Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/HLToq3nf5OApFMJ_DLN91h1Fnjo.roa
File:                     HLToq3nf5OApFMJ_DLN91h1Fnjo.roa (raw, json)
Hash identifier:          1jDZSo5xWA1TudXcCIeUFspwv8s1DeU3J7ObH+JPAu8=
Subject key identifier:   1C:B4:E8:AB:79:DF:E4:E0:29:14:C2:7F:0C:B3:7D:D6:1D:45:9E:3A
Certificate issuer:       /CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
Certificate serial:       01966CF9292FB22888032BB8FCBF93D9468E
Authority key identifier: 2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/HLToq3nf5OApFMJ_DLN91h1Fnjo.roa
Signing time:             Fri 25 Apr 2025 12:43:10 +0000
ROA not before:           Fri 25 Apr 2025 12:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48031
IP address blocks:        80.89.12.0/24 maxlen: 24
                          80.89.13.0/24 maxlen: 24
                          80.89.14.0/24 maxlen: 24
                          80.89.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:f9:29:2f:b2:28:88:03:2b:b8:fc:bf:93:d9:46:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca37da970c466457583bbe02b2a0e72fbdc6328
        Validity
            Not Before: Apr 25 12:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cb4e8ab79dfe4e02914c27f0cb37dd61d459e3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:21:bc:6b:70:82:95:6a:cb:41:27:e6:61:38:
                    0a:a3:37:55:39:37:28:99:cf:3e:5e:c9:34:58:3e:
                    aa:6c:31:8c:e7:85:fe:53:ed:99:a4:ee:31:01:f1:
                    aa:7d:01:dd:e2:a3:3a:bb:8d:40:19:e4:fb:95:da:
                    eb:01:14:84:50:09:85:95:50:af:cb:c6:b2:e1:a1:
                    9c:6d:95:2d:a4:db:d4:72:4e:e4:5e:4c:6c:06:90:
                    30:7a:69:5f:b8:39:77:c1:11:57:ae:ee:30:ae:55:
                    48:3d:93:b5:bc:05:f9:20:c4:a3:67:88:45:64:03:
                    30:4f:ab:e3:5e:93:1d:87:bb:7b:9a:7b:79:4b:45:
                    cb:b4:7f:0c:50:8c:e4:ac:e1:0a:63:92:d6:e5:54:
                    75:6c:35:d0:3a:a0:62:bb:69:e0:86:4e:50:e3:2e:
                    cf:c8:a3:c5:81:cd:d0:5c:b0:38:92:77:b9:de:cb:
                    1a:80:35:13:58:fc:40:de:f3:51:bb:59:ce:f6:e9:
                    f9:83:85:7b:d5:c4:66:50:ee:e1:f6:64:c6:5e:69:
                    af:59:30:2f:cb:d2:67:21:df:9a:8f:da:a5:fa:f2:
                    53:02:1a:05:e5:5a:27:d6:2e:5c:f0:cd:c9:48:db:
                    56:6e:d1:5a:d8:09:0e:aa:aa:e4:5b:75:b6:29:65:
                    55:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:B4:E8:AB:79:DF:E4:E0:29:14:C2:7F:0C:B3:7D:D6:1D:45:9E:3A
            X509v3 Authority Key Identifier:
                keyid:2C:A3:7D:A9:70:C4:66:45:75:83:BB:E0:2B:2A:0E:72:FB:DC:63:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKN9qXDEZkV1g7vgKyoOcvvcYyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/HLToq3nf5OApFMJ_DLN91h1Fnjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2492fd-6e37-4582-84e8-8ca25f488ebf/1/LKN9qXDEZkV1g7vgKyoOcvvcYyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.89.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:aa:b7:20:12:00:af:d3:87:45:c4:6c:1b:87:d8:5e:b8:6e:
         36:b4:d1:0c:54:88:0f:e1:40:f7:72:ef:f6:9e:38:73:55:cf:
         49:d2:5a:b6:8f:6e:ba:ba:4f:a5:14:3c:c6:a2:ca:78:a7:75:
         b1:4b:ef:63:b6:d9:63:73:65:d8:e0:9b:f4:72:0d:e9:a7:98:
         4a:1e:11:28:43:2b:2c:1c:83:e7:23:f6:d0:ea:a0:c5:8f:e1:
         fc:90:8a:33:16:91:ee:35:c5:2b:ee:11:d7:03:09:56:f1:91:
         72:61:dd:cf:97:63:54:00:fc:4e:0c:1d:1f:93:99:6a:4c:87:
         a6:a7:a8:7d:9e:3c:54:1e:94:0f:ca:7d:1d:87:d3:63:ba:4d:
         6e:b2:78:80:31:dc:e9:04:c9:f5:6a:2b:c7:9d:d4:f2:9c:c3:
         2c:b2:12:e7:60:6e:a3:52:b5:fa:25:ea:a5:34:d2:7b:e1:26:
         bf:a1:ce:69:24:ce:f6:05:93:91:5c:c8:93:24:56:22:2c:16:
         16:c7:04:b3:d9:39:19:dc:72:05:38:75:78:d4:ef:78:f3:3e:
         2c:75:1a:bf:f7:5d:a3:fe:63:96:e1:9b:67:2c:fe:ad:35:05:
         0c:17:3c:56:ce:19:d7:af:76:4c:7b:1e:ab:f8:76:95:10:9d:
         cd:53:4d:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZs+SkvsiiIAyu4/L+T2UaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTM3ZGE5NzBjNDY2NDU3NTgzYmJlMDJiMmEwZTcyZmJk
YzYzMjgwHhcNMjUwNDI1MTI0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2I0ZThhYjc5ZGZlNGUwMjkxNGMyN2YwY2IzN2RkNjFkNDU5ZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyG8a3CClWrLQSfmYTgKozdVOTco
mc8+Xsk0WD6qbDGM54X+U+2ZpO4xAfGqfQHd4qM6u41AGeT7ldrrARSEUAmFlVCv
y8ay4aGcbZUtpNvUck7kXkxsBpAwemlfuDl3wRFXru4wrlVIPZO1vAX5IMSjZ4hF
ZAMwT6vjXpMdh7t7mnt5S0XLtH8MUIzkrOEKY5LW5VR1bDXQOqBiu2nghk5Q4y7P
yKPFgc3QXLA4kne53ssagDUTWPxA3vNRu1nO9un5g4V71cRmUO7h9mTGXmmvWTAv
y9JnId+aj9ql+vJTAhoF5Von1i5c8M3JSNtWbtFa2AkOqqrkW3W2KWVVmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBy06Kt53+TgKRTCfwyzfdYdRZ46MB8GA1UdIwQY
MBaAFCyjfalwxGZFdYO74CsqDnL73GMoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgt
OGNhMjVmNDg4ZWJmLzEvSExUb3EzbmY1T0FwRk1KX0RMTjkxaDFGbmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yNDkyZmQtNmUzNy00NTgyLTg0ZTgtOGNhMjVmNDg4ZWJm
LzEvTEtOOXFYREVaa1YxZzd2Z0t5b09jdnZjWXlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUFkMMA0G
CSqGSIb3DQEBCwUAA4IBAQBxqrcgEgCv04dFxGwbh9heuG42tNEMVIgP4UD3cu/2
njhzVc9J0lq2j266uk+lFDzGosp4p3WxS+9jttljc2XY4Jv0cg3pp5hKHhEoQyss
HIPnI/bQ6qDFj+H8kIozFpHuNcUr7hHXAwlW8ZFyYd3Pl2NUAPxODB0fk5lqTIem
p6h9njxUHpQPyn0dh9Njuk1usniAMdzpBMn1aivHndTynMMsshLnYG6jUrX6Jeql
NNJ74Sa/oc5pJM72BZORXMiTJFYiLBYWxwSz2TkZ3HIFOHV41O948z4sdRq/912j
/mOW4ZtnLP6tNQUMFzxWzhnXr3ZMex6r+HaVEJ3NU017
-----END CERTIFICATE-----