Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/150355-c11a-4d37-a182-23762aa09717/1/hkqw3W9-pdwewEMPwrQBPExOldQ.roa
File:                     hkqw3W9-pdwewEMPwrQBPExOldQ.roa (raw, json)
Hash identifier:          GNMEaQG7JI+6R+GxCRi11C7wb2KrqYyAM0elThFtbVY=
Subject key identifier:   86:4A:B0:DD:6F:7E:A5:DC:1E:C0:43:0F:C2:B4:01:3C:4C:4E:95:D4
Certificate issuer:       /CN=e4ef17f4cb4fe92ad053eef25f39d63ae1207dd3
Certificate serial:       0194258F5761E966805A8A16571D2047DE16
Authority key identifier: E4:EF:17:F4:CB:4F:E9:2A:D0:53:EE:F2:5F:39:D6:3A:E1:20:7D:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5O8X9MtP6SrQU-7yXznWOuEgfdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/150355-c11a-4d37-a182-23762aa09717/1/hkqw3W9-pdwewEMPwrQBPExOldQ.roa
Signing time:             Thu 02 Jan 2025 05:48:58 +0000
ROA not before:           Thu 02 Jan 2025 05:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202900
IP address blocks:        91.142.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/150355-c11a-4d37-a182-23762aa09717/1/5O8X9MtP6SrQU-7yXznWOuEgfdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/150355-c11a-4d37-a182-23762aa09717/1/5O8X9MtP6SrQU-7yXznWOuEgfdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5O8X9MtP6SrQU-7yXznWOuEgfdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:57:61:e9:66:80:5a:8a:16:57:1d:20:47:de:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4ef17f4cb4fe92ad053eef25f39d63ae1207dd3
        Validity
            Not Before: Jan  2 05:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=864ab0dd6f7ea5dc1ec0430fc2b4013c4c4e95d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9f:7e:ad:37:dc:f9:7b:9f:94:a1:5f:ea:d7:
                    01:82:62:3c:8c:bc:0d:43:97:6c:db:8c:c3:1e:7e:
                    c2:e6:36:5b:e7:96:fd:f5:86:fc:d1:1c:51:54:04:
                    5d:c4:35:72:8e:00:ec:91:35:10:ca:9a:6f:85:34:
                    7c:12:15:0a:c5:bd:8c:c9:75:1b:35:2c:06:21:5f:
                    b0:fa:00:8f:23:f7:2a:6a:57:11:8c:e5:70:4e:70:
                    6a:a8:1a:be:4f:ba:83:7e:00:e4:99:a7:f3:9a:5c:
                    10:f1:5d:40:aa:cc:68:6f:f9:b8:3d:b2:1a:40:33:
                    2e:99:4b:86:82:3b:7e:c3:0a:d9:06:eb:a9:d6:cc:
                    fc:d9:53:1c:20:b7:31:68:dc:e9:3b:50:ba:22:fb:
                    84:89:73:42:d9:5a:cc:77:65:a2:25:20:ef:41:07:
                    42:e4:e4:ee:13:d8:de:c0:d3:8f:3e:ba:49:dc:d3:
                    80:42:5d:4d:95:56:f0:fd:94:18:46:86:8b:73:7b:
                    49:31:87:f2:40:70:c5:5d:4f:61:06:11:6c:30:55:
                    94:25:d3:04:ce:81:02:76:50:2b:c7:fb:5c:2f:a4:
                    26:5a:3e:fc:b1:f1:b5:7e:1f:4f:d1:fc:ae:6e:b0:
                    c6:c0:7f:79:3b:ec:ad:aa:96:58:08:1d:28:6a:00:
                    01:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4A:B0:DD:6F:7E:A5:DC:1E:C0:43:0F:C2:B4:01:3C:4C:4E:95:D4
            X509v3 Authority Key Identifier:
                keyid:E4:EF:17:F4:CB:4F:E9:2A:D0:53:EE:F2:5F:39:D6:3A:E1:20:7D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5O8X9MtP6SrQU-7yXznWOuEgfdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/150355-c11a-4d37-a182-23762aa09717/1/hkqw3W9-pdwewEMPwrQBPExOldQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/150355-c11a-4d37-a182-23762aa09717/1/5O8X9MtP6SrQU-7yXznWOuEgfdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:86:fa:32:50:b3:1e:25:4b:9f:36:d2:e0:78:bf:50:c9:20:
         d7:d5:63:0e:22:83:63:08:df:cf:de:66:96:21:b2:3b:5c:9f:
         6a:b9:0f:cc:ca:fb:66:6d:dc:35:76:37:9c:c0:43:40:2d:db:
         b5:82:25:5d:56:ee:6d:38:bf:69:60:00:31:b6:a0:e1:77:a4:
         f7:3a:ad:1f:a6:8e:68:3b:df:d3:da:b7:4e:1f:a8:98:21:7f:
         fa:4b:cf:bc:8d:ef:a4:80:7f:d7:c1:8a:e8:9b:dd:3a:1a:e0:
         43:a4:f4:c2:30:77:94:c4:d5:f2:27:27:26:d1:51:fd:df:7f:
         e7:34:2f:f4:bb:86:3f:88:85:ae:2f:d1:83:4a:41:b2:e1:f3:
         f3:92:bb:2a:9d:c8:b4:79:75:60:86:09:bd:db:47:02:d1:1c:
         01:e4:7b:56:37:86:75:49:ed:d7:76:57:45:da:03:8f:9a:d0:
         97:72:89:93:8c:12:71:e1:72:9e:39:bf:e3:9e:62:e9:72:97:
         cf:1d:8f:ea:b2:fc:5e:70:27:79:6e:d6:3d:c3:ac:9c:57:f4:
         7c:4c:0b:ec:51:46:72:a7:88:47:62:a3:25:27:11:86:3d:7a:
         31:4b:77:9f:fb:e4:78:80:bc:ee:18:50:1e:b6:c6:17:7b:c6:
         4a:2f:f0:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1dh6WaAWooWVx0gR94WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0ZWYxN2Y0Y2I0ZmU5MmFkMDUzZWVmMjVmMzlkNjNhZTEy
MDdkZDMwHhcNMjUwMTAyMDU0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjRhYjBkZDZmN2VhNWRjMWVjMDQzMGZjMmI0MDEzYzRjNGU5NWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp9+rTfc+XuflKFf6tcBgmI8jLwN
Q5ds24zDHn7C5jZb55b99Yb80RxRVARdxDVyjgDskTUQyppvhTR8EhUKxb2MyXUb
NSwGIV+w+gCPI/cqalcRjOVwTnBqqBq+T7qDfgDkmafzmlwQ8V1Aqsxob/m4PbIa
QDMumUuGgjt+wwrZBuup1sz82VMcILcxaNzpO1C6IvuEiXNC2VrMd2WiJSDvQQdC
5OTuE9jewNOPPrpJ3NOAQl1NlVbw/ZQYRoaLc3tJMYfyQHDFXU9hBhFsMFWUJdME
zoECdlArx/tcL6QmWj78sfG1fh9P0fyubrDGwH95O+ytqpZYCB0oagABVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZKsN1vfqXcHsBDD8K0ATxMTpXUMB8GA1UdIwQY
MBaAFOTvF/TLT+kq0FPu8l851jrhIH3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU84WDlNdFA2U3JRVS03eVh6bldPdUVnZmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xNTAzNTUtYzExYS00ZDM3LWExODIt
MjM3NjJhYTA5NzE3LzEvaGtxdzNXOS1wZHdld0VNUHdyUUJQRXhPbGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xNTAzNTUtYzExYS00ZDM3LWExODItMjM3NjJhYTA5NzE3
LzEvNU84WDlNdFA2U3JRVS03eVh6bldPdUVnZmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW46OMA0G
CSqGSIb3DQEBCwUAA4IBAQCshvoyULMeJUufNtLgeL9QySDX1WMOIoNjCN/P3maW
IbI7XJ9quQ/Myvtmbdw1djecwENALdu1giVdVu5tOL9pYAAxtqDhd6T3Oq0fpo5o
O9/T2rdOH6iYIX/6S8+8je+kgH/XwYrom906GuBDpPTCMHeUxNXyJycm0VH933/n
NC/0u4Y/iIWuL9GDSkGy4fPzkrsqnci0eXVghgm920cC0RwB5HtWN4Z1Se3XdldF
2gOPmtCXcomTjBJx4XKeOb/jnmLpcpfPHY/qsvxecCd5btY9w6ycV/R8TAvsUUZy
p4hHYqMlJxGGPXoxS3ef++R4gLzuGFAetsYXe8ZKL/CG
-----END CERTIFICATE-----