Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/2306f6-6cc0-4982-a523-16842bdad925/1/HU5jiT-hefgS8hms0y7azcLxess.roa
File:                     HU5jiT-hefgS8hms0y7azcLxess.roa (raw, json)
Hash identifier:          CpzLLDFk7DbBMPEXxbrIORRCsxJ6uMN67Gp8zl2/qFw=
Subject key identifier:   1D:4E:63:89:3F:A1:79:F8:12:F2:19:AC:D3:2E:DA:CD:C2:F1:7A:CB
Certificate issuer:       /CN=d466d170c810ba34c42e920e84d4262845977f85
Certificate serial:       018E7F4A624003FD708B742CC09DA8CF4A11
Authority key identifier: D4:66:D1:70:C8:10:BA:34:C4:2E:92:0E:84:D4:26:28:45:97:7F:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1GbRcMgQujTELpIOhNQmKEWXf4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/2306f6-6cc0-4982-a523-16842bdad925/1/HU5jiT-hefgS8hms0y7azcLxess.roa
Signing time:             Wed 27 Mar 2024 09:42:44 +0000
ROA not before:           Wed 27 Mar 2024 09:42:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212665
IP address blocks:        193.105.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/2306f6-6cc0-4982-a523-16842bdad925/1/1GbRcMgQujTELpIOhNQmKEWXf4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/2306f6-6cc0-4982-a523-16842bdad925/1/1GbRcMgQujTELpIOhNQmKEWXf4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1GbRcMgQujTELpIOhNQmKEWXf4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:4a:62:40:03:fd:70:8b:74:2c:c0:9d:a8:cf:4a:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d466d170c810ba34c42e920e84d4262845977f85
        Validity
            Not Before: Mar 27 09:42:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d4e63893fa179f812f219acd32edacdc2f17acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:72:45:4b:97:19:1b:a6:ea:1e:f8:76:cc:e9:
                    f3:0c:06:41:0d:e9:b0:4f:0c:2e:cd:3a:96:f2:70:
                    c0:73:bd:44:70:ac:07:c1:8b:fd:76:36:76:d5:a0:
                    61:8f:a8:04:df:90:37:e5:42:ca:a4:28:a3:a0:10:
                    a5:52:d4:f2:a3:fc:c1:ca:a7:31:77:09:1f:b0:14:
                    dd:f3:f2:b6:8b:39:6e:4b:dd:fc:02:46:e5:4b:0d:
                    77:34:57:b2:a8:0a:a7:f1:72:15:b9:0c:9a:5a:cf:
                    91:c6:66:8f:2a:22:45:90:27:47:10:6d:25:76:1c:
                    3c:d7:8c:d3:d2:b4:79:64:33:39:ad:dc:e2:5f:3a:
                    f4:08:2d:d7:90:a0:15:11:35:8d:9f:7b:3e:1d:f9:
                    60:1b:bd:75:17:ef:0f:d6:40:4c:f3:22:c2:b1:9d:
                    a8:73:19:b7:30:09:24:fc:b9:c5:67:3f:00:32:21:
                    c4:6e:07:38:9e:0e:61:58:9b:46:9a:c0:f2:a7:9d:
                    5a:c7:d0:37:5a:5e:e9:40:20:a6:2d:1d:93:77:cc:
                    9e:fe:9e:16:c4:d6:b8:2f:ba:06:d8:fb:08:10:88:
                    d8:73:10:41:85:44:c8:b0:96:ba:01:2b:4e:48:b3:
                    fc:a7:a3:57:d1:41:3d:4f:b7:c9:df:1c:71:04:d8:
                    10:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:4E:63:89:3F:A1:79:F8:12:F2:19:AC:D3:2E:DA:CD:C2:F1:7A:CB
            X509v3 Authority Key Identifier:
                keyid:D4:66:D1:70:C8:10:BA:34:C4:2E:92:0E:84:D4:26:28:45:97:7F:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1GbRcMgQujTELpIOhNQmKEWXf4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/2306f6-6cc0-4982-a523-16842bdad925/1/HU5jiT-hefgS8hms0y7azcLxess.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/2306f6-6cc0-4982-a523-16842bdad925/1/1GbRcMgQujTELpIOhNQmKEWXf4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:73:5e:aa:7f:0c:61:78:75:33:fa:2c:c2:88:2f:3d:e7:b8:
         d7:67:d3:d7:45:50:70:27:0f:d8:da:fb:d2:d2:38:bd:35:ce:
         bb:96:1f:24:aa:9a:ee:2f:19:2d:b5:b4:39:70:32:1f:e0:ff:
         95:71:ee:c6:5a:cb:d4:e8:97:ed:45:93:f3:2e:da:ac:3e:b5:
         d6:32:d2:b4:db:83:3c:bf:d7:d1:e1:4f:7a:c0:7b:6a:77:b2:
         05:98:64:26:1d:f6:f7:60:02:2a:c3:6a:12:99:b6:83:18:22:
         4a:c7:c0:a0:49:e6:03:8c:3b:05:f5:b0:f0:33:b2:ef:25:21:
         48:dd:0f:35:6b:90:e5:eb:c5:b7:88:e9:9c:c3:32:8f:ce:46:
         88:f9:ef:67:2a:cf:3f:38:62:73:60:cf:50:9d:42:2b:6b:d4:
         2b:9f:c4:8b:49:11:0c:f5:12:e8:23:79:b7:de:ec:62:2d:7c:
         34:3b:f2:00:61:cc:82:36:d1:42:de:53:5d:06:71:a0:a8:53:
         8e:12:60:0e:bd:44:27:fa:64:9d:8e:79:8c:b3:34:9b:4d:7d:
         ae:6e:05:2d:b8:73:69:02:53:6f:d1:97:bb:41:07:c3:0d:23:
         cc:03:a4:54:4c:df:3a:7b:26:a0:a0:c3:7e:48:7c:89:ff:5d:
         1a:dc:79:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5/SmJAA/1wi3QswJ2oz0oRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NjZkMTcwYzgxMGJhMzRjNDJlOTIwZTg0ZDQyNjI4NDU5
NzdmODUwHhcNMjQwMzI3MDk0MjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDRlNjM4OTNmYTE3OWY4MTJmMjE5YWNkMzJlZGFjZGMyZjE3YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXJFS5cZG6bqHvh2zOnzDAZBDemw
TwwuzTqW8nDAc71EcKwHwYv9djZ21aBhj6gE35A35ULKpCijoBClUtTyo/zByqcx
dwkfsBTd8/K2izluS938AkblSw13NFeyqAqn8XIVuQyaWs+RxmaPKiJFkCdHEG0l
dhw814zT0rR5ZDM5rdziXzr0CC3XkKAVETWNn3s+HflgG711F+8P1kBM8yLCsZ2o
cxm3MAkk/LnFZz8AMiHEbgc4ng5hWJtGmsDyp51ax9A3Wl7pQCCmLR2Td8ye/p4W
xNa4L7oG2PsIEIjYcxBBhUTIsJa6AStOSLP8p6NX0UE9T7fJ3xxxBNgQ5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1OY4k/oXn4EvIZrNMu2s3C8XrLMB8GA1UdIwQY
MBaAFNRm0XDIELo0xC6SDoTUJihFl3+FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUdiUmNNZ1F1alRFTHBJT2hOUW1LRVdYZjRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8yMzA2ZjYtNmNjMC00OTgyLWE1MjMt
MTY4NDJiZGFkOTI1LzEvSFU1amlULWhlZmdTOGhtczB5N2F6Y0x4ZXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8yMzA2ZjYtNmNjMC00OTgyLWE1MjMtMTY4NDJiZGFkOTI1
LzEvMUdiUmNNZ1F1alRFTHBJT2hOUW1LRVdYZjRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWmsMA0G
CSqGSIb3DQEBCwUAA4IBAQA7c16qfwxheHUz+izCiC8957jXZ9PXRVBwJw/Y2vvS
0ji9Nc67lh8kqpruLxkttbQ5cDIf4P+Vce7GWsvU6JftRZPzLtqsPrXWMtK024M8
v9fR4U96wHtqd7IFmGQmHfb3YAIqw2oSmbaDGCJKx8CgSeYDjDsF9bDwM7LvJSFI
3Q81a5Dl68W3iOmcwzKPzkaI+e9nKs8/OGJzYM9QnUIra9Qrn8SLSREM9RLoI3m3
3uxiLXw0O/IAYcyCNtFC3lNdBnGgqFOOEmAOvUQn+mSdjnmMszSbTX2ubgUtuHNp
AlNv0Ze7QQfDDSPMA6RUTN86eyagoMN+SHyJ/10a3HlZ
-----END CERTIFICATE-----