Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/HkJFDV04gN-isCFZl9fQWAOdNSw.roa
File:                     HkJFDV04gN-isCFZl9fQWAOdNSw.roa (raw, json)
Hash identifier:          cfI694wKsAeVawzvUWcTLYH6+vUVzfZKgwuADCg+shk=
Subject key identifier:   1E:42:45:0D:5D:38:80:DF:A2:B0:21:59:97:D7:D0:58:03:9D:35:2C
Certificate issuer:       /CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
Certificate serial:       018CC56E326DD5DFB09EFE7AE49B3C553AFD
Authority key identifier: 23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/HkJFDV04gN-isCFZl9fQWAOdNSw.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204492
IP address blocks:        82.194.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:32:6d:d5:df:b0:9e:fe:7a:e4:9b:3c:55:3a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23e3d92bfe16619ca500c03267effa9aa7ca0c47
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e42450d5d3880dfa2b0215997d7d058039d352c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:17:05:68:2f:aa:3a:0a:c4:1c:e5:f9:c6:f4:
                    9b:a9:a9:d4:18:74:75:01:53:05:0b:7b:ed:19:87:
                    03:5a:79:32:92:53:03:05:ac:d4:30:57:08:49:12:
                    fc:3c:8f:7c:04:7d:6c:2e:ad:92:91:c0:54:d8:d8:
                    5e:96:88:4d:e1:90:77:ef:22:19:27:9e:3b:43:33:
                    62:f3:ef:4e:b7:0f:73:61:ed:4e:c8:fd:de:50:c4:
                    da:d8:2c:3b:8e:1c:f4:25:75:d6:12:78:43:9c:33:
                    4c:8d:d8:cf:ab:45:0b:a6:7a:29:af:6a:ce:a7:17:
                    da:0a:0e:11:2a:2f:f2:24:02:f1:a4:b2:fb:b4:e7:
                    4f:34:70:94:8a:16:6d:f8:f1:c0:8a:b4:c5:ea:7a:
                    f4:a3:f3:45:27:e1:55:ad:fc:1b:86:3f:ce:91:57:
                    4e:b0:34:15:e9:8b:cf:40:19:ec:0d:ae:8a:06:22:
                    11:7d:ae:29:ea:c6:85:80:3b:34:0d:b2:09:e7:22:
                    65:a3:e9:0e:12:f2:34:6e:f5:86:39:ad:66:d1:e7:
                    4c:4a:6f:57:68:68:58:01:d9:fe:8d:d3:60:d9:c5:
                    d7:7d:52:88:9b:cc:85:bc:74:84:22:3d:ce:e2:f7:
                    cb:aa:37:63:5e:23:84:9e:69:91:04:9a:06:87:ec:
                    2c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:42:45:0D:5D:38:80:DF:A2:B0:21:59:97:D7:D0:58:03:9D:35:2C
            X509v3 Authority Key Identifier:
                keyid:23:E3:D9:2B:FE:16:61:9C:A5:00:C0:32:67:EF:FA:9A:A7:CA:0C:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I-PZK_4WYZylAMAyZ-_6mqfKDEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/HkJFDV04gN-isCFZl9fQWAOdNSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9c2c90-c7d4-48b7-9baf-f1bf0c33a908/1/I-PZK_4WYZylAMAyZ-_6mqfKDEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.194.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:d0:ca:fa:52:49:66:41:69:aa:f4:2a:63:7a:69:3a:7c:67:
         89:07:41:8e:41:87:00:70:ec:56:b5:81:39:7b:07:a3:67:f6:
         da:4a:77:f6:dd:d3:3e:15:22:e0:85:58:a0:9b:92:3b:a7:7c:
         4e:9a:c2:c1:f1:bd:5f:83:70:04:a5:01:21:f0:1c:64:31:41:
         2c:71:60:7f:c3:f9:38:80:2d:5d:eb:77:80:a1:49:00:da:1b:
         53:35:53:c4:1c:53:b1:cb:f4:45:93:2a:3d:07:88:32:5d:b2:
         80:3e:2d:70:b3:8c:c9:ed:6e:f7:98:5d:c8:52:56:89:d1:e5:
         8e:c1:0b:f4:c5:84:f8:fc:8e:62:3c:6c:46:88:db:92:de:91:
         3e:12:50:5c:cd:23:c8:3a:af:95:7b:f9:44:25:4e:35:9c:6f:
         f7:6a:fe:57:07:47:8f:4f:bc:86:4e:ba:de:61:69:07:64:b6:
         18:c0:be:b6:20:df:b4:d2:69:13:7a:58:86:37:68:27:83:7c:
         ce:22:be:c1:4f:8c:ae:03:78:55:28:11:30:11:e0:12:d3:cb:
         81:ee:5d:f2:14:7a:49:59:bd:2c:3f:e3:57:3d:11:81:c5:ee:
         6d:80:2c:19:04:ff:0e:54:6d:3a:21:fe:df:be:82:64:6c:6c:
         71:94:98:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjJt1d+wnv565Js8VTr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZTNkOTJiZmUxNjYxOWNhNTAwYzAzMjY3ZWZmYTlhYTdj
YTBjNDcwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQyNDUwZDVkMzg4MGRmYTJiMDIxNTk5N2Q3ZDA1ODAzOWQzNTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxcFaC+qOgrEHOX5xvSbqanUGHR1
AVMFC3vtGYcDWnkyklMDBazUMFcISRL8PI98BH1sLq2SkcBU2NhelohN4ZB37yIZ
J547QzNi8+9Otw9zYe1OyP3eUMTa2Cw7jhz0JXXWEnhDnDNMjdjPq0ULpnopr2rO
pxfaCg4RKi/yJALxpLL7tOdPNHCUihZt+PHAirTF6nr0o/NFJ+FVrfwbhj/OkVdO
sDQV6YvPQBnsDa6KBiIRfa4p6saFgDs0DbIJ5yJlo+kOEvI0bvWGOa1m0edMSm9X
aGhYAdn+jdNg2cXXfVKIm8yFvHSEIj3O4vfLqjdjXiOEnmmRBJoGh+wsRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5CRQ1dOIDforAhWZfX0FgDnTUsMB8GA1UdIwQY
MBaAFCPj2Sv+FmGcpQDAMmfv+pqnygxHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYt
ZjFiZjBjMzNhOTA4LzEvSGtKRkRWMDRnTi1pc0NGWmw5ZlFXQU9kTlN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85YzJjOTAtYzdkNC00OGI3LTliYWYtZjFiZjBjMzNhOTA4
LzEvSS1QWktfNFdZWnlsQU1BeVotXzZtcWZLREVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUsLsMA0G
CSqGSIb3DQEBCwUAA4IBAQA30Mr6UklmQWmq9Cpjemk6fGeJB0GOQYcAcOxWtYE5
ewejZ/baSnf23dM+FSLghVigm5I7p3xOmsLB8b1fg3AEpQEh8BxkMUEscWB/w/k4
gC1d63eAoUkA2htTNVPEHFOxy/RFkyo9B4gyXbKAPi1ws4zJ7W73mF3IUlaJ0eWO
wQv0xYT4/I5iPGxGiNuS3pE+ElBczSPIOq+Ve/lEJU41nG/3av5XB0ePT7yGTrre
YWkHZLYYwL62IN+00mkTeliGN2gng3zOIr7BT4yuA3hVKBEwEeAS08uB7l3yFHpJ
Wb0sP+NXPRGBxe5tgCwZBP8OVG06If7fvoJkbGxxlJhF
-----END CERTIFICATE-----