Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/hpGgzUMp5Gj7L4s0mR10kbNriaU.roa
File:                     hpGgzUMp5Gj7L4s0mR10kbNriaU.roa (raw, json)
Hash identifier:          qPzfIa7ZZ+kmKhohD4gPPU+lKAUXRRmN8K3JuWJUDRU=
Subject key identifier:   86:91:A0:CD:43:29:E4:68:FB:2F:8B:34:99:1D:74:91:B3:6B:89:A5
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018E861F0AA08FAA9E44C4636F59D772C895
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/hpGgzUMp5Gj7L4s0mR10kbNriaU.roa
Signing time:             Thu 28 Mar 2024 17:32:45 +0000
ROA not before:           Thu 28 Mar 2024 17:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14445
IP address blocks:        109.122.41.0/24 maxlen: 24
                          193.93.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 19:23:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:1f:0a:a0:8f:aa:9e:44:c4:63:6f:59:d7:72:c8:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 28 17:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8691a0cd4329e468fb2f8b34991d7491b36b89a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ba:b3:6b:bd:fe:a9:46:44:b6:87:fc:f8:1b:
                    35:f4:4a:6a:bb:15:3f:a8:63:83:95:0c:7b:9e:5e:
                    5e:2f:47:af:c0:9e:29:60:f9:49:5a:c8:0b:ea:04:
                    eb:f5:3f:94:ca:c2:42:2f:bd:11:1c:41:24:ee:18:
                    8a:05:6b:46:75:1e:a0:60:1b:48:04:80:0b:07:66:
                    14:c4:11:88:7d:d3:61:5b:c1:1b:c6:d6:0f:f9:20:
                    6d:f0:1a:1b:92:23:36:eb:49:88:09:89:ba:83:d5:
                    e4:ae:12:45:02:2d:43:66:20:f0:cf:f1:60:ef:d8:
                    08:84:4b:e0:9c:b8:c9:67:04:45:6a:e2:b3:e6:53:
                    54:31:d0:74:48:c1:33:93:70:96:d2:30:86:35:cd:
                    2d:41:05:ac:95:6e:72:40:85:f8:46:75:d0:cd:d9:
                    a3:42:59:12:c5:02:d0:ac:32:31:85:19:0d:2d:fe:
                    b6:0a:02:a7:f5:eb:5e:ec:f8:52:f3:42:bf:6f:b9:
                    b6:67:1d:3a:62:06:35:70:6c:3e:77:94:fa:df:d0:
                    a9:32:2a:53:67:9a:fe:1d:f3:8d:26:97:b0:3e:4c:
                    49:05:df:02:f6:cd:4a:6f:c0:ad:5d:af:aa:d8:07:
                    9d:67:b6:63:29:33:fc:7d:8d:9b:23:ac:63:0d:20:
                    7c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:91:A0:CD:43:29:E4:68:FB:2F:8B:34:99:1D:74:91:B3:6B:89:A5
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/hpGgzUMp5Gj7L4s0mR10kbNriaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.41.0/24
                  193.93.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:07:90:f2:de:4c:67:f9:c1:82:38:02:0a:9a:ca:a2:35:df:
         4a:8c:08:43:5b:65:51:4f:7a:ff:8e:00:a5:f6:5c:82:e8:00:
         95:fb:34:21:3e:4a:bc:93:bd:e0:44:6f:49:1b:93:77:8d:b8:
         c7:7f:b7:82:1a:d2:b7:41:f7:ce:41:82:b4:8d:58:18:cd:32:
         ff:3d:50:59:77:99:e9:13:57:2d:bb:dc:1b:01:24:44:cc:01:
         12:92:b5:e2:47:29:89:68:65:30:6b:6c:41:61:ec:2b:b6:c4:
         4e:32:ca:12:70:bf:4b:34:e6:7e:0b:71:fa:6c:09:b1:26:d9:
         96:0f:79:14:cd:a7:78:4f:de:a5:65:6a:8a:87:f7:a0:85:a5:
         8d:ce:ba:f5:31:cc:2f:01:f4:a8:48:ed:58:ae:f4:79:c6:cf:
         9c:83:5b:2c:44:fb:ee:6f:09:23:a4:fc:9a:9f:e1:13:d0:ee:
         ad:4a:14:c7:90:4a:7f:d4:94:60:cc:72:34:93:e5:ad:67:ce:
         88:c4:47:50:26:79:ec:54:fe:e4:85:1b:b1:40:0a:56:64:21:
         e4:8e:65:1e:52:fa:f9:b0:44:32:62:2d:49:41:f3:62:06:69:
         dd:0d:34:f2:25:d9:2f:40:ec:6b:c8:bf:b4:71:81:28:f7:a8:
         88:87:c9:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6GHwqgj6qeRMRjb1nXcsiVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMzI4MTczMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjkxYTBjZDQzMjllNDY4ZmIyZjhiMzQ5OTFkNzQ5MWIzNmI4OWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLqza73+qUZEtof8+Bs19EpquxU/
qGODlQx7nl5eL0evwJ4pYPlJWsgL6gTr9T+UysJCL70RHEEk7hiKBWtGdR6gYBtI
BIALB2YUxBGIfdNhW8EbxtYP+SBt8BobkiM260mICYm6g9XkrhJFAi1DZiDwz/Fg
79gIhEvgnLjJZwRFauKz5lNUMdB0SMEzk3CW0jCGNc0tQQWslW5yQIX4RnXQzdmj
QlkSxQLQrDIxhRkNLf62CgKn9ete7PhS80K/b7m2Zx06YgY1cGw+d5T639CpMipT
Z5r+HfONJpewPkxJBd8C9s1Kb8CtXa+q2AedZ7ZjKTP8fY2bI6xjDSB8KwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIaRoM1DKeRo+y+LNJkddJGza4mlMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvaHBHZ3pVTXA1R2o3TDRzMG1SMTBrYk5yaWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbXopAwQA
wV00MA0GCSqGSIb3DQEBCwUAA4IBAQAnB5Dy3kxn+cGCOAIKmsqiNd9KjAhDW2VR
T3r/jgCl9lyC6ACV+zQhPkq8k73gRG9JG5N3jbjHf7eCGtK3QffOQYK0jVgYzTL/
PVBZd5npE1ctu9wbASREzAESkrXiRymJaGUwa2xBYewrtsROMsoScL9LNOZ+C3H6
bAmxJtmWD3kUzad4T96lZWqKh/eghaWNzrr1McwvAfSoSO1YrvR5xs+cg1ssRPvu
bwkjpPyan+ET0O6tShTHkEp/1JRgzHI0k+WtZ86IxEdQJnnsVP7khRuxQApWZCHk
jmUeUvr5sEQyYi1JQfNiBmndDTTyJdkvQOxryL+0cYEo96iIh8kZ
-----END CERTIFICATE-----