Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/HjfJTwFcshbFqBm-isGRpWwis58.roa
File:                     HjfJTwFcshbFqBm-isGRpWwis58.roa (raw, json)
Hash identifier:          PoLZ8vm3oKEMm7jRuj7EHXXgEcHx54dH+U8/A876Y2s=
Subject key identifier:   1E:37:C9:4F:01:5C:B2:16:C5:A8:19:BE:8A:C1:91:A5:6C:22:B3:9F
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       018CC64B49CD2CACB4E295515CBD62C9A311
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/HjfJTwFcshbFqBm-isGRpWwis58.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.30.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:02:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:49:cd:2c:ac:b4:e2:95:51:5c:bd:62:c9:a3:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e37c94f015cb216c5a819be8ac191a56c22b39f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:10:5a:ce:59:be:00:c8:6d:dd:2e:4f:96:de:
                    ac:4e:8b:99:c8:b0:de:cc:86:5d:b8:01:df:64:75:
                    8c:9a:29:3a:3a:4f:fc:1c:96:04:86:e3:78:12:d7:
                    70:22:2f:52:7b:5b:b7:20:1a:d1:46:04:be:8d:8a:
                    4f:13:f3:51:5f:99:54:87:e4:85:14:fc:a7:f5:8e:
                    a4:79:a1:66:57:4f:5a:63:76:0d:65:df:b2:c1:70:
                    09:39:61:50:7f:4e:f9:12:88:34:b7:87:e2:1f:f3:
                    52:d4:06:2d:57:f8:00:3a:a9:07:41:8e:dd:e8:29:
                    d7:41:02:5b:e4:13:74:06:7f:72:ef:71:da:ae:49:
                    cb:e7:ac:60:70:ba:80:cb:79:c5:a1:d7:08:d9:38:
                    c5:02:d3:e1:88:3c:c8:f3:1d:ae:07:99:4c:b4:a9:
                    11:f5:f3:da:e1:34:a0:e0:89:05:cf:46:0e:b4:5b:
                    ef:d2:f4:28:0a:62:86:75:9d:9e:3e:dd:f4:e6:d8:
                    84:72:0b:f6:eb:0f:fd:25:29:ea:c5:2f:c8:14:70:
                    59:f4:6c:c2:e9:39:ea:39:e9:c8:22:51:fd:6e:5b:
                    85:98:56:48:8e:a2:ea:2c:8c:12:4f:0b:75:28:aa:
                    0e:35:58:2e:3f:a1:dc:39:90:c9:5e:03:de:26:de:
                    77:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:37:C9:4F:01:5C:B2:16:C5:A8:19:BE:8A:C1:91:A5:6C:22:B3:9F
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/HjfJTwFcshbFqBm-isGRpWwis58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e8:22:da:96:13:29:23:5f:dd:cd:c7:00:cb:ea:72:39:51:
         06:6d:93:2a:31:f8:fd:d3:7e:a9:fb:0f:87:2d:0d:16:6e:ac:
         4e:77:ba:34:0d:9a:38:f0:87:fb:ef:2f:50:59:b0:1b:96:6a:
         1f:9b:8a:d2:3d:d5:91:3d:30:12:3c:02:12:c2:76:f1:98:70:
         a6:7d:5d:37:a6:95:ae:68:13:39:24:61:ad:6b:7c:60:09:fa:
         42:3a:b2:fb:37:c1:3c:3a:dd:a1:d9:81:2c:eb:80:9d:ce:1c:
         4b:12:12:cc:fb:b9:3e:f9:45:eb:75:a6:d1:c9:72:66:82:d9:
         f9:d5:d1:ae:ab:71:e9:69:be:39:60:5a:86:dd:4e:71:c3:09:
         e8:f3:03:e7:a5:8d:4a:fa:43:bf:e4:9d:54:b1:4c:8a:46:d3:
         38:99:d6:9f:a2:78:5c:d5:90:bf:9e:6b:66:52:e3:99:87:92:
         52:48:fc:02:46:3a:31:d2:94:90:76:bb:26:c7:6a:dd:3a:77:
         9f:ec:0a:88:9e:8d:ba:4f:4e:ea:2a:a0:ad:34:bf:31:69:96:
         7a:79:d8:29:05:79:0a:5b:82:16:62:1b:78:53:ed:a6:be:df:
         64:64:00:29:a5:f8:05:4f:95:28:d4:e2:bb:e7:b2:40:22:54:
         36:ff:0d:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS0nNLKy04pVRXL1iyaMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTM3Yzk0ZjAxNWNiMjE2YzVhODE5YmU4YWMxOTFhNTZjMjJiMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRBazlm+AMht3S5Plt6sTouZyLDe
zIZduAHfZHWMmik6Ok/8HJYEhuN4EtdwIi9Se1u3IBrRRgS+jYpPE/NRX5lUh+SF
FPyn9Y6keaFmV09aY3YNZd+ywXAJOWFQf075Eog0t4fiH/NS1AYtV/gAOqkHQY7d
6CnXQQJb5BN0Bn9y73HarknL56xgcLqAy3nFodcI2TjFAtPhiDzI8x2uB5lMtKkR
9fPa4TSg4IkFz0YOtFvv0vQoCmKGdZ2ePt305tiEcgv26w/9JSnqxS/IFHBZ9GzC
6TnqOenIIlH9bluFmFZIjqLqLIwSTwt1KKoONVguP6HcOZDJXgPeJt530wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB43yU8BXLIWxagZvorBkaVsIrOfMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvSGpmSlR3RmNzaGJGcUJtLWlzR1JwV3dpczU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5UMA0G
CSqGSIb3DQEBCwUAA4IBAQBd6CLalhMpI1/dzccAy+pyOVEGbZMqMfj9036p+w+H
LQ0WbqxOd7o0DZo48If77y9QWbAblmofm4rSPdWRPTASPAISwnbxmHCmfV03ppWu
aBM5JGGta3xgCfpCOrL7N8E8Ot2h2YEs64CdzhxLEhLM+7k++UXrdabRyXJmgtn5
1dGuq3Hpab45YFqG3U5xwwno8wPnpY1K+kO/5J1UsUyKRtM4mdafonhc1ZC/nmtm
UuOZh5JSSPwCRjox0pSQdrsmx2rdOnef7AqIno26T07qKqCtNL8xaZZ6edgpBXkK
W4IWYht4U+2mvt9kZAAppfgFT5Uo1OK757JAIlQ2/w3b
-----END CERTIFICATE-----