Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/hGQn7IBSUUjGOMiHwvVwg9OHgJw.roa
File:                     hGQn7IBSUUjGOMiHwvVwg9OHgJw.roa (raw, json)
Hash identifier:          y3ozNJKr1ojtiIlj7iOw8HNvrF/pgQIuRODd+QKiYm0=
Subject key identifier:   84:64:27:EC:80:52:51:48:C6:38:C8:87:C2:F5:70:83:D3:87:80:9C
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       018CC8DED131E5869D5BB438DACBA1E8788C
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/hGQn7IBSUUjGOMiHwvVwg9OHgJw.roa
Signing time:             Tue 02 Jan 2024 06:31:34 +0000
ROA not before:           Tue 02 Jan 2024 06:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12843
IP address blocks:        212.114.32.0/21 maxlen: 21
                          2a00:9300::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d1:31:e5:86:9d:5b:b4:38:da:cb:a1:e8:78:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Jan  2 06:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=846427ec80525148c638c887c2f57083d387809c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:56:4d:e7:5d:f8:bb:2f:1b:cf:fe:1e:07:81:
                    f6:64:bf:70:d0:02:2c:f3:66:1e:0c:0c:2b:96:6d:
                    9a:f1:24:fa:c1:50:d6:54:df:5a:f0:6f:1e:d3:ed:
                    fb:9d:c5:93:16:e6:62:c7:a9:d6:77:b2:24:5d:e0:
                    ea:52:c8:37:45:df:12:c5:7e:81:08:40:ec:ed:95:
                    a9:dc:b8:40:8f:42:1a:34:99:93:b2:59:2b:25:8b:
                    a6:57:9c:78:e5:d8:ec:be:4a:16:7f:75:56:b9:65:
                    2a:dc:64:19:8c:8b:73:9c:bd:ad:21:b1:d3:8a:02:
                    8a:2e:25:c7:ef:4e:b3:e8:1c:e0:6c:cd:d0:ad:95:
                    30:26:38:55:4b:ce:86:26:ac:69:c3:5b:1d:7b:b0:
                    27:e9:25:b8:d3:a3:b5:5f:41:e2:16:5f:77:cd:96:
                    60:38:2d:55:8c:a5:4c:3c:f5:eb:b0:cd:b4:87:99:
                    b3:20:b0:24:fb:07:27:f9:b0:80:13:25:ab:5b:8a:
                    e4:3b:d9:42:7b:de:a7:c6:59:1d:b6:bb:b8:38:1e:
                    86:fc:8e:29:cb:e3:cd:c9:8c:58:cb:37:6d:eb:d5:
                    c2:68:cd:ab:c6:95:35:ff:85:bc:4e:b2:1a:ff:31:
                    d2:9c:a6:7b:82:8c:17:a4:12:f7:40:90:7b:67:dc:
                    68:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:64:27:EC:80:52:51:48:C6:38:C8:87:C2:F5:70:83:D3:87:80:9C
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/hGQn7IBSUUjGOMiHwvVwg9OHgJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.32.0/21
                IPv6:
                  2a00:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:58:59:f5:27:50:75:70:8c:0c:e7:a9:97:9e:fa:d4:1e:25:
         59:d3:16:05:19:f9:94:10:44:0c:7a:9a:8c:99:1d:d0:b1:03:
         dd:b3:de:07:1d:4b:5d:d5:cd:9e:c2:6d:54:ef:11:52:a0:93:
         1f:2c:92:22:95:6d:ef:b0:3a:c3:9d:fb:e2:a6:e1:3d:40:98:
         72:0a:dd:f5:c3:de:89:a5:ca:fc:c8:76:2e:a9:2e:46:03:82:
         d4:59:c2:2e:79:25:16:df:0c:2a:54:49:e2:2d:ed:f3:32:4a:
         31:9e:2a:13:d8:a8:41:2b:d3:63:49:6a:5c:67:67:40:00:ae:
         c2:7b:73:62:52:40:cc:8e:3b:56:f0:6e:3f:dc:26:58:8a:60:
         71:e7:f4:aa:4d:f8:69:77:aa:8c:71:ad:5a:72:b4:4f:e7:1a:
         c1:00:2a:fd:f4:e8:ae:8e:52:83:45:98:13:cc:ee:af:3e:3c:
         2e:85:b5:11:c7:ae:27:b4:37:4c:23:67:f2:4f:eb:85:7e:4f:
         d9:8f:f2:f2:aa:03:68:2c:6a:a3:0c:d3:2c:27:07:74:ad:c7:
         46:ee:e2:c8:8b:30:dd:8a:0e:f7:05:29:1e:36:f7:94:27:af:
         55:d9:b7:7e:8a:0e:5d:3f:b9:cd:63:89:b7:65:e7:ef:da:1a:
         17:a0:90:2b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3tEx5YadW7Q42suh6HiMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjQwMTAyMDYzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDY0MjdlYzgwNTI1MTQ4YzYzOGM4ODdjMmY1NzA4M2QzODc4MDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1ZN5134uy8bz/4eB4H2ZL9w0AIs
82YeDAwrlm2a8ST6wVDWVN9a8G8e0+37ncWTFuZix6nWd7IkXeDqUsg3Rd8SxX6B
CEDs7ZWp3LhAj0IaNJmTslkrJYumV5x45djsvkoWf3VWuWUq3GQZjItznL2tIbHT
igKKLiXH706z6BzgbM3QrZUwJjhVS86GJqxpw1sde7An6SW406O1X0HiFl93zZZg
OC1VjKVMPPXrsM20h5mzILAk+wcn+bCAEyWrW4rkO9lCe96nxlkdtru4OB6G/I4p
y+PNyYxYyzdt69XCaM2rxpU1/4W8TrIa/zHSnKZ7gowXpBL3QJB7Z9xohwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIRkJ+yAUlFIxjjIh8L1cIPTh4CcMB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvaEdRbjdJQlNVVWpHT01pSHd2VndnOU9IZ0p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQD1HIgMA0E
AgACMAcDBQAqAJMAMA0GCSqGSIb3DQEBCwUAA4IBAQBGWFn1J1B1cIwM56mXnvrU
HiVZ0xYFGfmUEEQMepqMmR3QsQPds94HHUtd1c2ewm1U7xFSoJMfLJIilW3vsDrD
nfvipuE9QJhyCt31w96Jpcr8yHYuqS5GA4LUWcIueSUW3wwqVEniLe3zMkoxnioT
2KhBK9NjSWpcZ2dAAK7Ce3NiUkDMjjtW8G4/3CZYimBx5/SqTfhpd6qMca1acrRP
5xrBACr99OiujlKDRZgTzO6vPjwuhbURx64ntDdMI2fyT+uFfk/Zj/LyqgNoLGqj
DNMsJwd0rcdG7uLIizDdig73BSkeNveUJ69V2bd+ig5dP7nNY4m3Zefv2hoXoJAr
-----END CERTIFICATE-----