Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/HJ2ikhXusiTTpm1Sgcd34hRkjEo.roa
File:                     HJ2ikhXusiTTpm1Sgcd34hRkjEo.roa (raw, json)
Hash identifier:          tbeCXgWksNvqXxqZ1sAC0NZTwE9Mi2WHIJ/XKxmjOds=
Subject key identifier:   1C:9D:A2:92:15:EE:B2:24:D3:A6:6D:52:81:C7:77:E2:14:64:8C:4A
Certificate issuer:       /CN=da1b9fe8f1a33917fee7e4dbe9fab925eb8625a9
Certificate serial:       018CC794E8EC4B256B2B5CFE3A5A7D4C7CEB
Authority key identifier: DA:1B:9F:E8:F1:A3:39:17:FE:E7:E4:DB:E9:FA:B9:25:EB:86:25:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2huf6PGjORf-5-Tb6fq5JeuGJak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/HJ2ikhXusiTTpm1Sgcd34hRkjEo.roa
Signing time:             Tue 02 Jan 2024 00:31:14 +0000
ROA not before:           Tue 02 Jan 2024 00:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60392
IP address blocks:        91.211.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/2huf6PGjORf-5-Tb6fq5JeuGJak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/2huf6PGjORf-5-Tb6fq5JeuGJak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2huf6PGjORf-5-Tb6fq5JeuGJak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e8:ec:4b:25:6b:2b:5c:fe:3a:5a:7d:4c:7c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da1b9fe8f1a33917fee7e4dbe9fab925eb8625a9
        Validity
            Not Before: Jan  2 00:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c9da29215eeb224d3a66d5281c777e214648c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fd:0a:9e:6e:dc:b8:48:c3:b8:30:85:15:31:
                    0e:18:e7:6f:63:6b:55:21:ff:c1:f3:47:5e:44:53:
                    d1:5b:84:91:2c:e3:6e:b7:38:a6:6b:0d:6d:88:3d:
                    73:f8:d7:99:93:5b:30:73:a5:9e:66:5b:01:81:6c:
                    38:4e:6f:b4:8a:8a:46:47:bf:b5:4b:a1:5b:df:e7:
                    21:ca:6e:dc:b4:2f:e9:60:89:6d:bb:f3:e5:1f:0e:
                    62:c7:16:bf:69:65:b1:cc:6b:fc:23:cb:f7:5b:c7:
                    ba:6e:85:7e:fe:8b:e4:05:5e:27:b1:8e:ba:25:58:
                    b1:52:d8:a1:a9:14:24:89:00:7f:29:0f:d8:36:bb:
                    27:e0:a1:47:4a:fa:8c:70:42:1b:35:24:84:a4:8e:
                    fc:91:2e:60:bf:db:de:24:a6:9f:92:f7:fb:d4:97:
                    7e:1e:15:6e:13:87:83:ff:15:df:7f:c9:86:9e:bb:
                    fc:df:10:2a:b3:7f:ef:cc:58:ee:16:24:8e:22:fd:
                    b9:3e:5a:b7:10:71:30:57:a5:fb:b9:ba:57:57:ae:
                    cd:2b:f3:e9:79:69:61:bf:76:34:e4:0a:20:da:ac:
                    f3:4b:96:b6:9a:7d:60:0c:cd:73:ea:6b:b8:bb:f3:
                    d7:8f:ef:d0:d0:50:50:f1:91:24:d7:bd:40:c2:d8:
                    3f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:9D:A2:92:15:EE:B2:24:D3:A6:6D:52:81:C7:77:E2:14:64:8C:4A
            X509v3 Authority Key Identifier:
                keyid:DA:1B:9F:E8:F1:A3:39:17:FE:E7:E4:DB:E9:FA:B9:25:EB:86:25:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2huf6PGjORf-5-Tb6fq5JeuGJak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/HJ2ikhXusiTTpm1Sgcd34hRkjEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/42a166-8a86-48da-bb96-79fd5023de36/1/2huf6PGjORf-5-Tb6fq5JeuGJak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:8e:f9:c0:b1:8b:92:99:9c:d6:ba:e1:1b:81:22:6b:d9:6c:
         37:9f:0b:2e:5f:c1:26:33:02:b3:78:95:17:92:1d:ee:ff:8d:
         82:fb:1d:1e:2e:fa:f5:7c:f5:fc:ca:a2:b2:5a:a0:aa:a4:cf:
         98:bd:ac:d1:a5:be:bc:e9:40:f9:55:7c:91:cc:5b:d8:2d:5b:
         fd:3c:b7:31:12:1f:36:c0:e5:15:d3:f5:d2:0f:35:50:91:8a:
         52:6c:e6:71:8b:08:fd:2f:cb:0a:6f:da:5f:fe:24:1c:17:3f:
         20:36:27:2b:72:9a:af:e4:6a:a1:06:fa:c1:bd:38:b8:48:fd:
         11:08:cf:69:18:8a:6a:d8:8c:d7:a8:5e:06:57:a4:58:63:42:
         21:10:d3:b9:59:69:68:a7:e2:f1:5c:2a:34:ee:6b:0f:14:83:
         a9:d9:8d:34:06:4a:41:8f:07:47:f2:7e:2e:57:e9:ce:f6:77:
         e5:6a:4f:29:27:1c:df:ed:9d:4f:da:1b:ee:36:ed:2b:72:bf:
         44:99:00:67:f7:57:a8:e2:dc:5c:fc:54:6a:d7:38:23:52:b5:
         8e:c8:d3:27:80:d1:65:38:45:25:9b:fb:fb:c7:d5:d2:fb:98:
         56:54:0e:e3:1b:e9:47:9d:de:3a:9d:df:e6:e5:64:f9:fc:f3:
         90:0d:f8:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOjsSyVrK1z+Olp9THzrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMWI5ZmU4ZjFhMzM5MTdmZWU3ZTRkYmU5ZmFiOTI1ZWI4
NjI1YTkwHhcNMjQwMTAyMDAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzlkYTI5MjE1ZWViMjI0ZDNhNjZkNTI4MWM3NzdlMjE0NjQ4YzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjv0Knm7cuEjDuDCFFTEOGOdvY2tV
If/B80deRFPRW4SRLONutzimaw1tiD1z+NeZk1swc6WeZlsBgWw4Tm+0iopGR7+1
S6Fb3+chym7ctC/pYIltu/PlHw5ixxa/aWWxzGv8I8v3W8e6boV+/ovkBV4nsY66
JVixUtihqRQkiQB/KQ/YNrsn4KFHSvqMcEIbNSSEpI78kS5gv9veJKafkvf71Jd+
HhVuE4eD/xXff8mGnrv83xAqs3/vzFjuFiSOIv25Plq3EHEwV6X7ubpXV67NK/Pp
eWlhv3Y05Aog2qzzS5a2mn1gDM1z6mu4u/PXj+/Q0FBQ8ZEk171Awtg/swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBydopIV7rIk06ZtUoHHd+IUZIxKMB8GA1UdIwQY
MBaAFNobn+jxozkX/ufk2+n6uSXrhiWpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmh1ZjZQR2pPUmYtNS1UYjZmcTVKZXVHSmFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy80MmExNjYtOGE4Ni00OGRhLWJiOTYt
NzlmZDUwMjNkZTM2LzEvSEoyaWtoWHVzaVRUcG0xU2djZDM0aFJrakVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy80MmExNjYtOGE4Ni00OGRhLWJiOTYtNzlmZDUwMjNkZTM2
LzEvMmh1ZjZQR2pPUmYtNS1UYjZmcTVKZXVHSmFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9NWMA0G
CSqGSIb3DQEBCwUAA4IBAQAmjvnAsYuSmZzWuuEbgSJr2Ww3nwsuX8EmMwKzeJUX
kh3u/42C+x0eLvr1fPX8yqKyWqCqpM+YvazRpb686UD5VXyRzFvYLVv9PLcxEh82
wOUV0/XSDzVQkYpSbOZxiwj9L8sKb9pf/iQcFz8gNicrcpqv5GqhBvrBvTi4SP0R
CM9pGIpq2IzXqF4GV6RYY0IhENO5WWlop+LxXCo07msPFIOp2Y00BkpBjwdH8n4u
V+nO9nflak8pJxzf7Z1P2hvuNu0rcr9EmQBn91eo4txc/FRq1zgjUrWOyNMngNFl
OEUlm/v7x9XS+5hWVA7jG+lHnd46nd/m5WT5/POQDfjs
-----END CERTIFICATE-----