Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a3e965-9cf4-40e8-a085-49031c770487/1/hMBf_1SUv-HOMl1iNjeB-HQ5czk.roa
File:                     hMBf_1SUv-HOMl1iNjeB-HQ5czk.roa (raw, json)
Hash identifier:          IvwRlOceL2uG/hwiFZQ+bxvQP/yPdsRFdu9Np57ZKVg=
Subject key identifier:   84:C0:5F:FF:54:94:BF:E1:CE:32:5D:62:36:37:81:F8:74:39:73:39
Certificate issuer:       /CN=215181b82776978ad2dbb69528dce9b2098eb07e
Certificate serial:       018CC86F41E72B6BF84F87FF1E9C456E1E24
Authority key identifier: 21:51:81:B8:27:76:97:8A:D2:DB:B6:95:28:DC:E9:B2:09:8E:B0:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IVGBuCd2l4rS27aVKNzpsgmOsH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a3e965-9cf4-40e8-a085-49031c770487/1/hMBf_1SUv-HOMl1iNjeB-HQ5czk.roa
Signing time:             Tue 02 Jan 2024 04:29:43 +0000
ROA not before:           Tue 02 Jan 2024 04:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206293
IP address blocks:        195.5.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a3e965-9cf4-40e8-a085-49031c770487/1/IVGBuCd2l4rS27aVKNzpsgmOsH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a3e965-9cf4-40e8-a085-49031c770487/1/IVGBuCd2l4rS27aVKNzpsgmOsH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IVGBuCd2l4rS27aVKNzpsgmOsH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:50:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:41:e7:2b:6b:f8:4f:87:ff:1e:9c:45:6e:1e:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=215181b82776978ad2dbb69528dce9b2098eb07e
        Validity
            Not Before: Jan  2 04:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84c05fff5494bfe1ce325d62363781f874397339
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7a:94:02:be:d7:fc:6e:f6:70:2e:da:25:e1:
                    ab:e7:f9:72:1a:b3:42:48:66:be:ec:4b:5b:0c:65:
                    8d:97:c0:0e:2f:a1:b9:65:dc:ff:bd:01:29:f6:eb:
                    1b:c7:94:03:fc:3b:cc:47:0e:1b:7d:fd:2b:09:40:
                    8a:5c:55:25:3a:1c:99:1c:ab:7f:77:79:7c:a7:ef:
                    73:2d:a7:08:7f:2d:1e:ad:f4:50:0e:13:42:ef:1c:
                    75:35:6d:0c:43:13:26:8e:85:63:af:71:d2:54:7c:
                    dd:cb:34:96:25:93:dd:08:e3:42:8c:00:07:24:4a:
                    81:c5:46:78:f1:a3:13:e5:13:42:c8:ec:fd:3e:f0:
                    e4:a0:63:a8:20:ab:f9:0d:e0:46:46:21:a3:60:e9:
                    80:ec:ed:33:ca:d1:00:4b:ca:5c:cb:25:3f:c3:89:
                    33:03:46:a3:f0:49:05:db:4f:b6:92:05:b9:23:c7:
                    fc:bc:a1:8f:a3:c1:5d:fa:a2:3d:1e:04:ff:eb:33:
                    0f:66:a4:5a:9d:b0:b8:80:b3:17:8a:bf:77:fa:cc:
                    11:03:bb:1c:f6:77:ba:f5:21:f7:01:0b:c5:1b:5d:
                    d2:63:95:76:6d:fa:95:52:da:67:9d:d5:91:df:b3:
                    2a:1f:be:4d:07:31:c6:73:73:53:9e:ae:ae:01:c2:
                    e1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C0:5F:FF:54:94:BF:E1:CE:32:5D:62:36:37:81:F8:74:39:73:39
            X509v3 Authority Key Identifier:
                keyid:21:51:81:B8:27:76:97:8A:D2:DB:B6:95:28:DC:E9:B2:09:8E:B0:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IVGBuCd2l4rS27aVKNzpsgmOsH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a3e965-9cf4-40e8-a085-49031c770487/1/hMBf_1SUv-HOMl1iNjeB-HQ5czk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a3e965-9cf4-40e8-a085-49031c770487/1/IVGBuCd2l4rS27aVKNzpsgmOsH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:b2:91:7c:db:0e:94:bf:48:24:e1:53:a4:d4:1d:37:5f:cb:
         11:27:74:bf:ab:c8:75:65:1a:06:54:a4:37:93:1d:08:73:c4:
         ba:92:2a:f4:07:2c:6e:60:64:8e:7c:37:27:1e:34:94:31:ae:
         c4:5a:87:e1:99:1b:c0:18:fa:b8:1d:e4:e0:e2:42:10:23:ad:
         16:87:9c:c2:4e:40:9e:44:8d:96:ab:d1:a7:06:52:e1:69:f4:
         82:03:20:9b:17:4e:61:98:39:ba:de:37:45:86:7b:e9:05:f1:
         a6:90:e8:11:a5:29:5f:8c:f1:81:62:1f:b4:8c:ab:63:9b:c8:
         f2:ea:68:21:ed:45:74:f3:80:05:be:43:4d:79:7b:95:d1:2c:
         24:7c:f9:2a:a8:31:d0:38:6d:d6:2a:58:0e:88:ce:60:03:69:
         ed:13:3f:38:ea:b5:cc:ba:d0:1b:42:f1:61:7f:ee:89:70:24:
         aa:e6:e4:54:77:c5:29:fc:e4:1d:e8:d0:27:5d:f2:f6:7a:f5:
         02:c2:e1:8b:87:dc:9c:f4:34:20:bb:b9:16:22:23:92:b7:f3:
         03:1e:a2:c3:62:cf:90:bd:08:7d:dc:6e:cd:70:a4:50:9d:36:
         f2:b5:5e:9c:75:a7:8c:57:9b:97:59:19:3b:b8:44:77:11:f3:
         ed:3d:82:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0HnK2v4T4f/HpxFbh4kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNTE4MWI4Mjc3Njk3OGFkMmRiYjY5NTI4ZGNlOWIyMDk4
ZWIwN2UwHhcNMjQwMTAyMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGMwNWZmZjU0OTRiZmUxY2UzMjVkNjIzNjM3ODFmODc0Mzk3MzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXqUAr7X/G72cC7aJeGr5/lyGrNC
SGa+7EtbDGWNl8AOL6G5Zdz/vQEp9usbx5QD/DvMRw4bff0rCUCKXFUlOhyZHKt/
d3l8p+9zLacIfy0erfRQDhNC7xx1NW0MQxMmjoVjr3HSVHzdyzSWJZPdCONCjAAH
JEqBxUZ48aMT5RNCyOz9PvDkoGOoIKv5DeBGRiGjYOmA7O0zytEAS8pcyyU/w4kz
A0aj8EkF20+2kgW5I8f8vKGPo8Fd+qI9HgT/6zMPZqRanbC4gLMXir93+swRA7sc
9ne69SH3AQvFG13SY5V2bfqVUtpnndWR37MqH75NBzHGc3NTnq6uAcLhRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITAX/9UlL/hzjJdYjY3gfh0OXM5MB8GA1UdIwQY
MBaAFCFRgbgndpeK0tu2lSjc6bIJjrB+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVZHQnVDZDJsNHJTMjdhVktOenBzZ21Pc0g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hM2U5NjUtOWNmNC00MGU4LWEwODUt
NDkwMzFjNzcwNDg3LzEvaE1CZl8xU1V2LUhPTWwxaU5qZUItSFE1Y3prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hM2U5NjUtOWNmNC00MGU4LWEwODUtNDkwMzFjNzcwNDg3
LzEvSVZHQnVDZDJsNHJTMjdhVktOenBzZ21Pc0g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwW/MA0G
CSqGSIb3DQEBCwUAA4IBAQBtspF82w6Uv0gk4VOk1B03X8sRJ3S/q8h1ZRoGVKQ3
kx0Ic8S6kir0ByxuYGSOfDcnHjSUMa7EWofhmRvAGPq4HeTg4kIQI60Wh5zCTkCe
RI2Wq9GnBlLhafSCAyCbF05hmDm63jdFhnvpBfGmkOgRpSlfjPGBYh+0jKtjm8jy
6mgh7UV084AFvkNNeXuV0SwkfPkqqDHQOG3WKlgOiM5gA2ntEz846rXMutAbQvFh
f+6JcCSq5uRUd8Up/OQd6NAnXfL2evUCwuGLh9yc9DQgu7kWIiOSt/MDHqLDYs+Q
vQh93G7NcKRQnTbytV6cdaeMV5uXWRk7uER3EfPtPYKK
-----END CERTIFICATE-----