Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/HRNCM29Lfd6GUrjLWhfVEZK8Pk0.roa
File:                     HRNCM29Lfd6GUrjLWhfVEZK8Pk0.roa (raw, json)
Hash identifier:          z48BydbyCcnp1XJbWLcmx5rliPkrqbTUFpr/Zni0HCc=
Subject key identifier:   1D:13:42:33:6F:4B:7D:DE:86:52:B8:CB:5A:17:D5:11:92:BC:3E:4D
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       018CC500C746E0980FC1AD46DAC7B7B03CBE
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/HRNCM29Lfd6GUrjLWhfVEZK8Pk0.roa
Signing time:             Mon 01 Jan 2024 12:30:11 +0000
ROA not before:           Mon 01 Jan 2024 12:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        193.108.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c7:46:e0:98:0f:c1:ad:46:da:c7:b7:b0:3c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  1 12:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d1342336f4b7dde8652b8cb5a17d51192bc3e4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:cd:48:ee:27:61:87:a7:26:07:ac:0d:c1:77:
                    1b:98:b8:75:90:ef:57:39:bd:24:dc:9f:26:ea:09:
                    0a:2d:07:d1:e8:94:25:d2:0d:b5:14:98:c4:4c:8a:
                    fe:23:b7:84:79:13:52:c1:4e:d6:e3:ea:9f:ca:72:
                    83:c2:f5:30:1f:8a:29:c0:57:f7:51:58:c0:ab:a9:
                    47:6d:e4:1b:c4:64:3c:6d:a9:ff:4f:7a:d0:03:96:
                    5e:db:82:6a:e4:72:69:06:29:8f:35:8d:9b:df:2f:
                    d8:07:fe:13:81:41:8a:a9:3f:f1:0f:00:d0:ca:5d:
                    09:9f:da:c2:37:2f:b6:85:06:49:ae:55:36:c7:80:
                    56:89:84:ff:73:bb:1c:01:af:22:88:a1:e1:d4:6a:
                    f1:83:a6:4e:44:1e:9c:a0:aa:1d:8e:1a:be:2b:7f:
                    b0:38:5a:a8:a0:6d:14:4d:1d:de:0f:32:04:26:3f:
                    86:8b:26:94:fc:e7:7e:6d:59:5c:39:8d:50:84:77:
                    a0:1f:81:d8:9a:c6:c7:26:b6:18:9f:52:70:b0:23:
                    bc:e9:91:64:21:8a:de:e0:27:ac:1a:50:7e:80:f2:
                    61:de:8a:e2:e5:f6:24:98:3d:2c:77:e9:f7:7b:2d:
                    82:7b:52:f1:33:6f:4f:d9:02:e2:b6:dd:68:88:20:
                    25:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:13:42:33:6F:4B:7D:DE:86:52:B8:CB:5A:17:D5:11:92:BC:3E:4D
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/HRNCM29Lfd6GUrjLWhfVEZK8Pk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7f:e4:a3:d8:38:9d:10:b7:ec:d3:c1:72:3f:c4:1a:25:fd:
         b5:35:dc:fe:a2:31:69:9e:bd:e3:c6:67:16:50:ee:e3:37:15:
         4d:86:37:78:6a:8f:33:b9:8a:f4:a7:2a:ac:9e:55:aa:f7:c4:
         51:ef:b2:90:b1:da:4e:af:c3:ed:51:38:a7:a2:0a:ee:e2:f6:
         3f:d5:fa:aa:d7:97:ff:6f:ab:34:d1:b8:9f:e3:78:06:f9:07:
         1f:e7:59:63:1c:ce:ef:b9:67:9e:31:8c:5d:44:f2:a7:69:c2:
         f7:3d:ea:11:f4:9d:29:92:8c:2f:b8:4c:6a:e0:7d:f3:b5:e6:
         f5:ec:cb:9e:24:2b:7c:53:bb:23:5e:63:d9:e4:42:3a:6b:f4:
         cc:39:b1:c9:67:00:01:7c:9d:d5:2f:72:99:bc:fb:a6:e7:e5:
         a6:ab:2e:3a:28:1b:f3:c1:b7:ab:95:fa:81:db:43:a1:2f:d2:
         83:37:25:38:3e:cd:06:8e:d2:ef:56:d8:7d:73:d2:67:28:3e:
         36:49:97:1a:bd:d6:08:16:cf:eb:0f:ba:d5:d8:01:26:7d:b4:
         58:c7:09:8e:42:b1:60:0c:a7:e5:5d:32:c4:c5:67:da:b6:d8:
         6e:72:e4:75:4c:3b:bf:8c:38:d1:e0:87:b6:1c:a0:95:0f:6c:
         4f:e6:ec:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMdG4JgPwa1G2se3sDy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDEzNDIzMzZmNGI3ZGRlODY1MmI4Y2I1YTE3ZDUxMTkyYmMzZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA681I7idhh6cmB6wNwXcbmLh1kO9X
Ob0k3J8m6gkKLQfR6JQl0g21FJjETIr+I7eEeRNSwU7W4+qfynKDwvUwH4opwFf3
UVjAq6lHbeQbxGQ8ban/T3rQA5Ze24Jq5HJpBimPNY2b3y/YB/4TgUGKqT/xDwDQ
yl0Jn9rCNy+2hQZJrlU2x4BWiYT/c7scAa8iiKHh1Grxg6ZORB6coKodjhq+K3+w
OFqooG0UTR3eDzIEJj+GiyaU/Od+bVlcOY1QhHegH4HYmsbHJrYYn1JwsCO86ZFk
IYre4CesGlB+gPJh3ori5fYkmD0sd+n3ey2Ce1LxM29P2QLitt1oiCAlPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0TQjNvS33ehlK4y1oX1RGSvD5NMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvSFJOQ00yOUxmZDZHVXJqTFdoZlZFWks4UGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWxnMA0G
CSqGSIb3DQEBCwUAA4IBAQAuf+Sj2DidELfs08FyP8QaJf21Ndz+ojFpnr3jxmcW
UO7jNxVNhjd4ao8zuYr0pyqsnlWq98RR77KQsdpOr8PtUTinogru4vY/1fqq15f/
b6s00bif43gG+Qcf51ljHM7vuWeeMYxdRPKnacL3PeoR9J0pkowvuExq4H3zteb1
7MueJCt8U7sjXmPZ5EI6a/TMObHJZwABfJ3VL3KZvPum5+Wmqy46KBvzwberlfqB
20OhL9KDNyU4Ps0GjtLvVth9c9JnKD42SZcavdYIFs/rD7rV2AEmfbRYxwmOQrFg
DKflXTLExWfatthucuR1TDu/jDjR4Ie2HKCVD2xP5uzS
-----END CERTIFICATE-----