Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/hnkeTprgU8tliFsBhzM49B3K-wA.roa
File:                     hnkeTprgU8tliFsBhzM49B3K-wA.roa (raw, json)
Hash identifier:          6ZZkCPIwFKTaYrJDqjXYNzU4uiOFhbgSDszRGTbwLwY=
Subject key identifier:   86:79:1E:4E:9A:E0:53:CB:65:88:5B:01:87:33:38:F4:1D:CA:FB:00
Certificate issuer:       /CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
Certificate serial:       018CC8DEE75FD139687E7672541A2E003222
Authority key identifier: 5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/hnkeTprgU8tliFsBhzM49B3K-wA.roa
Signing time:             Tue 02 Jan 2024 06:31:40 +0000
ROA not before:           Tue 02 Jan 2024 06:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12703
IP address blocks:        185.196.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:e7:5f:d1:39:68:7e:76:72:54:1a:2e:00:32:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
        Validity
            Not Before: Jan  2 06:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86791e4e9ae053cb65885b01873338f41dcafb00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:87:8f:c2:3e:bc:aa:3c:68:b5:1f:77:3f:0e:
                    14:d7:f8:21:e4:00:c1:27:a6:5d:97:53:cc:23:ce:
                    b3:d7:0a:38:77:24:24:b4:fd:2b:ea:02:36:e1:44:
                    27:83:61:b1:45:be:2c:14:b5:44:38:5f:c1:a6:ef:
                    42:e2:3c:ea:f3:91:09:9a:42:a5:6d:5e:df:d0:58:
                    b8:b1:ef:e0:81:2c:88:ff:60:ab:bb:3e:31:9c:6a:
                    c7:d2:4d:30:0b:66:24:59:57:75:c3:19:f3:4c:c2:
                    69:37:23:de:aa:d1:2a:a1:24:ef:23:80:0b:df:c0:
                    5b:3a:82:ef:a3:a4:86:1d:9b:e4:6a:7e:6a:5e:0b:
                    71:dc:98:fc:96:d2:ed:38:5d:56:cb:f7:ff:83:eb:
                    21:61:2b:74:ee:53:53:8c:d5:0c:e5:17:21:a1:ed:
                    e7:5c:e1:e8:97:3b:0a:ee:94:f9:a3:b2:54:ed:e7:
                    23:18:9d:f3:5d:0e:58:e5:5d:c3:cf:9f:0b:8e:fc:
                    de:21:62:cc:fa:50:dd:8d:ee:9b:70:0f:f2:53:95:
                    fe:47:26:21:b9:2b:1c:48:47:65:70:18:5d:be:c6:
                    df:c8:0d:44:88:61:f4:7f:6c:e3:11:94:d1:44:e6:
                    41:b6:69:d0:9f:b1:64:34:39:fb:c6:3c:35:18:78:
                    c5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:79:1E:4E:9A:E0:53:CB:65:88:5B:01:87:33:38:F4:1D:CA:FB:00
            X509v3 Authority Key Identifier:
                keyid:5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/hnkeTprgU8tliFsBhzM49B3K-wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:89:eb:13:8e:4a:d3:ed:53:d0:f0:e8:c6:5f:5b:9a:bc:d7:
         44:d7:da:96:6f:13:ca:81:bd:38:f0:a9:4c:1c:7e:ca:ea:67:
         e6:83:06:85:48:93:00:e0:dd:94:13:99:7c:fa:1c:c9:24:32:
         15:8d:c5:f4:c6:4d:59:f3:8d:15:6b:2b:e0:9b:81:c0:d6:30:
         38:f4:7e:17:f9:72:81:56:9a:28:a4:46:38:82:66:21:f3:59:
         44:7e:67:5a:90:67:0f:73:e5:1c:80:c2:c2:b0:da:73:98:8d:
         bc:be:4c:45:0f:f1:1a:ed:27:c3:05:33:56:e0:4d:e5:e5:3c:
         cd:8a:e1:b8:db:76:e7:db:53:fe:43:1a:13:36:9c:24:07:92:
         90:55:35:d5:a9:ae:a1:72:b5:7e:69:9d:7a:80:14:f7:a7:37:
         b4:c6:bf:f6:c0:0c:79:2c:c5:fd:ca:91:32:c8:3f:fe:b5:08:
         51:4b:06:94:61:f6:32:26:b5:ea:a3:e9:49:57:a4:de:93:4b:
         28:e5:66:16:55:3d:72:19:bc:fa:57:1c:b3:82:d9:62:43:38:
         ae:e6:91:91:c0:9c:f9:31:93:25:a5:cd:f3:fc:c6:a2:9f:ab:
         26:5e:78:84:42:cf:f5:ed:b8:e2:a1:42:8a:a3:03:9f:11:b9:
         be:bf:97:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3udf0TlofnZyVBouADIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZTFhYWUwYzkzYWQwNGI3Mjk4MDgyYjY4YmY2YTU0ZmE2
OGJjZjAwHhcNMjQwMTAyMDYzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc5MWU0ZTlhZTA1M2NiNjU4ODViMDE4NzMzMzhmNDFkY2FmYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIePwj68qjxotR93Pw4U1/gh5ADB
J6Zdl1PMI86z1wo4dyQktP0r6gI24UQng2GxRb4sFLVEOF/Bpu9C4jzq85EJmkKl
bV7f0Fi4se/ggSyI/2Cruz4xnGrH0k0wC2YkWVd1wxnzTMJpNyPeqtEqoSTvI4AL
38BbOoLvo6SGHZvkan5qXgtx3Jj8ltLtOF1Wy/f/g+shYSt07lNTjNUM5Rchoe3n
XOHolzsK7pT5o7JU7ecjGJ3zXQ5Y5V3Dz58LjvzeIWLM+lDdje6bcA/yU5X+RyYh
uSscSEdlcBhdvsbfyA1EiGH0f2zjEZTRROZBtmnQn7FkNDn7xjw1GHjFTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ5Hk6a4FPLZYhbAYczOPQdyvsAMB8GA1UdIwQY
MBaAFFzhquDJOtBLcpgIK2i/alT6aLzwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQt
YmExNDE4ZDIyMDg3LzEvaG5rZVRwcmdVOHRsaUZzQmh6TTQ5QjNLLXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQtYmExNDE4ZDIyMDg3
LzEvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucRkMA0G
CSqGSIb3DQEBCwUAA4IBAQBKiesTjkrT7VPQ8OjGX1uavNdE19qWbxPKgb048KlM
HH7K6mfmgwaFSJMA4N2UE5l8+hzJJDIVjcX0xk1Z840Vayvgm4HA1jA49H4X+XKB
VpoopEY4gmYh81lEfmdakGcPc+UcgMLCsNpzmI28vkxFD/Ea7SfDBTNW4E3l5TzN
iuG423bn21P+QxoTNpwkB5KQVTXVqa6hcrV+aZ16gBT3pze0xr/2wAx5LMX9ypEy
yD/+tQhRSwaUYfYyJrXqo+lJV6Tek0so5WYWVT1yGbz6VxyzgtliQziu5pGRwJz5
MZMlpc3z/Main6smXniEQs/17bjioUKKowOfEbm+v5fw
-----END CERTIFICATE-----