Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/HJifVw97a3n8s8VkYVZmiMosUf4.roa
File:                     HJifVw97a3n8s8VkYVZmiMosUf4.roa (raw, json)
Hash identifier:          3Z3uKB/n7J4n6bx18YauprN4Tm8IH7x76UxmbvrnCXg=
Subject key identifier:   1C:98:9F:57:0F:7B:6B:79:FC:B3:C5:64:61:56:66:88:CA:2C:51:FE
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       018D1B89CBFB3C988378548B9788288DD41E
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/HJifVw97a3n8s8VkYVZmiMosUf4.roa
Signing time:             Thu 18 Jan 2024 07:47:11 +0000
ROA not before:           Thu 18 Jan 2024 07:47:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12679
IP address blocks:        37.49.151.0/24 maxlen: 24
                          94.74.173.0/24 maxlen: 24
                          109.203.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1b:89:cb:fb:3c:98:83:78:54:8b:97:88:28:8d:d4:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jan 18 07:47:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c989f570f7b6b79fcb3c56461566688ca2c51fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:84:90:76:ea:2d:43:4e:e2:60:dc:17:06:d7:
                    ff:53:48:b3:0e:35:1b:e2:2b:d9:0f:de:1e:04:6f:
                    54:22:b8:74:af:72:2f:cb:9f:b5:db:30:9d:1c:1c:
                    83:6a:24:b5:b0:74:b3:9e:69:e5:de:85:8a:54:14:
                    cf:78:f5:7e:1c:81:22:26:3d:d4:52:65:42:9a:88:
                    60:d7:5f:a7:fd:b1:a8:a2:d5:cb:d1:1d:d1:83:bd:
                    11:aa:a0:c0:d2:31:35:37:7f:58:8d:b2:5a:dc:38:
                    78:d6:6c:05:78:6a:50:09:a7:d8:8e:7b:67:6b:56:
                    d9:ce:cd:6f:ae:3c:39:6b:4b:c1:51:96:6b:d6:fd:
                    ee:4e:7e:9c:77:93:99:b9:50:eb:9c:45:27:01:4a:
                    ba:84:7f:55:5f:d6:94:4c:f1:3d:2f:17:c3:f6:1a:
                    52:d7:10:5a:66:2e:a4:2b:b4:59:4f:3c:98:a0:c7:
                    cd:12:ea:32:19:05:d5:a5:c0:64:d7:a4:7e:d0:b4:
                    e9:d2:ca:fa:5d:23:0d:9c:1c:06:f2:21:5e:d3:c7:
                    7c:a1:61:81:44:90:90:44:70:7b:be:c4:cc:7e:92:
                    21:05:78:fa:75:d1:70:25:b0:9f:5f:f4:9d:8c:19:
                    84:22:24:4b:4a:69:30:7f:ae:6c:b1:1f:0b:0b:67:
                    50:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:98:9F:57:0F:7B:6B:79:FC:B3:C5:64:61:56:66:88:CA:2C:51:FE
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/HJifVw97a3n8s8VkYVZmiMosUf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.151.0/24
                  94.74.173.0/24
                  109.203.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:f1:e0:98:dc:93:91:a9:01:7c:0e:35:1a:28:6c:5f:ac:25:
         89:32:aa:25:e9:10:c5:06:d7:c9:19:0b:3f:28:21:d2:6a:74:
         58:e8:8f:c6:5f:0a:ca:eb:62:ec:b4:ff:cc:f1:c9:74:5f:e2:
         b4:1a:5d:eb:1e:29:24:78:c1:78:9b:ef:26:53:30:82:5d:5c:
         c1:63:2b:e3:f7:65:41:78:40:f9:06:dd:6e:b7:ba:54:c2:f1:
         d0:6d:36:aa:5f:ae:a5:2f:95:bb:e2:b1:a5:b3:05:83:18:02:
         5d:8d:25:73:70:1a:b4:f4:c9:a3:b4:dd:d0:1f:cb:7c:c4:65:
         40:56:40:96:1b:ee:65:47:d3:08:87:b2:77:12:78:da:09:a4:
         aa:b2:0e:d1:6d:75:1d:7a:13:f1:ad:5c:a9:fd:06:6a:6d:b8:
         49:8d:6f:b2:a2:eb:29:51:55:27:e6:16:f9:a9:70:05:e5:36:
         f2:e9:9b:54:6f:ac:e0:ed:58:64:78:38:a9:56:fd:7c:62:2b:
         73:62:91:10:3e:f7:7b:1e:86:7d:ea:38:f1:4b:7a:4e:a3:c7:
         46:1c:c0:4e:21:02:df:eb:03:7b:14:31:05:ba:fc:22:a7:ee:
         a0:81:ad:ec:6d:3a:aa:41:93:f2:39:4b:7f:dd:7b:87:64:45:
         c6:9a:7e:c2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0bicv7PJiDeFSLl4gojdQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjQwMTE4MDc0NzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzk4OWY1NzBmN2I2Yjc5ZmNiM2M1NjQ2MTU2NjY4OGNhMmM1MWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44SQduotQ07iYNwXBtf/U0izDjUb
4ivZD94eBG9UIrh0r3Ivy5+12zCdHByDaiS1sHSznmnl3oWKVBTPePV+HIEiJj3U
UmVCmohg11+n/bGootXL0R3Rg70RqqDA0jE1N39YjbJa3Dh41mwFeGpQCafYjntn
a1bZzs1vrjw5a0vBUZZr1v3uTn6cd5OZuVDrnEUnAUq6hH9VX9aUTPE9LxfD9hpS
1xBaZi6kK7RZTzyYoMfNEuoyGQXVpcBk16R+0LTp0sr6XSMNnBwG8iFe08d8oWGB
RJCQRHB7vsTMfpIhBXj6ddFwJbCfX/SdjBmEIiRLSmkwf65ssR8LC2dQHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFByYn1cPe2t5/LPFZGFWZojKLFH+MB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvSEppZlZ3OTdhM244czhWa1lWWm1pTW9zVWY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJTGXAwQA
XkqtAwQCbcugMA0GCSqGSIb3DQEBCwUAA4IBAQAQ8eCY3JORqQF8DjUaKGxfrCWJ
Mqol6RDFBtfJGQs/KCHSanRY6I/GXwrK62LstP/M8cl0X+K0Gl3rHikkeMF4m+8m
UzCCXVzBYyvj92VBeED5Bt1ut7pUwvHQbTaqX66lL5W74rGlswWDGAJdjSVzcBq0
9MmjtN3QH8t8xGVAVkCWG+5lR9MIh7J3EnjaCaSqsg7RbXUdehPxrVyp/QZqbbhJ
jW+youspUVUn5hb5qXAF5Tby6ZtUb6zg7VhkeDipVv18YitzYpEQPvd7HoZ96jjx
S3pOo8dGHMBOIQLf6wN7FDEFuvwip+6gga3sbTqqQZPyOUt/3XuHZEXGmn7C
-----END CERTIFICATE-----