Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/HAwaRXj-UsF0rUaJYmcnaZgKqJ4.roa
File:                     HAwaRXj-UsF0rUaJYmcnaZgKqJ4.roa (raw, json)
Hash identifier:          sDmzLebW6lwUcsAspFpre3yyVu9k+QkgIOSAzSVbzas=
Subject key identifier:   1C:0C:1A:45:78:FE:52:C1:74:AD:46:89:62:67:27:69:98:0A:A8:9E
Certificate issuer:       /CN=dd33623619e52729fbf9772a5522d781da3b6325
Certificate serial:       01922B39B8EE6CEB856D3C55D79CF7EBE645
Authority key identifier: DD:33:62:36:19:E5:27:29:FB:F9:77:2A:55:22:D7:81:DA:3B:63:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3TNiNhnlJyn7-XcqVSLXgdo7YyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/HAwaRXj-UsF0rUaJYmcnaZgKqJ4.roa
Signing time:             Wed 25 Sep 2024 22:07:36 +0000
ROA not before:           Wed 25 Sep 2024 22:07:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5413
IP address blocks:        46.31.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/3TNiNhnlJyn7-XcqVSLXgdo7YyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/3TNiNhnlJyn7-XcqVSLXgdo7YyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3TNiNhnlJyn7-XcqVSLXgdo7YyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:02:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2b:39:b8:ee:6c:eb:85:6d:3c:55:d7:9c:f7:eb:e6:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd33623619e52729fbf9772a5522d781da3b6325
        Validity
            Not Before: Sep 25 22:07:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c0c1a4578fe52c174ad468962672769980aa89e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fa:6d:0e:82:18:63:29:81:91:a5:93:b2:82:
                    62:c0:ff:34:45:33:2a:46:9c:3a:5b:50:31:e2:af:
                    28:21:c0:b9:01:33:86:3a:45:1c:31:60:92:51:39:
                    ca:b6:5e:c9:10:ce:79:d9:b3:36:61:72:22:8d:1d:
                    90:7b:26:16:84:80:5c:d4:eb:9e:cb:d3:b4:4e:ee:
                    8e:9e:21:35:8c:a8:a1:4d:91:02:ce:d4:6a:ba:6e:
                    76:6e:5c:42:33:87:ed:cd:0b:14:98:6c:55:64:8a:
                    3e:9a:5f:94:17:be:35:e7:c3:90:86:10:e6:64:47:
                    42:7f:5a:5e:3d:e7:6d:ad:de:34:49:a4:34:1e:71:
                    c6:89:44:33:e0:06:be:55:0e:3e:b7:23:90:fd:d4:
                    78:56:7e:b4:2d:42:24:1b:65:40:fc:4d:f3:03:e7:
                    3c:a5:d1:2b:9b:cb:5e:56:e9:b6:ba:d3:ef:35:bf:
                    ba:35:0f:39:95:eb:dd:24:07:b7:eb:5f:b8:d5:8f:
                    b9:21:68:05:3b:37:ec:db:ab:54:1c:4d:aa:2b:7f:
                    4e:f8:75:7c:2f:38:11:15:9f:7b:6d:c3:cb:8e:3f:
                    93:d7:65:2e:92:d0:5d:49:9e:9d:34:51:52:99:fa:
                    5a:1c:bd:e4:05:74:06:03:db:93:7b:dd:44:01:57:
                    e9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:0C:1A:45:78:FE:52:C1:74:AD:46:89:62:67:27:69:98:0A:A8:9E
            X509v3 Authority Key Identifier:
                keyid:DD:33:62:36:19:E5:27:29:FB:F9:77:2A:55:22:D7:81:DA:3B:63:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3TNiNhnlJyn7-XcqVSLXgdo7YyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/HAwaRXj-UsF0rUaJYmcnaZgKqJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/4a29c9-d186-492c-ba90-ddfaa1c8ab9d/1/3TNiNhnlJyn7-XcqVSLXgdo7YyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:25:4b:ed:b9:15:5a:d3:95:d2:2e:52:30:b5:d5:43:3a:f1:
         e4:cd:b2:18:8b:68:12:30:11:dd:04:50:c2:35:d7:77:57:bb:
         f1:cd:aa:59:8a:41:71:73:11:77:99:91:93:e0:0d:34:26:51:
         1e:89:26:03:58:c6:f3:a8:9a:bb:9e:a7:68:86:6a:eb:71:7f:
         41:c8:16:41:39:6f:2d:7e:fe:41:12:2c:4b:10:0c:c4:43:06:
         52:41:51:ff:c8:26:29:6a:9c:a1:df:9e:8a:36:41:7b:23:e8:
         47:b2:65:4f:79:e2:d9:c2:92:ce:49:fc:76:cb:38:ab:92:52:
         0a:1e:ad:07:e8:dd:9f:bf:97:7f:f0:55:e5:11:dd:d3:e8:cf:
         fd:99:b5:f1:81:bc:c9:3d:d4:f0:2a:77:3e:af:ab:04:84:54:
         10:02:84:d1:3a:2f:f2:3a:05:a6:75:f9:b7:b4:d7:40:0e:f3:
         67:d1:72:68:9c:c8:ff:36:41:60:da:be:6f:b9:46:b6:cc:25:
         03:2e:44:de:cb:d7:0e:8d:06:4a:b9:3c:54:af:f0:4d:61:5b:
         4d:72:42:a0:e0:f9:dc:92:a6:83:50:6f:17:50:86:c5:46:72:
         a7:33:85:28:a9:2b:8d:ef:83:ae:aa:4f:84:80:a0:df:47:56:
         d8:02:ff:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIrObjubOuFbTxV15z36+ZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMzM2MjM2MTllNTI3MjlmYmY5NzcyYTU1MjJkNzgxZGEz
YjYzMjUwHhcNMjQwOTI1MjIwNzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzBjMWE0NTc4ZmU1MmMxNzRhZDQ2ODk2MjY3Mjc2OTk4MGFhODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPptDoIYYymBkaWTsoJiwP80RTMq
Rpw6W1Ax4q8oIcC5ATOGOkUcMWCSUTnKtl7JEM552bM2YXIijR2QeyYWhIBc1Oue
y9O0Tu6OniE1jKihTZECztRqum52blxCM4ftzQsUmGxVZIo+ml+UF74158OQhhDm
ZEdCf1pePedtrd40SaQ0HnHGiUQz4Aa+VQ4+tyOQ/dR4Vn60LUIkG2VA/E3zA+c8
pdErm8teVum2utPvNb+6NQ85levdJAe361+41Y+5IWgFOzfs26tUHE2qK39O+HV8
LzgRFZ97bcPLjj+T12UuktBdSZ6dNFFSmfpaHL3kBXQGA9uTe91EAVfpMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwMGkV4/lLBdK1GiWJnJ2mYCqieMB8GA1UdIwQY
MBaAFN0zYjYZ5Scp+/l3KlUi14HaO2MlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1ROaU5obmxKeW43LVhjcVZTTFhnZG83WXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi80YTI5YzktZDE4Ni00OTJjLWJhOTAt
ZGRmYWExYzhhYjlkLzEvSEF3YVJYai1Vc0YwclVhSlltY25hWmdLcUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi80YTI5YzktZDE4Ni00OTJjLWJhOTAtZGRmYWExYzhhYjlk
LzEvM1ROaU5obmxKeW43LVhjcVZTTFhnZG83WXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh9HMA0G
CSqGSIb3DQEBCwUAA4IBAQBtJUvtuRVa05XSLlIwtdVDOvHkzbIYi2gSMBHdBFDC
Ndd3V7vxzapZikFxcxF3mZGT4A00JlEeiSYDWMbzqJq7nqdohmrrcX9ByBZBOW8t
fv5BEixLEAzEQwZSQVH/yCYpapyh356KNkF7I+hHsmVPeeLZwpLOSfx2yzirklIK
Hq0H6N2fv5d/8FXlEd3T6M/9mbXxgbzJPdTwKnc+r6sEhFQQAoTROi/yOgWmdfm3
tNdADvNn0XJonMj/NkFg2r5vuUa2zCUDLkTey9cOjQZKuTxUr/BNYVtNckKg4Pnc
kqaDUG8XUIbFRnKnM4UoqSuN74Ouqk+EgKDfR1bYAv9M
-----END CERTIFICATE-----