Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/HfSQ9XWE_5DBfgUru2wCJ6gRXeM.roa
File:                     HfSQ9XWE_5DBfgUru2wCJ6gRXeM.roa (raw, json)
Hash identifier:          hIL9hXY5wcMIoTbg/owkzZsQGX5il4frmUGFfmW9luk=
Subject key identifier:   1D:F4:90:F5:75:84:FF:90:C1:7E:05:2B:BB:6C:02:27:A8:11:5D:E3
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       0192999C1A180703D54D616D0D81962F834F
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/HfSQ9XWE_5DBfgUru2wCJ6gRXeM.roa
Signing time:             Thu 17 Oct 2024 08:33:17 +0000
ROA not before:           Thu 17 Oct 2024 08:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.155.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:9c:1a:18:07:03:d5:4d:61:6d:0d:81:96:2f:83:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Oct 17 08:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1df490f57584ff90c17e052bbb6c0227a8115de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:86:60:b5:ca:ee:d0:67:75:80:a6:fb:5e:46:
                    6b:0f:8d:6b:bf:75:59:7d:d0:c6:5e:d4:d7:d6:c4:
                    b1:d7:c3:c5:0a:03:62:8d:6e:95:2e:64:0c:b8:05:
                    df:e5:72:69:26:14:d1:ba:23:6c:e5:30:8d:e6:ce:
                    a6:7d:ce:66:19:56:7e:4c:d3:78:87:af:05:4f:c8:
                    71:cb:51:4d:a9:8e:0a:3d:8e:02:c3:2c:8e:b4:7a:
                    55:73:b0:5f:52:13:55:7d:c3:59:2e:95:0e:15:67:
                    ce:63:47:20:bc:11:cb:5c:7f:fb:e8:bf:85:5d:70:
                    0c:35:8f:16:f6:80:22:14:d7:7c:c2:58:f8:1f:ab:
                    24:3d:6e:52:c9:b3:56:f6:31:54:cc:41:e4:34:c2:
                    dd:be:9a:5f:a6:e4:46:d1:7f:14:5e:79:81:04:dd:
                    a5:59:90:7e:c1:49:6a:2c:33:e9:e8:d0:f4:95:b1:
                    75:ea:05:b1:f6:1c:4b:3b:0e:79:b6:c8:87:88:93:
                    e8:d3:28:41:4c:57:63:c3:d9:4a:94:95:45:29:0e:
                    22:8f:76:13:f7:1f:e6:c7:66:6a:94:ae:e7:54:0d:
                    4f:52:bc:bf:f2:99:d1:69:2d:01:7f:85:bd:5d:50:
                    b1:17:d5:ff:6a:62:9b:49:44:b0:98:5c:4b:35:a3:
                    c4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F4:90:F5:75:84:FF:90:C1:7E:05:2B:BB:6C:02:27:A8:11:5D:E3
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/HfSQ9XWE_5DBfgUru2wCJ6gRXeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:0b:e1:c3:c1:78:5a:f1:45:f3:d8:67:00:6b:77:e1:37:d2:
         13:4b:cc:36:a1:72:6b:c6:6a:3e:cb:0b:30:f9:c8:c9:2e:bf:
         5d:5a:c4:bd:9d:d3:08:81:26:0e:29:ae:9f:79:8e:f2:30:d7:
         81:3c:1d:1b:02:4c:6e:45:da:ff:08:b2:76:b6:b9:a3:ab:22:
         5f:9f:a7:81:17:a7:90:78:ae:7a:4b:96:3d:9f:d9:16:56:b1:
         26:2a:ac:57:07:0a:b7:9c:ad:cb:a6:dc:75:f7:45:4a:55:8f:
         71:21:46:ac:94:69:a9:3b:5d:f8:f1:2c:11:04:71:48:13:3b:
         31:92:cc:02:fb:c4:0d:34:7a:f0:23:ac:54:5a:d6:54:03:18:
         07:80:5c:05:80:00:af:17:1a:eb:e6:75:ba:d5:c5:94:5b:3e:
         b0:f0:8a:52:54:24:02:7f:a8:25:02:19:67:5b:8b:16:dc:bc:
         4e:b7:4e:63:e9:b5:c5:1d:c6:46:53:ed:ea:3b:1f:b2:4c:a3:
         58:ae:f6:e4:ee:3e:d4:df:94:17:78:52:21:da:ba:0d:51:64:
         fb:85:33:fc:14:ab:c7:e2:66:e0:6b:ba:4f:b9:64:73:a7:5a:
         8d:d3:fa:cb:c1:12:64:47:75:32:ca:97:1b:57:14:12:55:b1:
         8b:8c:dc:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKZnBoYBwPVTWFtDYGWL4NPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjQxMDE3MDgzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGY0OTBmNTc1ODRmZjkwYzE3ZTA1MmJiYjZjMDIyN2E4MTE1ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoZgtcru0Gd1gKb7XkZrD41rv3VZ
fdDGXtTX1sSx18PFCgNijW6VLmQMuAXf5XJpJhTRuiNs5TCN5s6mfc5mGVZ+TNN4
h68FT8hxy1FNqY4KPY4CwyyOtHpVc7BfUhNVfcNZLpUOFWfOY0cgvBHLXH/76L+F
XXAMNY8W9oAiFNd8wlj4H6skPW5SybNW9jFUzEHkNMLdvppfpuRG0X8UXnmBBN2l
WZB+wUlqLDPp6ND0lbF16gWx9hxLOw55tsiHiJPo0yhBTFdjw9lKlJVFKQ4ij3YT
9x/mx2ZqlK7nVA1PUry/8pnRaS0Bf4W9XVCxF9X/amKbSUSwmFxLNaPEzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB30kPV1hP+QwX4FK7tsAieoEV3jMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvSGZTUTlYV0VfNURCZmdVcnUyd0NKNmdSWGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvoMA0G
CSqGSIb3DQEBCwUAA4IBAQB5C+HDwXha8UXz2GcAa3fhN9ITS8w2oXJrxmo+ywsw
+cjJLr9dWsS9ndMIgSYOKa6feY7yMNeBPB0bAkxuRdr/CLJ2trmjqyJfn6eBF6eQ
eK56S5Y9n9kWVrEmKqxXBwq3nK3Lptx190VKVY9xIUaslGmpO1348SwRBHFIEzsx
kswC+8QNNHrwI6xUWtZUAxgHgFwFgACvFxrr5nW61cWUWz6w8IpSVCQCf6glAhln
W4sW3LxOt05j6bXFHcZGU+3qOx+yTKNYrvbk7j7U35QXeFIh2roNUWT7hTP8FKvH
4mbga7pPuWRzp1qN0/rLwRJkR3UyypcbVxQSVbGLjNxz
-----END CERTIFICATE-----