Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/f562a4-2f04-46dd-b1c1-356cdebeb84f/1/HVZZgTt0qImB-OIxZYe0LV_oR4c.roa
File:                     HVZZgTt0qImB-OIxZYe0LV_oR4c.roa (raw, json)
Hash identifier:          CxMOuogiyPkbYMbQPW67m4ttU2r00+UG5PTmwlkEZ0c=
Subject key identifier:   1D:56:59:81:3B:74:A8:89:81:F8:E2:31:65:87:B4:2D:5F:E8:47:87
Certificate issuer:       /CN=8966861be57d36d5f6d9d9f8ebf62817616a21f5
Certificate serial:       0194228D1C231E42C4F6DC45EDEBF0106A06
Authority key identifier: 89:66:86:1B:E5:7D:36:D5:F6:D9:D9:F8:EB:F6:28:17:61:6A:21:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWaGG-V9NtX22dn46_YoF2FqIfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/f562a4-2f04-46dd-b1c1-356cdebeb84f/1/HVZZgTt0qImB-OIxZYe0LV_oR4c.roa
Signing time:             Wed 01 Jan 2025 15:47:40 +0000
ROA not before:           Wed 01 Jan 2025 15:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35044
IP address blocks:        193.189.108.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/f562a4-2f04-46dd-b1c1-356cdebeb84f/1/iWaGG-V9NtX22dn46_YoF2FqIfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/f562a4-2f04-46dd-b1c1-356cdebeb84f/1/iWaGG-V9NtX22dn46_YoF2FqIfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWaGG-V9NtX22dn46_YoF2FqIfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:1c:23:1e:42:c4:f6:dc:45:ed:eb:f0:10:6a:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8966861be57d36d5f6d9d9f8ebf62817616a21f5
        Validity
            Not Before: Jan  1 15:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d5659813b74a88981f8e2316587b42d5fe84787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f2:97:15:9a:98:4d:3c:06:a3:f7:f7:7a:5b:
                    73:67:22:60:5e:7f:7c:0d:dd:84:3b:0a:82:56:63:
                    37:33:e4:e4:12:c2:d9:e6:f4:ab:c1:36:54:10:de:
                    89:ef:dc:4f:13:89:1c:05:1a:03:f1:a4:ba:47:6b:
                    eb:20:02:70:a8:30:25:c3:35:67:b4:a8:fa:72:46:
                    e7:72:33:d1:a4:6a:78:c3:13:0f:88:1c:c4:2f:38:
                    34:92:c1:4d:2c:a9:31:41:ba:46:8c:a3:fa:07:7b:
                    a5:a7:d9:13:03:95:dc:75:50:57:a9:e4:fa:89:46:
                    99:b8:aa:9b:74:22:09:3d:59:1e:e6:00:65:f2:9c:
                    0e:5b:10:63:1a:1c:37:ab:20:2c:9b:bd:89:f5:74:
                    28:2d:c5:8c:11:2c:cb:d7:3b:0d:bd:36:ce:65:98:
                    d2:3a:8e:28:bc:d2:f5:69:95:35:a1:c5:c7:c9:6b:
                    8b:3e:6b:2f:1c:94:1e:2e:f3:c1:78:07:f0:01:5d:
                    61:47:e8:e5:08:7b:d0:45:7e:42:3c:95:55:1e:9d:
                    8f:a6:a6:4c:69:4c:8c:4c:4f:66:1b:ef:ec:35:ac:
                    e3:93:d1:16:54:37:df:3c:25:c5:9e:af:56:91:52:
                    5a:25:18:33:2a:05:d6:c0:5f:a6:1c:fb:63:7e:dd:
                    87:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:56:59:81:3B:74:A8:89:81:F8:E2:31:65:87:B4:2D:5F:E8:47:87
            X509v3 Authority Key Identifier:
                keyid:89:66:86:1B:E5:7D:36:D5:F6:D9:D9:F8:EB:F6:28:17:61:6A:21:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWaGG-V9NtX22dn46_YoF2FqIfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/f562a4-2f04-46dd-b1c1-356cdebeb84f/1/HVZZgTt0qImB-OIxZYe0LV_oR4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/f562a4-2f04-46dd-b1c1-356cdebeb84f/1/iWaGG-V9NtX22dn46_YoF2FqIfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.189.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:e3:b7:ef:b4:07:8b:7f:55:1a:b0:a9:00:65:f6:8e:f0:ce:
         84:5c:33:0f:d6:a9:93:29:83:a5:43:10:30:a4:b9:88:66:e0:
         17:7c:0a:95:ca:73:8b:88:9f:03:90:a2:88:1a:ee:b2:53:79:
         74:e3:f5:13:19:c1:84:63:ee:a5:86:fd:95:03:65:e3:f8:c5:
         ca:84:e7:61:12:c7:82:3d:8b:f7:a7:b9:21:57:70:e8:50:b6:
         7b:17:36:cd:95:86:c1:65:b8:b9:3c:26:2e:b6:51:37:ce:c2:
         c3:a5:31:60:dd:ee:65:70:f6:cc:9d:92:53:c0:fa:a8:39:e4:
         44:e0:54:5d:00:48:2b:e6:40:d0:e4:a5:dc:7c:b8:d7:1c:35:
         d6:6b:b2:9c:84:99:39:89:fe:b1:b2:65:e9:62:6f:0d:15:a9:
         43:01:7d:1f:51:1a:d5:70:05:52:ef:5e:88:93:e4:19:d6:44:
         7d:d4:f7:54:5b:63:d6:60:28:44:1e:29:86:98:37:ca:39:2c:
         cf:94:0e:bc:55:0b:51:00:d9:be:6b:04:a4:30:11:40:78:81:
         d0:4d:0a:1a:f4:3a:82:09:fc:df:93:43:bd:e4:30:60:27:6b:
         78:15:6b:f9:e9:3c:41:db:c0:b4:ee:fa:e6:55:41:3e:cd:90:
         a6:6e:0a:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijRwjHkLE9txF7evwEGoGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NjY4NjFiZTU3ZDM2ZDVmNmQ5ZDlmOGViZjYyODE3NjE2
YTIxZjUwHhcNMjUwMTAxMTU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDU2NTk4MTNiNzRhODg5ODFmOGUyMzE2NTg3YjQyZDVmZTg0Nzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPKXFZqYTTwGo/f3eltzZyJgXn98
Dd2EOwqCVmM3M+TkEsLZ5vSrwTZUEN6J79xPE4kcBRoD8aS6R2vrIAJwqDAlwzVn
tKj6ckbncjPRpGp4wxMPiBzELzg0ksFNLKkxQbpGjKP6B3ulp9kTA5XcdVBXqeT6
iUaZuKqbdCIJPVke5gBl8pwOWxBjGhw3qyAsm72J9XQoLcWMESzL1zsNvTbOZZjS
Oo4ovNL1aZU1ocXHyWuLPmsvHJQeLvPBeAfwAV1hR+jlCHvQRX5CPJVVHp2PpqZM
aUyMTE9mG+/sNazjk9EWVDffPCXFnq9WkVJaJRgzKgXWwF+mHPtjft2HDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1WWYE7dKiJgfjiMWWHtC1f6EeHMB8GA1UdIwQY
MBaAFIlmhhvlfTbV9tnZ+Ov2KBdhaiH1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdhR0ctVjlOdFgyMmRuNDZfWW9GMkZxSWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9mNTYyYTQtMmYwNC00NmRkLWIxYzEt
MzU2Y2RlYmViODRmLzEvSFZaWmdUdDBxSW1CLU9JeFpZZTBMVl9vUjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9mNTYyYTQtMmYwNC00NmRkLWIxYzEtMzU2Y2RlYmViODRm
LzEvaVdhR0ctVjlOdFgyMmRuNDZfWW9GMkZxSWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwb1sMA0G
CSqGSIb3DQEBCwUAA4IBAQAW47fvtAeLf1UasKkAZfaO8M6EXDMP1qmTKYOlQxAw
pLmIZuAXfAqVynOLiJ8DkKKIGu6yU3l04/UTGcGEY+6lhv2VA2Xj+MXKhOdhEseC
PYv3p7khV3DoULZ7FzbNlYbBZbi5PCYutlE3zsLDpTFg3e5lcPbMnZJTwPqoOeRE
4FRdAEgr5kDQ5KXcfLjXHDXWa7KchJk5if6xsmXpYm8NFalDAX0fURrVcAVS716I
k+QZ1kR91PdUW2PWYChEHimGmDfKOSzPlA68VQtRANm+awSkMBFAeIHQTQoa9DqC
Cfzfk0O95DBgJ2t4FWv56TxB28C07vrmVUE+zZCmbgrx
-----END CERTIFICATE-----