Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/hhVtoJeRGoTas_aawoPdDYctvOI.roa
File:                     hhVtoJeRGoTas_aawoPdDYctvOI.roa (raw, json)
Hash identifier:          KqNgXXj8ZXHyKICJhlc1KloT79hlNMvwIWtMVZEQLWI=
Subject key identifier:   86:15:6D:A0:97:91:1A:84:DA:B3:F6:9A:C2:83:DD:0D:87:2D:BC:E2
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       01920071771FBDC849F7FEEFEAC0644D5401
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/hhVtoJeRGoTas_aawoPdDYctvOI.roa
Signing time:             Tue 17 Sep 2024 14:44:48 +0000
ROA not before:           Tue 17 Sep 2024 14:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.192.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:00:71:77:1f:bd:c8:49:f7:fe:ef:ea:c0:64:4d:54:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Sep 17 14:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86156da097911a84dab3f69ac283dd0d872dbce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c6:b3:21:8c:ab:b4:2b:36:7b:e7:7f:7f:27:
                    52:9c:12:c8:b2:3a:89:b4:52:cb:1a:29:ed:b8:7a:
                    01:af:dc:3c:9f:81:21:59:ae:6c:d5:06:df:d2:25:
                    4c:23:9d:ac:fa:75:cf:d6:21:06:6a:3b:a9:e4:e2:
                    f7:92:aa:a3:4a:3f:13:ac:b7:3d:d6:95:31:40:92:
                    bf:6f:9c:15:d8:c2:e3:f8:62:49:ff:e6:96:a5:5c:
                    a8:86:56:fe:59:7a:97:13:7d:ef:34:84:d6:39:28:
                    da:62:6c:af:e5:35:46:95:a3:47:5d:24:d2:6d:8d:
                    06:24:39:f6:8a:a6:7b:55:64:ce:43:b4:b7:b3:3a:
                    34:ae:70:40:82:84:22:74:3b:9d:dc:b5:9d:00:5d:
                    1f:5d:09:dc:51:6e:b8:fc:c1:5d:aa:5b:6d:2f:1e:
                    fd:50:86:9d:0d:64:85:15:a7:96:d2:9f:cb:d3:29:
                    a0:4b:73:87:57:e1:fa:5e:2a:e7:a2:66:85:15:ce:
                    36:68:4c:64:cc:cf:b3:62:4b:ad:20:6b:43:ee:57:
                    cb:02:22:a2:cf:a0:aa:02:09:d8:73:ee:24:13:bf:
                    c9:2f:cd:43:c1:54:c8:b2:07:5c:be:c1:13:19:2f:
                    49:31:31:3f:f7:00:e9:61:a2:a0:cf:62:4e:c6:00:
                    2e:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:15:6D:A0:97:91:1A:84:DA:B3:F6:9A:C2:83:DD:0D:87:2D:BC:E2
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/hhVtoJeRGoTas_aawoPdDYctvOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:6e:38:87:7e:66:42:97:5f:7c:0c:8a:c3:0b:ce:4c:a8:80:
         ff:05:e2:fb:d3:ba:c1:4b:fb:79:e7:7b:4b:93:cf:06:de:21:
         36:5a:d2:62:ca:cc:de:3c:32:12:6b:86:50:45:1b:10:0f:6a:
         2a:a5:15:f3:24:94:60:d5:fd:c5:93:30:c9:51:75:bd:b1:3e:
         9f:f6:c6:8f:ae:b9:1c:b8:8a:1a:85:97:2c:b7:cb:5a:94:ce:
         1e:db:1b:d5:0c:f6:63:7d:2d:c8:39:2e:11:46:42:12:29:fa:
         8a:53:60:ad:e0:d8:5a:0b:d9:4b:a9:e0:db:1b:56:dd:ba:be:
         5b:5f:2f:41:f6:0c:dd:de:f1:f6:f8:73:e0:80:2d:db:d5:33:
         de:39:94:26:6b:8c:40:53:1f:b4:c9:17:b2:38:39:82:cf:02:
         d4:a2:38:35:72:b8:cd:b2:27:f1:ec:8d:df:e2:61:2c:3b:48:
         5b:0d:10:5b:7b:3a:e0:6f:db:36:5c:e1:25:47:a0:79:ef:7b:
         4c:55:0a:13:31:a2:ba:8d:66:cc:8a:52:fd:8d:3b:05:65:10:
         b5:c3:07:47:db:51:8f:1d:67:26:9d:13:ac:dc:eb:c3:fa:b8:
         21:e9:d3:d1:b7:71:aa:6a:14:3d:4d:7b:2c:0d:58:26:96:78:
         b0:6b:1f:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIAcXcfvchJ9/7v6sBkTVQBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjQwOTE3MTQ0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjE1NmRhMDk3OTExYTg0ZGFiM2Y2OWFjMjgzZGQwZDg3MmRiY2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcazIYyrtCs2e+d/fydSnBLIsjqJ
tFLLGintuHoBr9w8n4EhWa5s1Qbf0iVMI52s+nXP1iEGajup5OL3kqqjSj8TrLc9
1pUxQJK/b5wV2MLj+GJJ/+aWpVyohlb+WXqXE33vNITWOSjaYmyv5TVGlaNHXSTS
bY0GJDn2iqZ7VWTOQ7S3szo0rnBAgoQidDud3LWdAF0fXQncUW64/MFdqlttLx79
UIadDWSFFaeW0p/L0ymgS3OHV+H6XirnomaFFc42aExkzM+zYkutIGtD7lfLAiKi
z6CqAgnYc+4kE7/JL81DwVTIsgdcvsETGS9JMTE/9wDpYaKgz2JOxgAuRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYVbaCXkRqE2rP2msKD3Q2HLbziMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvaGhWdG9KZVJHb1Rhc19hYXdvUGREWWN0dk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucDZMA0G
CSqGSIb3DQEBCwUAA4IBAQAAbjiHfmZCl198DIrDC85MqID/BeL707rBS/t553tL
k88G3iE2WtJiyszePDISa4ZQRRsQD2oqpRXzJJRg1f3FkzDJUXW9sT6f9saPrrkc
uIoahZcst8talM4e2xvVDPZjfS3IOS4RRkISKfqKU2Ct4NhaC9lLqeDbG1bdur5b
Xy9B9gzd3vH2+HPggC3b1TPeOZQma4xAUx+0yReyODmCzwLUojg1crjNsifx7I3f
4mEsO0hbDRBbezrgb9s2XOElR6B573tMVQoTMaK6jWbMilL9jTsFZRC1wwdH21GP
HWcmnROs3OvD+rgh6dPRt3GqahQ9TXssDVgmlniwax9w
-----END CERTIFICATE-----