Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/ht8VzkYDPEhqXWliT1ZMAWcjb80.roa
File:                     ht8VzkYDPEhqXWliT1ZMAWcjb80.roa (raw, json)
Hash identifier:          T535oiawJDmVfPR7G8ItPqSAlaKLjzRUWYb5e/ydxyc=
Subject key identifier:   86:DF:15:CE:46:03:3C:48:6A:5D:69:62:4F:56:4C:01:67:23:6F:CD
Certificate issuer:       /CN=0765f6f5f7936db8351a0a393cf069a518e57445
Certificate serial:       018CCA99FF2F75398E087DD5118BE207B62E
Authority key identifier: 07:65:F6:F5:F7:93:6D:B8:35:1A:0A:39:3C:F0:69:A5:18:E5:74:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B2X29feTbbg1Ggo5PPBppRjldEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/ht8VzkYDPEhqXWliT1ZMAWcjb80.roa
Signing time:             Tue 02 Jan 2024 14:35:39 +0000
ROA not before:           Tue 02 Jan 2024 14:35:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28878
IP address blocks:        193.33.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/B2X29feTbbg1Ggo5PPBppRjldEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/B2X29feTbbg1Ggo5PPBppRjldEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B2X29feTbbg1Ggo5PPBppRjldEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ff:2f:75:39:8e:08:7d:d5:11:8b:e2:07:b6:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0765f6f5f7936db8351a0a393cf069a518e57445
        Validity
            Not Before: Jan  2 14:35:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86df15ce46033c486a5d69624f564c0167236fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:44:ba:24:db:20:aa:16:32:b6:4f:c0:5e:13:
                    06:8b:fc:84:68:06:c7:84:e0:fd:dc:09:76:43:3d:
                    56:0a:b8:31:46:ff:a4:0a:e8:0f:ec:cf:14:00:19:
                    ec:9e:b4:d3:ea:79:d5:e8:76:78:81:eb:51:08:54:
                    16:b9:d1:63:cd:bc:15:89:d8:8f:a7:f0:1c:6b:b3:
                    71:4f:58:e5:c0:93:4e:91:52:b5:5d:e4:6c:6b:33:
                    e9:f6:74:0d:11:b6:22:bd:3c:0a:7e:1f:4f:ed:0b:
                    87:b8:76:5f:8c:9b:d5:14:12:a3:74:75:02:ba:00:
                    1a:8f:54:82:f2:bb:45:e5:9b:6c:32:34:d5:0b:b5:
                    7a:85:1c:83:11:99:cd:e8:5a:13:31:49:c5:91:6b:
                    59:d0:f0:07:cc:c0:78:27:0c:29:af:0f:ce:61:fd:
                    c5:b9:54:d5:7e:cd:2d:1a:de:e2:e1:85:9c:c5:5b:
                    6b:7f:ea:68:91:72:41:fa:01:e2:13:6e:d1:fe:11:
                    10:8b:77:85:f6:16:fe:04:41:15:88:80:2e:b6:72:
                    50:94:12:ec:e8:d4:c3:21:28:47:43:5f:f3:39:4a:
                    b4:f1:be:bc:39:4c:1b:7a:d9:b0:84:24:b6:98:43:
                    94:ee:79:0e:a3:97:bd:f3:88:73:d5:40:1c:a7:e7:
                    8f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DF:15:CE:46:03:3C:48:6A:5D:69:62:4F:56:4C:01:67:23:6F:CD
            X509v3 Authority Key Identifier:
                keyid:07:65:F6:F5:F7:93:6D:B8:35:1A:0A:39:3C:F0:69:A5:18:E5:74:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B2X29feTbbg1Ggo5PPBppRjldEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/ht8VzkYDPEhqXWliT1ZMAWcjb80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9a6655-1d2c-45cb-ada1-f46b46d53800/1/B2X29feTbbg1Ggo5PPBppRjldEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:0d:fd:ae:65:2b:4e:91:9a:d4:3c:fd:b1:01:78:61:9a:94:
         79:c7:f0:cc:5e:6e:1c:81:68:ea:79:8e:b4:55:d5:6d:6b:87:
         10:7c:40:1e:6b:99:09:cd:2b:e4:30:d5:5e:af:76:fb:35:a8:
         1c:93:d3:db:ff:f5:6e:e2:d8:e8:7b:20:0d:5a:fe:34:ff:17:
         19:e2:65:03:74:1b:29:3d:d9:53:70:be:17:2a:43:02:1c:5f:
         65:d8:f1:15:72:4a:06:12:7f:38:a6:c8:1a:04:ac:ed:5c:d9:
         22:db:82:01:33:57:42:ff:f6:21:d0:a0:8c:5f:54:d5:ce:c8:
         04:67:82:c0:fe:cb:d8:80:0c:65:4d:92:7d:3d:ce:5d:0d:6a:
         a2:a7:56:06:7f:6d:db:85:1b:82:76:5e:fe:07:62:d7:6a:0e:
         31:a1:d8:ac:b3:b2:00:1d:f4:55:a1:5c:ad:af:69:f6:ed:30:
         b2:e3:2f:32:3a:28:d2:6f:a2:3d:73:90:18:77:19:ad:0e:ed:
         a0:cb:b4:db:0a:cc:a1:f1:f6:a0:dc:f6:e5:cb:a0:5c:13:38:
         1d:b4:27:f3:be:bc:40:0a:b1:22:cc:40:5c:4b:20:2b:ed:9b:
         37:40:2e:a0:6c:dd:8f:72:ea:be:93:47:d7:94:6a:b9:0f:55:
         84:aa:06:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmf8vdTmOCH3VEYviB7YuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NjVmNmY1Zjc5MzZkYjgzNTFhMGEzOTNjZjA2OWE1MThl
NTc0NDUwHhcNMjQwMTAyMTQzNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmRmMTVjZTQ2MDMzYzQ4NmE1ZDY5NjI0ZjU2NGMwMTY3MjM2ZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUS6JNsgqhYytk/AXhMGi/yEaAbH
hOD93Al2Qz1WCrgxRv+kCugP7M8UABnsnrTT6nnV6HZ4getRCFQWudFjzbwVidiP
p/Aca7NxT1jlwJNOkVK1XeRsazPp9nQNEbYivTwKfh9P7QuHuHZfjJvVFBKjdHUC
ugAaj1SC8rtF5ZtsMjTVC7V6hRyDEZnN6FoTMUnFkWtZ0PAHzMB4Jwwprw/OYf3F
uVTVfs0tGt7i4YWcxVtrf+pokXJB+gHiE27R/hEQi3eF9hb+BEEViIAutnJQlBLs
6NTDIShHQ1/zOUq08b68OUwbetmwhCS2mEOU7nkOo5e984hz1UAcp+ePDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbfFc5GAzxIal1pYk9WTAFnI2/NMB8GA1UdIwQY
MBaAFAdl9vX3k224NRoKOTzwaaUY5XRFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjJYMjlmZVRiYmcxR2dvNVBQQnBwUmpsZEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85YTY2NTUtMWQyYy00NWNiLWFkYTEt
ZjQ2YjQ2ZDUzODAwLzEvaHQ4VnprWURQRWhxWFdsaVQxWk1BV2NqYjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85YTY2NTUtMWQyYy00NWNiLWFkYTEtZjQ2YjQ2ZDUzODAw
LzEvQjJYMjlmZVRiYmcxR2dvNVBQQnBwUmpsZEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSG0MA0G
CSqGSIb3DQEBCwUAA4IBAQCRDf2uZStOkZrUPP2xAXhhmpR5x/DMXm4cgWjqeY60
VdVta4cQfEAea5kJzSvkMNVer3b7Nagck9Pb//Vu4tjoeyANWv40/xcZ4mUDdBsp
PdlTcL4XKkMCHF9l2PEVckoGEn84psgaBKztXNki24IBM1dC//Yh0KCMX1TVzsgE
Z4LA/svYgAxlTZJ9Pc5dDWqip1YGf23bhRuCdl7+B2LXag4xodiss7IAHfRVoVyt
r2n27TCy4y8yOijSb6I9c5AYdxmtDu2gy7TbCsyh8fag3Pbly6BcEzgdtCfzvrxA
CrEizEBcSyAr7Zs3QC6gbN2Pcuq+k0fXlGq5D1WEqgZ4
-----END CERTIFICATE-----