Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/b88139-1a93-4bd0-9825-bafb7911ee17/1/HmuVMw8VRPedRbLs_ih_l1ad8xw.roa
File:                     HmuVMw8VRPedRbLs_ih_l1ad8xw.roa (raw, json)
Hash identifier:          PGOE2RxqOA+1MYaxVO+oFZUrUs67IBjypfZgtkQGebs=
Subject key identifier:   1E:6B:95:33:0F:15:44:F7:9D:45:B2:EC:FE:28:7F:97:56:9D:F3:1C
Certificate issuer:       /CN=16058d28430c4e49e61a58af4fd7a6f656edfd9e
Certificate serial:       018CC8DE0E326F2051FA6DFD239169B7EC41
Authority key identifier: 16:05:8D:28:43:0C:4E:49:E6:1A:58:AF:4F:D7:A6:F6:56:ED:FD:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgWNKEMMTknmGlivT9em9lbt_Z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/b88139-1a93-4bd0-9825-bafb7911ee17/1/HmuVMw8VRPedRbLs_ih_l1ad8xw.roa
Signing time:             Tue 02 Jan 2024 06:30:44 +0000
ROA not before:           Tue 02 Jan 2024 06:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211385
IP address blocks:        193.107.12.0/24 maxlen: 24
                          2a10:f240::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/b88139-1a93-4bd0-9825-bafb7911ee17/1/FgWNKEMMTknmGlivT9em9lbt_Z4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/b88139-1a93-4bd0-9825-bafb7911ee17/1/FgWNKEMMTknmGlivT9em9lbt_Z4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgWNKEMMTknmGlivT9em9lbt_Z4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:0e:32:6f:20:51:fa:6d:fd:23:91:69:b7:ec:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16058d28430c4e49e61a58af4fd7a6f656edfd9e
        Validity
            Not Before: Jan  2 06:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e6b95330f1544f79d45b2ecfe287f97569df31c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a4:c7:f5:e8:05:c8:fb:21:06:76:55:e7:11:
                    88:bb:cc:77:91:42:64:b2:77:40:63:4c:66:72:8a:
                    e1:9b:b6:ee:35:39:7c:8b:a0:3c:1a:16:e4:3c:61:
                    32:48:d8:be:f4:79:b3:15:bb:63:28:dd:c2:04:8d:
                    65:9f:e8:a1:d3:44:87:00:9b:86:d1:ee:d4:c8:65:
                    72:8f:ea:04:1d:b6:da:c3:34:bf:20:31:f5:e2:10:
                    8c:f1:73:3c:a5:3c:94:74:33:6c:69:a3:50:5f:89:
                    58:e3:7b:84:83:5e:2d:84:cf:4e:f9:3f:69:93:a7:
                    03:9a:52:3b:4a:e5:a6:f7:44:6c:7f:8f:9c:4b:10:
                    fc:04:84:8a:4e:57:a4:03:b2:a8:14:c1:8b:ac:44:
                    1f:18:0b:ed:ad:d2:96:29:f7:0a:ea:48:1e:28:9b:
                    62:51:58:7b:a3:06:03:17:4f:5c:ad:e4:52:d3:6e:
                    9e:70:8e:78:a9:f2:9b:e0:62:26:cc:02:5b:6f:af:
                    05:79:55:63:09:df:f6:55:bb:ab:77:60:b6:17:de:
                    03:21:0d:6c:f4:96:9d:f8:3a:ee:b4:10:ac:0a:16:
                    22:ad:b3:7e:86:ee:35:7f:a0:3a:12:84:85:62:cd:
                    73:f9:cc:7a:29:38:fd:60:3b:4d:b3:7d:0c:cb:8e:
                    8c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:6B:95:33:0F:15:44:F7:9D:45:B2:EC:FE:28:7F:97:56:9D:F3:1C
            X509v3 Authority Key Identifier:
                keyid:16:05:8D:28:43:0C:4E:49:E6:1A:58:AF:4F:D7:A6:F6:56:ED:FD:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgWNKEMMTknmGlivT9em9lbt_Z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/b88139-1a93-4bd0-9825-bafb7911ee17/1/HmuVMw8VRPedRbLs_ih_l1ad8xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/b88139-1a93-4bd0-9825-bafb7911ee17/1/FgWNKEMMTknmGlivT9em9lbt_Z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.12.0/24
                IPv6:
                  2a10:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:d9:08:a0:9a:1b:3d:91:3b:78:bc:91:29:ad:09:96:a1:f3:
         4b:2a:d7:d6:ee:e6:76:e4:dc:35:46:47:6e:7b:ac:fa:e2:7b:
         d6:d2:fd:f0:3b:d9:80:48:b9:a7:d8:4b:8f:90:0a:89:33:9c:
         3c:af:01:44:e8:f6:a0:5f:2e:40:09:b9:2b:fd:ea:a1:0f:d2:
         8d:39:85:18:f7:6a:f1:4e:ed:f9:03:55:bf:cf:ca:e7:d5:bb:
         37:61:dc:31:07:aa:63:6b:55:b0:3d:0b:b8:1f:fe:61:6a:33:
         13:6a:30:39:07:01:a3:f6:75:22:c6:df:17:ba:67:90:e5:7b:
         3a:e2:f7:b3:57:1d:66:c1:23:b1:32:d4:91:95:4a:62:e1:43:
         f2:72:99:0e:24:cd:af:e7:ea:26:de:80:30:0d:13:fe:c7:6f:
         3f:86:a2:26:4b:8c:79:89:72:69:37:71:92:1d:20:0d:a1:55:
         51:64:4d:7c:a4:0b:57:c8:d8:16:8f:88:7c:f0:d7:58:41:31:
         c0:a9:46:ec:4b:b7:db:32:2e:ae:73:b7:87:43:f0:eb:72:48:
         b2:bb:f6:a5:3e:f5:5a:80:3c:62:8a:01:14:61:79:ac:81:13:
         6e:29:26:d7:21:c6:82:57:b4:9c:0c:3a:34:79:4f:33:00:69:
         fd:bb:c4:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3g4ybyBR+m39I5Fpt+xBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU4ZDI4NDMwYzRlNDllNjFhNThhZjRmZDdhNmY2NTZl
ZGZkOWUwHhcNMjQwMTAyMDYzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTZiOTUzMzBmMTU0NGY3OWQ0NWIyZWNmZTI4N2Y5NzU2OWRmMzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaTH9egFyPshBnZV5xGIu8x3kUJk
sndAY0xmcorhm7buNTl8i6A8GhbkPGEySNi+9HmzFbtjKN3CBI1ln+ih00SHAJuG
0e7UyGVyj+oEHbbawzS/IDH14hCM8XM8pTyUdDNsaaNQX4lY43uEg14thM9O+T9p
k6cDmlI7SuWm90Rsf4+cSxD8BISKTlekA7KoFMGLrEQfGAvtrdKWKfcK6kgeKJti
UVh7owYDF09creRS026ecI54qfKb4GImzAJbb68FeVVjCd/2Vburd2C2F94DIQ1s
9Jad+DrutBCsChYirbN+hu41f6A6EoSFYs1z+cx6KTj9YDtNs30My46MSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB5rlTMPFUT3nUWy7P4of5dWnfMcMB8GA1UdIwQY
MBaAFBYFjShDDE5J5hpYr0/XpvZW7f2eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdXTktFTU1Ua25tR2xpdlQ5ZW05bGJ0X1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iODgxMzktMWE5My00YmQwLTk4MjUt
YmFmYjc5MTFlZTE3LzEvSG11Vk13OFZSUGVkUmJMc19paF9sMWFkOHh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iODgxMzktMWE5My00YmQwLTk4MjUtYmFmYjc5MTFlZTE3
LzEvRmdXTktFTU1Ua25tR2xpdlQ5ZW05bGJ0X1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWsMMA0E
AgACMAcDBQMqEPJAMA0GCSqGSIb3DQEBCwUAA4IBAQAI2Qigmhs9kTt4vJEprQmW
ofNLKtfW7uZ25Nw1Rkdue6z64nvW0v3wO9mASLmn2EuPkAqJM5w8rwFE6PagXy5A
Cbkr/eqhD9KNOYUY92rxTu35A1W/z8rn1bs3YdwxB6pja1WwPQu4H/5hajMTajA5
BwGj9nUixt8XumeQ5Xs64vezVx1mwSOxMtSRlUpi4UPycpkOJM2v5+om3oAwDRP+
x28/hqImS4x5iXJpN3GSHSANoVVRZE18pAtXyNgWj4h88NdYQTHAqUbsS7fbMi6u
c7eHQ/Drckiyu/alPvVagDxiigEUYXmsgRNuKSbXIcaCV7ScDDo0eU8zAGn9u8TB
-----END CERTIFICATE-----