Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f76a83-ae09-411f-ae9f-5386a79ade80/1/HHQHoccLh1F8gp1j0FjuQ8rGkm0.roa
File:                     HHQHoccLh1F8gp1j0FjuQ8rGkm0.roa (raw, json)
Hash identifier:          scbYvUujORUVdue4Yc6+iQNdwQBewninSB8rofreErU=
Subject key identifier:   1C:74:07:A1:C7:0B:87:51:7C:82:9D:63:D0:58:EE:43:CA:C6:92:6D
Certificate issuer:       /CN=a1dca44b4ab54533f8b5196cf92d68deb8fcc5e2
Certificate serial:       018CC8DED6EF3A5E549BA264786C121D92DA
Authority key identifier: A1:DC:A4:4B:4A:B5:45:33:F8:B5:19:6C:F9:2D:68:DE:B8:FC:C5:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odykS0q1RTP4tRls-S1o3rj8xeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f76a83-ae09-411f-ae9f-5386a79ade80/1/HHQHoccLh1F8gp1j0FjuQ8rGkm0.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57643
IP address blocks:        91.235.20.0/22 maxlen: 22
                          91.235.24.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f76a83-ae09-411f-ae9f-5386a79ade80/1/odykS0q1RTP4tRls-S1o3rj8xeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f76a83-ae09-411f-ae9f-5386a79ade80/1/odykS0q1RTP4tRls-S1o3rj8xeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odykS0q1RTP4tRls-S1o3rj8xeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d6:ef:3a:5e:54:9b:a2:64:78:6c:12:1d:92:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1dca44b4ab54533f8b5196cf92d68deb8fcc5e2
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c7407a1c70b87517c829d63d058ee43cac6926d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:22:9e:a2:b6:ad:fc:4f:69:dc:84:7a:75:21:
                    b4:e7:7a:a7:ae:51:15:b7:32:60:45:0c:5c:3c:99:
                    cc:bc:8d:8f:e9:1a:b9:dd:2a:c9:3c:4e:9d:3e:56:
                    c0:aa:6b:e3:05:a2:9d:5e:6d:09:ad:71:41:59:b5:
                    1b:77:70:78:f2:8d:5c:34:2d:aa:ea:90:ad:4e:f9:
                    2f:e4:ab:cb:d7:80:b3:7e:a0:44:41:c0:95:68:6c:
                    0e:0e:16:c4:27:c5:7c:ec:51:17:09:91:4d:bf:36:
                    02:62:68:0a:34:e2:8c:8f:33:dd:bc:1d:56:3c:7b:
                    b9:8b:84:7f:fc:67:b5:c6:ec:9e:80:a8:da:91:f5:
                    9e:7d:54:a2:e1:ed:8f:76:89:bb:14:60:2a:d3:06:
                    ab:79:38:e4:ec:4c:b0:03:52:d1:19:3b:fa:b1:d7:
                    92:98:ac:94:82:2c:41:31:aa:2b:a3:e2:0a:4c:a5:
                    13:72:2a:6d:a6:7a:eb:0a:37:37:34:66:c0:97:65:
                    21:5c:70:78:c8:e7:d8:48:d0:a2:12:62:9f:82:2e:
                    d9:98:27:53:9f:01:86:9f:6f:3b:38:7c:c7:5c:d6:
                    59:08:f1:a4:4e:f8:a6:9b:ce:cb:28:96:88:94:a9:
                    7b:72:0b:05:5f:70:2f:33:36:bb:54:b3:4f:4f:e1:
                    f6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:74:07:A1:C7:0B:87:51:7C:82:9D:63:D0:58:EE:43:CA:C6:92:6D
            X509v3 Authority Key Identifier:
                keyid:A1:DC:A4:4B:4A:B5:45:33:F8:B5:19:6C:F9:2D:68:DE:B8:FC:C5:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odykS0q1RTP4tRls-S1o3rj8xeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f76a83-ae09-411f-ae9f-5386a79ade80/1/HHQHoccLh1F8gp1j0FjuQ8rGkm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f76a83-ae09-411f-ae9f-5386a79ade80/1/odykS0q1RTP4tRls-S1o3rj8xeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.20.0-91.235.25.255

    Signature Algorithm: sha256WithRSAEncryption
         c5:ce:5e:16:1a:e9:dc:27:18:07:cd:74:85:e4:b8:74:f9:34:
         33:94:9a:0f:32:b3:8a:8f:3e:0d:02:a4:72:e0:0c:62:17:bf:
         3b:13:fb:fb:9b:b2:26:33:05:53:3e:e0:24:65:fb:29:db:65:
         78:5a:c7:9c:b7:2e:4b:c4:f6:f8:5c:4c:29:25:9d:35:5d:28:
         f1:7f:98:92:c4:0e:58:74:22:9a:ed:43:2b:47:c0:68:8a:46:
         a6:8d:9e:ed:86:a0:ab:0f:fc:38:03:94:cf:87:0f:5c:a6:c0:
         c2:09:82:a7:32:5e:4b:4f:41:70:44:90:11:15:a3:ae:3d:21:
         94:a1:dc:43:7f:05:24:c3:97:23:49:11:95:ae:85:50:20:c2:
         0f:6a:fd:cd:36:54:70:a2:57:52:b8:c6:4f:db:f9:54:51:eb:
         3f:9f:64:af:c7:31:65:22:c7:6a:2c:f5:ee:40:69:5b:7b:75:
         82:66:c4:3d:0c:46:eb:d2:ce:11:a6:61:1a:b7:1a:be:b5:4f:
         98:6a:0d:e9:ec:28:2e:63:c3:29:c2:50:7e:83:1b:7b:bd:1b:
         6e:06:4a:41:c6:0a:14:a2:70:5f:a6:89:2e:20:75:83:16:02:
         87:ab:b6:3f:40:7c:77:bd:84:5d:d3:b0:53:b2:7d:ef:5a:47:
         12:74:24:70
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3tbvOl5Um6JkeGwSHZLaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZGNhNDRiNGFiNTQ1MzNmOGI1MTk2Y2Y5MmQ2OGRlYjhm
Y2M1ZTIwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzc0MDdhMWM3MGI4NzUxN2M4MjlkNjNkMDU4ZWU0M2NhYzY5MjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSKeorat/E9p3IR6dSG053qnrlEV
tzJgRQxcPJnMvI2P6Rq53SrJPE6dPlbAqmvjBaKdXm0JrXFBWbUbd3B48o1cNC2q
6pCtTvkv5KvL14CzfqBEQcCVaGwODhbEJ8V87FEXCZFNvzYCYmgKNOKMjzPdvB1W
PHu5i4R//Ge1xuyegKjakfWefVSi4e2Pdom7FGAq0wareTjk7EywA1LRGTv6sdeS
mKyUgixBMaoro+IKTKUTciptpnrrCjc3NGbAl2UhXHB4yOfYSNCiEmKfgi7ZmCdT
nwGGn287OHzHXNZZCPGkTvimm87LKJaIlKl7cgsFX3AvMza7VLNPT+H2xQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBx0B6HHC4dRfIKdY9BY7kPKxpJtMB8GA1UdIwQY
MBaAFKHcpEtKtUUz+LUZbPktaN64/MXiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2R5a1MwcTFSVFA0dFJscy1TMW8zcmo4eGVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mNzZhODMtYWUwOS00MTFmLWFlOWYt
NTM4NmE3OWFkZTgwLzEvSEhRSG9jY0xoMUY4Z3AxajBGanVROHJHa20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mNzZhODMtYWUwOS00MTFmLWFlOWYtNTM4NmE3OWFkZTgw
LzEvb2R5a1MwcTFSVFA0dFJscy1TMW8zcmo4eGVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJb6xQD
BAFb6xgwDQYJKoZIhvcNAQELBQADggEBAMXOXhYa6dwnGAfNdIXkuHT5NDOUmg8y
s4qPPg0CpHLgDGIXvzsT+/ubsiYzBVM+4CRl+ynbZXhax5y3LkvE9vhcTCklnTVd
KPF/mJLEDlh0IprtQytHwGiKRqaNnu2GoKsP/DgDlM+HD1ymwMIJgqcyXktPQXBE
kBEVo649IZSh3EN/BSTDlyNJEZWuhVAgwg9q/c02VHCiV1K4xk/b+VRR6z+fZK/H
MWUix2os9e5AaVt7dYJmxD0MRuvSzhGmYRq3Gr61T5hqDensKC5jwynCUH6DG3u9
G24GSkHGChSicF+miS4gdYMWAoertj9AfHe9hF3TsFOyfe9aRxJ0JHA=
-----END CERTIFICATE-----