Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/hKEcLd99FcBrNxe_0u5BjBJEYFQ.roa
File:                     hKEcLd99FcBrNxe_0u5BjBJEYFQ.roa (raw, json)
Hash identifier:          MVj3EQm6un9jRRKIs2O74+IZ5/bIeFjGBM2NKrMzZ6k=
Subject key identifier:   84:A1:1C:2D:DF:7D:15:C0:6B:37:17:BF:D2:EE:41:8C:12:44:60:54
Certificate issuer:       /CN=324c71046c549fb3c7d4ebc4cf9519d002e76df1
Certificate serial:       018CC80180141429EB9E0F15E66B6B15D141
Authority key identifier: 32:4C:71:04:6C:54:9F:B3:C7:D4:EB:C4:CF:95:19:D0:02:E7:6D:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/hKEcLd99FcBrNxe_0u5BjBJEYFQ.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208354
IP address blocks:        185.203.24.0/22 maxlen: 24
                          2a0c:8500::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:80:14:14:29:eb:9e:0f:15:e6:6b:6b:15:d1:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=324c71046c549fb3c7d4ebc4cf9519d002e76df1
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84a11c2ddf7d15c06b3717bfd2ee418c12446054
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:55:04:16:5f:d6:31:14:77:ce:9f:66:ac:24:
                    47:f8:1a:3a:34:96:e1:c9:0a:c2:18:21:05:ea:0d:
                    36:53:35:05:40:d7:93:4b:19:24:b4:74:e6:93:eb:
                    fd:de:ed:0e:c1:73:41:fd:b0:77:e0:65:65:fe:21:
                    aa:ef:f1:a9:be:cb:d1:ed:57:b2:e6:cf:45:9f:99:
                    35:6b:5d:b3:66:84:85:47:cd:98:84:cd:86:e3:97:
                    31:6e:90:95:ea:0d:89:0d:b7:55:8a:36:28:ef:ee:
                    4c:43:72:60:98:18:e0:3f:4e:43:cf:35:cf:29:75:
                    80:d9:0b:b5:a9:a8:ae:3e:f2:e7:7e:4e:99:c2:86:
                    46:6d:3d:a0:03:68:89:7a:e1:33:a3:b9:b4:5d:9a:
                    b2:7e:7e:2c:39:00:a7:a7:43:2c:73:e5:07:1a:f5:
                    12:7b:ef:83:37:d2:67:59:ec:2a:a9:7d:81:09:da:
                    94:1b:77:3e:45:2c:f0:53:25:77:ad:44:50:38:7c:
                    aa:53:05:2b:dc:18:23:73:28:8d:c0:32:b4:08:70:
                    e9:36:fa:14:74:f0:30:11:71:4f:40:f6:e4:b6:b5:
                    c6:e7:98:f9:29:95:bb:f6:b6:55:ab:a7:ba:22:7b:
                    dd:e1:6b:37:ef:db:b3:f8:64:ef:ee:fa:f4:e4:c4:
                    94:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:A1:1C:2D:DF:7D:15:C0:6B:37:17:BF:D2:EE:41:8C:12:44:60:54
            X509v3 Authority Key Identifier:
                keyid:32:4C:71:04:6C:54:9F:B3:C7:D4:EB:C4:CF:95:19:D0:02:E7:6D:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/hKEcLd99FcBrNxe_0u5BjBJEYFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/125b9d-2a1f-463a-965e-7cfeaf086e14/1/MkxxBGxUn7PH1OvEz5UZ0ALnbfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.24.0/22
                IPv6:
                  2a0c:8500::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:ae:85:29:d2:71:c3:04:7b:99:99:26:05:8a:92:69:dd:cb:
         98:5d:ea:08:51:4c:cc:1e:2f:93:89:62:f6:f9:48:75:28:81:
         98:51:9e:ba:14:41:4d:7a:7a:4a:ec:08:fb:94:d6:be:0c:e8:
         84:43:3e:e6:12:d6:b0:76:0b:b2:60:82:24:32:a6:3a:f9:11:
         82:ff:43:0c:d5:d2:da:07:a1:80:59:62:c2:fd:3b:1b:1e:6b:
         ac:1b:f5:00:5f:4e:39:1c:9b:6d:b2:5e:be:67:c3:df:2d:eb:
         7a:3a:5c:c6:a1:fa:4f:85:b6:58:9c:96:13:09:6b:fe:6b:2f:
         43:8d:1c:7a:56:50:26:63:e2:87:b0:cb:ee:5e:6b:c9:d1:c7:
         a0:bc:85:b4:f6:b9:29:a5:c1:9c:2e:25:5d:f5:27:0a:23:d2:
         11:08:57:fe:69:b5:43:4a:60:8f:53:e1:f7:c4:0e:69:76:9b:
         20:05:3d:ef:b8:e8:1c:9a:46:85:f3:8c:26:4c:9f:21:67:cc:
         5a:74:43:ed:f1:13:02:fb:9f:6c:cb:ac:1a:92:fc:47:f7:55:
         54:54:3d:22:54:65:4d:8c:9a:22:8c:d6:d5:d5:f1:da:1d:c0:
         a1:4b:05:b8:9a:cf:b3:da:3b:22:cb:55:fb:22:90:b5:cf:c4:
         a5:09:92:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAYAUFCnrng8V5mtrFdFBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNGM3MTA0NmM1NDlmYjNjN2Q0ZWJjNGNmOTUxOWQwMDJl
NzZkZjEwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGExMWMyZGRmN2QxNWMwNmIzNzE3YmZkMmVlNDE4YzEyNDQ2MDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFUEFl/WMRR3zp9mrCRH+Bo6NJbh
yQrCGCEF6g02UzUFQNeTSxkktHTmk+v93u0OwXNB/bB34GVl/iGq7/GpvsvR7Vey
5s9Fn5k1a12zZoSFR82YhM2G45cxbpCV6g2JDbdVijYo7+5MQ3JgmBjgP05DzzXP
KXWA2Qu1qaiuPvLnfk6ZwoZGbT2gA2iJeuEzo7m0XZqyfn4sOQCnp0Msc+UHGvUS
e++DN9JnWewqqX2BCdqUG3c+RSzwUyV3rURQOHyqUwUr3BgjcyiNwDK0CHDpNvoU
dPAwEXFPQPbktrXG55j5KZW79rZVq6e6Invd4Ws379uz+GTv7vr05MSUCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIShHC3ffRXAazcXv9LuQYwSRGBUMB8GA1UdIwQY
MBaAFDJMcQRsVJ+zx9TrxM+VGdAC523xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWt4eEJHeFVuN1BIMU92RXo1VVowQUxuYmZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8xMjViOWQtMmExZi00NjNhLTk2NWUt
N2NmZWFmMDg2ZTE0LzEvaEtFY0xkOTlGY0JyTnhlXzB1NUJqQkpFWUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8xMjViOWQtMmExZi00NjNhLTk2NWUtN2NmZWFmMDg2ZTE0
LzEvTWt4eEJHeFVuN1BIMU92RXo1VVowQUxuYmZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucsYMA0E
AgACMAcDBQMqDIUAMA0GCSqGSIb3DQEBCwUAA4IBAQBwroUp0nHDBHuZmSYFipJp
3cuYXeoIUUzMHi+TiWL2+Uh1KIGYUZ66FEFNenpK7Aj7lNa+DOiEQz7mEtawdguy
YIIkMqY6+RGC/0MM1dLaB6GAWWLC/TsbHmusG/UAX045HJttsl6+Z8PfLet6OlzG
ofpPhbZYnJYTCWv+ay9DjRx6VlAmY+KHsMvuXmvJ0cegvIW09rkppcGcLiVd9ScK
I9IRCFf+abVDSmCPU+H3xA5pdpsgBT3vuOgcmkaF84wmTJ8hZ8xadEPt8RMC+59s
y6wakvxH91VUVD0iVGVNjJoijNbV1fHaHcChSwW4ms+z2jsiy1X7IpC1z8SlCZLw
-----END CERTIFICATE-----