Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/638f28-00d5-463b-b16c-f845bfc42f6d/1/HE_3DKej6eAv-7-NwQ8G8Qyf050.roa
File:                     HE_3DKej6eAv-7-NwQ8G8Qyf050.roa (raw, json)
Hash identifier:          1LHnflq3QRWFCv5eKvKQPdA7aRuDMSX+e0KqmSH8jZM=
Subject key identifier:   1C:4F:F7:0C:A7:A3:E9:E0:2F:FB:BF:8D:C1:0F:06:F1:0C:9F:D3:9D
Certificate issuer:       /CN=b0242b7e43053c913d62bf5dbb1682ffe6b8dfe2
Certificate serial:       018CCA2AB11870B275D9671EEF647F0F03D7
Authority key identifier: B0:24:2B:7E:43:05:3C:91:3D:62:BF:5D:BB:16:82:FF:E6:B8:DF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sCQrfkMFPJE9Yr9duxaC_-a43-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/638f28-00d5-463b-b16c-f845bfc42f6d/1/HE_3DKej6eAv-7-NwQ8G8Qyf050.roa
Signing time:             Tue 02 Jan 2024 12:34:04 +0000
ROA not before:           Tue 02 Jan 2024 12:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24971
IP address blocks:        91.214.192.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/638f28-00d5-463b-b16c-f845bfc42f6d/1/sCQrfkMFPJE9Yr9duxaC_-a43-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/638f28-00d5-463b-b16c-f845bfc42f6d/1/sCQrfkMFPJE9Yr9duxaC_-a43-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sCQrfkMFPJE9Yr9duxaC_-a43-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:b1:18:70:b2:75:d9:67:1e:ef:64:7f:0f:03:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0242b7e43053c913d62bf5dbb1682ffe6b8dfe2
        Validity
            Not Before: Jan  2 12:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c4ff70ca7a3e9e02ffbbf8dc10f06f10c9fd39d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d4:d0:06:42:5b:a5:fa:b7:e7:c9:58:ac:80:
                    c2:bb:96:c6:46:e4:50:5c:86:44:8e:e3:29:e3:33:
                    11:46:d7:f5:2d:7e:af:c3:e7:22:55:fd:3f:6e:e3:
                    04:f3:04:64:fb:d7:f6:b1:4e:ba:76:47:07:d2:20:
                    85:45:8c:53:83:54:40:a6:cf:a0:5a:40:3c:0d:36:
                    a0:40:2a:7b:c1:53:8f:68:06:9f:d9:e1:d3:26:3a:
                    a5:69:3f:26:cc:70:f1:6f:22:ef:2a:67:8d:55:89:
                    b0:74:c2:3c:13:f6:87:c4:15:90:90:76:48:ea:d0:
                    09:00:46:ce:21:81:36:16:2a:4b:75:bb:02:74:96:
                    57:18:e7:a8:95:51:fd:c5:05:f2:b0:e8:d0:59:40:
                    26:62:55:73:ae:5e:82:8e:35:6f:1d:a1:3f:db:12:
                    5c:1c:3c:58:47:05:61:47:ab:94:0b:c7:78:e7:70:
                    d8:2a:a1:bb:ae:d4:39:45:54:81:d4:f2:07:eb:63:
                    24:d5:56:33:a3:82:64:b4:58:00:dd:9b:11:5a:3c:
                    46:45:9a:13:d9:96:2e:27:d1:ef:2d:8b:95:15:26:
                    ab:52:14:03:ca:e6:44:7c:dd:94:94:af:5c:3e:99:
                    23:22:27:42:90:04:66:98:17:23:0a:bc:72:67:7c:
                    58:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:4F:F7:0C:A7:A3:E9:E0:2F:FB:BF:8D:C1:0F:06:F1:0C:9F:D3:9D
            X509v3 Authority Key Identifier:
                keyid:B0:24:2B:7E:43:05:3C:91:3D:62:BF:5D:BB:16:82:FF:E6:B8:DF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sCQrfkMFPJE9Yr9duxaC_-a43-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/638f28-00d5-463b-b16c-f845bfc42f6d/1/HE_3DKej6eAv-7-NwQ8G8Qyf050.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/638f28-00d5-463b-b16c-f845bfc42f6d/1/sCQrfkMFPJE9Yr9duxaC_-a43-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:ba:f1:76:aa:83:dd:3b:21:39:cb:79:d1:62:1b:c9:16:5e:
         9f:15:6d:a9:42:05:d1:4b:4c:d3:da:ad:ef:c6:3d:e0:bb:83:
         cf:6f:6d:3a:2d:f8:5d:f1:46:04:8c:6b:86:f5:81:30:19:95:
         d1:aa:07:9f:5c:65:30:0a:91:70:7c:b1:66:d0:a2:2e:ef:e8:
         3e:af:42:08:48:c2:94:53:69:7d:ca:28:7f:fd:53:0f:4a:7e:
         07:c3:56:b5:f1:66:9c:a5:a5:a1:d6:39:4b:16:c1:e8:cb:3a:
         60:48:4c:0e:3f:f8:e7:7e:a8:31:ad:66:c9:00:9e:77:b8:08:
         76:75:79:4e:03:ae:4a:64:16:c8:7e:df:c2:42:92:f3:e8:a3:
         79:71:a5:74:52:57:0c:82:d4:00:ed:3f:3c:52:61:35:e9:23:
         8a:5b:b2:a6:86:50:f1:5b:7e:b7:18:db:2a:97:90:56:42:2d:
         59:11:80:25:9f:b0:9b:f9:15:d7:a6:ff:d3:85:cc:bc:f2:48:
         a6:49:8f:ac:71:9c:74:47:63:63:b1:cc:46:1a:da:5e:78:d1:
         fb:cf:76:48:2d:1e:41:1a:a1:97:07:a1:74:60:f1:14:18:d7:
         ea:ba:17:2e:94:26:3d:d5:d3:c7:4f:4c:b1:16:87:04:9d:34:
         6d:97:ff:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKrEYcLJ12Wce72R/DwPXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMjQyYjdlNDMwNTNjOTEzZDYyYmY1ZGJiMTY4MmZmZTZi
OGRmZTIwHhcNMjQwMTAyMTIzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzRmZjcwY2E3YTNlOWUwMmZmYmJmOGRjMTBmMDZmMTBjOWZkMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NTQBkJbpfq358lYrIDCu5bGRuRQ
XIZEjuMp4zMRRtf1LX6vw+ciVf0/buME8wRk+9f2sU66dkcH0iCFRYxTg1RAps+g
WkA8DTagQCp7wVOPaAaf2eHTJjqlaT8mzHDxbyLvKmeNVYmwdMI8E/aHxBWQkHZI
6tAJAEbOIYE2FipLdbsCdJZXGOeolVH9xQXysOjQWUAmYlVzrl6CjjVvHaE/2xJc
HDxYRwVhR6uUC8d453DYKqG7rtQ5RVSB1PIH62Mk1VYzo4JktFgA3ZsRWjxGRZoT
2ZYuJ9HvLYuVFSarUhQDyuZEfN2UlK9cPpkjIidCkARmmBcjCrxyZ3xYIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxP9wyno+ngL/u/jcEPBvEMn9OdMB8GA1UdIwQY
MBaAFLAkK35DBTyRPWK/XbsWgv/muN/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0NRcmZrTUZQSkU5WXI5ZHV4YUNfLWE0My1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82MzhmMjgtMDBkNS00NjNiLWIxNmMt
Zjg0NWJmYzQyZjZkLzEvSEVfM0RLZWo2ZUF2LTctTndROEc4UXlmMDUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82MzhmMjgtMDBkNS00NjNiLWIxNmMtZjg0NWJmYzQyZjZk
LzEvc0NRcmZrTUZQSkU5WXI5ZHV4YUNfLWE0My1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9bAMA0G
CSqGSIb3DQEBCwUAA4IBAQCNuvF2qoPdOyE5y3nRYhvJFl6fFW2pQgXRS0zT2q3v
xj3gu4PPb206Lfhd8UYEjGuG9YEwGZXRqgefXGUwCpFwfLFm0KIu7+g+r0IISMKU
U2l9yih//VMPSn4Hw1a18WacpaWh1jlLFsHoyzpgSEwOP/jnfqgxrWbJAJ53uAh2
dXlOA65KZBbIft/CQpLz6KN5caV0UlcMgtQA7T88UmE16SOKW7KmhlDxW363GNsq
l5BWQi1ZEYAln7Cb+RXXpv/Thcy88kimSY+scZx0R2NjscxGGtpeeNH7z3ZILR5B
GqGXB6F0YPEUGNfquhculCY91dPHT0yxFocEnTRtl/9/
-----END CERTIFICATE-----