Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/hrGnS7JnuaCe8zNPhZxIcWaNtpE.roa
File:                     hrGnS7JnuaCe8zNPhZxIcWaNtpE.roa (raw, json)
Hash identifier:          VwSt7q0EqWDH6GnoptLLPhAgm+aqUHW8+0YUqFCm1Os=
Subject key identifier:   86:B1:A7:4B:B2:67:B9:A0:9E:F3:33:4F:85:9C:48:71:66:8D:B6:91
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       018CC3B7429C96A7C68B97313726835140A5
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/hrGnS7JnuaCe8zNPhZxIcWaNtpE.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43431
IP address blocks:        188.244.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:42:9c:96:a7:c6:8b:97:31:37:26:83:51:40:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86b1a74bb267b9a09ef3334f859c4871668db691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4b:b2:6f:2d:f0:f8:86:85:40:d4:f5:88:f0:
                    20:4c:97:85:0b:c9:20:db:d7:96:54:a0:35:3e:d1:
                    37:1b:e8:64:bf:db:eb:a6:39:78:29:20:14:0d:d2:
                    aa:55:59:81:75:ff:c4:53:e5:96:11:19:54:69:b3:
                    b0:6a:b5:e8:09:45:3e:a9:d4:e1:ec:c7:a5:99:8c:
                    aa:c0:6d:fb:e6:5d:2e:e1:26:95:f5:87:43:65:39:
                    bb:e8:f0:4d:ff:d9:9a:f0:a4:a0:9b:18:f7:70:f2:
                    0a:3f:6b:33:3f:3a:11:a9:cc:ff:e2:3a:c2:c9:9f:
                    b8:2e:49:5a:62:ec:ec:2d:ad:8e:a9:33:e2:04:c4:
                    ef:62:03:53:e6:1f:33:2c:83:31:76:26:a6:ca:5e:
                    a6:66:f7:4a:b5:ce:70:bf:98:42:bc:30:8a:f0:24:
                    37:39:ee:06:c5:e0:45:56:96:1f:1f:a0:e2:09:6a:
                    87:7c:44:90:84:0b:90:14:be:25:81:b3:ed:a5:dd:
                    84:6d:26:cc:f8:da:c1:bc:b6:10:0a:f1:1b:79:45:
                    be:b0:29:dc:b8:cb:13:00:d4:3b:fb:5d:a3:e4:96:
                    e5:41:2e:42:93:f7:5e:e2:71:bc:07:6a:50:83:9c:
                    d0:22:94:19:7f:be:7f:d3:a7:62:8d:86:db:0f:7c:
                    cf:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B1:A7:4B:B2:67:B9:A0:9E:F3:33:4F:85:9C:48:71:66:8D:B6:91
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/hrGnS7JnuaCe8zNPhZxIcWaNtpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.244.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:03:e2:2d:76:d2:20:03:48:6e:a9:70:20:c7:2a:0e:81:9e:
         4f:d8:fc:22:ea:31:05:a0:65:19:44:85:67:c9:4a:95:22:1d:
         68:c7:ac:40:75:0b:ff:a6:d6:aa:7c:d0:c1:57:63:df:c0:93:
         38:1a:ac:b8:60:e6:2b:e2:a1:6a:db:11:54:af:5b:d1:f4:9e:
         89:2b:72:4a:e5:11:c8:0c:5a:2e:7e:6b:6a:45:04:8d:77:ec:
         34:bc:08:ca:ef:86:31:f3:bc:a9:4c:f2:c9:25:2a:47:11:7a:
         d7:fe:d5:0a:1c:fb:88:0b:79:3d:c2:11:36:f6:eb:37:18:a4:
         ca:ed:a9:cb:59:b1:2b:b7:e4:8a:52:8a:50:08:a3:94:0b:06:
         45:88:71:9e:2c:12:39:5f:0a:39:86:9f:8c:23:03:82:b9:4f:
         a9:5e:8a:8a:53:90:a9:d5:9e:e5:91:d0:05:4a:56:4c:fd:a7:
         77:22:b5:f1:2c:20:e7:6d:18:56:0d:63:cd:2b:24:4d:48:e2:
         c9:c8:3d:55:9f:f9:bc:84:37:12:1d:7e:a2:0e:03:40:3a:be:
         aa:af:4c:22:62:14:f8:11:d6:32:c6:c5:22:f8:c5:a5:f5:75:
         ca:5e:01:d4:c6:21:98:cb:84:32:24:f3:97:d4:dc:e3:71:16:
         7a:e0:7e:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0KclqfGi5cxNyaDUUClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIxYTc0YmIyNjdiOWEwOWVmMzMzNGY4NTljNDg3MTY2OGRiNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEuyby3w+IaFQNT1iPAgTJeFC8kg
29eWVKA1PtE3G+hkv9vrpjl4KSAUDdKqVVmBdf/EU+WWERlUabOwarXoCUU+qdTh
7MelmYyqwG375l0u4SaV9YdDZTm76PBN/9ma8KSgmxj3cPIKP2szPzoRqcz/4jrC
yZ+4LklaYuzsLa2OqTPiBMTvYgNT5h8zLIMxdiamyl6mZvdKtc5wv5hCvDCK8CQ3
Oe4GxeBFVpYfH6DiCWqHfESQhAuQFL4lgbPtpd2EbSbM+NrBvLYQCvEbeUW+sCnc
uMsTANQ7+12j5JblQS5Ck/de4nG8B2pQg5zQIpQZf75/06dijYbbD3zPZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaxp0uyZ7mgnvMzT4WcSHFmjbaRMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvaHJHblM3Sm51YUNlOHpOUGhaeEljV2FOdHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPR7MA0G
CSqGSIb3DQEBCwUAA4IBAQB8A+ItdtIgA0huqXAgxyoOgZ5P2Pwi6jEFoGUZRIVn
yUqVIh1ox6xAdQv/ptaqfNDBV2PfwJM4Gqy4YOYr4qFq2xFUr1vR9J6JK3JK5RHI
DFoufmtqRQSNd+w0vAjK74Yx87ypTPLJJSpHEXrX/tUKHPuIC3k9whE29us3GKTK
7anLWbErt+SKUopQCKOUCwZFiHGeLBI5Xwo5hp+MIwOCuU+pXoqKU5Cp1Z7lkdAF
SlZM/ad3IrXxLCDnbRhWDWPNKyRNSOLJyD1Vn/m8hDcSHX6iDgNAOr6qr0wiYhT4
EdYyxsUi+MWl9XXKXgHUxiGYy4QyJPOX1NzjcRZ64H7K
-----END CERTIFICATE-----