Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Hc4eUJkw2WjNlUf7zyGpkmIbmj4.roa
File:                     Hc4eUJkw2WjNlUf7zyGpkmIbmj4.roa (raw, json)
Hash identifier:          OlPFBz09kiBcwvl8aOnZYFr6o2o61or/wxUgFfb4yNs=
Subject key identifier:   1D:CE:1E:50:99:30:D9:68:CD:95:47:FB:CF:21:A9:92:62:1B:9A:3E
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955E85796D37236325B31C5E6F464C
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Hc4eUJkw2WjNlUf7zyGpkmIbmj4.roa
Signing time:             Tue 02 Jan 2024 00:31:44 +0000
ROA not before:           Tue 02 Jan 2024 00:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60149
IP address blocks:        93.113.126.0/24 maxlen: 24
                          86.107.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5e:85:79:6d:37:23:63:25:b3:1c:5e:6f:46:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dce1e509930d968cd9547fbcf21a992621b9a3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:67:14:a3:07:c6:d7:60:a0:68:6a:ab:96:38:
                    a0:44:8d:6a:2a:1e:95:89:e7:b6:18:5e:23:2d:d9:
                    e3:d6:fc:1a:84:28:99:28:11:81:7b:df:e0:47:c1:
                    1c:21:45:63:18:08:38:67:75:9e:a0:45:fe:2f:00:
                    b5:1f:89:c5:6d:cb:93:3e:bd:9f:55:c7:2f:6a:f0:
                    e8:e3:fd:d2:c4:e1:74:0c:0e:50:bf:a0:90:77:e9:
                    d7:7a:66:ce:a8:e8:cb:da:b8:9a:b7:0d:2c:ea:4d:
                    06:ce:0f:8e:5a:b2:63:9e:5f:83:12:98:15:2d:9a:
                    0f:74:3b:5a:b7:16:40:2d:db:8f:42:a6:10:53:f5:
                    b3:f1:ed:83:84:e9:45:69:6d:b2:fe:74:fa:9d:bf:
                    d4:e0:26:c4:75:e2:b3:e9:78:3c:bb:cb:34:3f:e3:
                    ef:50:c2:c7:41:0b:39:9a:cd:09:54:da:0c:23:6d:
                    15:51:b7:ed:a8:93:cd:8e:fd:f9:7f:92:35:71:02:
                    b5:98:47:7c:82:29:04:01:c3:a8:39:f5:7a:cb:1f:
                    3a:ae:80:91:34:6e:11:b3:dc:d3:86:6a:42:87:d1:
                    6b:6b:b4:87:5c:e4:2e:ca:91:0b:63:f4:cd:fd:48:
                    4e:20:52:b8:5e:84:9c:37:12:b2:38:35:55:0b:b2:
                    39:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:CE:1E:50:99:30:D9:68:CD:95:47:FB:CF:21:A9:92:62:1B:9A:3E
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/Hc4eUJkw2WjNlUf7zyGpkmIbmj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.73.0/24
                  93.113.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:51:9a:47:c2:a0:cf:af:1f:37:a1:8e:d2:f3:d6:e9:7d:61:
         52:0c:bc:d2:50:45:01:44:27:48:94:5c:a4:24:80:98:aa:40:
         ea:21:3e:e5:5b:87:77:a7:e4:7c:26:bf:1c:a1:c2:54:84:86:
         17:ab:79:fc:50:52:fe:eb:da:33:57:d6:a1:81:15:5e:9d:fd:
         a5:9b:6a:36:3e:e0:32:72:ae:3b:5b:4f:8d:7c:cb:0d:66:12:
         a5:57:1b:55:06:61:f9:ac:47:ba:f9:4b:8a:bc:e1:5d:e0:2b:
         75:4f:50:b2:93:eb:0b:68:21:c4:11:73:34:5a:62:af:02:70:
         f4:a9:0c:80:90:b1:61:e4:6a:9b:26:bf:fb:60:e8:e9:5c:7e:
         40:20:69:bc:67:85:6b:da:5d:f3:26:27:d3:a9:fc:c2:90:ab:
         d5:c5:5f:09:e3:fe:ba:84:e5:b6:a8:a7:89:ee:38:3a:fc:28:
         f9:7f:dc:4c:01:66:82:19:95:b9:09:40:13:48:c0:04:d2:55:
         01:0a:13:96:b5:5e:75:9f:69:17:d0:24:24:11:39:c2:fa:d0:
         f9:d7:e4:5e:51:87:83:15:f4:da:97:22:ed:76:f1:dd:48:44:
         af:77:d9:6d:0b:cc:a3:cf:da:02:90:3d:f9:8d:39:22:7e:ad:
         41:22:37:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzHlV6FeW03I2Mlsxxeb0ZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGNlMWU1MDk5MzBkOTY4Y2Q5NTQ3ZmJjZjIxYTk5MjYyMWI5YTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mcUowfG12CgaGqrljigRI1qKh6V
iee2GF4jLdnj1vwahCiZKBGBe9/gR8EcIUVjGAg4Z3WeoEX+LwC1H4nFbcuTPr2f
VccvavDo4/3SxOF0DA5Qv6CQd+nXembOqOjL2riatw0s6k0Gzg+OWrJjnl+DEpgV
LZoPdDtatxZALduPQqYQU/Wz8e2DhOlFaW2y/nT6nb/U4CbEdeKz6Xg8u8s0P+Pv
UMLHQQs5ms0JVNoMI20VUbftqJPNjv35f5I1cQK1mEd8gikEAcOoOfV6yx86roCR
NG4Rs9zThmpCh9Fra7SHXOQuypELY/TN/UhOIFK4XoScNxKyODVVC7I5kQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB3OHlCZMNlozZVH+88hqZJiG5o+MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0hjNGVVSmt3MldqTmxVZjd6eUdwa21JYm1qNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABWa0kD
BABdcX4wDQYJKoZIhvcNAQELBQADggEBAB5RmkfCoM+vHzehjtLz1ul9YVIMvNJQ
RQFEJ0iUXKQkgJiqQOohPuVbh3en5HwmvxyhwlSEhherefxQUv7r2jNX1qGBFV6d
/aWbajY+4DJyrjtbT418yw1mEqVXG1UGYfmsR7r5S4q84V3gK3VPULKT6wtoIcQR
czRaYq8CcPSpDICQsWHkapsmv/tg6OlcfkAgabxnhWvaXfMmJ9Op/MKQq9XFXwnj
/rqE5baop4nuODr8KPl/3EwBZoIZlbkJQBNIwATSVQEKE5a1XnWfaRfQJCQROcL6
0PnX5F5Rh4MV9NqXIu128d1IRK932W0LzKPP2gKQPfmNOSJ+rUEiN48=
-----END CERTIFICATE-----