Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/HblfNKGv6ax87lFMM3z3ma82Nk8.roa
File:                     HblfNKGv6ax87lFMM3z3ma82Nk8.roa (raw, json)
Hash identifier:          TJBnfBkuIWahpg9wmzMgK2YsFSjv8uPTSf8hqyTmrP8=
Subject key identifier:   1D:B9:5F:34:A1:AF:E9:AC:7C:EE:51:4C:33:7C:F7:99:AF:36:36:4F
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018FDE078CA07324D0328456EB6E459B2F20
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/HblfNKGv6ax87lFMM3z3ma82Nk8.roa
Signing time:             Mon 03 Jun 2024 12:16:27 +0000
ROA not before:           Mon 03 Jun 2024 12:16:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201632
IP address blocks:        193.140.16.0/21 maxlen: 21
                          193.140.184.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:de:07:8c:a0:73:24:d0:32:84:56:eb:6e:45:9b:2f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jun  3 12:16:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1db95f34a1afe9ac7cee514c337cf799af36364f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d6:ba:2f:71:56:d0:b2:31:d6:90:5f:f7:d5:
                    e1:9b:53:06:45:71:b9:0d:0a:29:ed:09:5b:4d:64:
                    2f:4f:1a:06:3a:62:bd:e2:51:b8:b5:30:85:21:d2:
                    20:10:e4:ce:3b:61:dd:21:3c:11:6d:41:03:32:07:
                    47:e6:81:49:8a:a2:d6:59:ff:fd:15:59:b9:77:42:
                    cf:06:9f:16:a7:19:29:1c:ae:8f:8e:3a:93:37:8a:
                    0c:a2:38:c0:16:3b:f7:66:47:ad:11:8d:9e:c8:91:
                    5b:a8:f5:01:7f:a5:35:37:6d:a8:ea:5e:0c:41:7b:
                    78:c8:be:64:08:10:a4:3b:64:ba:ef:15:a7:55:b0:
                    01:e3:e3:7a:9f:d8:f1:6f:86:1d:ee:23:27:e0:ed:
                    ed:95:da:cd:af:e6:8f:f3:e4:06:ab:5d:4e:96:96:
                    b0:3d:bf:d6:7d:c5:a6:39:1a:d6:c0:64:6f:1b:ae:
                    a7:77:97:4d:44:13:a7:f3:da:46:26:7d:63:ad:21:
                    c1:54:e2:5e:52:ee:40:c9:c1:c4:79:18:7e:44:c4:
                    3f:0e:f4:8a:14:7c:49:99:10:d2:4f:17:e1:d5:93:
                    51:48:23:0d:22:d7:0c:09:09:87:85:4b:45:68:3d:
                    ed:b3:5e:c6:d1:c4:d3:78:b4:48:2e:fa:11:d9:f0:
                    50:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B9:5F:34:A1:AF:E9:AC:7C:EE:51:4C:33:7C:F7:99:AF:36:36:4F
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/HblfNKGv6ax87lFMM3z3ma82Nk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.140.16.0/21
                  193.140.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         69:8f:ef:d7:da:1d:a7:ab:06:92:b1:ee:60:de:f6:80:64:fe:
         87:48:a6:d6:e1:d8:6a:50:86:d0:14:9c:22:bf:c0:00:57:c2:
         85:2d:45:e2:6a:cd:cf:1b:ab:d2:ae:9e:24:31:33:9b:64:17:
         59:37:03:03:53:e5:67:1a:71:01:2b:dd:e1:c2:c7:7a:e1:2d:
         16:6a:3b:66:d7:36:e5:58:b8:33:22:f1:fa:33:ff:50:bf:71:
         d1:a2:35:3c:c5:dd:97:0f:53:13:61:16:fe:1d:0c:fc:5b:27:
         1e:a6:a4:dc:42:11:ab:13:16:23:36:e0:e8:85:d0:2a:b3:13:
         87:37:e4:57:19:cd:73:72:16:9e:2d:20:d6:ec:3d:af:29:fc:
         11:a0:7a:34:93:50:5c:0d:77:d2:fa:e6:95:be:ce:19:b2:fd:
         f7:4d:30:09:35:62:0e:04:b5:cb:a0:4c:b8:1b:9a:c3:56:95:
         f7:b9:86:ff:4e:08:17:b0:25:ae:cb:e2:55:7a:41:93:62:d9:
         ae:5a:f8:da:a3:0c:11:c1:b2:de:16:c5:2b:76:56:eb:51:13:
         00:74:82:4b:66:72:85:b3:ba:c1:a4:51:d0:a7:e3:03:da:e1:
         ad:f7:df:91:93:5a:3a:7d:6b:03:f2:af:a2:c3:2d:04:0a:09:
         70:0c:aa:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/eB4ygcyTQMoRW625Fmy8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwNjAzMTIxNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI5NWYzNGExYWZlOWFjN2NlZTUxNGMzMzdjZjc5OWFmMzYzNjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtta6L3FW0LIx1pBf99Xhm1MGRXG5
DQop7QlbTWQvTxoGOmK94lG4tTCFIdIgEOTOO2HdITwRbUEDMgdH5oFJiqLWWf/9
FVm5d0LPBp8WpxkpHK6PjjqTN4oMojjAFjv3ZketEY2eyJFbqPUBf6U1N22o6l4M
QXt4yL5kCBCkO2S67xWnVbAB4+N6n9jxb4Yd7iMn4O3tldrNr+aP8+QGq11Olpaw
Pb/WfcWmORrWwGRvG66nd5dNRBOn89pGJn1jrSHBVOJeUu5AycHEeRh+RMQ/DvSK
FHxJmRDSTxfh1ZNRSCMNItcMCQmHhUtFaD3ts17G0cTTeLRILvoR2fBQqwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB25XzShr+msfO5RTDN895mvNjZPMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvSGJsZk5LR3Y2YXg4N2xGTU0zejNtYTgyTms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDwYwQAwQD
wYy4MA0GCSqGSIb3DQEBCwUAA4IBAQBpj+/X2h2nqwaSse5g3vaAZP6HSKbW4dhq
UIbQFJwiv8AAV8KFLUXias3PG6vSrp4kMTObZBdZNwMDU+VnGnEBK93hwsd64S0W
ajtm1zblWLgzIvH6M/9Qv3HRojU8xd2XD1MTYRb+HQz8WycepqTcQhGrExYjNuDo
hdAqsxOHN+RXGc1zchaeLSDW7D2vKfwRoHo0k1BcDXfS+uaVvs4Zsv33TTAJNWIO
BLXLoEy4G5rDVpX3uYb/TggXsCWuy+JVekGTYtmuWvjaowwRwbLeFsUrdlbrURMA
dIJLZnKFs7rBpFHQp+MD2uGt99+Rk1o6fWsD8q+iwy0ECglwDKqS
-----END CERTIFICATE-----