Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/ho24W8vGEGNxE60izaY5n1fM4TA.roa
File:                     ho24W8vGEGNxE60izaY5n1fM4TA.roa (raw, json)
Hash identifier:          kk8D0GXhL8iOzLjjhZgdMtTnrQ9AhX3Yz+v1Nej/XAU=
Subject key identifier:   86:8D:B8:5B:CB:C6:10:63:71:13:AD:22:CD:A6:39:9F:57:CC:E1:30
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0D971F67033902CD2C91B49175A7
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/ho24W8vGEGNxE60izaY5n1fM4TA.roa
Signing time:             Tue 02 Jan 2024 08:31:59 +0000
ROA not before:           Tue 02 Jan 2024 08:31:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210633
IP address blocks:        2a0a:280:1a00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0d:97:1f:67:03:39:02:cd:2c:91:b4:91:75:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=868db85bcbc610637113ad22cda6399f57cce130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:82:03:a7:c1:a8:99:6c:3d:f4:d1:4d:47:d7:
                    63:df:a7:8b:e4:39:c7:f3:5f:9e:75:f5:25:1c:6f:
                    c0:68:36:21:ed:fa:26:4e:13:b1:21:f9:c6:6a:e5:
                    a0:e4:e2:47:52:eb:32:41:6e:37:24:dd:42:6b:af:
                    ca:07:84:9c:3b:1f:2c:4b:a7:f0:96:d8:8c:39:35:
                    51:74:7b:98:e9:21:82:57:ae:a7:87:09:e0:3a:08:
                    c0:98:51:db:af:de:ac:4c:45:bb:a1:4d:8c:4e:78:
                    3c:ee:72:df:a6:c6:89:57:5b:db:61:34:e8:bb:bf:
                    09:a4:8d:50:9f:71:3d:cc:4a:09:03:28:a7:f7:d9:
                    a5:62:fd:7b:07:9b:54:2f:5a:a0:39:5a:61:46:40:
                    66:af:cd:f0:31:1c:53:23:0e:53:2e:bf:07:0e:a2:
                    6b:4d:c3:0c:e1:97:72:50:44:a5:60:f3:b9:b8:a1:
                    3d:21:96:75:37:97:02:7e:db:1a:1a:57:df:e1:58:
                    49:79:38:0d:a6:92:67:91:f6:d7:31:42:f2:3d:34:
                    34:6e:2f:09:88:4c:e0:b9:b0:cb:ac:b6:35:96:df:
                    1b:ca:8d:a4:56:1a:52:59:1c:da:25:81:44:cb:14:
                    c5:25:27:ab:73:66:e4:95:4e:84:77:fa:19:ec:38:
                    04:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:8D:B8:5B:CB:C6:10:63:71:13:AD:22:CD:A6:39:9F:57:CC:E1:30
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/ho24W8vGEGNxE60izaY5n1fM4TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:1a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:9b:24:cb:da:df:7c:b6:8e:71:4d:57:a2:f7:8c:50:81:4c:
         46:e9:b6:98:25:77:3e:f9:39:da:ba:56:d5:25:9e:db:c9:a1:
         4e:4b:d5:cf:35:e3:2c:eb:40:3d:e8:76:f6:6a:45:de:b6:b8:
         7c:2e:04:d2:da:dc:9e:0b:6d:71:09:e1:ae:58:db:f6:99:e4:
         8b:94:48:be:bd:1e:7a:b5:f7:e9:d8:bd:ed:7c:12:0b:91:db:
         d1:19:63:15:9e:40:56:57:29:18:c3:0b:1e:e4:2f:38:b5:8d:
         40:6e:a3:a7:74:ba:46:d8:0a:e8:1b:23:59:58:05:9b:22:2b:
         c2:73:c1:e5:4d:4c:ad:9e:53:a8:f6:66:0d:ff:fd:af:af:fa:
         9e:ab:d8:19:34:60:4a:eb:67:ea:55:96:2b:ce:7a:cc:77:ee:
         f6:29:8a:a7:3e:39:a8:dd:9d:d1:4d:5b:ab:9b:38:d1:f4:bb:
         02:74:e5:e6:95:10:b3:d2:29:68:98:2b:44:e9:ae:42:29:ab:
         98:95:a1:a7:4e:6a:01:7b:c7:ce:38:ef:93:58:46:fa:b3:e1:
         41:6c:80:d5:1f:fb:2d:6a:9e:99:c1:4d:52:a9:88:42:66:14:
         19:bf:d1:31:61:d8:90:ac:9c:e2:ad:39:01:c6:d0:b6:1d:50:
         c4:da:75:b3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQ2XH2cDOQLNLJG0kXWnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjhkYjg1YmNiYzYxMDYzNzExM2FkMjJjZGE2Mzk5ZjU3Y2NlMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIIDp8GomWw99NFNR9dj36eL5DnH
81+edfUlHG/AaDYh7fomThOxIfnGauWg5OJHUusyQW43JN1Ca6/KB4ScOx8sS6fw
ltiMOTVRdHuY6SGCV66nhwngOgjAmFHbr96sTEW7oU2MTng87nLfpsaJV1vbYTTo
u78JpI1Qn3E9zEoJAyin99mlYv17B5tUL1qgOVphRkBmr83wMRxTIw5TLr8HDqJr
TcMM4ZdyUESlYPO5uKE9IZZ1N5cCftsaGlff4VhJeTgNppJnkfbXMULyPTQ0bi8J
iEzgubDLrLY1lt8byo2kVhpSWRzaJYFEyxTFJSerc2bklU6Ed/oZ7DgEowIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIaNuFvLxhBjcROtIs2mOZ9XzOEwMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvaG8yNFc4dkdFR054RTYwaXphWTVuMWZNNFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgBow
DQYJKoZIhvcNAQELBQADggEBAH2bJMva33y2jnFNV6L3jFCBTEbptpgldz75Odq6
VtUlntvJoU5L1c814yzrQD3odvZqRd62uHwuBNLa3J4LbXEJ4a5Y2/aZ5IuUSL69
Hnq19+nYve18EguR29EZYxWeQFZXKRjDCx7kLzi1jUBuo6d0ukbYCugbI1lYBZsi
K8JzweVNTK2eU6j2Zg3//a+v+p6r2Bk0YErrZ+pVlivOesx37vYpiqc+OajdndFN
W6ubONH0uwJ05eaVELPSKWiYK0TprkIpq5iVoadOagF7x84475NYRvqz4UFsgNUf
+y1qnpnBTVKpiEJmFBm/0TFh2JCsnOKtOQHG0LYdUMTadbM=
-----END CERTIFICATE-----