Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/391e54-c21a-405a-88aa-6079789100ca/1/HwLcn2tbXfaewoRLUqvEJHtXkUs.roa
File:                     HwLcn2tbXfaewoRLUqvEJHtXkUs.roa (raw, json)
Hash identifier:          W1uC8oFLMGagyUd1+ow2TTRqqrP/F081zqAOESqRLNw=
Subject key identifier:   1F:02:DC:9F:6B:5B:5D:F6:9E:C2:84:4B:52:AB:C4:24:7B:57:91:4B
Certificate issuer:       /CN=a3aa8dd118766aed3b09ed69f2e47dc1d2c16159
Certificate serial:       019427B5178A52DA0431FDA5F11E0EB0113F
Authority key identifier: A3:AA:8D:D1:18:76:6A:ED:3B:09:ED:69:F2:E4:7D:C1:D2:C1:61:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6qN0Rh2au07Ce1p8uR9wdLBYVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/391e54-c21a-405a-88aa-6079789100ca/1/HwLcn2tbXfaewoRLUqvEJHtXkUs.roa
Signing time:             Thu 02 Jan 2025 15:49:26 +0000
ROA not before:           Thu 02 Jan 2025 15:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47724
IP address blocks:        94.124.200.0/21 maxlen: 21
                          94.124.200.0/22 maxlen: 24
                          94.124.206.0/23 maxlen: 24
                          2a0d:bd80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/391e54-c21a-405a-88aa-6079789100ca/1/o6qN0Rh2au07Ce1p8uR9wdLBYVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/391e54-c21a-405a-88aa-6079789100ca/1/o6qN0Rh2au07Ce1p8uR9wdLBYVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6qN0Rh2au07Ce1p8uR9wdLBYVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:17:8a:52:da:04:31:fd:a5:f1:1e:0e:b0:11:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3aa8dd118766aed3b09ed69f2e47dc1d2c16159
        Validity
            Not Before: Jan  2 15:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f02dc9f6b5b5df69ec2844b52abc4247b57914b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:72:55:3d:89:ee:5d:2a:1e:14:4f:98:1b:e5:
                    f2:d7:70:49:52:38:ff:3d:67:71:9b:35:5a:fa:b6:
                    4e:a2:18:8f:28:29:2b:25:55:a6:40:22:0c:d1:32:
                    ef:e8:ca:a5:bd:28:af:05:8b:1e:5f:22:b7:5d:0c:
                    6d:65:46:7e:01:5f:15:de:e3:0c:ca:90:dd:d7:0f:
                    7f:b4:4b:42:7a:3a:2f:ea:7c:63:60:49:a0:1f:09:
                    fd:12:74:5c:7d:cf:3a:55:2e:62:7f:79:be:30:6c:
                    08:c8:c2:25:64:95:a5:59:d2:22:92:8e:f9:b9:3c:
                    0e:a3:66:9d:3c:38:75:a5:77:89:1f:f9:b3:bb:86:
                    51:2b:f0:46:89:41:43:94:89:d4:11:ac:42:42:7e:
                    97:8c:96:0c:e9:35:6e:7b:d5:d2:bc:8e:93:a8:42:
                    33:61:ac:73:52:af:d5:21:b0:f7:cb:04:f9:13:6a:
                    81:e0:f1:8a:71:d3:aa:85:0c:4e:dc:9f:d2:6f:9d:
                    30:32:65:68:39:2a:ae:09:fb:e1:f0:16:d9:cc:db:
                    08:e4:68:3e:e1:18:7b:68:b3:0f:d6:55:5e:b6:bf:
                    fc:e9:7b:ea:8a:af:61:b0:e6:ab:82:c7:b5:2e:60:
                    9a:a1:b4:e5:26:27:43:e4:45:1b:e9:79:83:0c:e7:
                    1a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:02:DC:9F:6B:5B:5D:F6:9E:C2:84:4B:52:AB:C4:24:7B:57:91:4B
            X509v3 Authority Key Identifier:
                keyid:A3:AA:8D:D1:18:76:6A:ED:3B:09:ED:69:F2:E4:7D:C1:D2:C1:61:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6qN0Rh2au07Ce1p8uR9wdLBYVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/391e54-c21a-405a-88aa-6079789100ca/1/HwLcn2tbXfaewoRLUqvEJHtXkUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/391e54-c21a-405a-88aa-6079789100ca/1/o6qN0Rh2au07Ce1p8uR9wdLBYVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.200.0/21
                IPv6:
                  2a0d:bd80::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:af:0d:60:19:10:fc:29:fe:00:4b:50:26:03:24:a2:8b:7c:
         06:be:64:1c:7c:7b:7f:c7:3c:97:ab:10:03:16:01:11:cc:8e:
         ef:a8:5d:7e:2f:31:76:20:50:74:d1:bd:e7:1b:e0:68:10:a0:
         58:50:73:59:be:de:2f:cc:6d:83:66:10:60:6b:b5:3e:fe:c9:
         4d:27:ba:bd:52:d8:5c:e2:a0:56:0e:9f:29:aa:6a:0b:d0:75:
         97:63:36:c0:b7:be:fa:52:34:da:86:b9:e7:5c:11:96:14:ba:
         47:7e:8e:8d:ab:dd:81:6b:7c:38:fa:66:06:7f:95:8f:30:32:
         a8:c8:37:5d:15:9d:fd:7b:64:59:a1:d0:a9:3b:0c:91:a0:54:
         8a:27:af:05:89:59:c3:14:b6:eb:44:77:6e:46:d2:ce:a1:34:
         73:72:e2:b6:c4:0d:f4:65:3e:13:4d:4f:01:b0:ec:50:d8:94:
         91:cc:cd:2c:58:ff:a9:5b:46:95:68:b3:d9:15:03:7b:69:a6:
         8e:83:d1:7b:62:78:76:7d:ca:78:6d:e0:d6:3b:80:ba:52:ca:
         0a:3e:70:e3:8b:89:e9:31:97:12:5d:b9:7d:b1:1b:c2:bb:b8:
         57:db:09:2f:ff:80:21:60:8c:a6:05:e4:4b:86:9a:36:52:f3:
         ba:33:5e:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntReKUtoEMf2l8R4OsBE/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYWE4ZGQxMTg3NjZhZWQzYjA5ZWQ2OWYyZTQ3ZGMxZDJj
MTYxNTkwHhcNMjUwMTAyMTU0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjAyZGM5ZjZiNWI1ZGY2OWVjMjg0NGI1MmFiYzQyNDdiNTc5MTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnJVPYnuXSoeFE+YG+Xy13BJUjj/
PWdxmzVa+rZOohiPKCkrJVWmQCIM0TLv6MqlvSivBYseXyK3XQxtZUZ+AV8V3uMM
ypDd1w9/tEtCejov6nxjYEmgHwn9EnRcfc86VS5if3m+MGwIyMIlZJWlWdIiko75
uTwOo2adPDh1pXeJH/mzu4ZRK/BGiUFDlInUEaxCQn6XjJYM6TVue9XSvI6TqEIz
YaxzUq/VIbD3ywT5E2qB4PGKcdOqhQxO3J/Sb50wMmVoOSquCfvh8BbZzNsI5Gg+
4Rh7aLMP1lVetr/86Xvqiq9hsOargse1LmCaobTlJidD5EUb6XmDDOcarQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB8C3J9rW132nsKES1KrxCR7V5FLMB8GA1UdIwQY
MBaAFKOqjdEYdmrtOwntafLkfcHSwWFZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZxTjBSaDJhdTA3Q2UxcDh1Ujl3ZExCWVZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8zOTFlNTQtYzIxYS00MDVhLTg4YWEt
NjA3OTc4OTEwMGNhLzEvSHdMY24ydGJYZmFld29STFVxdkVKSHRYa1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8zOTFlNTQtYzIxYS00MDVhLTg4YWEtNjA3OTc4OTEwMGNh
LzEvbzZxTjBSaDJhdTA3Q2UxcDh1Ujl3ZExCWVZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXnzIMA0E
AgACMAcDBQMqDb2AMA0GCSqGSIb3DQEBCwUAA4IBAQAWrw1gGRD8Kf4AS1AmAySi
i3wGvmQcfHt/xzyXqxADFgERzI7vqF1+LzF2IFB00b3nG+BoEKBYUHNZvt4vzG2D
ZhBga7U+/slNJ7q9Uthc4qBWDp8pqmoL0HWXYzbAt776UjTahrnnXBGWFLpHfo6N
q92Ba3w4+mYGf5WPMDKoyDddFZ39e2RZodCpOwyRoFSKJ68FiVnDFLbrRHduRtLO
oTRzcuK2xA30ZT4TTU8BsOxQ2JSRzM0sWP+pW0aVaLPZFQN7aaaOg9F7Ynh2fcp4
beDWO4C6UsoKPnDji4npMZcSXbl9sRvCu7hX2wkv/4AhYIymBeRLhpo2UvO6M16I
-----END CERTIFICATE-----