Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/_DHbhwygxYc_PbGh19PxMSo6zgk.roa
File:                     _DHbhwygxYc_PbGh19PxMSo6zgk.roa (raw, json)
Hash identifier:          apCIOcpnivEsU/KbNRQvuIHS+EwekGVocubO45ZaFAQ=
Subject key identifier:   FC:31:DB:87:0C:A0:C5:87:3F:3D:B1:A1:D7:D3:F1:31:2A:3A:CE:09
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018E5AE167154CE95E9276D4CEB3E7F5A72C
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/_DHbhwygxYc_PbGh19PxMSo6zgk.roa
Signing time:             Wed 20 Mar 2024 08:01:45 +0000
ROA not before:           Wed 20 Mar 2024 08:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213274
IP address blocks:        213.238.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5a:e1:67:15:4c:e9:5e:92:76:d4:ce:b3:e7:f5:a7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Mar 20 08:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc31db870ca0c5873f3db1a1d7d3f1312a3ace09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9a:05:d9:5b:08:29:2b:2b:e3:ee:6c:8d:9d:
                    2f:1d:b3:ef:50:c0:99:06:5e:73:a5:c3:e3:ce:af:
                    87:50:c9:a3:19:07:93:d9:f1:c5:08:5d:70:92:d7:
                    1b:9d:8b:8e:3e:7b:ef:fb:a1:26:bf:f6:35:37:99:
                    bf:d4:0a:8c:96:55:5a:16:33:c7:f0:07:c0:5f:64:
                    e0:ce:5d:bf:73:01:41:d6:f1:be:18:8a:79:54:99:
                    e8:6d:a3:e3:8f:e0:ea:a5:bb:b6:85:40:b7:4e:26:
                    99:55:ab:b9:87:46:b9:7b:cf:1a:35:46:2e:c5:92:
                    ad:27:e8:ef:a9:26:5a:40:a1:65:bc:8b:ce:6a:a1:
                    b2:9a:2d:b7:43:9f:a3:60:6c:7f:ae:9a:6a:8a:04:
                    09:ae:e0:1c:8e:3a:e4:57:e3:76:9d:1f:31:fb:b2:
                    76:ec:67:90:7a:05:89:63:58:37:9b:08:74:65:7b:
                    f4:3a:3d:ba:80:b0:58:23:17:56:9a:7a:b6:91:64:
                    79:3f:c1:71:bc:99:8d:07:a5:06:a7:6b:21:16:f1:
                    31:18:b8:4e:d0:83:4f:f5:4c:36:bd:33:39:37:3e:
                    8c:46:1e:1d:11:8b:b8:23:48:ea:21:3b:76:8f:30:
                    93:9b:86:71:c5:ae:ae:d9:6c:79:69:fb:92:25:e1:
                    9c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:31:DB:87:0C:A0:C5:87:3F:3D:B1:A1:D7:D3:F1:31:2A:3A:CE:09
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/_DHbhwygxYc_PbGh19PxMSo6zgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:dc:81:fe:cb:b0:7b:54:6b:83:6f:2b:1c:ff:e8:d9:83:02:
         e1:6e:bf:de:36:d1:be:0c:37:54:38:ca:91:4c:00:d0:4f:b3:
         b2:82:39:3f:2b:ad:2a:a1:48:6c:77:46:76:89:b5:49:cd:38:
         df:42:2f:0f:a8:6e:7f:2a:2b:13:8e:ae:17:33:19:c7:27:76:
         8e:f0:5e:ef:54:2a:16:9c:7f:eb:3b:1d:19:bc:f6:06:3e:cb:
         f2:1f:4e:43:1a:63:be:27:b3:b1:44:af:82:81:a0:06:38:d8:
         5b:aa:bc:61:93:dc:58:60:58:63:3c:7e:f7:a0:06:21:7b:99:
         56:7f:73:c0:9f:63:3d:2a:7f:ca:12:18:85:08:fe:47:55:91:
         b5:61:cd:43:66:d9:8b:26:38:4f:4b:e4:f2:82:c9:7e:d5:48:
         46:a8:d2:5a:f7:ed:e8:f1:e0:30:1d:ab:c7:06:c0:b9:51:33:
         1c:f8:a7:9a:6a:45:91:e9:75:96:9d:36:51:54:a6:6a:6c:e9:
         38:19:df:00:1f:2a:a9:2b:68:81:91:27:4e:0b:62:8d:0a:6b:
         f2:cf:8c:d9:93:41:90:45:cb:7d:27:47:ff:68:a3:12:b5:98:
         5e:e8:4e:c7:9a:aa:fd:38:86:58:fa:fb:2a:20:23:97:62:5a:
         bc:0d:d1:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5a4WcVTOleknbUzrPn9acsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMzIwMDgwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMxZGI4NzBjYTBjNTg3M2YzZGIxYTFkN2QzZjEzMTJhM2FjZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpoF2VsIKSsr4+5sjZ0vHbPvUMCZ
Bl5zpcPjzq+HUMmjGQeT2fHFCF1wktcbnYuOPnvv+6Emv/Y1N5m/1AqMllVaFjPH
8AfAX2Tgzl2/cwFB1vG+GIp5VJnobaPjj+Dqpbu2hUC3TiaZVau5h0a5e88aNUYu
xZKtJ+jvqSZaQKFlvIvOaqGymi23Q5+jYGx/rppqigQJruAcjjrkV+N2nR8x+7J2
7GeQegWJY1g3mwh0ZXv0Oj26gLBYIxdWmnq2kWR5P8FxvJmNB6UGp2shFvExGLhO
0INP9Uw2vTM5Nz6MRh4dEYu4I0jqITt2jzCTm4Zxxa6u2Wx5afuSJeGcWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwx24cMoMWHPz2xodfT8TEqOs4JMB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvX0RIYmh3eWd4WWNfUGJHaDE5UHhNU282emdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6uMA0G
CSqGSIb3DQEBCwUAA4IBAQBA3IH+y7B7VGuDbysc/+jZgwLhbr/eNtG+DDdUOMqR
TADQT7Oygjk/K60qoUhsd0Z2ibVJzTjfQi8PqG5/KisTjq4XMxnHJ3aO8F7vVCoW
nH/rOx0ZvPYGPsvyH05DGmO+J7OxRK+CgaAGONhbqrxhk9xYYFhjPH73oAYhe5lW
f3PAn2M9Kn/KEhiFCP5HVZG1Yc1DZtmLJjhPS+Tygsl+1UhGqNJa9+3o8eAwHavH
BsC5UTMc+KeaakWR6XWWnTZRVKZqbOk4Gd8AHyqpK2iBkSdOC2KNCmvyz4zZk0GQ
Rct9J0f/aKMStZhe6E7Hmqr9OIZY+vsqICOXYlq8DdFf
-----END CERTIFICATE-----