Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/HD5Ri_N2uUcnkZ39y2W624ZsOUE.roa
File:                     HD5Ri_N2uUcnkZ39y2W624ZsOUE.roa (raw, json)
Hash identifier:          7frabCSteU3R/CHQRAxKVTdYN0AocOLXVgZW7+KaVdc=
Subject key identifier:   1C:3E:51:8B:F3:76:B9:47:27:91:9D:FD:CB:65:BA:DB:86:6C:39:41
Certificate issuer:       /CN=447cd41d9e6ccf80306c1b46bdc0b577b1ee2cae
Certificate serial:       018CC79513E7D94A9C36E1457035181BBB11
Authority key identifier: 44:7C:D4:1D:9E:6C:CF:80:30:6C:1B:46:BD:C0:B5:77:B1:EE:2C:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/HD5Ri_N2uUcnkZ39y2W624ZsOUE.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45022
IP address blocks:        195.5.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:13:e7:d9:4a:9c:36:e1:45:70:35:18:1b:bb:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=447cd41d9e6ccf80306c1b46bdc0b577b1ee2cae
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c3e518bf376b94727919dfdcb65badb866c3941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:66:c0:0f:67:df:bc:93:cc:b4:c7:15:3e:db:
                    28:af:b2:25:ea:95:fa:52:42:06:c1:b9:e3:19:48:
                    98:93:16:27:53:0c:a5:1b:1b:30:4d:db:2c:34:36:
                    19:ac:4f:ee:ac:4e:b0:75:45:27:76:25:74:ba:15:
                    3e:4a:6a:3e:62:f0:21:62:c6:ce:cf:43:6d:e1:f5:
                    5d:e8:a3:26:25:3c:45:18:c5:b8:43:da:8f:5f:e4:
                    fa:c4:bc:36:82:64:6a:e7:34:06:98:df:65:92:96:
                    e3:34:a6:db:18:7d:6b:3c:a2:4e:16:fe:32:bd:db:
                    a2:d3:b9:ac:c6:b2:0e:6e:1b:7c:2e:6a:7f:6e:a3:
                    ab:a2:7c:06:2e:95:aa:81:99:7e:72:1f:f3:2a:ce:
                    3f:3d:d5:18:c3:3a:55:27:66:20:ef:30:64:31:17:
                    c8:10:93:b3:ca:84:42:5a:d1:47:ef:ed:6a:5e:b8:
                    ce:ff:ab:d7:01:ea:5b:69:f1:06:b1:53:1a:c7:90:
                    5c:88:bd:12:f8:a5:42:15:0f:03:2c:7f:6d:e9:60:
                    d1:b8:1f:04:2b:d3:25:8a:21:e4:1a:ec:da:c4:6e:
                    69:03:5a:30:80:c3:81:cc:47:b1:ff:03:e2:eb:e0:
                    aa:23:7b:ad:f7:68:4c:98:ea:11:c5:0e:72:95:b1:
                    47:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:3E:51:8B:F3:76:B9:47:27:91:9D:FD:CB:65:BA:DB:86:6C:39:41
            X509v3 Authority Key Identifier:
                keyid:44:7C:D4:1D:9E:6C:CF:80:30:6C:1B:46:BD:C0:B5:77:B1:EE:2C:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/HD5Ri_N2uUcnkZ39y2W624ZsOUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/1203d7-41ab-404c-929b-b97838c8d658/1/RHzUHZ5sz4AwbBtGvcC1d7HuLK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.5.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:a3:9b:c3:6e:c7:c3:6f:60:9e:1a:b6:8c:0c:05:d7:55:70:
         fa:a8:0a:dd:75:a5:3d:b4:ce:17:fe:15:05:2d:94:44:04:a7:
         a1:13:03:4b:90:d0:36:6b:78:50:15:28:2e:d3:b0:61:83:72:
         02:d0:70:e5:22:1c:a4:94:b8:24:be:2e:f4:03:5f:78:33:2a:
         29:fc:03:74:7f:ca:22:12:0a:2b:db:0b:c6:4f:ec:e7:76:02:
         a7:75:b6:1b:54:f3:26:4e:8d:df:43:29:65:d2:83:e3:d9:f5:
         d1:cf:3d:7b:8d:48:50:0f:7b:59:dd:51:7c:43:ae:42:1c:d0:
         03:e0:0b:8a:31:9f:75:95:33:12:6b:b5:ac:0d:12:34:37:bd:
         6c:44:88:01:27:c8:e0:94:dc:90:45:ed:05:f9:ca:c3:2b:1d:
         0d:6c:2a:69:f9:d0:30:1f:1c:b8:92:fb:d3:2e:c2:f0:78:b3:
         9a:29:e1:0e:58:02:44:6b:a2:7b:1b:b8:2d:ff:9d:2b:31:45:
         5f:16:40:1c:6b:dc:3e:59:ce:7b:62:25:d2:3a:9b:74:1e:a5:
         c9:70:05:72:d6:b6:78:a2:ae:f2:bd:f9:9f:c6:7f:be:57:17:
         43:47:25:55:85:9d:21:23:87:69:d7:0e:9c:39:f7:8d:4f:33:
         ce:c3:9e:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRPn2UqcNuFFcDUYG7sRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0N2NkNDFkOWU2Y2NmODAzMDZjMWI0NmJkYzBiNTc3YjFl
ZTJjYWUwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzNlNTE4YmYzNzZiOTQ3Mjc5MTlkZmRjYjY1YmFkYjg2NmMzOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42bAD2ffvJPMtMcVPtsor7Il6pX6
UkIGwbnjGUiYkxYnUwylGxswTdssNDYZrE/urE6wdUUndiV0uhU+Smo+YvAhYsbO
z0Nt4fVd6KMmJTxFGMW4Q9qPX+T6xLw2gmRq5zQGmN9lkpbjNKbbGH1rPKJOFv4y
vdui07msxrIObht8Lmp/bqOronwGLpWqgZl+ch/zKs4/PdUYwzpVJ2Yg7zBkMRfI
EJOzyoRCWtFH7+1qXrjO/6vXAepbafEGsVMax5BciL0S+KVCFQ8DLH9t6WDRuB8E
K9MliiHkGuzaxG5pA1owgMOBzEex/wPi6+CqI3ut92hMmOoRxQ5ylbFH1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBw+UYvzdrlHJ5Gd/ctlutuGbDlBMB8GA1UdIwQY
MBaAFER81B2ebM+AMGwbRr3AtXex7iyuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkh6VUhaNXN6NEF3YkJ0R3ZjQzFkN0h1TEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8xMjAzZDctNDFhYi00MDRjLTkyOWIt
Yjk3ODM4YzhkNjU4LzEvSEQ1UmlfTjJ1VWNua1ozOXkyVzYyNFpzT1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8xMjAzZDctNDFhYi00MDRjLTkyOWItYjk3ODM4YzhkNjU4
LzEvUkh6VUhaNXN6NEF3YkJ0R3ZjQzFkN0h1TEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwW4MA0G
CSqGSIb3DQEBCwUAA4IBAQAeo5vDbsfDb2CeGraMDAXXVXD6qArddaU9tM4X/hUF
LZREBKehEwNLkNA2a3hQFSgu07Bhg3IC0HDlIhyklLgkvi70A194Myop/AN0f8oi
Egor2wvGT+zndgKndbYbVPMmTo3fQyll0oPj2fXRzz17jUhQD3tZ3VF8Q65CHNAD
4AuKMZ91lTMSa7WsDRI0N71sRIgBJ8jglNyQRe0F+crDKx0NbCpp+dAwHxy4kvvT
LsLweLOaKeEOWAJEa6J7G7gt/50rMUVfFkAca9w+Wc57YiXSOpt0HqXJcAVy1rZ4
oq7yvfmfxn++VxdDRyVVhZ0hI4dp1w6cOfeNTzPOw57n
-----END CERTIFICATE-----