Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/294e84-cfc5-45a4-a5cd-33b7459975e0/1/HWV031eaF9PJCfOXn4pEJMzmtk0.roa
File:                     HWV031eaF9PJCfOXn4pEJMzmtk0.roa (raw, json)
Hash identifier:          y7EwDITsW7FWX2xwaL8l1Icvzusr5+5vDrVayd5AfXE=
Subject key identifier:   1D:65:74:DF:57:9A:17:D3:C9:09:F3:97:9F:8A:44:24:CC:E6:B6:4D
Certificate issuer:       /CN=5324defbaade93e998e13a942029dd593b8b2ea3
Certificate serial:       018CC4933903D36280BCE4F42E527F4C17D7
Authority key identifier: 53:24:DE:FB:AA:DE:93:E9:98:E1:3A:94:20:29:DD:59:3B:8B:2E:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UyTe-6rek-mY4TqUICndWTuLLqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/294e84-cfc5-45a4-a5cd-33b7459975e0/1/HWV031eaF9PJCfOXn4pEJMzmtk0.roa
Signing time:             Mon 01 Jan 2024 10:30:31 +0000
ROA not before:           Mon 01 Jan 2024 10:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200443
IP address blocks:        167.160.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/294e84-cfc5-45a4-a5cd-33b7459975e0/1/UyTe-6rek-mY4TqUICndWTuLLqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/294e84-cfc5-45a4-a5cd-33b7459975e0/1/UyTe-6rek-mY4TqUICndWTuLLqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UyTe-6rek-mY4TqUICndWTuLLqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:39:03:d3:62:80:bc:e4:f4:2e:52:7f:4c:17:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5324defbaade93e998e13a942029dd593b8b2ea3
        Validity
            Not Before: Jan  1 10:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d6574df579a17d3c909f3979f8a4424cce6b64d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0a:8e:19:14:4c:25:88:08:05:5b:f6:0c:3d:
                    50:b1:99:c7:0b:a4:09:c4:b6:7b:56:ed:29:be:12:
                    06:62:51:8b:92:86:03:33:c2:e4:47:38:a0:d2:73:
                    5e:3d:57:3c:ac:eb:a0:f6:f1:7b:e5:31:62:af:73:
                    e5:7d:ad:a3:ae:f9:6e:47:b4:13:98:6e:5c:f9:f9:
                    43:e0:03:63:22:a6:30:bc:6f:8a:e0:16:3d:ba:57:
                    0c:f4:fd:29:a4:86:7d:4e:52:fe:ee:ab:e4:33:5a:
                    b5:5c:43:ee:78:7b:ab:ab:88:d2:93:4a:f3:52:d2:
                    87:67:dc:fb:e2:ed:a7:83:b5:26:b2:5f:56:9e:6e:
                    09:ba:59:e7:c1:ba:c8:ed:a4:df:cc:a9:db:f3:7f:
                    b2:9c:d0:3c:48:89:3c:6d:f7:65:15:c0:3a:8d:33:
                    20:59:a0:63:be:1d:55:56:8e:ef:4b:80:42:f9:d8:
                    dd:87:5e:c8:92:a9:ba:f5:eb:66:38:31:c5:cc:14:
                    43:e7:a2:df:65:3c:22:12:81:8c:fb:34:db:48:98:
                    74:28:0f:3c:1b:61:e8:fe:b1:95:61:fe:64:bb:44:
                    c0:45:8b:9d:e9:4d:11:0d:78:f1:8a:26:6f:22:22:
                    32:67:ef:a9:a2:80:3b:ce:fd:1c:de:dd:14:f3:c4:
                    b9:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:65:74:DF:57:9A:17:D3:C9:09:F3:97:9F:8A:44:24:CC:E6:B6:4D
            X509v3 Authority Key Identifier:
                keyid:53:24:DE:FB:AA:DE:93:E9:98:E1:3A:94:20:29:DD:59:3B:8B:2E:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UyTe-6rek-mY4TqUICndWTuLLqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/294e84-cfc5-45a4-a5cd-33b7459975e0/1/HWV031eaF9PJCfOXn4pEJMzmtk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/294e84-cfc5-45a4-a5cd-33b7459975e0/1/UyTe-6rek-mY4TqUICndWTuLLqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:5b:7c:80:3c:58:28:90:30:d1:ca:16:19:4c:e8:c8:1d:8f:
         d4:c4:5d:bf:81:cc:5f:dd:04:3b:c7:5b:ae:8d:88:62:4b:6f:
         3a:60:44:c5:89:e5:c2:89:2a:f7:fc:67:20:88:40:79:8d:15:
         be:a6:cd:53:38:01:89:a6:03:81:a4:18:40:ff:26:2a:0f:32:
         66:ba:c0:40:16:06:d2:53:29:b3:b4:05:e4:2f:d9:4f:0b:40:
         a8:b1:c4:a1:3f:76:c4:0a:66:36:96:b3:ed:0c:ca:22:b4:c6:
         bf:86:c6:1b:d7:ea:4a:b9:72:48:94:4a:4c:ec:76:af:52:06:
         e4:34:e0:c4:e5:bf:e4:4d:b3:2e:0c:01:3d:bf:a1:17:f6:df:
         b6:23:76:2e:be:a7:13:0a:7f:f9:02:ef:c9:dd:c9:49:37:e8:
         af:32:f7:d8:bc:2e:0f:50:bc:10:fe:ec:a1:fe:63:1e:21:04:
         9d:15:93:84:72:14:bb:44:1f:e8:ff:f7:d1:5e:c0:d1:eb:47:
         73:a4:fb:b6:b6:8c:21:51:a0:ab:c5:ea:a9:5a:6e:8c:4c:34:
         94:67:37:26:2b:4e:b1:ac:ce:24:51:de:18:69:aa:f1:6e:66:
         f2:7c:59:59:fe:30:75:1a:55:ac:c9:13:9b:c1:65:67:11:a4:
         f0:ed:c1:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzkD02KAvOT0LlJ/TBfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMjRkZWZiYWFkZTkzZTk5OGUxM2E5NDIwMjlkZDU5M2I4
YjJlYTMwHhcNMjQwMTAxMTAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDY1NzRkZjU3OWExN2QzYzkwOWYzOTc5ZjhhNDQyNGNjZTZiNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQqOGRRMJYgIBVv2DD1QsZnHC6QJ
xLZ7Vu0pvhIGYlGLkoYDM8LkRzig0nNePVc8rOug9vF75TFir3Plfa2jrvluR7QT
mG5c+flD4ANjIqYwvG+K4BY9ulcM9P0ppIZ9TlL+7qvkM1q1XEPueHurq4jSk0rz
UtKHZ9z74u2ng7Umsl9Wnm4JulnnwbrI7aTfzKnb83+ynNA8SIk8bfdlFcA6jTMg
WaBjvh1VVo7vS4BC+djdh17Ikqm69etmODHFzBRD56LfZTwiEoGM+zTbSJh0KA88
G2Ho/rGVYf5ku0TARYud6U0RDXjxiiZvIiIyZ++pooA7zv0c3t0U88S5WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1ldN9XmhfTyQnzl5+KRCTM5rZNMB8GA1UdIwQY
MBaAFFMk3vuq3pPpmOE6lCAp3Vk7iy6jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXlUZS02cmVrLW1ZNFRxVUlDbmRXVHVMTHFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8yOTRlODQtY2ZjNS00NWE0LWE1Y2Qt
MzNiNzQ1OTk3NWUwLzEvSFdWMDMxZWFGOVBKQ2ZPWG40cEVKTXptdGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8yOTRlODQtY2ZjNS00NWE0LWE1Y2QtMzNiNzQ1OTk3NWUw
LzEvVXlUZS02cmVrLW1ZNFRxVUlDbmRXVHVMTHFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp6AKMA0G
CSqGSIb3DQEBCwUAA4IBAQAUW3yAPFgokDDRyhYZTOjIHY/UxF2/gcxf3QQ7x1uu
jYhiS286YETFieXCiSr3/GcgiEB5jRW+ps1TOAGJpgOBpBhA/yYqDzJmusBAFgbS
UymztAXkL9lPC0CoscShP3bECmY2lrPtDMoitMa/hsYb1+pKuXJIlEpM7HavUgbk
NODE5b/kTbMuDAE9v6EX9t+2I3YuvqcTCn/5Au/J3clJN+ivMvfYvC4PULwQ/uyh
/mMeIQSdFZOEchS7RB/o//fRXsDR60dzpPu2towhUaCrxeqpWm6MTDSUZzcmK06x
rM4kUd4YaarxbmbyfFlZ/jB1GlWsyRObwWVnEaTw7cEv
-----END CERTIFICATE-----