Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/HTWMAaTmIui8YRsSWEtkfNN7zPo.roa
File:                     HTWMAaTmIui8YRsSWEtkfNN7zPo.roa (raw, json)
Hash identifier:          +kS99tqLV7rTQxZKg9xRg7GZIlpwFyBPGQnzwyTLQm8=
Subject key identifier:   1D:35:8C:01:A4:E6:22:E8:BC:61:1B:12:58:4B:64:7C:D3:7B:CC:FA
Certificate issuer:       /CN=621310302018a387c692146a35efd33a6ed6b1ef
Certificate serial:       018CCA9973020756B4536F7EEF34755CF17A
Authority key identifier: 62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/HTWMAaTmIui8YRsSWEtkfNN7zPo.roa
Signing time:             Tue 02 Jan 2024 14:35:03 +0000
ROA not before:           Tue 02 Jan 2024 14:35:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198100
IP address blocks:        185.151.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 02:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:73:02:07:56:b4:53:6f:7e:ef:34:75:5c:f1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621310302018a387c692146a35efd33a6ed6b1ef
        Validity
            Not Before: Jan  2 14:35:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d358c01a4e622e8bc611b12584b647cd37bccfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:37:b3:91:de:b0:7a:a8:f4:9e:d0:10:04:0c:
                    9b:a6:f3:a5:a3:de:99:54:32:f0:83:a2:25:55:6e:
                    39:e0:e3:05:8d:41:eb:53:2e:4a:a2:00:5a:3f:11:
                    af:f9:d6:77:4a:00:c2:16:6a:c3:5a:a0:96:d4:7f:
                    fa:23:c3:db:3c:11:50:39:40:b6:72:16:52:3b:db:
                    a3:87:d8:79:2e:41:b8:cf:b4:45:b5:36:82:8b:3a:
                    39:46:a3:27:26:1a:42:1c:91:d7:42:ab:19:08:a5:
                    f5:f2:20:a2:b7:fb:2f:21:8c:8d:07:99:dc:74:10:
                    fe:d9:06:07:40:40:d2:d6:71:e8:c2:d5:cf:c6:fa:
                    1b:80:06:2a:6b:34:2f:3e:c5:1a:90:e1:6d:93:bc:
                    d0:ea:07:07:0d:41:08:e6:5e:74:b4:70:57:02:a7:
                    f2:a0:e3:52:15:7a:9a:bd:29:a1:69:d6:38:da:a7:
                    97:40:5b:d2:cf:85:b1:6c:9f:37:88:4d:ea:10:2b:
                    db:20:62:20:6d:44:4a:2f:5d:f3:44:0c:1a:35:f5:
                    39:b2:e3:51:60:30:dd:75:25:9a:26:b3:97:bc:33:
                    39:b1:48:2f:54:0b:15:47:f0:ad:e9:21:6c:9f:d8:
                    76:46:f8:e1:57:75:94:1d:7b:b6:ec:be:09:ba:74:
                    69:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:35:8C:01:A4:E6:22:E8:BC:61:1B:12:58:4B:64:7C:D3:7B:CC:FA
            X509v3 Authority Key Identifier:
                keyid:62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/HTWMAaTmIui8YRsSWEtkfNN7zPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:57:83:50:66:a2:36:49:e0:64:75:01:08:c2:79:b7:a8:6e:
         f8:20:ae:53:ec:c4:52:11:45:02:11:d2:40:84:2f:4f:b5:e4:
         28:54:b1:b5:1e:d9:d5:70:21:15:b4:07:3e:02:4d:d5:9c:69:
         53:49:e8:a5:5a:17:01:48:2a:c3:ed:82:bc:dd:7f:75:97:fe:
         37:98:fb:d6:98:a4:10:27:c7:0e:ed:2e:59:04:e3:fb:92:2f:
         de:42:11:92:1d:7a:b2:f4:3d:91:3b:8c:5a:68:bf:16:e1:a8:
         91:e4:0a:4f:59:ab:ba:a1:81:d0:3c:2e:64:a3:0d:0e:5c:ee:
         5f:1e:af:0b:b5:73:ba:4a:92:45:ed:38:5b:56:06:0c:99:d7:
         96:79:af:e5:38:87:8a:db:bd:c5:58:29:c3:9a:ae:c4:71:2b:
         d1:b9:3c:52:b9:f5:3a:80:96:98:32:60:f9:ab:bf:f9:87:a5:
         ed:2b:ca:d9:a3:0e:54:56:97:d9:4a:fa:ac:4e:66:44:ca:35:
         e6:16:89:36:83:5c:d4:78:be:c4:e3:5d:f3:87:df:29:34:30:
         7b:ea:45:5c:d3:36:d9:0a:70:b9:80:5a:a3:63:33:1a:fb:9b:
         d5:99:77:80:9c:1a:5e:55:26:97:b1:01:b3:e1:32:ca:66:9a:
         ea:dd:21:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmXMCB1a0U29+7zR1XPF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTMxMDMwMjAxOGEzODdjNjkyMTQ2YTM1ZWZkMzNhNmVk
NmIxZWYwHhcNMjQwMTAyMTQzNTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDM1OGMwMWE0ZTYyMmU4YmM2MTFiMTI1ODRiNjQ3Y2QzN2JjY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzezkd6weqj0ntAQBAybpvOlo96Z
VDLwg6IlVW454OMFjUHrUy5KogBaPxGv+dZ3SgDCFmrDWqCW1H/6I8PbPBFQOUC2
chZSO9ujh9h5LkG4z7RFtTaCizo5RqMnJhpCHJHXQqsZCKX18iCit/svIYyNB5nc
dBD+2QYHQEDS1nHowtXPxvobgAYqazQvPsUakOFtk7zQ6gcHDUEI5l50tHBXAqfy
oONSFXqavSmhadY42qeXQFvSz4WxbJ83iE3qECvbIGIgbURKL13zRAwaNfU5suNR
YDDddSWaJrOXvDM5sUgvVAsVR/Ct6SFsn9h2RvjhV3WUHXu27L4JunRpwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB01jAGk5iLovGEbElhLZHzTe8z6MB8GA1UdIwQY
MBaAFGITEDAgGKOHxpIUajXv0zpu1rHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjIt
YmU1N2Q3ZGZhMGRlLzEvSFRXTUFhVG1JdWk4WVJzU1dFdGtmTk43elBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjItYmU1N2Q3ZGZhMGRl
LzEvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZeSMA0G
CSqGSIb3DQEBCwUAA4IBAQARV4NQZqI2SeBkdQEIwnm3qG74IK5T7MRSEUUCEdJA
hC9PteQoVLG1HtnVcCEVtAc+Ak3VnGlTSeilWhcBSCrD7YK83X91l/43mPvWmKQQ
J8cO7S5ZBOP7ki/eQhGSHXqy9D2RO4xaaL8W4aiR5ApPWau6oYHQPC5kow0OXO5f
Hq8LtXO6SpJF7ThbVgYMmdeWea/lOIeK273FWCnDmq7EcSvRuTxSufU6gJaYMmD5
q7/5h6XtK8rZow5UVpfZSvqsTmZEyjXmFok2g1zUeL7E413zh98pNDB76kVc0zbZ
CnC5gFqjYzMa+5vVmXeAnBpeVSaXsQGz4TLKZprq3SHb
-----END CERTIFICATE-----