Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/HchE6Q3vZUUOQLd7k9lL15A7tcM.roa
File:                     HchE6Q3vZUUOQLd7k9lL15A7tcM.roa (raw, json)
Hash identifier:          n1Nxx25MBWUw9NzqxqgBPFgdi4hdZJMlaR0dwwu1MS0=
Subject key identifier:   1D:C8:44:E9:0D:EF:65:45:0E:40:B7:7B:93:D9:4B:D7:90:3B:B5:C3
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93E0103B6A589B7CE52D389A87059
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/HchE6Q3vZUUOQLd7k9lL15A7tcM.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49090
IP address blocks:        82.144.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3e:01:03:b6:a5:89:b7:ce:52:d3:89:a8:70:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dc844e90def65450e40b77b93d94bd7903bb5c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9c:35:66:90:23:e7:17:29:6e:a7:1e:a0:2a:
                    ca:55:aa:30:03:3b:c2:de:f3:dd:9d:f2:aa:b3:32:
                    a3:b9:3f:f6:35:93:5c:81:ba:8b:f8:f6:a0:2a:92:
                    e3:e2:bc:08:1d:64:2c:af:80:cc:75:32:1f:eb:2f:
                    56:d4:a1:4d:c0:2e:d7:b0:94:e6:9c:a8:d1:bf:12:
                    97:79:c5:5a:26:66:4d:d6:8a:bb:d1:3c:bd:85:d4:
                    ac:0f:3c:49:e8:f9:94:77:e0:ab:ca:7d:78:78:d5:
                    f9:07:29:60:c4:62:af:f9:f6:89:00:de:92:02:f2:
                    e5:df:19:bb:a2:a4:b8:92:5b:f8:98:7e:a0:b9:8d:
                    9e:39:dc:5d:d7:91:f6:92:bb:d2:1b:92:4e:81:43:
                    11:29:92:de:88:20:25:f7:8b:3c:27:00:57:87:50:
                    55:a7:3f:a7:cb:6d:04:1a:7b:9c:c2:c4:ff:be:54:
                    ac:91:b2:6d:09:b6:66:9a:b1:4b:33:35:c1:bd:e7:
                    56:6e:d7:72:2d:74:94:f1:1d:a5:0b:7a:18:5f:87:
                    0d:2f:38:28:73:58:8a:e4:f1:39:d9:69:cf:7f:7d:
                    27:d0:26:4a:ef:1f:40:21:c9:04:91:dd:9e:89:52:
                    05:56:83:00:0d:d8:91:27:e2:5c:8f:99:0f:17:69:
                    c8:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:C8:44:E9:0D:EF:65:45:0E:40:B7:7B:93:D9:4B:D7:90:3B:B5:C3
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/HchE6Q3vZUUOQLd7k9lL15A7tcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:12:e5:f1:8b:f1:cf:12:c9:16:48:3c:1e:1f:5b:98:b0:4f:
         f6:75:38:da:dd:b9:c9:81:a8:c9:ae:99:a1:0f:d7:34:11:dd:
         9d:06:7b:70:81:ba:dc:85:db:1c:be:42:65:e5:83:09:a1:d1:
         cb:27:4b:5d:b0:ed:84:34:13:b9:6b:65:96:f5:8a:e5:ae:5d:
         b6:d2:cf:d2:f6:b1:42:0c:5a:51:f1:e7:50:8e:dd:d0:46:3a:
         e8:01:63:11:2c:4e:1a:f9:7c:dc:f5:dd:91:05:19:72:9d:65:
         c1:98:81:76:e0:91:38:b7:84:04:b3:4b:04:c7:0d:e8:d6:36:
         98:27:e0:bb:3e:f5:49:28:60:68:0e:22:b9:c9:c1:a7:25:e3:
         9d:3c:db:60:50:b0:09:16:68:7f:6e:0f:66:9b:46:96:ae:b4:
         d3:06:af:17:f9:37:f7:61:22:f3:b9:7e:3e:1d:bb:7c:dd:d8:
         ff:e0:db:b6:c3:0f:34:ff:d0:d2:52:23:c9:a2:98:83:3f:d7:
         e6:57:a5:e1:7e:c9:54:c2:ee:d1:b1:0e:d3:89:06:28:a4:dd:
         f2:89:3f:96:07:8d:44:5d:ec:ff:80:78:7c:5d:48:e8:74:34:
         67:54:4d:45:db:38:81:95:15:a7:f4:d0:16:bd:e7:a5:5c:dd:
         ef:29:1e:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuT4BA7alibfOUtOJqHBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGM4NDRlOTBkZWY2NTQ1MGU0MGI3N2I5M2Q5NGJkNzkwM2JiNWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5w1ZpAj5xcpbqceoCrKVaowAzvC
3vPdnfKqszKjuT/2NZNcgbqL+PagKpLj4rwIHWQsr4DMdTIf6y9W1KFNwC7XsJTm
nKjRvxKXecVaJmZN1oq70Ty9hdSsDzxJ6PmUd+Cryn14eNX5BylgxGKv+faJAN6S
AvLl3xm7oqS4klv4mH6guY2eOdxd15H2krvSG5JOgUMRKZLeiCAl94s8JwBXh1BV
pz+ny20EGnucwsT/vlSskbJtCbZmmrFLMzXBvedWbtdyLXSU8R2lC3oYX4cNLzgo
c1iK5PE52WnPf30n0CZK7x9AIckEkd2eiVIFVoMADdiRJ+Jcj5kPF2nIvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3IROkN72VFDkC3e5PZS9eQO7XDMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvSGNoRTZRM3ZaVVVPUUxkN2s5bEwxNUE3dGNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpC4MA0G
CSqGSIb3DQEBCwUAA4IBAQCUEuXxi/HPEskWSDweH1uYsE/2dTja3bnJgajJrpmh
D9c0Ed2dBntwgbrchdscvkJl5YMJodHLJ0tdsO2ENBO5a2WW9Yrlrl220s/S9rFC
DFpR8edQjt3QRjroAWMRLE4a+Xzc9d2RBRlynWXBmIF24JE4t4QEs0sExw3o1jaY
J+C7PvVJKGBoDiK5ycGnJeOdPNtgULAJFmh/bg9mm0aWrrTTBq8X+Tf3YSLzuX4+
Hbt83dj/4Nu2ww80/9DSUiPJopiDP9fmV6XhfslUwu7RsQ7TiQYopN3yiT+WB41E
Xez/gHh8XUjodDRnVE1F2ziBlRWn9NAWveelXN3vKR4B
-----END CERTIFICATE-----