Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/HKeIQw79oiedwfEFOy9mz6hUiNU.roa
File:                     HKeIQw79oiedwfEFOy9mz6hUiNU.roa (raw, json)
Hash identifier:          N4Aq6JIioDxCRNLVeT+lhdJ9Gi9rSfu49izdmipk7HY=
Subject key identifier:   1C:A7:88:43:0E:FD:A2:27:9D:C1:F1:05:3B:2F:66:CF:A8:54:88:D5
Certificate issuer:       /CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
Certificate serial:       018CC649F4E9018CE103502B8332331BC6AC
Authority key identifier: 5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/HKeIQw79oiedwfEFOy9mz6hUiNU.roa
Signing time:             Mon 01 Jan 2024 18:29:44 +0000
ROA not before:           Mon 01 Jan 2024 18:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56766
IP address blocks:        31.133.38.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:f4:e9:01:8c:e1:03:50:2b:83:32:33:1b:c6:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c64f9d04efd5a9fc2e23b42d5b51aefd9a50250
        Validity
            Not Before: Jan  1 18:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ca788430efda2279dc1f1053b2f66cfa85488d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:89:23:d4:01:97:1c:6f:14:48:29:d2:eb:0a:
                    74:df:f5:3f:38:cf:66:3b:79:ce:9a:a1:21:37:c2:
                    0e:72:ec:26:5e:24:bd:1f:8f:e9:30:88:09:6b:ff:
                    62:16:15:0e:d0:00:3a:a1:89:65:cc:57:8d:57:61:
                    9c:ad:40:68:f0:65:03:a3:f9:de:a2:85:a8:47:b6:
                    45:23:5e:7e:33:a2:76:c3:41:b1:ba:e4:5c:96:52:
                    47:f1:37:03:10:d4:70:18:27:1d:d8:73:60:e4:1f:
                    e6:f7:07:e6:02:8b:1a:49:39:10:ae:7b:ba:a1:ba:
                    ab:0d:cf:ef:3e:40:9f:b0:1b:c3:47:14:f9:5f:7e:
                    6e:67:10:51:38:fc:fd:30:48:3a:d1:45:a3:6d:eb:
                    f8:bb:1b:42:88:e9:3c:a6:7f:26:25:f1:5a:b8:e9:
                    7f:ff:3e:9d:e1:1a:69:a0:da:b2:28:af:bc:7a:be:
                    09:fa:e8:69:b6:60:5a:c7:78:7c:33:91:1a:e8:68:
                    15:c6:0e:21:e8:60:23:7f:a7:24:92:dc:8f:b8:3b:
                    b1:9b:22:87:16:48:e1:39:95:89:b3:47:5a:49:6e:
                    bf:58:72:83:91:aa:95:90:cf:fe:ad:0b:d9:8c:61:
                    27:fe:72:d9:ad:ff:46:40:2b:17:dc:42:fc:53:a2:
                    14:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A7:88:43:0E:FD:A2:27:9D:C1:F1:05:3B:2F:66:CF:A8:54:88:D5
            X509v3 Authority Key Identifier:
                keyid:5C:64:F9:D0:4E:FD:5A:9F:C2:E2:3B:42:D5:B5:1A:EF:D9:A5:02:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGT50E79Wp_C4jtC1bUa79mlAlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/HKeIQw79oiedwfEFOy9mz6hUiNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/1849a6-f921-4b50-915e-b66fa4f4763a/1/XGT50E79Wp_C4jtC1bUa79mlAlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.133.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:d5:d6:f3:4b:3d:2b:ad:e9:58:f2:2a:92:24:4c:5a:94:3e:
         3c:3b:84:b3:c1:f0:1f:b9:f0:db:79:89:e8:a1:cd:bc:87:f8:
         ab:8d:86:39:8e:1d:af:7c:bb:e8:5f:98:d2:b8:e4:14:4c:f1:
         10:5c:f8:fb:e4:2a:e2:a9:33:39:62:94:6e:4b:36:21:85:f7:
         da:60:09:b1:71:2d:bd:03:ed:8d:ee:ad:72:c0:23:97:de:c7:
         a2:29:35:2f:35:a9:f1:11:48:81:fa:46:2c:c3:b4:15:b5:1f:
         6a:40:dc:04:17:c4:df:bb:25:4a:98:7b:60:8a:0a:3d:c9:96:
         34:2b:11:f1:4f:d7:d3:a6:2a:a7:1f:dc:7b:3f:2e:c2:c1:bc:
         56:04:ff:a9:de:c3:b3:c1:48:65:a4:df:97:20:b1:73:73:f9:
         0c:e9:79:f2:4d:61:b9:1c:fa:a1:69:14:18:d3:95:3b:be:6b:
         8e:13:1d:30:97:09:4f:b1:8e:d7:0d:b3:4a:34:dd:76:cc:30:
         91:23:0c:4c:e3:f9:87:69:f2:d7:72:71:d6:c3:8b:6e:56:7e:
         ed:83:ae:a2:39:39:57:c3:4d:a4:ba:43:39:bf:06:56:ac:65:
         f1:c4:f7:cf:df:de:af:c0:19:41:76:aa:76:94:3c:83:5c:f8:
         f2:98:ea:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSfTpAYzhA1ArgzIzG8asMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjRmOWQwNGVmZDVhOWZjMmUyM2I0MmQ1YjUxYWVmZDlh
NTAyNTAwHhcNMjQwMTAxMTgyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2E3ODg0MzBlZmRhMjI3OWRjMWYxMDUzYjJmNjZjZmE4NTQ4OGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIkj1AGXHG8USCnS6wp03/U/OM9m
O3nOmqEhN8IOcuwmXiS9H4/pMIgJa/9iFhUO0AA6oYllzFeNV2GcrUBo8GUDo/ne
ooWoR7ZFI15+M6J2w0GxuuRcllJH8TcDENRwGCcd2HNg5B/m9wfmAosaSTkQrnu6
obqrDc/vPkCfsBvDRxT5X35uZxBROPz9MEg60UWjbev4uxtCiOk8pn8mJfFauOl/
/z6d4RppoNqyKK+8er4J+uhptmBax3h8M5Ea6GgVxg4h6GAjf6ckktyPuDuxmyKH
FkjhOZWJs0daSW6/WHKDkaqVkM/+rQvZjGEn/nLZrf9GQCsX3EL8U6IU1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByniEMO/aInncHxBTsvZs+oVIjVMB8GA1UdIwQY
MBaAFFxk+dBO/VqfwuI7QtW1Gu/ZpQJQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUt
YjY2ZmE0ZjQ3NjNhLzEvSEtlSVF3NzlvaWVkd2ZFRk95OW16NmhVaU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8xODQ5YTYtZjkyMS00YjUwLTkxNWUtYjY2ZmE0ZjQ3NjNh
LzEvWEdUNTBFNzlXcF9DNGp0QzFiVWE3OW1sQWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH4UmMA0G
CSqGSIb3DQEBCwUAA4IBAQDA1dbzSz0rrelY8iqSJExalD48O4SzwfAfufDbeYno
oc28h/irjYY5jh2vfLvoX5jSuOQUTPEQXPj75CriqTM5YpRuSzYhhffaYAmxcS29
A+2N7q1ywCOX3seiKTUvNanxEUiB+kYsw7QVtR9qQNwEF8TfuyVKmHtgigo9yZY0
KxHxT9fTpiqnH9x7Py7CwbxWBP+p3sOzwUhlpN+XILFzc/kM6XnyTWG5HPqhaRQY
05U7vmuOEx0wlwlPsY7XDbNKNN12zDCRIwxM4/mHafLXcnHWw4tuVn7tg66iOTlX
w02kukM5vwZWrGXxxPfP396vwBlBdqp2lDyDXPjymOo+
-----END CERTIFICATE-----