Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/HvzswHPBy6rvY1gikwqKW3-pFe0.roa
File:                     HvzswHPBy6rvY1gikwqKW3-pFe0.roa (raw, json)
Hash identifier:          VF0VHr8+si6DQ8V97h1OD+aPu9PyXY/PjWz/QTEXmNk=
Subject key identifier:   1E:FC:EC:C0:73:C1:CB:AA:EF:63:58:22:93:0A:8A:5B:7F:A9:15:ED
Certificate issuer:       /CN=30c409613fea0a2b442ce112e9cbdb485e01188f
Certificate serial:       018CC94DFA13E6BAAD50CAD2D814AF285496
Authority key identifier: 30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/HvzswHPBy6rvY1gikwqKW3-pFe0.roa
Signing time:             Tue 02 Jan 2024 08:32:59 +0000
ROA not before:           Tue 02 Jan 2024 08:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15606
IP address blocks:        192.195.72.0/24 maxlen: 24
                          2001:7f9:c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fa:13:e6:ba:ad:50:ca:d2:d8:14:af:28:54:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30c409613fea0a2b442ce112e9cbdb485e01188f
        Validity
            Not Before: Jan  2 08:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1efcecc073c1cbaaef635822930a8a5b7fa915ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c9:15:1a:ea:99:a3:a5:31:0d:6f:c9:d3:d8:
                    ca:ae:95:64:0e:8b:0a:c9:a5:5e:ed:3e:e2:e8:3c:
                    17:e7:a7:ed:a4:7a:b1:60:37:68:d2:b4:13:80:16:
                    6d:26:40:25:af:b9:24:79:04:4e:ad:1b:60:ba:8d:
                    b7:71:5a:72:19:50:98:5a:89:f9:d0:16:60:b2:b0:
                    e9:47:1d:71:51:4b:a7:03:63:d1:4c:00:22:8d:b6:
                    65:0e:be:de:8d:6d:af:5a:4b:5e:9a:49:db:44:6a:
                    bc:d4:d0:1c:19:17:54:30:1b:c0:6e:a9:b0:4b:45:
                    bf:4f:db:c2:6b:18:70:76:5a:d7:22:ca:59:df:0d:
                    8b:94:65:bd:4f:e5:60:0d:d8:24:49:78:1b:5b:d1:
                    ea:a1:0c:33:94:23:e8:10:48:83:19:cc:01:a1:06:
                    43:60:10:ce:f3:e7:da:9c:2c:56:40:e4:db:8e:52:
                    99:45:71:e5:1d:3a:3f:a6:dc:ae:83:e4:cc:45:5d:
                    01:2e:4d:85:c0:13:16:3a:d6:90:7a:27:7f:c9:1b:
                    a1:98:29:f7:82:44:8a:08:53:13:fc:b1:69:34:d7:
                    93:22:32:37:4a:d7:8b:3e:60:52:50:98:8e:5d:77:
                    aa:94:21:c0:4d:17:38:30:4a:2e:4c:e7:c0:53:75:
                    f1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:FC:EC:C0:73:C1:CB:AA:EF:63:58:22:93:0A:8A:5B:7F:A9:15:ED
            X509v3 Authority Key Identifier:
                keyid:30:C4:09:61:3F:EA:0A:2B:44:2C:E1:12:E9:CB:DB:48:5E:01:18:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MMQJYT_qCitELOES6cvbSF4BGI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/HvzswHPBy6rvY1gikwqKW3-pFe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b78fb5-afca-4db7-8886-c0671bf4cf3e/1/MMQJYT_qCitELOES6cvbSF4BGI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.195.72.0/24
                IPv6:
                  2001:7f9:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:40:17:53:0f:ff:e9:30:69:09:b4:e3:b6:f9:41:ae:3d:f6:
         f3:c9:f5:86:6b:e2:70:1c:e6:01:ab:61:c7:6f:77:ce:77:d6:
         80:b7:d5:3f:7d:92:89:2e:0e:f4:e6:7e:ad:40:db:84:f1:7c:
         99:ea:a8:29:3c:b6:ac:ac:5f:38:4b:c3:e6:73:29:ea:e1:29:
         fd:b8:03:e5:43:12:67:ce:1f:35:81:e3:f5:e0:ea:a0:94:60:
         da:6e:16:da:6f:11:31:3c:cd:f7:b4:46:70:16:4a:30:3f:53:
         47:95:69:89:22:27:73:6f:8c:fc:83:10:14:0a:cf:b9:83:68:
         31:90:22:e5:b0:ca:f5:04:73:4e:3b:63:43:b6:b2:cb:0b:68:
         f3:b1:ee:3d:fd:d8:a4:cb:17:9a:7b:2c:67:07:d6:a6:16:73:
         3c:c5:4d:f3:b6:26:62:aa:ad:d6:ab:6f:e3:c7:e2:75:78:f5:
         f5:d4:90:8e:bb:39:b8:af:ac:22:3b:91:f7:ff:2c:0d:c3:96:
         ab:b7:4a:76:60:01:97:8b:11:a7:53:05:10:70:7e:8a:cc:fd:
         8d:a0:2e:96:e0:06:4d:a5:8f:3e:68:e9:eb:32:5e:b4:cc:96:
         26:fe:5c:ed:18:54:b5:98:79:ea:59:b6:93:cd:9e:88:11:62:
         87:9b:b9:d2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTfoT5rqtUMrS2BSvKFSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYzQwOTYxM2ZlYTBhMmI0NDJjZTExMmU5Y2JkYjQ4NWUw
MTE4OGYwHhcNMjQwMTAyMDgzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWZjZWNjMDczYzFjYmFhZWY2MzU4MjI5MzBhOGE1YjdmYTkxNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgskVGuqZo6UxDW/J09jKrpVkDosK
yaVe7T7i6DwX56ftpHqxYDdo0rQTgBZtJkAlr7kkeQROrRtguo23cVpyGVCYWon5
0BZgsrDpRx1xUUunA2PRTAAijbZlDr7ejW2vWktemknbRGq81NAcGRdUMBvAbqmw
S0W/T9vCaxhwdlrXIspZ3w2LlGW9T+VgDdgkSXgbW9HqoQwzlCPoEEiDGcwBoQZD
YBDO8+fanCxWQOTbjlKZRXHlHTo/ptyug+TMRV0BLk2FwBMWOtaQeid/yRuhmCn3
gkSKCFMT/LFpNNeTIjI3SteLPmBSUJiOXXeqlCHATRc4MEouTOfAU3XxYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB787MBzwcuq72NYIpMKilt/qRXtMB8GA1UdIwQY
MBaAFDDECWE/6gorRCzhEunL20heARiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYt
YzA2NzFiZjRjZjNlLzEvSHZ6c3dIUEJ5NnJ2WTFnaWt3cUtXMy1wRmUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iNzhmYjUtYWZjYS00ZGI3LTg4ODYtYzA2NzFiZjRjZjNl
LzEvTU1RSllUX3FDaXRFTE9FUzZjdmJTRjRCR0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwMNIMA8E
AgACMAkDBwAgAQf5AAwwDQYJKoZIhvcNAQELBQADggEBAG1AF1MP/+kwaQm047b5
Qa499vPJ9YZr4nAc5gGrYcdvd8531oC31T99kokuDvTmfq1A24TxfJnqqCk8tqys
XzhLw+ZzKerhKf24A+VDEmfOHzWB4/Xg6qCUYNpuFtpvETE8zfe0RnAWSjA/U0eV
aYkiJ3NvjPyDEBQKz7mDaDGQIuWwyvUEc047Y0O2sssLaPOx7j392KTLF5p7LGcH
1qYWczzFTfO2JmKqrdarb+PH4nV49fXUkI67ObivrCI7kff/LA3Dlqu3SnZgAZeL
EadTBRBwforM/Y2gLpbgBk2ljz5o6esyXrTMlib+XO0YVLWYeepZtpPNnogRYoeb
udI=
-----END CERTIFICATE-----