Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/HuokXCrWJNcTuEEU0gue5QvWQMU.roa
File:                     HuokXCrWJNcTuEEU0gue5QvWQMU.roa (raw, json)
Hash identifier:          R2ffYfAa0SwY4tCvKxXcrdAK3XDtA3UL5a4xn6g0tvk=
Subject key identifier:   1E:EA:24:5C:2A:D6:24:D7:13:B8:41:14:D2:0B:9E:E5:0B:D6:40:C5
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       018CC80137966FA820FE190A05EE56DEB03F
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/HuokXCrWJNcTuEEU0gue5QvWQMU.roa
Signing time:             Tue 02 Jan 2024 02:29:32 +0000
ROA not before:           Tue 02 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        77.246.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:37:96:6f:a8:20:fe:19:0a:05:ee:56:de:b0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jan  2 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1eea245c2ad624d713b84114d20b9ee50bd640c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b6:81:44:24:c8:57:a1:5d:6f:25:8b:1e:19:
                    2c:75:64:8f:b7:b7:2c:c2:75:b1:71:11:fd:3b:5c:
                    4a:0a:89:7e:2d:3b:6c:78:af:db:50:32:6f:55:fb:
                    e4:97:d2:b1:2d:49:74:0e:c4:95:69:18:d3:95:37:
                    7a:25:f3:3a:5d:fd:e6:74:a8:fa:43:0d:b4:d7:81:
                    b6:6b:72:dd:bd:c6:5f:e2:90:03:e3:09:df:40:1c:
                    35:25:32:99:03:d6:29:6d:b8:ea:30:46:19:e4:3e:
                    5e:85:40:a5:36:ed:6b:55:54:ed:df:0c:ba:5b:64:
                    8f:f9:20:df:0e:fb:0b:41:4d:1a:d7:53:a6:d8:fd:
                    8b:2d:10:39:c7:e7:73:be:95:7f:e5:7c:ff:a7:a4:
                    dd:b0:33:88:08:87:6a:74:8b:b6:97:96:d2:7d:f8:
                    f0:7c:32:b4:c2:38:10:0a:bf:09:6a:68:d1:8c:e9:
                    66:50:a4:a7:a0:42:a9:00:bc:4c:f9:b5:d7:99:e3:
                    66:34:39:57:f9:29:1a:ae:d1:a6:90:c0:2d:9d:00:
                    7a:74:5e:71:2b:9a:86:ec:dd:e3:23:f2:8d:4b:1b:
                    e7:3f:3c:23:b8:b6:f2:f9:de:bc:ec:58:35:4d:c6:
                    1b:29:01:f3:4c:0e:f4:d6:5d:02:30:8c:46:ca:74:
                    42:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:EA:24:5C:2A:D6:24:D7:13:B8:41:14:D2:0B:9E:E5:0B:D6:40:C5
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/HuokXCrWJNcTuEEU0gue5QvWQMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:84:02:8c:64:c6:79:a6:b7:32:99:2a:7e:c1:e8:db:a6:39:
         98:c4:40:82:97:9a:2e:e2:0f:7b:80:b4:98:8f:44:a2:ff:6c:
         9a:89:14:ce:21:47:b4:10:7e:9b:a1:60:54:2f:d2:47:bf:ce:
         7c:dc:e1:ae:3e:92:52:bf:f0:39:64:09:75:1f:6e:77:31:13:
         e3:91:5e:74:85:20:6e:a5:c4:cf:d1:73:ec:71:52:26:b9:8a:
         d7:9a:85:ca:a0:9b:76:80:80:0b:72:9e:94:09:a7:52:55:32:
         4c:9a:66:91:cc:22:a0:2a:eb:10:31:7c:7f:6b:c3:bc:ed:e5:
         99:ac:c9:ad:51:9c:aa:0e:73:6c:5b:1c:e6:91:3c:cf:d1:2e:
         c2:48:40:c2:52:af:ed:86:f1:49:ca:52:8c:43:c9:5b:c4:8a:
         8c:f1:33:33:d7:cb:99:26:48:36:6d:28:61:85:c8:c9:55:86:
         44:b0:80:b0:fe:8c:b1:0b:06:1a:97:17:a5:e5:b9:b7:5f:99:
         e2:61:45:8d:f5:b1:fa:5b:fc:b3:7d:91:e8:e3:2e:f8:22:6a:
         14:82:0e:06:0e:b7:4d:c0:30:43:72:61:97:64:02:8e:8b:fe:
         d3:5f:90:24:37:02:d3:33:5f:08:d7:4d:0d:a4:95:a7:83:a0:
         56:ee:c8:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATeWb6gg/hkKBe5W3rA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwMTAyMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWVhMjQ1YzJhZDYyNGQ3MTNiODQxMTRkMjBiOWVlNTBiZDY0MGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7aBRCTIV6FdbyWLHhksdWSPt7cs
wnWxcRH9O1xKCol+LTtseK/bUDJvVfvkl9KxLUl0DsSVaRjTlTd6JfM6Xf3mdKj6
Qw2014G2a3LdvcZf4pAD4wnfQBw1JTKZA9YpbbjqMEYZ5D5ehUClNu1rVVTt3wy6
W2SP+SDfDvsLQU0a11Om2P2LLRA5x+dzvpV/5Xz/p6TdsDOICIdqdIu2l5bSffjw
fDK0wjgQCr8JamjRjOlmUKSnoEKpALxM+bXXmeNmNDlX+SkartGmkMAtnQB6dF5x
K5qG7N3jI/KNSxvnPzwjuLby+d687Fg1TcYbKQHzTA701l0CMIxGynRCSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7qJFwq1iTXE7hBFNILnuUL1kDFMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvSHVva1hDcldKTmNUdUVFVTBndWU1UXZXUU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfbwMA0G
CSqGSIb3DQEBCwUAA4IBAQAMhAKMZMZ5prcymSp+wejbpjmYxECCl5ou4g97gLSY
j0Si/2yaiRTOIUe0EH6boWBUL9JHv8583OGuPpJSv/A5ZAl1H253MRPjkV50hSBu
pcTP0XPscVImuYrXmoXKoJt2gIALcp6UCadSVTJMmmaRzCKgKusQMXx/a8O87eWZ
rMmtUZyqDnNsWxzmkTzP0S7CSEDCUq/thvFJylKMQ8lbxIqM8TMz18uZJkg2bShh
hcjJVYZEsICw/oyxCwYalxel5bm3X5niYUWN9bH6W/yzfZHo4y74ImoUgg4GDrdN
wDBDcmGXZAKOi/7TX5AkNwLTM18I100NpJWng6BW7sht
-----END CERTIFICATE-----