Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/HbHnvstxQWLtzGFXjA47WD3WMXg.roa
File:                     HbHnvstxQWLtzGFXjA47WD3WMXg.roa (raw, json)
Hash identifier:          88tbEddozTNXpSciptmdvZeuHtkYXE/6tSM+9O2iPMU=
Subject key identifier:   1D:B1:E7:BE:CB:71:41:62:ED:CC:61:57:8C:0E:3B:58:3D:D6:31:78
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       018CED2B831BFBB610644A8EA8DA16267F0A
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/HbHnvstxQWLtzGFXjA47WD3WMXg.roa
Signing time:             Tue 09 Jan 2024 07:41:40 +0000
ROA not before:           Tue 09 Jan 2024 07:41:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216054
IP address blocks:        185.239.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:2b:83:1b:fb:b6:10:64:4a:8e:a8:da:16:26:7f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan  9 07:41:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1db1e7becb714162edcc61578c0e3b583dd63178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9f:de:eb:6b:f4:1e:63:b8:69:d1:41:17:9d:
                    2d:50:0c:8b:9c:c7:4c:d6:a5:07:ae:ae:19:93:ad:
                    ee:4e:2e:89:a6:62:2c:fb:b2:cb:44:49:69:20:99:
                    05:f6:c4:87:85:55:1a:08:a6:34:71:a8:5e:f5:d5:
                    b9:95:f1:e3:7c:d7:cd:0e:0c:32:55:92:d0:3c:6d:
                    5d:e8:42:62:1e:55:d5:bc:91:a6:c6:64:74:98:f4:
                    ca:23:28:fb:07:03:d0:41:af:b7:d5:87:db:b5:b0:
                    f1:24:88:76:c5:51:61:df:d3:a9:b3:bb:a1:0a:25:
                    8d:da:0e:fc:52:f6:a4:43:b1:73:c2:fe:ca:71:b0:
                    8b:47:3f:33:f4:13:32:49:51:18:7a:d9:fe:f1:5a:
                    2a:4b:3c:eb:99:d7:ab:78:30:b6:a6:a9:ce:68:26:
                    63:cb:f5:81:60:de:f9:e6:95:ab:63:2a:64:97:16:
                    7c:0e:67:78:29:d4:21:52:9a:45:2b:c9:0e:53:28:
                    a2:c9:81:de:02:2f:b1:b8:ff:1d:38:eb:58:c2:5a:
                    55:8e:8b:ad:ee:b1:21:26:12:b1:21:91:38:d1:d3:
                    84:c0:c6:d6:27:17:58:66:63:f1:48:0c:58:0e:27:
                    61:88:48:d9:c8:98:cc:27:4d:02:9b:94:ae:a0:63:
                    36:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B1:E7:BE:CB:71:41:62:ED:CC:61:57:8C:0E:3B:58:3D:D6:31:78
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/HbHnvstxQWLtzGFXjA47WD3WMXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:7b:c3:6f:72:a4:a0:48:63:41:6b:08:b5:9d:a4:12:67:29:
         27:9f:bf:2c:4d:8d:b4:f7:74:3b:7e:ae:27:ed:52:d5:1b:03:
         3c:4b:ea:0b:e7:a4:46:11:72:99:52:bf:c8:88:c5:ad:6b:65:
         d1:64:90:a9:39:43:6b:ce:69:17:88:7f:09:eb:16:99:3f:c0:
         79:04:35:93:0d:07:b9:4b:c3:85:e7:65:30:6f:63:b8:f2:2a:
         d3:26:14:8e:0b:3d:af:b1:37:06:e9:df:5f:0c:49:a3:57:58:
         d1:66:6e:a3:8d:9a:89:76:6c:a6:71:5f:3e:45:be:ba:99:88:
         8a:2b:12:4b:92:ce:03:83:2f:15:2f:64:a6:36:a6:63:e0:ee:
         4a:74:40:4f:a0:88:a5:bf:ff:fa:ca:1c:e7:16:9c:d7:a5:ab:
         62:7e:04:43:fa:2a:d5:8e:e5:10:4c:6c:54:fb:29:d7:19:5d:
         44:11:66:ca:7b:3a:da:88:29:6b:5f:bc:1a:56:8e:a5:50:3e:
         d2:c3:43:ef:03:88:e5:d8:d2:12:3f:2b:95:fd:9f:bc:95:23:
         56:be:b2:41:45:66:7e:d2:f4:c6:3c:ac:bc:41:99:3b:42:d3:
         1c:22:02:33:32:42:c4:16:67:e4:0a:4a:ba:2b:c7:83:52:22:
         e2:38:08:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYztK4Mb+7YQZEqOqNoWJn8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjQwMTA5MDc0MTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGIxZTdiZWNiNzE0MTYyZWRjYzYxNTc4YzBlM2I1ODNkZDYzMTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp/e62v0HmO4adFBF50tUAyLnMdM
1qUHrq4Zk63uTi6JpmIs+7LLRElpIJkF9sSHhVUaCKY0cahe9dW5lfHjfNfNDgwy
VZLQPG1d6EJiHlXVvJGmxmR0mPTKIyj7BwPQQa+31YfbtbDxJIh2xVFh39Ops7uh
CiWN2g78UvakQ7Fzwv7KcbCLRz8z9BMySVEYetn+8VoqSzzrmdereDC2pqnOaCZj
y/WBYN755pWrYypklxZ8Dmd4KdQhUppFK8kOUyiiyYHeAi+xuP8dOOtYwlpVjout
7rEhJhKxIZE40dOEwMbWJxdYZmPxSAxYDidhiEjZyJjMJ00Cm5SuoGM2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2x577LcUFi7cxhV4wOO1g91jF4MB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvSGJIbnZzdHhRV0x0ekdGWGpBNDdXRDNXTVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue8DMA0G
CSqGSIb3DQEBCwUAA4IBAQAOe8NvcqSgSGNBawi1naQSZyknn78sTY2093Q7fq4n
7VLVGwM8S+oL56RGEXKZUr/IiMWta2XRZJCpOUNrzmkXiH8J6xaZP8B5BDWTDQe5
S8OF52Uwb2O48irTJhSOCz2vsTcG6d9fDEmjV1jRZm6jjZqJdmymcV8+Rb66mYiK
KxJLks4Dgy8VL2SmNqZj4O5KdEBPoIilv//6yhznFpzXpatifgRD+irVjuUQTGxU
+ynXGV1EEWbKezraiClrX7waVo6lUD7Sw0PvA4jl2NISPyuV/Z+8lSNWvrJBRWZ+
0vTGPKy8QZk7QtMcIgIzMkLEFmfkCkq6K8eDUiLiOAj6
-----END CERTIFICATE-----