Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/HH5kKKj3qfzkDpWdeomv_VcX3Gk.roa
File:                     HH5kKKj3qfzkDpWdeomv_VcX3Gk.roa (raw, json)
Hash identifier:          M5gJG6AtalBOpLZQdTCJeNdQHDjy+lQlUwHUDJ+IT+k=
Subject key identifier:   1C:7E:64:28:A8:F7:A9:FC:E4:0E:95:9D:7A:89:AF:FD:57:17:DC:69
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018F727F7153B66E07465112BE6071699791
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/HH5kKKj3qfzkDpWdeomv_VcX3Gk.roa
Signing time:             Mon 13 May 2024 15:08:25 +0000
ROA not before:           Mon 13 May 2024 15:08:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205113
IP address blocks:        86.240.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 21:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:72:7f:71:53:b6:6e:07:46:51:12:be:60:71:69:97:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: May 13 15:08:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c7e6428a8f7a9fce40e959d7a89affd5717dc69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:cf:49:69:e9:e9:d3:af:89:25:da:3b:6f:48:
                    43:78:e6:75:0f:df:b4:10:cc:89:be:1d:b4:46:06:
                    66:3e:dd:86:d8:01:75:06:4f:1c:79:a3:27:26:6f:
                    98:18:a4:aa:d4:6a:80:fd:9f:03:a8:d8:9a:8f:1b:
                    c8:b6:24:cb:4d:9a:f6:e4:7d:9b:90:ae:84:d4:cf:
                    cd:08:78:6f:ac:c6:a8:f1:b7:f6:0e:08:26:dc:36:
                    7d:e4:8c:b6:6d:64:8b:36:c9:fd:90:88:65:1f:2a:
                    28:e1:6a:bc:86:8f:f3:7d:88:ce:86:dd:ed:fe:61:
                    ac:5b:fd:20:0b:e8:0d:c3:a0:14:21:73:4b:02:7a:
                    a0:4b:05:ff:b9:53:99:9b:3b:e6:6e:d1:77:cf:d3:
                    ff:f2:20:c3:14:e5:12:3a:bb:1d:c9:d4:d8:b8:23:
                    6a:1b:2c:9c:a3:04:0c:08:fd:c1:50:c8:a5:61:b7:
                    1c:da:bd:a4:63:15:e8:58:ac:20:6a:93:4c:6e:46:
                    67:1e:da:2b:b1:bd:0d:c7:c7:2d:8a:5f:05:f9:de:
                    80:6c:2b:e5:7f:01:2a:14:a5:f4:15:fb:e7:57:f0:
                    10:21:b8:56:13:85:b0:f6:a7:3a:61:d1:27:13:96:
                    dc:dc:33:4e:d7:22:ba:94:ff:db:43:8e:98:b3:e1:
                    e8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:7E:64:28:A8:F7:A9:FC:E4:0E:95:9D:7A:89:AF:FD:57:17:DC:69
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/HH5kKKj3qfzkDpWdeomv_VcX3Gk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.240.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:6f:c8:14:d2:d7:e7:ee:6c:ec:5e:93:c7:ad:ee:91:df:4c:
         d8:14:0d:d6:2f:09:0a:63:bd:7b:02:7e:e4:d4:f7:f9:90:af:
         f6:02:6f:86:a9:c0:c3:89:ed:ff:fb:18:79:e1:b2:5b:53:36:
         56:25:eb:c1:45:38:f0:5c:11:e3:5f:d3:88:ee:e1:48:df:d8:
         05:63:05:e9:73:22:a7:99:5f:43:64:32:6b:16:e1:71:51:4a:
         9b:59:be:96:13:c2:f1:00:0a:cb:4e:d5:ee:00:88:86:24:6d:
         22:12:5d:c1:34:fe:cd:50:5d:7c:da:d0:a6:2d:13:54:bc:1f:
         ad:70:56:9d:2e:c3:95:6b:0b:08:51:f2:1d:17:d9:4e:fd:7d:
         ce:73:f9:f6:54:c7:1e:da:89:d6:ef:a5:52:0c:14:f5:4f:46:
         13:8b:46:cf:28:33:84:eb:b6:88:b3:fc:ad:af:3d:94:4f:32:
         cb:04:62:ed:82:5a:48:e8:13:cb:66:90:73:12:e9:5d:d8:ed:
         81:c3:95:ac:f1:8b:25:ff:6c:2a:ab:a9:b0:cd:85:a0:5d:25:
         ef:ba:d2:b3:90:11:b8:00:24:51:d2:e4:57:f1:85:94:30:38:
         f9:bb:3d:d3:de:98:4f:80:b9:f2:79:df:8e:2a:74:87:1b:18:
         95:1f:50:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9yf3FTtm4HRlESvmBxaZeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwNTEzMTUwODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzdlNjQyOGE4ZjdhOWZjZTQwZTk1OWQ3YTg5YWZmZDU3MTdkYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM9Jaenp06+JJdo7b0hDeOZ1D9+0
EMyJvh20RgZmPt2G2AF1Bk8ceaMnJm+YGKSq1GqA/Z8DqNiajxvItiTLTZr25H2b
kK6E1M/NCHhvrMao8bf2Dggm3DZ95Iy2bWSLNsn9kIhlHyoo4Wq8ho/zfYjOht3t
/mGsW/0gC+gNw6AUIXNLAnqgSwX/uVOZmzvmbtF3z9P/8iDDFOUSOrsdydTYuCNq
GyycowQMCP3BUMilYbcc2r2kYxXoWKwgapNMbkZnHtorsb0Nx8ctil8F+d6AbCvl
fwEqFKX0FfvnV/AQIbhWE4Ww9qc6YdEnE5bc3DNO1yK6lP/bQ46Ys+HorQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBx+ZCio96n85A6VnXqJr/1XF9xpMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvSEg1a0tLajNxZnprRHBXZGVvbXZfVmNYM0drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVvCAMA0G
CSqGSIb3DQEBCwUAA4IBAQCXb8gU0tfn7mzsXpPHre6R30zYFA3WLwkKY717An7k
1Pf5kK/2Am+GqcDDie3/+xh54bJbUzZWJevBRTjwXBHjX9OI7uFI39gFYwXpcyKn
mV9DZDJrFuFxUUqbWb6WE8LxAArLTtXuAIiGJG0iEl3BNP7NUF182tCmLRNUvB+t
cFadLsOVawsIUfIdF9lO/X3Oc/n2VMce2onW76VSDBT1T0YTi0bPKDOE67aIs/yt
rz2UTzLLBGLtglpI6BPLZpBzEuld2O2Bw5Ws8Ysl/2wqq6mwzYWgXSXvutKzkBG4
ACRR0uRX8YWUMDj5uz3T3phPgLnyed+OKnSHGxiVH1CI
-----END CERTIFICATE-----