Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/h_wMkxRpjd7fSMeF_40ZNocID5U.roa
File:                     h_wMkxRpjd7fSMeF_40ZNocID5U.roa (raw, json)
Hash identifier:          MtDTiIV5907X/54M3hLPKj8GQNrK2HQE4QH9ISwL534=
Subject key identifier:   87:FC:0C:93:14:69:8D:DE:DF:48:C7:85:FF:8D:19:36:87:08:0F:95
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7953987FF36E5249226B561D470882B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/h_wMkxRpjd7fSMeF_40ZNocID5U.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212414
IP address blocks:        193.233.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 22:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:39:87:ff:36:e5:24:92:26:b5:61:d4:70:88:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87fc0c9314698ddedf48c785ff8d193687080f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:d2:ee:bc:5f:1d:d1:01:9a:b5:2b:e3:5d:64:
                    2d:8b:99:a8:a6:4b:0b:28:58:54:b4:6a:74:9f:7e:
                    2b:ee:26:68:51:a2:3a:60:b2:36:1a:be:29:df:6c:
                    ec:01:a1:cf:77:6f:ac:ba:07:9c:64:2c:05:c0:26:
                    e5:4d:c8:99:be:cd:e2:00:b1:85:5b:2f:bc:51:75:
                    00:bb:1b:d6:78:d4:64:7c:c8:25:7d:54:31:c1:d4:
                    7f:48:7a:83:66:02:63:35:f5:51:c9:01:be:d4:6e:
                    69:b0:ea:b5:3c:95:83:f6:b6:1c:65:92:dd:08:2f:
                    b9:44:dc:ab:6f:d8:02:3d:7c:23:2a:34:46:a9:f5:
                    c9:ed:39:18:08:59:26:cf:09:c4:5f:ff:1b:b9:79:
                    82:e7:28:3f:de:13:da:d2:28:d2:5e:97:87:b6:36:
                    80:ff:5a:76:1f:47:2c:5b:fa:1a:52:6a:e9:95:9a:
                    79:f3:72:63:3e:df:cd:fe:33:d7:db:12:be:7c:40:
                    b6:48:76:69:2e:e7:96:b2:3a:35:c3:6a:f8:9f:87:
                    79:4f:db:54:83:8b:c4:67:05:99:32:15:ed:4c:6b:
                    dc:49:05:64:f0:06:ba:0b:43:65:e8:66:fc:01:f1:
                    ee:ba:e1:c0:1d:6e:f1:4f:d1:cd:78:62:32:70:2c:
                    49:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FC:0C:93:14:69:8D:DE:DF:48:C7:85:FF:8D:19:36:87:08:0F:95
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/h_wMkxRpjd7fSMeF_40ZNocID5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:5f:eb:45:37:37:6e:65:c6:88:97:d9:c5:12:46:bf:67:9b:
         3e:3c:f6:86:a8:22:b0:c0:7f:72:fe:f7:34:c0:01:5e:66:3c:
         5b:3d:96:27:07:2d:9e:8b:df:8d:a6:d7:2c:b4:ef:28:da:9c:
         77:a0:b5:2d:bd:46:78:cb:c7:89:b7:59:79:f3:d0:b2:28:2a:
         a3:c8:6d:ab:8e:67:cf:e9:62:48:9d:fa:d5:02:e6:60:76:c2:
         8a:d6:ba:15:83:1d:d2:c7:55:f9:e3:6b:c8:90:ff:0d:e8:6a:
         6b:72:70:5a:7e:79:be:6b:e8:e6:64:42:2a:05:3d:ba:12:1e:
         10:a5:9d:d8:f4:22:d1:c1:77:a3:c7:56:79:7f:f0:5d:79:61:
         ca:66:b7:10:4d:92:43:87:6d:cc:9a:8a:c5:41:89:7d:7b:cc:
         3c:d6:f6:f6:50:0a:eb:a4:a2:89:5a:36:df:41:56:eb:db:a8:
         fb:2f:99:00:4c:13:02:6e:69:3f:25:43:b1:15:20:9a:19:19:
         30:ea:51:09:61:50:52:17:cf:bc:b2:18:fc:60:d9:2e:c5:71:
         72:6b:cf:fd:06:7f:ae:92:5b:be:40:cb:a9:32:2e:63:7a:94:
         bb:5a:26:97:4a:e7:e0:e3:f9:c1:4f:3f:58:56:73:eb:ad:19:
         0d:ea:11:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlTmH/zblJJImtWHUcIgrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2ZjMGM5MzE0Njk4ZGRlZGY0OGM3ODVmZjhkMTkzNjg3MDgwZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNLuvF8d0QGatSvjXWQti5mopksL
KFhUtGp0n34r7iZoUaI6YLI2Gr4p32zsAaHPd2+sugecZCwFwCblTciZvs3iALGF
Wy+8UXUAuxvWeNRkfMglfVQxwdR/SHqDZgJjNfVRyQG+1G5psOq1PJWD9rYcZZLd
CC+5RNyrb9gCPXwjKjRGqfXJ7TkYCFkmzwnEX/8buXmC5yg/3hPa0ijSXpeHtjaA
/1p2H0csW/oaUmrplZp583JjPt/N/jPX2xK+fEC2SHZpLueWsjo1w2r4n4d5T9tU
g4vEZwWZMhXtTGvcSQVk8Aa6C0Nl6Gb8AfHuuuHAHW7xT9HNeGIycCxJdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIf8DJMUaY3e30jHhf+NGTaHCA+VMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvaF93TWt4UnBqZDdmU01lRl80MFpOb2NJRDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwelMMA0G
CSqGSIb3DQEBCwUAA4IBAQBHX+tFNzduZcaIl9nFEka/Z5s+PPaGqCKwwH9y/vc0
wAFeZjxbPZYnBy2ei9+NptcstO8o2px3oLUtvUZ4y8eJt1l589CyKCqjyG2rjmfP
6WJInfrVAuZgdsKK1roVgx3Sx1X542vIkP8N6GprcnBafnm+a+jmZEIqBT26Eh4Q
pZ3Y9CLRwXejx1Z5f/BdeWHKZrcQTZJDh23MmorFQYl9e8w81vb2UArrpKKJWjbf
QVbr26j7L5kATBMCbmk/JUOxFSCaGRkw6lEJYVBSF8+8shj8YNkuxXFya8/9Bn+u
klu+QMupMi5jepS7WiaXSufg4/nBTz9YVnPrrRkN6hHU
-----END CERTIFICATE-----