Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/HZbxX3uSNEUI6TIi00Tm1j2FfiE.roa
File:                     HZbxX3uSNEUI6TIi00Tm1j2FfiE.roa (raw, json)
Hash identifier:          L8jAYaoZDOnI3nM9k/Kwab9CS4+pTXwhSNMnZJhFsj0=
Subject key identifier:   1D:96:F1:5F:7B:92:34:45:08:E9:32:22:D3:44:E6:D6:3D:85:7E:21
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018E2F474A74AE85F5A6459190D7A30BC887
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/HZbxX3uSNEUI6TIi00Tm1j2FfiE.roa
Signing time:             Mon 11 Mar 2024 20:49:45 +0000
ROA not before:           Mon 11 Mar 2024 20:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        109.122.42.0/24 maxlen: 24
                          193.93.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2f:47:4a:74:ae:85:f5:a6:45:91:90:d7:a3:0b:c8:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 11 20:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d96f15f7b92344508e93222d344e6d63d857e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:66:46:6d:01:ed:5f:59:a0:3e:fb:a7:03:cc:
                    4e:7d:0c:ad:a2:b5:c3:53:2f:fe:ae:1c:71:fc:62:
                    37:d0:10:4e:9c:54:e5:ae:f6:55:d6:6e:97:ed:1f:
                    a8:42:9c:58:42:28:bf:af:6b:f4:72:8c:7c:8f:05:
                    1f:2d:01:d9:2d:15:41:1c:7b:f1:45:71:9f:e0:dc:
                    0c:2f:03:38:07:28:ba:ba:aa:c0:b1:07:7a:74:71:
                    af:a7:3a:d7:16:d7:35:7c:da:15:2d:d1:ea:30:1e:
                    9e:51:e1:be:20:eb:3a:4f:93:22:22:d1:d8:49:55:
                    b4:62:7a:16:cb:48:98:8c:d4:70:91:1f:c5:4f:21:
                    c6:50:78:48:a5:ba:40:63:04:a1:d3:62:32:42:ea:
                    25:d2:d4:db:cf:fe:a8:54:89:52:ed:e8:74:9e:86:
                    f7:78:c7:26:be:48:f0:bb:51:b8:bb:a7:e6:ca:e4:
                    ce:e3:c5:42:d6:bd:4d:7c:55:31:30:be:32:8d:7c:
                    74:64:1c:1c:35:97:a3:b9:9c:1b:47:69:0a:ab:31:
                    8f:22:43:4a:ae:7d:df:f2:03:7f:21:a5:55:9c:70:
                    f5:cf:7c:d4:5a:91:cc:0a:c6:52:a4:e9:a0:b5:a7:
                    3d:6c:55:aa:4b:9f:68:9e:7a:c6:c0:6b:f3:3a:53:
                    fe:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:96:F1:5F:7B:92:34:45:08:E9:32:22:D3:44:E6:D6:3D:85:7E:21
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/HZbxX3uSNEUI6TIi00Tm1j2FfiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.42.0/24
                  193.93.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:02:35:f2:15:d5:87:0c:cc:57:be:ef:32:9d:47:6d:18:77:
         8e:8d:bb:2e:1f:0d:61:a3:62:76:f2:bd:55:c0:3b:68:48:98:
         23:5e:2a:f5:76:29:93:a2:de:e0:79:02:87:67:ee:9d:cd:9c:
         6f:e7:d9:d8:21:82:c4:f3:02:90:4e:76:fe:d3:e5:bc:f0:b2:
         de:9a:93:ca:29:0f:4a:d9:0a:02:62:03:68:e8:0a:bf:42:70:
         76:e4:3d:26:43:7c:ca:1a:e3:3c:19:91:1b:07:fe:61:b4:8e:
         a7:74:f9:d0:4b:89:fd:c2:67:a9:d2:cd:7c:98:3b:cc:fb:3b:
         9a:fe:27:e4:5a:9d:85:be:5a:e8:53:fa:63:86:01:a8:1a:79:
         8a:97:ea:aa:b9:79:be:1f:cf:5e:b8:7e:e3:92:26:a6:b4:06:
         a3:3d:d8:08:f3:37:57:4c:81:75:31:ef:b1:77:52:de:61:db:
         4f:e0:5a:94:41:62:97:f7:6c:16:02:a4:65:ad:38:78:87:92:
         d6:7f:93:bb:d2:61:3b:4d:3e:50:30:02:69:f8:45:da:05:ae:
         46:8d:8d:21:7a:b5:f7:8a:80:84:29:3c:a7:c2:9f:26:b3:b0:
         5c:34:a2:24:68:36:93:01:ef:df:56:e2:c9:53:74:51:c6:8d:
         7e:32:8d:85
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4vR0p0roX1pkWRkNejC8iHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMzExMjA0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk2ZjE1ZjdiOTIzNDQ1MDhlOTMyMjJkMzQ0ZTZkNjNkODU3ZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2ZGbQHtX1mgPvunA8xOfQytorXD
Uy/+rhxx/GI30BBOnFTlrvZV1m6X7R+oQpxYQii/r2v0cox8jwUfLQHZLRVBHHvx
RXGf4NwMLwM4Byi6uqrAsQd6dHGvpzrXFtc1fNoVLdHqMB6eUeG+IOs6T5MiItHY
SVW0YnoWy0iYjNRwkR/FTyHGUHhIpbpAYwSh02IyQuol0tTbz/6oVIlS7eh0nob3
eMcmvkjwu1G4u6fmyuTO48VC1r1NfFUxML4yjXx0ZBwcNZejuZwbR2kKqzGPIkNK
rn3f8gN/IaVVnHD1z3zUWpHMCsZSpOmgtac9bFWqS59onnrGwGvzOlP+QQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB2W8V97kjRFCOkyItNE5tY9hX4hMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvSFpieFgzdVNORVVJNlRJaTAwVG0xajJGZmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXoqAwQA
wV03MA0GCSqGSIb3DQEBCwUAA4IBAQAYAjXyFdWHDMxXvu8ynUdtGHeOjbsuHw1h
o2J28r1VwDtoSJgjXir1dimTot7geQKHZ+6dzZxv59nYIYLE8wKQTnb+0+W88LLe
mpPKKQ9K2QoCYgNo6Aq/QnB25D0mQ3zKGuM8GZEbB/5htI6ndPnQS4n9wmep0s18
mDvM+zua/ifkWp2FvlroU/pjhgGoGnmKl+qquXm+H89euH7jkiamtAajPdgI8zdX
TIF1Me+xd1LeYdtP4FqUQWKX92wWAqRlrTh4h5LWf5O70mE7TT5QMAJp+EXaBa5G
jY0herX3ioCEKTynwp8ms7BcNKIkaDaTAe/fVuLJU3RRxo1+Mo2F
-----END CERTIFICATE-----