Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Hjq4NBkOSSTHCZca05Zwqpt7lc4.roa
File:                     Hjq4NBkOSSTHCZca05Zwqpt7lc4.roa (raw, json)
Hash identifier:          o8drUsYV0dNiIbOpjwSS3DBHPkivmenzUo5cZ2B3iEI=
Subject key identifier:   1E:3A:B8:34:19:0E:49:24:C7:09:97:1A:D3:96:70:AA:9B:7B:95:CE
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D5E30DA8E578B9C18CB1D495C049
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Hjq4NBkOSSTHCZca05Zwqpt7lc4.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141757
IP address blocks:        193.118.161.0/24 maxlen: 24
                          193.118.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d5:e3:0d:a8:e5:78:b9:c1:8c:b1:d4:95:c0:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e3ab834190e4924c709971ad39670aa9b7b95ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:e0:87:3e:90:7b:36:d4:f7:ca:58:ed:77:32:
                    e2:e8:f9:4f:b6:66:77:f2:1f:9f:75:bc:33:3e:4a:
                    ea:83:93:ab:5e:c2:b2:2a:c0:10:92:6c:89:db:bb:
                    9b:b3:d0:f7:fc:be:b3:8f:47:37:15:ee:29:8d:8f:
                    7c:3d:bc:97:f9:bd:61:e0:be:28:87:40:b6:92:d9:
                    b0:93:60:8d:cd:7d:02:02:06:f1:31:fc:60:0d:06:
                    cc:ff:12:ab:00:6b:13:a0:b5:28:ae:00:01:57:9c:
                    cb:2e:6d:41:7d:cf:db:51:ea:a4:cd:4f:cb:b9:8d:
                    b9:66:a7:05:cd:a3:d8:ab:f8:90:d1:b8:0d:36:b6:
                    19:51:8e:cc:4c:92:12:45:32:92:f5:90:f7:bd:dc:
                    54:c8:2e:29:c6:f6:e9:8d:45:d1:57:6f:4e:1a:e0:
                    05:2f:a5:95:71:1b:da:7a:2d:71:c6:84:60:d9:a8:
                    c9:11:86:2d:a0:73:b6:c3:bc:56:f7:a3:0a:ea:fe:
                    60:15:bd:95:33:3c:fd:ba:51:51:05:c0:cf:87:ad:
                    5e:89:9c:98:73:09:d0:17:43:53:28:3d:fc:76:6a:
                    66:ae:66:9d:09:03:f4:84:a9:9e:11:09:90:7f:9c:
                    fa:1d:47:13:eb:8d:73:66:16:f6:84:48:56:0e:dd:
                    dc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:3A:B8:34:19:0E:49:24:C7:09:97:1A:D3:96:70:AA:9B:7B:95:CE
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Hjq4NBkOSSTHCZca05Zwqpt7lc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.118.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:82:98:a5:3c:31:f4:fa:d8:73:b2:11:08:e6:a9:f5:af:9e:
         f3:b8:e0:45:0f:c1:f9:56:97:29:42:79:1d:9a:77:91:63:b8:
         3b:75:05:2b:7f:f7:be:29:c6:e9:e2:95:62:f1:78:95:f9:ca:
         1b:6e:31:30:00:10:ff:09:65:9b:f1:2f:5d:49:8b:3d:07:3d:
         3d:df:98:b2:a4:a7:0d:a6:83:15:53:ef:7e:3b:5a:a9:98:1a:
         47:9c:cb:11:bf:90:31:2e:7f:b9:e3:4f:07:f2:2a:79:06:13:
         99:71:ac:29:70:75:16:6f:4a:e4:88:eb:ac:1c:a9:64:d0:89:
         ae:e3:6b:a9:04:2b:d8:fb:52:07:de:9b:a2:ab:bb:39:fc:6d:
         a8:45:ca:47:1a:53:53:d3:71:b5:86:fe:4f:7b:c8:d3:6d:ea:
         9d:31:69:b6:e4:1c:f6:a5:be:4d:ef:75:4b:49:63:c4:57:e3:
         e7:62:46:50:15:46:85:99:43:4f:67:24:4c:b1:e4:1f:1d:cf:
         c0:14:2a:ee:87:f6:d2:b1:08:33:d4:f3:fe:c2:ac:70:c5:7b:
         2c:a3:64:02:ad:2f:23:3b:2a:59:b5:51:15:5e:02:90:d5:68:
         a9:34:47:26:ee:ec:dd:8a:14:19:11:16:5e:b3:0c:68:a6:44:
         89:56:02:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttXjDajleLnBjLHUlcBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTNhYjgzNDE5MGU0OTI0YzcwOTk3MWFkMzk2NzBhYTliN2I5NWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA++CHPpB7NtT3yljtdzLi6PlPtmZ3
8h+fdbwzPkrqg5OrXsKyKsAQkmyJ27ubs9D3/L6zj0c3Fe4pjY98PbyX+b1h4L4o
h0C2ktmwk2CNzX0CAgbxMfxgDQbM/xKrAGsToLUorgABV5zLLm1Bfc/bUeqkzU/L
uY25ZqcFzaPYq/iQ0bgNNrYZUY7MTJISRTKS9ZD3vdxUyC4pxvbpjUXRV29OGuAF
L6WVcRvaei1xxoRg2ajJEYYtoHO2w7xW96MK6v5gFb2VMzz9ulFRBcDPh61eiZyY
cwnQF0NTKD38dmpmrmadCQP0hKmeEQmQf5z6HUcT641zZhb2hEhWDt3ccQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB46uDQZDkkkxwmXGtOWcKqbe5XOMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvSGpxNE5Ca09TU1RIQ1pjYTA1WndxcHQ3bGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwXagMA0G
CSqGSIb3DQEBCwUAA4IBAQCTgpilPDH0+thzshEI5qn1r57zuOBFD8H5VpcpQnkd
mneRY7g7dQUrf/e+Kcbp4pVi8XiV+cobbjEwABD/CWWb8S9dSYs9Bz0935iypKcN
poMVU+9+O1qpmBpHnMsRv5AxLn+5408H8ip5BhOZcawpcHUWb0rkiOusHKlk0Imu
42upBCvY+1IH3puiq7s5/G2oRcpHGlNT03G1hv5Pe8jTbeqdMWm25Bz2pb5N73VL
SWPEV+PnYkZQFUaFmUNPZyRMseQfHc/AFCruh/bSsQgz1PP+wqxwxXsso2QCrS8j
OypZtVEVXgKQ1WipNEcm7uzdihQZERZeswxopkSJVgLv
-----END CERTIFICATE-----