Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/hprk1dL4lNiJ8W45_Dc4kQke4cU.roa
File:                     hprk1dL4lNiJ8W45_Dc4kQke4cU.roa (raw, json)
Hash identifier:          7C0Wadn6UeBWHKf9sixeoTBJK3vS0za0Zu772+gX3Us=
Subject key identifier:   86:9A:E4:D5:D2:F8:94:D8:89:F1:6E:39:FC:37:38:91:09:1E:E1:C5
Certificate issuer:       /CN=9b759ec9ff54de03a7ff3a65edbb2e0758e6878c
Certificate serial:       018CC64AC9F9699F2FBF1B904BB0149D4D4D
Authority key identifier: 9B:75:9E:C9:FF:54:DE:03:A7:FF:3A:65:ED:BB:2E:07:58:E6:87:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/hprk1dL4lNiJ8W45_Dc4kQke4cU.roa
Signing time:             Mon 01 Jan 2024 18:30:39 +0000
ROA not before:           Mon 01 Jan 2024 18:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        164.153.132.0/24 maxlen: 24
                          164.153.133.0/24 maxlen: 24
                          164.153.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c9:f9:69:9f:2f:bf:1b:90:4b:b0:14:9d:4d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b759ec9ff54de03a7ff3a65edbb2e0758e6878c
        Validity
            Not Before: Jan  1 18:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=869ae4d5d2f894d889f16e39fc373891091ee1c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ff:04:93:b5:90:cc:6b:90:a3:a6:59:5c:ba:
                    f8:a3:b7:2a:04:36:41:0f:81:8b:d0:ec:f7:9f:a3:
                    cb:fa:67:16:26:4f:a5:0c:5c:18:04:57:41:0f:7e:
                    5f:e5:30:78:b4:32:a4:14:f4:d8:7a:dc:28:42:df:
                    89:b7:c1:49:a8:62:05:5f:47:66:40:86:fb:3c:67:
                    d2:84:a6:8a:cf:53:d0:d3:47:bd:11:0f:54:e1:f1:
                    35:a5:a0:ed:e9:94:49:7f:05:38:ef:1b:fc:69:cc:
                    e9:ea:33:dd:93:ec:31:9a:a7:8a:bf:d8:dc:7e:cb:
                    0e:dd:6f:26:fc:2e:ac:68:79:76:57:39:e9:c9:82:
                    d0:d9:4a:dc:67:8b:21:d5:01:be:e3:61:fa:87:98:
                    5a:32:dd:cf:e3:17:29:e3:02:49:99:5c:3e:85:68:
                    ed:3d:bf:c0:3f:02:2b:ec:96:b6:4a:e3:56:cd:48:
                    37:54:a6:9f:75:8b:df:97:74:35:31:02:53:cd:e0:
                    94:18:d7:55:3d:0d:7e:bd:38:69:f5:3d:51:32:c4:
                    df:70:ff:80:16:3f:94:53:4d:3a:87:6d:76:01:a9:
                    f5:80:7c:03:a9:50:ae:72:04:f3:53:0c:83:f9:e7:
                    4d:2f:5b:ca:9d:d2:54:23:3c:2a:7d:0e:bd:a1:b1:
                    d0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:9A:E4:D5:D2:F8:94:D8:89:F1:6E:39:FC:37:38:91:09:1E:E1:C5
            X509v3 Authority Key Identifier:
                keyid:9B:75:9E:C9:FF:54:DE:03:A7:FF:3A:65:ED:BB:2E:07:58:E6:87:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m3Weyf9U3gOn_zpl7bsuB1jmh4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/hprk1dL4lNiJ8W45_Dc4kQke4cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/5ad73b-db17-4322-ade5-b9a9d8ae9421/1/m3Weyf9U3gOn_zpl7bsuB1jmh4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.153.132.0-164.153.134.255

    Signature Algorithm: sha256WithRSAEncryption
         8b:5e:b8:cf:f9:60:c7:a9:9e:84:a8:e2:e2:d2:3b:8f:20:98:
         08:b6:56:7c:25:b0:b6:f4:07:79:a7:95:1d:0f:45:ca:c5:21:
         14:6e:03:3f:5f:85:8d:bf:8f:09:26:4a:82:6d:9b:40:c0:29:
         2f:d8:6d:81:99:27:12:ed:11:ca:13:20:d5:1f:12:13:10:cf:
         e9:32:e1:af:62:75:53:5e:71:3d:16:c9:cf:3b:85:e1:de:39:
         bf:88:3e:cd:2f:ec:54:2d:1a:67:25:ee:ff:60:8f:fe:83:9f:
         59:9b:21:c9:7a:12:45:54:f9:37:4a:c6:c0:db:7e:da:42:fd:
         3a:c3:1d:cb:d6:60:28:79:dc:53:ef:35:18:32:d9:99:e3:7e:
         81:ab:36:c1:a4:30:18:bf:ed:97:59:00:27:4f:54:8b:3c:75:
         cd:86:dc:91:0f:fd:c5:3c:d2:b5:b5:a0:bb:d8:69:a3:0b:88:
         39:80:c8:68:27:f0:d9:2c:3c:65:e2:b4:f9:f8:c7:27:51:ba:
         cf:08:e8:da:09:84:15:ae:f7:b2:d3:9f:5e:b4:83:28:e3:6b:
         90:39:65:03:8b:c8:49:70:ba:ca:b9:51:ec:ba:10:d8:74:d0:
         28:c0:12:20:14:e1:28:a0:33:5b:88:53:59:93:e1:e3:1f:70:
         59:63:f1:97
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSsn5aZ8vvxuQS7AUnU1NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNzU5ZWM5ZmY1NGRlMDNhN2ZmM2E2NWVkYmIyZTA3NThl
Njg3OGMwHhcNMjQwMTAxMTgzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjlhZTRkNWQyZjg5NGQ4ODlmMTZlMzlmYzM3Mzg5MTA5MWVlMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP8Ek7WQzGuQo6ZZXLr4o7cqBDZB
D4GL0Oz3n6PL+mcWJk+lDFwYBFdBD35f5TB4tDKkFPTYetwoQt+Jt8FJqGIFX0dm
QIb7PGfShKaKz1PQ00e9EQ9U4fE1paDt6ZRJfwU47xv8aczp6jPdk+wxmqeKv9jc
fssO3W8m/C6saHl2VznpyYLQ2UrcZ4sh1QG+42H6h5haMt3P4xcp4wJJmVw+hWjt
Pb/APwIr7Ja2SuNWzUg3VKafdYvfl3Q1MQJTzeCUGNdVPQ1+vThp9T1RMsTfcP+A
Fj+UU006h212Aan1gHwDqVCucgTzUwyD+edNL1vKndJUIzwqfQ69obHQbQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIaa5NXS+JTYifFuOfw3OJEJHuHFMB8GA1UdIwQY
MBaAFJt1nsn/VN4Dp/86Ze27LgdY5oeMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTNXZXlmOVUzZ09uX3pwbDdic3VCMWptaDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS81YWQ3M2ItZGIxNy00MzIyLWFkZTUt
YjlhOWQ4YWU5NDIxLzEvaHByazFkTDRsTmlKOFc0NV9EYzRrUWtlNGNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS81YWQ3M2ItZGIxNy00MzIyLWFkZTUtYjlhOWQ4YWU5NDIx
LzEvbTNXZXlmOVUzZ09uX3pwbDdic3VCMWptaDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKkmYQD
BACkmYYwDQYJKoZIhvcNAQELBQADggEBAIteuM/5YMepnoSo4uLSO48gmAi2Vnwl
sLb0B3mnlR0PRcrFIRRuAz9fhY2/jwkmSoJtm0DAKS/YbYGZJxLtEcoTINUfEhMQ
z+ky4a9idVNecT0Wyc87heHeOb+IPs0v7FQtGmcl7v9gj/6Dn1mbIcl6EkVU+TdK
xsDbftpC/TrDHcvWYCh53FPvNRgy2ZnjfoGrNsGkMBi/7ZdZACdPVIs8dc2G3JEP
/cU80rW1oLvYaaMLiDmAyGgn8NksPGXitPn4xydRus8I6NoJhBWu97LTn160gyjj
a5A5ZQOLyElwusq5Uey6ENh00CjAEiAU4SigM1uIU1mT4eMfcFlj8Zc=
-----END CERTIFICATE-----