Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/9246ad-9638-47e6-8214-e98702f1bbb5/1/H04V42D0gQnGuVO6eFpb8NpWbos.roa
File:                     H04V42D0gQnGuVO6eFpb8NpWbos.roa (raw, json)
Hash identifier:          +O1XF6voyzTlCc5Qk7VW9Vi5FUeaPAuWMdsVknxEjgY=
Subject key identifier:   1F:4E:15:E3:60:F4:81:09:C6:B9:53:BA:78:5A:5B:F0:DA:56:6E:8B
Certificate issuer:       /CN=a74ea4cb82a47c5c73c82de495c38af3a8844fc9
Certificate serial:       018CC49372961960F74734D4D5C56D2B9735
Authority key identifier: A7:4E:A4:CB:82:A4:7C:5C:73:C8:2D:E4:95:C3:8A:F3:A8:84:4F:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p06ky4KkfFxzyC3klcOK86iET8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/9246ad-9638-47e6-8214-e98702f1bbb5/1/H04V42D0gQnGuVO6eFpb8NpWbos.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.157.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/9246ad-9638-47e6-8214-e98702f1bbb5/1/p06ky4KkfFxzyC3klcOK86iET8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/9246ad-9638-47e6-8214-e98702f1bbb5/1/p06ky4KkfFxzyC3klcOK86iET8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p06ky4KkfFxzyC3klcOK86iET8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:72:96:19:60:f7:47:34:d4:d5:c5:6d:2b:97:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a74ea4cb82a47c5c73c82de495c38af3a8844fc9
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f4e15e360f48109c6b953ba785a5bf0da566e8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e9:63:73:25:c8:cc:83:fe:ef:dc:a2:e1:d2:
                    db:e0:c2:b7:9d:83:ef:d8:20:8c:a3:c9:04:c1:c6:
                    5c:e4:dc:e5:03:c9:c4:e0:88:cd:6b:90:3f:1e:c1:
                    74:c8:60:00:fe:07:62:6f:a1:fa:ce:e9:f8:33:e5:
                    5a:07:07:11:c4:b5:85:59:d3:5e:d6:45:33:af:69:
                    bb:58:dd:64:eb:88:1d:94:9c:4b:2d:de:16:90:6d:
                    d6:ff:b0:9f:0a:33:e8:d3:04:44:a1:cb:b6:8d:89:
                    84:c6:e6:be:8a:93:39:4d:46:cf:38:cf:e3:1c:84:
                    dd:2d:07:09:7f:2e:78:e5:52:a0:1c:34:50:9c:d8:
                    10:83:78:1a:3b:5f:c5:04:cf:6a:2c:ce:83:b1:ab:
                    94:77:bf:e1:70:ab:74:90:92:55:f7:94:af:ad:fe:
                    d8:bc:36:2f:ec:95:c1:de:11:85:7e:d7:9b:de:6b:
                    8b:de:ac:ba:46:69:59:f7:a0:2a:a0:6c:d6:b4:f5:
                    87:fd:c2:14:9e:bb:08:2f:3e:27:74:74:40:d3:66:
                    20:38:c3:27:82:12:04:41:59:6b:07:8a:1c:ba:e2:
                    28:f2:59:fb:22:ee:b6:6b:37:45:19:b0:9e:09:3a:
                    12:31:19:ac:79:6e:20:47:91:a5:db:f5:f0:05:cf:
                    56:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:4E:15:E3:60:F4:81:09:C6:B9:53:BA:78:5A:5B:F0:DA:56:6E:8B
            X509v3 Authority Key Identifier:
                keyid:A7:4E:A4:CB:82:A4:7C:5C:73:C8:2D:E4:95:C3:8A:F3:A8:84:4F:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p06ky4KkfFxzyC3klcOK86iET8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9246ad-9638-47e6-8214-e98702f1bbb5/1/H04V42D0gQnGuVO6eFpb8NpWbos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/9246ad-9638-47e6-8214-e98702f1bbb5/1/p06ky4KkfFxzyC3klcOK86iET8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:d6:08:5e:59:b2:d5:a6:cc:cb:17:54:4d:93:a5:9c:6a:3a:
         7a:39:e1:97:5b:10:ed:f7:35:33:b4:50:d7:e3:89:96:63:dc:
         f2:c9:8d:29:2d:cb:49:7a:8f:e8:de:d2:8e:e8:b5:83:dd:69:
         dc:56:96:ce:fa:9e:8d:4a:d3:97:c4:39:13:61:7c:2f:26:f7:
         33:0a:8e:46:a3:f8:dc:a0:c7:db:2c:dd:e3:02:f5:b6:a1:e8:
         59:5f:ec:89:68:a3:1a:e9:3a:25:38:3b:24:81:9b:e8:a6:b2:
         e9:1d:fb:bd:c1:59:e4:bf:ac:98:7d:12:98:cb:09:5c:9b:5d:
         f0:34:47:56:b5:82:3f:e1:bf:30:c2:17:61:ac:e9:4c:a4:98:
         32:3d:1c:7a:3a:c7:b2:58:ab:08:53:91:03:ea:7a:fe:9d:7f:
         b7:44:a5:e1:86:d7:83:fd:5f:62:4f:4d:77:fc:75:90:d6:ec:
         cc:4c:ef:02:f2:ee:61:5b:66:9a:77:8c:df:44:66:a0:f2:51:
         be:0f:cf:c4:25:6d:c0:1c:72:57:89:c2:c3:b5:dc:a0:7b:37:
         17:f3:89:73:1f:47:d2:09:72:20:0d:47:f5:24:64:79:4d:f2:
         37:13:7b:94:6e:21:3b:75:bb:13:c0:8f:40:3f:53:2c:9b:88:
         a4:32:bf:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk3KWGWD3RzTU1cVtK5c1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NGVhNGNiODJhNDdjNWM3M2M4MmRlNDk1YzM4YWYzYTg4
NDRmYzkwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjRlMTVlMzYwZjQ4MTA5YzZiOTUzYmE3ODVhNWJmMGRhNTY2ZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eljcyXIzIP+79yi4dLb4MK3nYPv
2CCMo8kEwcZc5NzlA8nE4IjNa5A/HsF0yGAA/gdib6H6zun4M+VaBwcRxLWFWdNe
1kUzr2m7WN1k64gdlJxLLd4WkG3W/7CfCjPo0wREocu2jYmExua+ipM5TUbPOM/j
HITdLQcJfy545VKgHDRQnNgQg3gaO1/FBM9qLM6DsauUd7/hcKt0kJJV95Svrf7Y
vDYv7JXB3hGFfteb3muL3qy6RmlZ96AqoGzWtPWH/cIUnrsILz4ndHRA02YgOMMn
ghIEQVlrB4ocuuIo8ln7Iu62azdFGbCeCToSMRmseW4gR5Gl2/XwBc9W/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9OFeNg9IEJxrlTunhaW/DaVm6LMB8GA1UdIwQY
MBaAFKdOpMuCpHxcc8gt5JXDivOohE/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDA2a3k0S2tmRnh6eUMza2xjT0s4NmlFVDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85MjQ2YWQtOTYzOC00N2U2LTgyMTQt
ZTk4NzAyZjFiYmI1LzEvSDA0VjQyRDBnUW5HdVZPNmVGcGI4TnBXYm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85MjQ2YWQtOTYzOC00N2U2LTgyMTQtZTk4NzAyZjFiYmI1
LzEvcDA2a3k0S2tmRnh6eUMza2xjT0s4NmlFVDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ17MA0G
CSqGSIb3DQEBCwUAA4IBAQAM1gheWbLVpszLF1RNk6Wcajp6OeGXWxDt9zUztFDX
44mWY9zyyY0pLctJeo/o3tKO6LWD3WncVpbO+p6NStOXxDkTYXwvJvczCo5Go/jc
oMfbLN3jAvW2oehZX+yJaKMa6TolODskgZvoprLpHfu9wVnkv6yYfRKYywlcm13w
NEdWtYI/4b8wwhdhrOlMpJgyPRx6OseyWKsIU5ED6nr+nX+3RKXhhteD/V9iT013
/HWQ1uzMTO8C8u5hW2aad4zfRGag8lG+D8/EJW3AHHJXicLDtdygezcX84lzH0fS
CXIgDUf1JGR5TfI3E3uUbiE7dbsTwI9AP1Msm4ikMr80
-----END CERTIFICATE-----