Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/HMqUmjtKkA-N3fyBqpFEeTnBhXw.roa
File:                     HMqUmjtKkA-N3fyBqpFEeTnBhXw.roa (raw, json)
Hash identifier:          ImZKOMRKlYFWETPLAi4ytxwZduq7IzXSaaqDJb+8P/k=
Subject key identifier:   1C:CA:94:9A:3B:4A:90:0F:8D:DD:FC:81:AA:91:44:79:39:C1:85:7C
Certificate issuer:       /CN=ddceb08a4b40f1f85e4eba17cdc7c83e47bb597d
Certificate serial:       018CC5003FF394E39D88C045BAFFA789F8DC
Authority key identifier: DD:CE:B0:8A:4B:40:F1:F8:5E:4E:BA:17:CD:C7:C8:3E:47:BB:59:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3c6wiktA8fheTroXzcfIPke7WX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/HMqUmjtKkA-N3fyBqpFEeTnBhXw.roa
Signing time:             Mon 01 Jan 2024 12:29:37 +0000
ROA not before:           Mon 01 Jan 2024 12:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49407
IP address blocks:        91.212.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/3c6wiktA8fheTroXzcfIPke7WX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/3c6wiktA8fheTroXzcfIPke7WX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3c6wiktA8fheTroXzcfIPke7WX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3f:f3:94:e3:9d:88:c0:45:ba:ff:a7:89:f8:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddceb08a4b40f1f85e4eba17cdc7c83e47bb597d
        Validity
            Not Before: Jan  1 12:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cca949a3b4a900f8dddfc81aa91447939c1857c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a5:1c:c5:ef:18:8d:4c:a4:55:d5:9b:8b:86:
                    67:97:4c:a0:45:52:1a:32:f1:47:a4:b6:8e:59:16:
                    0a:9c:cf:fb:2b:83:87:e4:bc:a5:05:20:6d:0a:d1:
                    52:9a:e2:e4:5f:63:3f:d5:50:22:f8:51:04:69:a6:
                    ff:f3:9a:b9:de:76:1e:49:3c:09:0f:4c:cb:40:8e:
                    fa:69:6e:44:67:b9:93:cd:53:22:0a:f0:dd:24:26:
                    72:27:9a:6b:fc:f7:96:7b:9d:d8:50:92:ec:26:e9:
                    e6:e0:f7:a4:de:eb:e0:f2:1b:b4:e7:94:3f:9e:c6:
                    f3:74:3b:9f:46:96:ec:df:f4:b0:73:c1:6f:33:6a:
                    b7:e3:8c:85:62:c9:83:b4:eb:98:6a:69:b0:4c:86:
                    64:bc:ad:8a:a2:f4:ee:6b:2a:d5:d1:fb:e1:58:73:
                    f7:eb:f5:a9:fd:16:76:c1:a8:e4:fa:ac:ab:2c:7c:
                    f1:62:57:99:c5:db:2e:87:92:07:52:d2:56:dc:1d:
                    82:1a:1c:e3:77:b4:bf:7b:1d:38:82:15:b6:0a:bd:
                    bc:b0:a7:5d:d0:b0:0f:85:14:7d:c4:fd:a0:71:d2:
                    64:81:97:80:09:53:b6:b2:2e:94:04:8a:66:45:a3:
                    6e:6f:0c:88:30:cd:fb:4e:60:9e:cf:cf:fb:d4:fe:
                    78:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:CA:94:9A:3B:4A:90:0F:8D:DD:FC:81:AA:91:44:79:39:C1:85:7C
            X509v3 Authority Key Identifier:
                keyid:DD:CE:B0:8A:4B:40:F1:F8:5E:4E:BA:17:CD:C7:C8:3E:47:BB:59:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c6wiktA8fheTroXzcfIPke7WX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/HMqUmjtKkA-N3fyBqpFEeTnBhXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/92b0df-e0db-4276-8334-8db944e13810/1/3c6wiktA8fheTroXzcfIPke7WX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:aa:ce:de:78:e4:4f:e1:85:60:87:6e:66:ad:e0:57:00:3b:
         ed:89:08:b9:f5:f0:6b:43:f9:1d:10:d8:e1:ec:65:53:a8:dd:
         5d:f2:88:ea:d5:29:b6:ea:5f:42:84:34:36:8e:f7:32:ee:0b:
         3f:0a:59:ab:7d:84:21:d6:5c:87:a0:ee:3f:a3:ec:c7:06:29:
         76:c0:8d:e4:a1:71:cf:8e:78:a0:d4:de:b1:12:36:bd:d6:1e:
         e0:c5:97:97:be:dc:9e:a4:64:64:34:97:62:28:66:b3:cf:69:
         0c:16:e3:f2:c5:e1:28:e1:b6:50:30:75:41:7d:31:ce:77:f6:
         6b:b4:db:7f:f3:97:67:55:79:c5:a0:09:ea:96:79:aa:79:d5:
         46:82:6a:07:52:7e:cd:7f:d4:b7:b8:d1:d9:97:4b:d6:ed:02:
         65:1b:32:6c:40:35:d4:a7:5a:5c:47:16:6e:02:e8:6a:de:20:
         39:e2:4d:42:92:d9:e2:9e:62:d7:76:7d:db:42:27:c1:98:6f:
         1b:57:0e:04:ea:c9:a4:fb:f1:9a:93:f7:c9:8b:e9:05:c9:45:
         5c:61:91:a1:82:16:eb:64:a6:d7:51:cc:a6:9d:fb:55:37:97:
         6a:90:43:96:ad:3c:04:38:9e:5c:22:92:d9:94:5d:5b:a9:c7:
         c8:dc:94:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAD/zlOOdiMBFuv+nifjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkY2ViMDhhNGI0MGYxZjg1ZTRlYmExN2NkYzdjODNlNDdi
YjU5N2QwHhcNMjQwMTAxMTIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2NhOTQ5YTNiNGE5MDBmOGRkZGZjODFhYTkxNDQ3OTM5YzE4NTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KUcxe8YjUykVdWbi4Znl0ygRVIa
MvFHpLaOWRYKnM/7K4OH5LylBSBtCtFSmuLkX2M/1VAi+FEEaab/85q53nYeSTwJ
D0zLQI76aW5EZ7mTzVMiCvDdJCZyJ5pr/PeWe53YUJLsJunm4Pek3uvg8hu055Q/
nsbzdDufRpbs3/Swc8FvM2q344yFYsmDtOuYammwTIZkvK2KovTuayrV0fvhWHP3
6/Wp/RZ2wajk+qyrLHzxYleZxdsuh5IHUtJW3B2CGhzjd7S/ex04ghW2Cr28sKdd
0LAPhRR9xP2gcdJkgZeACVO2si6UBIpmRaNubwyIMM37TmCez8/71P54BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzKlJo7SpAPjd38gaqRRHk5wYV8MB8GA1UdIwQY
MBaAFN3OsIpLQPH4Xk66F83HyD5Hu1l9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2M2d2lrdEE4ZmhlVHJvWHpjZklQa2U3V1gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi85MmIwZGYtZTBkYi00Mjc2LTgzMzQt
OGRiOTQ0ZTEzODEwLzEvSE1xVW1qdEtrQS1OM2Z5QnFwRkVlVG5CaFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi85MmIwZGYtZTBkYi00Mjc2LTgzMzQtOGRiOTQ0ZTEzODEw
LzEvM2M2d2lrdEE4ZmhlVHJvWHpjZklQa2U3V1gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TQMA0G
CSqGSIb3DQEBCwUAA4IBAQAvqs7eeORP4YVgh25mreBXADvtiQi59fBrQ/kdENjh
7GVTqN1d8ojq1Sm26l9ChDQ2jvcy7gs/ClmrfYQh1lyHoO4/o+zHBil2wI3koXHP
jnig1N6xEja91h7gxZeXvtyepGRkNJdiKGazz2kMFuPyxeEo4bZQMHVBfTHOd/Zr
tNt/85dnVXnFoAnqlnmqedVGgmoHUn7Nf9S3uNHZl0vW7QJlGzJsQDXUp1pcRxZu
Auhq3iA54k1CktninmLXdn3bQifBmG8bVw4E6smk+/Gak/fJi+kFyUVcYZGhghbr
ZKbXUcymnftVN5dqkEOWrTwEOJ5cIpLZlF1bqcfI3JSg
-----END CERTIFICATE-----