Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/f834ad-df0f-4505-9613-2a04d3923d22/1/lHkU-8wo9-reQSV4ij_kHulJ3E8.roa
File:                     lHkU-8wo9-reQSV4ij_kHulJ3E8.roa (raw, json)
Hash identifier:          67+jtWa3Qs1TBNCaAUwSRblTzvPMrTdR2cKUAVRl4Uo=
Subject key identifier:   94:79:14:FB:CC:28:F7:EA:DE:41:25:78:8A:3F:E4:1E:E9:49:DC:4F
Certificate issuer:       /CN=1e30a62262dccb21a0104b34edb82b9515cacdfb
Certificate serial:       018CC3B72AC9AF55B99D91B2BEB03750FC94
Authority key identifier: 1E:30:A6:22:62:DC:CB:21:A0:10:4B:34:ED:B8:2B:95:15:CA:CD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjCmImLcyyGgEEs07bgrlRXKzfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/f834ad-df0f-4505-9613-2a04d3923d22/1/lHkU-8wo9-reQSV4ij_kHulJ3E8.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208613
IP address blocks:        45.87.72.0/22 maxlen: 24
                          2a0e:f680::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/f834ad-df0f-4505-9613-2a04d3923d22/1/HjCmImLcyyGgEEs07bgrlRXKzfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/f834ad-df0f-4505-9613-2a04d3923d22/1/HjCmImLcyyGgEEs07bgrlRXKzfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HjCmImLcyyGgEEs07bgrlRXKzfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 13:57:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2a:c9:af:55:b9:9d:91:b2:be:b0:37:50:fc:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e30a62262dccb21a0104b34edb82b9515cacdfb
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=947914fbcc28f7eade4125788a3fe41ee949dc4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:f4:cc:12:72:c0:97:e9:f1:a0:71:7b:3f:65:
                    1d:8c:78:8a:ce:bb:13:ec:6d:00:45:75:7d:ed:20:
                    56:84:28:55:fc:8a:f3:47:11:3e:56:7a:47:33:99:
                    16:1a:b5:d3:01:bb:ec:8a:0b:29:0e:08:2e:89:50:
                    dd:75:86:1b:1a:ea:a4:d9:b8:62:0e:49:6e:e2:17:
                    88:e8:e7:6f:08:ec:23:40:4c:08:75:0d:22:52:a9:
                    d6:16:f1:e9:ff:53:5c:ad:16:45:3e:a2:11:84:9b:
                    f1:ca:77:19:42:e8:62:0f:7d:89:05:e9:e1:8e:b5:
                    9e:f2:2e:0f:30:2b:62:33:6b:63:af:d5:46:85:67:
                    f8:0c:a4:5b:7c:41:3b:8d:ba:29:48:06:73:95:4a:
                    06:63:7b:63:1c:46:93:79:68:96:57:f4:4f:1b:9e:
                    5b:3f:97:db:82:14:6a:d6:92:55:eb:8a:63:16:df:
                    48:46:b0:4e:af:c6:bc:92:3f:02:62:6e:54:c3:1b:
                    41:e2:83:23:90:88:02:00:ca:7c:a5:96:aa:0b:53:
                    34:21:bb:fe:1f:7b:99:27:de:d5:11:a0:d7:7c:17:
                    b2:06:78:8f:d3:f4:8c:3b:6c:06:f6:da:bc:56:d1:
                    cd:7e:5f:dd:0f:83:e1:21:14:36:28:93:f0:42:61:
                    02:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:79:14:FB:CC:28:F7:EA:DE:41:25:78:8A:3F:E4:1E:E9:49:DC:4F
            X509v3 Authority Key Identifier:
                keyid:1E:30:A6:22:62:DC:CB:21:A0:10:4B:34:ED:B8:2B:95:15:CA:CD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjCmImLcyyGgEEs07bgrlRXKzfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f834ad-df0f-4505-9613-2a04d3923d22/1/lHkU-8wo9-reQSV4ij_kHulJ3E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/f834ad-df0f-4505-9613-2a04d3923d22/1/HjCmImLcyyGgEEs07bgrlRXKzfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.72.0/22
                IPv6:
                  2a0e:f680::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:8e:e8:ed:3d:93:86:ce:ca:2f:66:73:98:f6:f7:74:e5:50:
         74:d5:30:c4:99:2e:11:77:66:b9:84:41:63:37:e1:06:81:5b:
         3b:a2:f0:97:01:33:e0:a6:15:99:21:ec:f5:b3:73:3d:17:a0:
         1b:15:14:c1:fa:b0:8f:4c:d0:bf:bb:0c:ca:09:73:f0:f0:38:
         e3:8e:cc:6c:a4:a9:82:c9:be:d2:3c:74:89:91:b3:ba:4a:92:
         ec:de:8f:35:57:73:47:7a:b6:f6:fb:cf:83:ee:98:e6:e8:d3:
         5a:5c:6f:40:44:7a:b1:5c:6c:c7:66:92:e8:36:15:08:6d:db:
         68:5f:ed:f1:05:51:cb:e5:f2:8e:cc:68:3b:5f:b0:c3:83:ec:
         1a:7b:fd:90:96:95:ea:26:4c:2d:47:34:48:2b:93:10:d9:35:
         57:46:63:2d:de:a7:f9:49:cf:f8:63:bf:5d:70:71:23:5a:b1:
         c7:d2:b5:60:a6:22:b2:0b:df:5b:66:2f:fe:4b:df:0e:8f:6a:
         52:d3:dd:a5:9f:a2:be:fa:fc:99:12:e4:40:0d:7e:12:b8:cd:
         bc:df:a8:6c:91:7f:1e:c2:32:a9:5e:33:27:fb:8f:5c:cd:58:
         70:d4:bd:26:a4:ff:a4:0c:4c:cb:33:37:cc:b0:38:d0:4d:49:
         e5:af:52:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtyrJr1W5nZGyvrA3UPyUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzBhNjIyNjJkY2NiMjFhMDEwNGIzNGVkYjgyYjk1MTVj
YWNkZmIwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc5MTRmYmNjMjhmN2VhZGU0MTI1Nzg4YTNmZTQxZWU5NDlkYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6PTMEnLAl+nxoHF7P2UdjHiKzrsT
7G0ARXV97SBWhChV/IrzRxE+VnpHM5kWGrXTAbvsigspDgguiVDddYYbGuqk2bhi
Dklu4heI6OdvCOwjQEwIdQ0iUqnWFvHp/1NcrRZFPqIRhJvxyncZQuhiD32JBenh
jrWe8i4PMCtiM2tjr9VGhWf4DKRbfEE7jbopSAZzlUoGY3tjHEaTeWiWV/RPG55b
P5fbghRq1pJV64pjFt9IRrBOr8a8kj8CYm5UwxtB4oMjkIgCAMp8pZaqC1M0Ibv+
H3uZJ97VEaDXfBeyBniP0/SMO2wG9tq8VtHNfl/dD4PhIRQ2KJPwQmECuwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJR5FPvMKPfq3kEleIo/5B7pSdxPMB8GA1UdIwQY
MBaAFB4wpiJi3MshoBBLNO24K5UVys37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpDbUltTGN5eUdnRUVzMDdiZ3JsUlhLemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9mODM0YWQtZGYwZi00NTA1LTk2MTMt
MmEwNGQzOTIzZDIyLzEvbEhrVS04d285LXJlUVNWNGlqX2tIdWxKM0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9mODM0YWQtZGYwZi00NTA1LTk2MTMtMmEwNGQzOTIzZDIy
LzEvSGpDbUltTGN5eUdnRUVzMDdiZ3JsUlhLemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVdIMA0E
AgACMAcDBQMqDvaAMA0GCSqGSIb3DQEBCwUAA4IBAQA8jujtPZOGzsovZnOY9vd0
5VB01TDEmS4Rd2a5hEFjN+EGgVs7ovCXATPgphWZIez1s3M9F6AbFRTB+rCPTNC/
uwzKCXPw8DjjjsxspKmCyb7SPHSJkbO6SpLs3o81V3NHerb2+8+D7pjm6NNaXG9A
RHqxXGzHZpLoNhUIbdtoX+3xBVHL5fKOzGg7X7DDg+wae/2QlpXqJkwtRzRIK5MQ
2TVXRmMt3qf5Sc/4Y79dcHEjWrHH0rVgpiKyC99bZi/+S98Oj2pS092ln6K++vyZ
EuRADX4SuM2836hskX8ewjKpXjMn+49czVhw1L0mpP+kDEzLMzfMsDjQTUnlr1Ie
-----END CERTIFICATE-----