Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/Hc430l-A6Z9aFLQGWrYn3irHSWY.roa
File:                     Hc430l-A6Z9aFLQGWrYn3irHSWY.roa (raw, json)
Hash identifier:          WZxJ2TtYdvjC3m7fvL5ZmpX8lD2K0gGAXEnhLOZ6TWc=
Subject key identifier:   1D:CE:37:D2:5F:80:E9:9F:5A:14:B4:06:5A:B6:27:DE:2A:C7:49:66
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       018CC2DB6710331F8CE78A688C440DD048B0
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/Hc430l-A6Z9aFLQGWrYn3irHSWY.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210122
IP address blocks:        87.248.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:67:10:33:1f:8c:e7:8a:68:8c:44:0d:d0:48:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dce37d25f80e99f5a14b4065ab627de2ac74966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0b:d2:c6:8f:c7:91:2b:33:ac:8f:c2:6e:50:
                    b8:bb:d9:4b:2f:8c:d8:80:ec:21:b6:f1:c1:d9:9c:
                    76:9f:49:fd:00:f3:79:a5:77:02:b0:9b:db:dd:72:
                    2a:20:90:64:57:58:51:71:89:57:6b:5d:cb:3b:15:
                    a3:38:4b:4c:d6:1f:cb:06:05:1e:81:7d:80:8c:60:
                    00:56:7d:d0:02:8b:35:7f:74:8a:da:93:48:ca:11:
                    9e:db:40:b5:2c:93:0f:d4:f7:76:7b:5a:cf:3d:96:
                    6c:dd:07:88:62:d6:35:37:5c:56:7a:ed:fc:56:9f:
                    b7:43:f9:cf:c3:e1:e0:dd:50:68:64:f0:a4:96:a0:
                    40:33:a9:6d:d7:a0:b1:25:6d:93:a1:0a:0b:8a:23:
                    a8:6c:d3:96:d7:69:fc:54:82:a8:ba:31:50:ca:32:
                    3b:ad:cd:a3:ff:38:7c:27:42:f2:40:46:4f:22:a1:
                    9b:1d:33:40:78:b8:53:fe:24:b6:ff:4d:b8:6a:7c:
                    02:86:b8:2d:df:e4:8d:65:a0:c0:54:2e:35:d2:27:
                    8a:1b:fb:0d:6f:7d:4b:35:43:8b:f0:56:f4:69:e0:
                    20:38:4a:d0:41:88:d5:3d:0c:97:aa:c2:a0:95:bb:
                    92:39:36:f3:ae:96:db:41:1b:25:dd:d3:3d:25:f7:
                    da:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:CE:37:D2:5F:80:E9:9F:5A:14:B4:06:5A:B6:27:DE:2A:C7:49:66
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/Hc430l-A6Z9aFLQGWrYn3irHSWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:db:29:cc:6d:a7:de:73:6f:03:05:fb:2e:b8:f8:c1:de:95:
         5d:23:05:39:35:37:a6:0e:c8:0d:eb:f0:ca:2a:7a:47:6b:3f:
         62:ca:7b:36:d9:e8:19:fe:b1:1b:99:a2:a4:14:e9:ff:c9:7d:
         0f:05:6f:00:e8:12:1c:d5:52:46:dc:37:92:08:b9:e7:ba:21:
         80:2c:30:18:66:4d:c8:94:53:4a:cc:c4:e0:63:62:e7:d2:d3:
         87:93:39:c2:c7:da:86:63:ed:80:24:8e:55:96:7c:d4:c4:a8:
         25:9a:57:9b:12:21:f7:06:8f:e7:aa:c6:bc:aa:56:8f:85:4d:
         3b:ea:bd:8f:dc:b9:79:e6:e5:d8:f3:94:3c:fb:28:8a:fa:19:
         95:67:de:2b:40:67:18:03:e2:98:c3:48:67:81:13:30:c8:40:
         49:ed:1b:b5:66:db:71:fd:42:da:b0:1e:2d:8d:a9:f9:2e:97:
         37:47:50:b1:4d:33:94:a2:2f:ce:b1:1b:80:c3:ba:32:1b:8d:
         cd:59:cb:b0:29:47:90:2d:83:4f:85:d3:d9:9c:2e:ef:5d:6f:
         c4:d6:59:29:c3:da:59:3b:ef:13:31:e7:a1:c8:d4:a7:f1:78:
         b8:e3:14:68:5a:c0:50:d7:0b:90:f9:3e:d0:7f:90:64:6c:d5:
         dd:69:bd:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22cQMx+M54pojEQN0EiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGNlMzdkMjVmODBlOTlmNWExNGI0MDY1YWI2MjdkZTJhYzc0OTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwvSxo/HkSszrI/CblC4u9lLL4zY
gOwhtvHB2Zx2n0n9APN5pXcCsJvb3XIqIJBkV1hRcYlXa13LOxWjOEtM1h/LBgUe
gX2AjGAAVn3QAos1f3SK2pNIyhGe20C1LJMP1Pd2e1rPPZZs3QeIYtY1N1xWeu38
Vp+3Q/nPw+Hg3VBoZPCklqBAM6lt16CxJW2ToQoLiiOobNOW12n8VIKoujFQyjI7
rc2j/zh8J0LyQEZPIqGbHTNAeLhT/iS2/024anwChrgt3+SNZaDAVC410ieKG/sN
b31LNUOL8Fb0aeAgOErQQYjVPQyXqsKglbuSOTbzrpbbQRsl3dM9JffaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3ON9JfgOmfWhS0Blq2J94qx0lmMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvSGM0MzBsLUE2WjlhRkxRR1dyWW4zaXJIU1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iEMA0G
CSqGSIb3DQEBCwUAA4IBAQAA2ynMbafec28DBfsuuPjB3pVdIwU5NTemDsgN6/DK
KnpHaz9iyns22egZ/rEbmaKkFOn/yX0PBW8A6BIc1VJG3DeSCLnnuiGALDAYZk3I
lFNKzMTgY2Ln0tOHkznCx9qGY+2AJI5VlnzUxKglmlebEiH3Bo/nqsa8qlaPhU07
6r2P3Ll55uXY85Q8+yiK+hmVZ94rQGcYA+KYw0hngRMwyEBJ7Ru1Zttx/ULasB4t
jan5Lpc3R1CxTTOUoi/OsRuAw7oyG43NWcuwKUeQLYNPhdPZnC7vXW/E1lkpw9pZ
O+8TMeehyNSn8Xi44xRoWsBQ1wuQ+T7Qf5BkbNXdab2s
-----END CERTIFICATE-----