Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/hJ-LD-rw40r7Ig_MPZhvIn-Q6T4.roa
File:                     hJ-LD-rw40r7Ig_MPZhvIn-Q6T4.roa (raw, json)
Hash identifier:          XYNREJQvCSJCtYhZ5Ppaw/vyoJcreYRERFNhuK+VGGM=
Subject key identifier:   84:9F:8B:0F:EA:F0:E3:4A:FB:22:0F:CC:3D:98:6F:22:7F:90:E9:3E
Certificate issuer:       /CN=1c766b058c096753a34ad625d53275cd2dba5b33
Certificate serial:       018CC5000A6844331B2FC9CDD17339F64321
Authority key identifier: 1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/hJ-LD-rw40r7Ig_MPZhvIn-Q6T4.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51431
IP address blocks:        185.171.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:0a:68:44:33:1b:2f:c9:cd:d1:73:39:f6:43:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c766b058c096753a34ad625d53275cd2dba5b33
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=849f8b0feaf0e34afb220fcc3d986f227f90e93e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:12:c3:a8:68:cf:b1:d3:49:7d:e6:b3:fc:13:
                    59:64:35:cb:a8:e0:b8:f1:ce:fa:a1:bc:63:4d:70:
                    50:1d:c8:e3:48:23:59:53:5a:ad:ed:ba:c7:67:ac:
                    be:ba:62:c8:b0:b9:df:19:52:7c:43:a4:42:41:36:
                    4b:81:11:52:ec:0a:60:38:e3:cf:f1:c0:18:8a:23:
                    b9:b9:58:21:48:4e:42:fc:04:bb:d6:36:01:d4:27:
                    54:fb:d3:3d:1d:5e:7a:05:25:e3:f1:6a:4e:fd:e5:
                    d7:ee:e7:7d:53:0b:d1:2d:64:ac:55:aa:05:c3:e2:
                    b8:2c:38:db:9b:ab:34:22:86:26:d3:46:5d:58:a3:
                    5d:79:21:cf:e7:4e:ca:c2:b3:b7:11:bd:ef:a7:f3:
                    b1:01:2d:f5:7f:f5:d6:2e:85:38:ab:be:57:5e:4d:
                    3e:d3:1d:07:52:e9:92:4d:02:e2:47:f4:ab:a1:bf:
                    00:23:5b:40:31:a9:60:fc:cd:fe:30:30:7b:79:12:
                    e3:25:21:35:70:22:84:3e:f5:5c:f0:b1:c0:51:81:
                    2a:e0:94:67:9e:3d:f5:a0:7a:6c:71:e3:3b:a5:f3:
                    f9:a7:6a:75:da:1c:1a:65:97:e8:ec:72:73:14:c5:
                    d8:b5:92:54:7e:fa:a2:c1:0a:27:e6:0a:34:41:7d:
                    bc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:9F:8B:0F:EA:F0:E3:4A:FB:22:0F:CC:3D:98:6F:22:7F:90:E9:3E
            X509v3 Authority Key Identifier:
                keyid:1C:76:6B:05:8C:09:67:53:A3:4A:D6:25:D5:32:75:CD:2D:BA:5B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHZrBYwJZ1OjStYl1TJ1zS26WzM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/hJ-LD-rw40r7Ig_MPZhvIn-Q6T4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/ab83dc-c0e7-4ec3-af72-81917dffdcd7/1/HHZrBYwJZ1OjStYl1TJ1zS26WzM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:82:f9:ed:f4:13:fd:0a:d7:79:94:55:65:75:0f:61:83:bd:
         11:a6:e3:2f:13:af:3b:1b:d9:1d:21:18:51:87:87:64:36:b0:
         95:a5:30:aa:35:39:50:b3:a6:f8:bf:89:ae:bf:e5:65:2b:b2:
         f5:88:38:0b:8e:a3:c0:95:0a:9e:dc:89:d2:fb:af:65:eb:ef:
         ee:52:84:54:54:40:33:de:64:9c:07:4c:66:f8:60:01:2e:2d:
         54:e9:11:d0:00:d9:cc:2e:94:9a:29:09:d6:cf:20:be:90:78:
         ab:10:b0:3b:a1:db:2c:54:bf:5e:b5:42:a8:45:bf:2d:fa:3a:
         f0:d8:81:5a:c9:28:87:8f:da:a3:83:c5:bf:9f:c5:fa:e9:06:
         16:fc:5b:3e:68:f9:7b:30:7c:f2:2b:6d:c6:98:5d:77:f8:19:
         88:f1:f4:e2:2c:a9:d5:7e:ee:7e:5b:84:9b:58:6b:c4:5d:55:
         57:a2:14:00:ba:3b:25:05:08:ff:5e:43:9f:6e:d6:63:6c:1b:
         c3:42:c8:ce:88:72:dc:8d:74:c0:05:a8:73:64:bd:b4:55:e6:
         c8:45:84:93:8e:c0:26:9b:30:e8:b4:c1:ba:45:c9:01:2e:c7:
         ad:41:d7:ed:b9:e4:08:ce:b7:93:88:a7:f0:95:a0:8a:05:ea:
         87:43:03:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAApoRDMbL8nN0XM59kMhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNzY2YjA1OGMwOTY3NTNhMzRhZDYyNWQ1MzI3NWNkMmRi
YTViMzMwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDlmOGIwZmVhZjBlMzRhZmIyMjBmY2MzZDk4NmYyMjdmOTBlOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxLDqGjPsdNJfeaz/BNZZDXLqOC4
8c76obxjTXBQHcjjSCNZU1qt7brHZ6y+umLIsLnfGVJ8Q6RCQTZLgRFS7ApgOOPP
8cAYiiO5uVghSE5C/AS71jYB1CdU+9M9HV56BSXj8WpO/eXX7ud9UwvRLWSsVaoF
w+K4LDjbm6s0IoYm00ZdWKNdeSHP507KwrO3Eb3vp/OxAS31f/XWLoU4q75XXk0+
0x0HUumSTQLiR/Srob8AI1tAMalg/M3+MDB7eRLjJSE1cCKEPvVc8LHAUYEq4JRn
nj31oHpsceM7pfP5p2p12hwaZZfo7HJzFMXYtZJUfvqiwQon5go0QX28JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISfiw/q8ONK+yIPzD2YbyJ/kOk+MB8GA1UdIwQY
MBaAFBx2awWMCWdTo0rWJdUydc0tulszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzIt
ODE5MTdkZmZkY2Q3LzEvaEotTEQtcnc0MHI3SWdfTVBaaHZJbi1RNlQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hYjgzZGMtYzBlNy00ZWMzLWFmNzItODE5MTdkZmZkY2Q3
LzEvSEhackJZd0paMU9qU3RZbDFUSjF6UzI2V3pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuas1MA0G
CSqGSIb3DQEBCwUAA4IBAQCXgvnt9BP9Ctd5lFVldQ9hg70RpuMvE687G9kdIRhR
h4dkNrCVpTCqNTlQs6b4v4muv+VlK7L1iDgLjqPAlQqe3InS+69l6+/uUoRUVEAz
3mScB0xm+GABLi1U6RHQANnMLpSaKQnWzyC+kHirELA7odssVL9etUKoRb8t+jrw
2IFaySiHj9qjg8W/n8X66QYW/Fs+aPl7MHzyK23GmF13+BmI8fTiLKnVfu5+W4Sb
WGvEXVVXohQAujslBQj/XkOfbtZjbBvDQsjOiHLcjXTABahzZL20VebIRYSTjsAm
mzDotMG6RckBLsetQdftueQIzreTiKfwlaCKBeqHQwN7
-----END CERTIFICATE-----