Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/HZSZLXeUdmNNRU7ipOkRV_tNkBE.roa
File:                     HZSZLXeUdmNNRU7ipOkRV_tNkBE.roa (raw, json)
Hash identifier:          gxK1E1+roONVwL2q6F017pPmpFm3sJT2iDqUXSMZsrA=
Subject key identifier:   1D:94:99:2D:77:94:76:63:4D:45:4E:E2:A4:E9:11:57:FB:4D:90:11
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018D21874D5673412132D561D24ABBCD1424
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/HZSZLXeUdmNNRU7ipOkRV_tNkBE.roa
Signing time:             Fri 19 Jan 2024 11:42:11 +0000
ROA not before:           Fri 19 Jan 2024 11:42:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216381
IP address blocks:        194.209.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:87:4d:56:73:41:21:32:d5:61:d2:4a:bb:cd:14:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan 19 11:42:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d94992d779476634d454ee2a4e91157fb4d9011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8b:99:1a:ab:ea:5c:db:57:f2:e4:f5:9d:a1:
                    fb:36:db:17:12:d7:34:14:ec:46:ca:9f:eb:da:a2:
                    13:1a:9f:16:be:a3:c0:7c:f4:38:5d:63:49:2b:c7:
                    3b:b9:18:0b:07:7e:98:bb:f7:ed:fc:b6:b1:29:c5:
                    0b:60:a6:99:81:91:e5:f0:29:88:ff:35:13:05:cc:
                    62:0d:8d:f9:15:8c:3f:6f:22:6c:34:d7:10:dc:ee:
                    36:4e:b3:e4:43:3b:9c:50:12:36:90:34:ad:e2:bd:
                    c7:75:2a:08:0d:00:fd:a8:f1:a9:e9:4a:59:a8:bc:
                    a5:c7:19:39:a9:48:d4:de:86:2b:87:c6:58:29:c1:
                    d6:ac:2a:5e:4f:13:cb:31:26:53:1b:ac:15:8e:0c:
                    dc:81:f8:f4:58:98:d4:f1:5c:d2:55:da:f8:7f:a7:
                    70:09:dc:b6:fa:0a:c4:90:08:04:33:43:cf:16:ef:
                    e2:c8:cc:ec:dc:53:ed:6e:bb:65:84:ed:2b:ef:83:
                    f8:1b:9e:91:89:35:7e:75:31:40:1a:11:0f:15:7e:
                    45:40:40:91:75:2d:66:34:13:84:d5:c3:e8:37:c0:
                    8c:f8:48:e2:57:00:df:19:ab:06:9e:63:0b:83:2f:
                    5e:45:6c:53:d5:81:25:03:37:60:b3:cf:c2:72:67:
                    50:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:94:99:2D:77:94:76:63:4D:45:4E:E2:A4:E9:11:57:FB:4D:90:11
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/HZSZLXeUdmNNRU7ipOkRV_tNkBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:88:6d:53:4e:2e:8a:08:39:16:01:94:9e:08:d6:51:48:d3:
         c8:df:fb:76:d5:62:6c:e3:66:47:4a:a7:c3:fd:97:73:02:10:
         07:b7:85:e7:7a:43:02:39:5f:d8:b7:89:c2:ea:34:14:f0:5b:
         8d:82:ad:bb:86:66:c2:22:ea:1b:67:fa:3b:6c:b9:76:4d:a0:
         7f:07:28:48:03:3b:0a:bb:69:12:2d:1d:7c:5e:8c:81:48:63:
         71:b6:72:6f:3d:61:04:17:43:66:ab:84:2d:ce:53:ce:da:61:
         ee:5a:a4:53:27:d1:62:12:ac:e4:22:4f:82:bd:37:28:a3:27:
         2b:a3:e2:01:cf:4b:1b:1b:0a:b3:37:98:f6:74:e4:43:4a:63:
         1d:37:55:b4:e5:56:03:85:90:db:79:c8:79:2b:d1:d1:22:e6:
         6b:2d:e3:52:c7:c0:7e:5f:12:7a:22:46:38:25:4a:79:14:ee:
         cd:04:fd:1a:42:6b:25:be:af:fa:53:bb:12:a9:12:d8:cd:ba:
         51:45:4b:6e:42:1f:4f:19:5e:c4:8e:c9:ed:72:ab:a1:4f:70:
         d5:98:af:10:ad:39:7b:65:e9:a6:c1:d3:69:aa:ac:77:07:16:
         d2:99:48:bb:f9:fc:ca:ca:3d:b8:78:73:07:84:14:e0:79:10:
         82:2a:41:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0hh01Wc0EhMtVh0kq7zRQkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTE5MTE0MjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk0OTkyZDc3OTQ3NjYzNGQ0NTRlZTJhNGU5MTE1N2ZiNGQ5MDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj4uZGqvqXNtX8uT1naH7NtsXEtc0
FOxGyp/r2qITGp8WvqPAfPQ4XWNJK8c7uRgLB36Yu/ft/LaxKcULYKaZgZHl8CmI
/zUTBcxiDY35FYw/byJsNNcQ3O42TrPkQzucUBI2kDSt4r3HdSoIDQD9qPGp6UpZ
qLylxxk5qUjU3oYrh8ZYKcHWrCpeTxPLMSZTG6wVjgzcgfj0WJjU8VzSVdr4f6dw
Cdy2+grEkAgEM0PPFu/iyMzs3FPtbrtlhO0r74P4G56RiTV+dTFAGhEPFX5FQECR
dS1mNBOE1cPoN8CM+EjiVwDfGasGnmMLgy9eRWxT1YElAzdgs8/CcmdQPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2UmS13lHZjTUVO4qTpEVf7TZARMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvSFpTWkxYZVVkbU5OUlU3aXBPa1JWX3ROa0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtFxMA0G
CSqGSIb3DQEBCwUAA4IBAQBMiG1TTi6KCDkWAZSeCNZRSNPI3/t21WJs42ZHSqfD
/ZdzAhAHt4XnekMCOV/Yt4nC6jQU8FuNgq27hmbCIuobZ/o7bLl2TaB/ByhIAzsK
u2kSLR18XoyBSGNxtnJvPWEEF0Nmq4QtzlPO2mHuWqRTJ9FiEqzkIk+CvTcooycr
o+IBz0sbGwqzN5j2dORDSmMdN1W05VYDhZDbech5K9HRIuZrLeNSx8B+XxJ6IkY4
JUp5FO7NBP0aQmslvq/6U7sSqRLYzbpRRUtuQh9PGV7EjsntcquhT3DVmK8QrTl7
ZemmwdNpqqx3BxbSmUi7+fzKyj24eHMHhBTgeRCCKkGS
-----END CERTIFICATE-----