Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/HDMtr0XE-Ym2BPoN28qLinchLNk.roa
File:                     HDMtr0XE-Ym2BPoN28qLinchLNk.roa (raw, json)
Hash identifier:          90woSh3IQhMRmHGrG+tQY5HUTP9PX0exXpDQ+1C5uyc=
Subject key identifier:   1C:33:2D:AF:45:C4:F9:89:B6:04:FA:0D:DB:CA:8B:8A:77:21:2C:D9
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       018CC64AE001A47A898EB544BAF6F85F8EF1
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/HDMtr0XE-Ym2BPoN28qLinchLNk.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269800
IP address blocks:        95.164.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e0:01:a4:7a:89:8e:b5:44:ba:f6:f8:5f:8e:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c332daf45c4f989b604fa0ddbca8b8a77212cd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c6:1f:f7:8f:d9:0f:b3:9c:27:1c:a5:d0:a2:
                    28:d6:e6:88:6f:bb:cb:a1:f3:eb:90:d2:d3:18:0c:
                    f9:ef:e2:f4:38:52:82:a5:60:21:9c:0e:f9:be:6e:
                    fb:e9:e2:86:64:81:52:f4:54:42:9e:da:dc:50:50:
                    99:76:73:2e:5e:0b:33:19:56:e1:48:2a:b7:43:32:
                    73:b1:14:2d:59:90:2b:5f:38:4f:2c:76:59:aa:ec:
                    49:a6:ff:cf:db:92:32:a3:30:0a:a2:58:b5:a6:a3:
                    62:05:0c:c6:c8:ad:c3:8c:0d:3c:0b:13:ce:00:2b:
                    11:dc:1a:0a:7c:47:0c:91:83:3a:17:19:c8:3d:a2:
                    3d:06:fe:8c:0b:41:1b:6d:4d:87:91:96:60:3a:83:
                    5b:0c:9c:9f:c6:eb:e7:af:3b:04:5f:c9:6b:f1:c6:
                    24:e1:b1:09:bc:fa:75:9c:f3:9e:b9:90:4c:05:a1:
                    91:44:1f:86:7b:10:ef:79:ab:84:54:07:89:3a:ed:
                    b1:0d:5a:a2:f0:76:19:a1:d1:fb:97:82:cf:38:8d:
                    80:33:28:dc:9d:9d:f6:30:4e:31:13:20:60:b4:82:
                    3e:90:15:4a:cf:cd:2a:02:12:3c:05:24:2a:2f:e5:
                    81:e3:dd:4a:27:83:5e:90:6f:a1:11:c4:6b:90:2e:
                    da:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:33:2D:AF:45:C4:F9:89:B6:04:FA:0D:DB:CA:8B:8A:77:21:2C:D9
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/HDMtr0XE-Ym2BPoN28qLinchLNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.164.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:ba:40:ec:68:2d:1e:30:5a:e8:48:ad:e1:91:6e:01:46:9c:
         6a:59:0f:bd:c6:c1:1e:66:6a:19:8c:64:bc:b6:e8:fa:46:30:
         12:a7:70:fd:c3:8f:38:65:12:ba:00:39:a5:85:d4:19:04:15:
         9c:8a:f5:b7:16:e3:5d:e0:dc:f4:7d:dc:64:3b:9a:7f:1d:50:
         fd:95:07:9c:ed:26:2b:0a:1d:61:8a:dd:5f:ad:0a:a9:72:9c:
         a7:84:2c:ac:94:a5:08:83:ea:0e:6b:f7:14:23:0b:51:44:7f:
         ea:67:b0:aa:35:dd:9a:11:f1:09:59:c6:46:67:0a:e2:c9:29:
         46:d0:45:8f:b8:cf:63:9c:ea:6c:2d:3a:50:d6:62:8e:d2:d2:
         a6:56:32:1c:23:6b:af:5a:54:b7:47:75:b2:cf:3a:18:eb:4f:
         8f:13:d3:a8:6b:e2:e5:c9:1d:0a:bc:04:ff:b3:ab:de:ca:f2:
         14:7b:ce:aa:99:d1:5f:d0:05:90:01:94:d8:03:e7:c6:9d:75:
         83:cf:ab:e2:ac:4d:e3:28:c1:9e:6b:18:1a:9d:7d:2d:2b:6f:
         7a:69:5b:99:33:8f:74:57:1d:c9:2e:db:a2:9c:10:01:03:71:
         01:83:f8:20:3a:5b:94:f4:5f:38:98:4e:e2:8b:ad:b8:5f:2f:
         1b:e9:fb:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuABpHqJjrVEuvb4X47xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzMzMmRhZjQ1YzRmOTg5YjYwNGZhMGRkYmNhOGI4YTc3MjEyY2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsYf94/ZD7OcJxyl0KIo1uaIb7vL
ofPrkNLTGAz57+L0OFKCpWAhnA75vm776eKGZIFS9FRCntrcUFCZdnMuXgszGVbh
SCq3QzJzsRQtWZArXzhPLHZZquxJpv/P25IyozAKoli1pqNiBQzGyK3DjA08CxPO
ACsR3BoKfEcMkYM6FxnIPaI9Bv6MC0EbbU2HkZZgOoNbDJyfxuvnrzsEX8lr8cYk
4bEJvPp1nPOeuZBMBaGRRB+GexDveauEVAeJOu2xDVqi8HYZodH7l4LPOI2AMyjc
nZ32ME4xEyBgtII+kBVKz80qAhI8BSQqL+WB491KJ4NekG+hEcRrkC7apwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwzLa9FxPmJtgT6DdvKi4p3ISzZMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvSERNdHIwWEUtWW0yQlBvTjI4cUxpbmNoTE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX6TsMA0G
CSqGSIb3DQEBCwUAA4IBAQB6ukDsaC0eMFroSK3hkW4BRpxqWQ+9xsEeZmoZjGS8
tuj6RjASp3D9w484ZRK6ADmlhdQZBBWcivW3FuNd4Nz0fdxkO5p/HVD9lQec7SYr
Ch1hit1frQqpcpynhCyslKUIg+oOa/cUIwtRRH/qZ7CqNd2aEfEJWcZGZwriySlG
0EWPuM9jnOpsLTpQ1mKO0tKmVjIcI2uvWlS3R3WyzzoY60+PE9Ooa+LlyR0KvAT/
s6veyvIUe86qmdFf0AWQAZTYA+fGnXWDz6virE3jKMGeaxganX0tK296aVuZM490
Vx3JLtuinBABA3EBg/ggOluU9F84mE7ii624Xy8b6fub
-----END CERTIFICATE-----