz8.roa (raw, json)
Hash identifier:          E5YSpnMWbKYKY1PUN7i5gprBfIcHK0dY28fjbucPCYI=
Subject key identifier:   1C:AD:95:8B:C2:FE:55:25:2B:14:94:B8:DC:21:47:CD:02:5C:6F:3F
Certificate issuer:       /CN=2dfa9f068edb9fc436354d1a6d9bb421bff630d5
Certificate serial:       0194221F9F2FC9FB8F41E210C416142644D6
Authority key identifier: 2D:FA:9F:06:8E:DB:9F:C4:36:35:4D:1A:6D:9B:B4:21:BF:F6:30:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/HK2Vi8L-VSUrFJS43CFHzQJcbz8.roa
Signing time:             Wed 01 Jan 2025 13:48:05 +0000
ROA not before:           Wed 01 Jan 2025 13:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59877
IP address blocks:        193.56.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9f:2f:c9:fb:8f:41:e2:10:c4:16:14:26:44:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dfa9f068edb9fc436354d1a6d9bb421bff630d5
        Validity
            Not Before: Jan  1 13:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cad958bc2fe55252b1494b8dc2147cd025c6f3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:48:e9:7c:d9:fa:b1:ce:21:7b:bc:7b:ee:5f:
                    7d:1b:ee:15:f7:36:fb:ee:aa:5e:46:ed:02:db:5f:
                    48:79:53:eb:bf:ab:88:6f:86:8f:78:ed:4b:11:8f:
                    ee:8e:02:d9:fb:d6:bf:98:cd:ca:2a:32:4a:df:b5:
                    61:1b:9c:5c:c9:c6:c5:4d:b9:0c:c5:bd:e1:0f:48:
                    94:ff:d7:db:f2:59:70:bb:06:95:55:4f:b8:1a:ba:
                    2e:f3:09:1a:93:81:f8:57:4b:3c:1a:69:c6:5a:dd:
                    71:ba:5c:f5:13:d6:75:36:64:1c:92:b5:fc:bc:cd:
                    17:a0:02:d7:a1:11:87:3d:99:fe:2a:c0:47:a4:01:
                    20:41:94:d4:d8:26:33:11:db:c1:a8:db:47:76:82:
                    ae:bc:b9:37:e8:03:9d:59:57:fb:8a:8f:0d:4f:98:
                    45:28:f5:85:74:18:29:11:d9:40:23:21:af:84:6f:
                    ee:13:95:c9:8e:b8:b0:19:ad:c6:fd:52:7f:f4:af:
                    46:b8:ea:74:84:30:c6:da:cc:5e:51:bc:ba:39:f2:
                    9a:74:b8:aa:94:cc:b6:6a:39:a8:75:c9:35:72:85:
                    bb:c1:81:4d:40:22:a0:64:da:60:18:05:06:1f:3f:
                    e5:ee:c4:14:6b:41:92:d1:09:79:11:46:1e:84:04:
                    a2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AD:95:8B:C2:FE:55:25:2B:14:94:B8:DC:21:47:CD:02:5C:6F:3F
            X509v3 Authority Key Identifier:
                keyid:2D:FA:9F:06:8E:DB:9F:C4:36:35:4D:1A:6D:9B:B4:21:BF:F6:30:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/HK2Vi8L-VSUrFJS43CFHzQJcbz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/435a3b-0b05-4571-bd2d-f03ce824c76d/1/LfqfBo7bn8Q2NU0abZu0Ib_2MNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:68:32:09:06:55:9a:82:39:55:ad:0b:fe:12:63:ae:c1:62:
         bd:77:5d:61:ea:66:1b:3e:18:cb:5f:75:9d:3c:f6:72:92:9b:
         65:fd:2d:fe:b1:3a:f7:0d:2e:67:92:08:85:f0:95:28:63:f0:
         26:dd:d9:fc:bf:0b:d1:ad:b0:5e:57:7b:85:9b:b5:d6:90:20:
         bb:2d:f0:ca:be:96:ce:e4:8b:0d:94:df:e2:cb:50:af:16:4c:
         e5:f9:17:1e:44:59:40:f0:78:a8:8a:30:02:6b:04:0f:fb:ab:
         7a:41:83:fc:60:da:4c:9c:34:9b:e9:57:53:6d:f4:e3:0c:a3:
         a3:f1:03:b7:0d:36:04:74:23:47:c2:a9:7b:5f:64:b5:4c:44:
         8e:c0:51:32:fc:b8:9b:f6:43:69:11:40:07:94:c7:d8:e4:80:
         9c:b2:11:c2:34:6a:d0:53:09:a1:14:a9:01:1e:24:71:c5:b2:
         3a:da:34:13:95:a2:56:a7:cc:f2:94:ee:66:65:a8:e5:bc:f8:
         f0:68:de:12:6c:ce:6c:6c:93:8f:bc:ab:15:6e:e8:6b:e0:99:
         b2:00:42:1b:bd:5a:a1:56:f9:32:d5:d9:bd:3b:96:8a:a8:71:
         8d:08:49:98:dc:c9:0d:9a:74:32:45:09:8d:2f:5e:80:3d:e7:
         c7:48:10:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH58vyfuPQeIQxBYUJkTWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZmE5ZjA2OGVkYjlmYzQzNjM1NGQxYTZkOWJiNDIxYmZm
NjMwZDUwHhcNMjUwMTAxMTM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2FkOTU4YmMyZmU1NTI1MmIxNDk0YjhkYzIxNDdjZDAyNWM2ZjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkjpfNn6sc4he7x77l99G+4V9zb7
7qpeRu0C219IeVPrv6uIb4aPeO1LEY/ujgLZ+9a/mM3KKjJK37VhG5xcycbFTbkM
xb3hD0iU/9fb8llwuwaVVU+4Grou8wkak4H4V0s8GmnGWt1xulz1E9Z1NmQckrX8
vM0XoALXoRGHPZn+KsBHpAEgQZTU2CYzEdvBqNtHdoKuvLk36AOdWVf7io8NT5hF
KPWFdBgpEdlAIyGvhG/uE5XJjriwGa3G/VJ/9K9GuOp0hDDG2sxeUby6OfKadLiq
lMy2ajmodck1coW7wYFNQCKgZNpgGAUGHz/l7sQUa0GS0Ql5EUYehASiiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBytlYvC/lUlKxSUuNwhR80CXG8/MB8GA1UdIwQY
MBaAFC36nwaO25/ENjVNGm2btCG/9jDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGZxZkJvN2JuOFEyTlUwYWJadTBJYl8yTU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy80MzVhM2ItMGIwNS00NTcxLWJkMmQt
ZjAzY2U4MjRjNzZkLzEvSEsyVmk4TC1WU1VyRkpTNDNDRkh6UUpjYno4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy80MzVhM2ItMGIwNS00NTcxLWJkMmQtZjAzY2U4MjRjNzZk
LzEvTGZxZkJvN2JuOFEyTlUwYWJadTBJYl8yTU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTiSMA0G
CSqGSIb3DQEBCwUAA4IBAQByaDIJBlWagjlVrQv+EmOuwWK9d11h6mYbPhjLX3Wd
PPZykptl/S3+sTr3DS5nkgiF8JUoY/Am3dn8vwvRrbBeV3uFm7XWkCC7LfDKvpbO
5IsNlN/iy1CvFkzl+RceRFlA8HioijACawQP+6t6QYP8YNpMnDSb6VdTbfTjDKOj
8QO3DTYEdCNHwql7X2S1TESOwFEy/Lib9kNpEUAHlMfY5ICcshHCNGrQUwmhFKkB
HiRxxbI62jQTlaJWp8zylO5mZajlvPjwaN4SbM5sbJOPvKsVbuhr4JmyAEIbvVqh
Vvky1dm9O5aKqHGNCEmY3MkNmnQyRQmNL16APefHSBBS
-----END CERTIFICATE-----