Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/HxZRl2Md5dbaKIxW1lx0SRY6AGk.roa
File:                     HxZRl2Md5dbaKIxW1lx0SRY6AGk.roa (raw, json)
Hash identifier:          8C2BXZZlT1RLr4cTDWMUqTTOpBwJQ7PeyhgjSM0eWdk=
Subject key identifier:   1F:16:51:97:63:1D:E5:D6:DA:28:8C:56:D6:5C:74:49:16:3A:00:69
Certificate issuer:       /CN=84c17102b6e92e292ec8acaf659e3c290a8d0b68
Certificate serial:       018CED7A3E35123F474DD987093AD59743DE
Authority key identifier: 84:C1:71:02:B6:E9:2E:29:2E:C8:AC:AF:65:9E:3C:29:0A:8D:0B:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/HxZRl2Md5dbaKIxW1lx0SRY6AGk.roa
Signing time:             Tue 09 Jan 2024 09:07:40 +0000
ROA not before:           Tue 09 Jan 2024 09:07:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215883
IP address blocks:        91.240.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:7a:3e:35:12:3f:47:4d:d9:87:09:3a:d5:97:43:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84c17102b6e92e292ec8acaf659e3c290a8d0b68
        Validity
            Not Before: Jan  9 09:07:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f165197631de5d6da288c56d65c7449163a0069
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:97:40:ca:e1:78:9f:f2:33:a2:7a:e2:05:3f:
                    e8:6d:81:ce:ad:dc:1e:06:ec:00:72:5a:ee:0a:d7:
                    f8:c5:85:ac:78:ee:e3:72:a4:25:41:1a:94:eb:c0:
                    dc:ac:8b:a9:a7:dd:f7:9b:ff:c3:ff:0f:f4:75:ab:
                    1b:cc:c4:78:79:ec:bf:cf:ec:36:ac:ab:5e:aa:a4:
                    46:0a:29:66:f3:62:31:34:6a:5a:f7:c1:47:b9:9d:
                    77:7a:ab:58:90:64:81:3d:5f:d4:44:70:48:07:2b:
                    03:4f:5d:98:6d:ea:8c:26:cd:52:d9:8b:23:c2:07:
                    97:9f:a5:64:a1:fe:0c:db:86:a6:97:3d:15:2a:68:
                    b5:ca:29:d6:6d:a6:b4:fb:36:ad:4a:1b:9a:df:6c:
                    1d:40:2b:9f:fc:41:64:f9:f2:c1:de:75:f0:a4:bc:
                    a8:63:b3:1a:a1:27:0f:74:6d:b0:26:76:05:4e:f9:
                    2b:75:28:99:8e:ad:0b:74:ef:78:b0:43:f9:e2:a9:
                    f5:be:1d:c1:05:f7:a9:cf:45:63:6f:2b:8b:f0:d9:
                    92:1f:38:34:10:27:38:a0:33:7f:a4:fe:46:8c:5a:
                    fe:06:f2:a7:07:c4:8e:ed:e6:c2:3a:3a:b7:3f:1a:
                    81:1f:5c:99:27:dc:f4:48:fc:f4:cd:29:63:bc:f9:
                    96:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:16:51:97:63:1D:E5:D6:DA:28:8C:56:D6:5C:74:49:16:3A:00:69
            X509v3 Authority Key Identifier:
                keyid:84:C1:71:02:B6:E9:2E:29:2E:C8:AC:AF:65:9E:3C:29:0A:8D:0B:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hMFxArbpLikuyKyvZZ48KQqNC2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/HxZRl2Md5dbaKIxW1lx0SRY6AGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/6d569d-c44b-4c34-a159-d583f9a66e3b/1/hMFxArbpLikuyKyvZZ48KQqNC2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:30:ed:02:40:cf:bc:0e:86:73:3f:7e:4f:a9:85:9e:b0:28:
         8f:c5:9a:d2:52:ef:86:bc:2e:f0:a0:9b:70:84:7c:16:00:67:
         3e:49:f6:6c:f5:37:f9:3a:91:89:80:7c:e2:bb:bb:07:31:0b:
         0b:f5:45:78:13:5a:06:62:e7:08:a8:88:ac:5e:8a:81:f4:8a:
         04:d4:a6:cd:64:28:1a:06:33:99:fe:5e:b6:45:4b:af:3a:cc:
         af:b0:21:1c:4b:3e:28:8e:29:ea:c0:78:84:a1:71:dd:93:2f:
         9e:ff:62:b2:c6:cb:bb:81:d9:98:5c:e3:12:f7:df:4e:71:ec:
         71:d3:5e:59:5e:23:c3:c5:85:e0:e8:96:24:ab:0a:1b:64:46:
         bf:ef:ee:a7:e1:b2:b9:27:9f:5b:81:c9:36:3d:46:ed:c2:e9:
         f8:f6:96:96:0b:4c:56:e7:76:3a:7c:05:2b:08:11:90:d4:04:
         96:9e:2f:aa:da:ce:8f:0d:64:a2:0b:87:65:38:75:cb:e4:dc:
         e7:56:e1:fd:cf:8c:b9:73:6a:5f:a9:a7:d9:56:6a:03:df:fe:
         d0:e5:d0:af:34:7a:57:75:16:e3:7d:94:cc:9e:aa:e4:b0:2c:
         ea:a1:5f:a0:83:bd:88:9d:db:e5:41:c9:3f:3d:f2:0b:7a:57:
         79:2c:53:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYztej41Ej9HTdmHCTrVl0PeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YzE3MTAyYjZlOTJlMjkyZWM4YWNhZjY1OWUzYzI5MGE4
ZDBiNjgwHhcNMjQwMTA5MDkwNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjE2NTE5NzYzMWRlNWQ2ZGEyODhjNTZkNjVjNzQ0OTE2M2EwMDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspdAyuF4n/IzonriBT/obYHOrdwe
BuwAclruCtf4xYWseO7jcqQlQRqU68DcrIupp933m//D/w/0dasbzMR4eey/z+w2
rKteqqRGCilm82IxNGpa98FHuZ13eqtYkGSBPV/URHBIBysDT12YbeqMJs1S2Ysj
wgeXn6Vkof4M24amlz0VKmi1yinWbaa0+zatShua32wdQCuf/EFk+fLB3nXwpLyo
Y7MaoScPdG2wJnYFTvkrdSiZjq0LdO94sEP54qn1vh3BBfepz0VjbyuL8NmSHzg0
ECc4oDN/pP5GjFr+BvKnB8SO7ebCOjq3PxqBH1yZJ9z0SPz0zSljvPmWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8WUZdjHeXW2iiMVtZcdEkWOgBpMB8GA1UdIwQY
MBaAFITBcQK26S4pLsisr2WePCkKjQtoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE1GeEFyYnBMaWt1eUt5dlpaNDhLUXFOQzJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC82ZDU2OWQtYzQ0Yi00YzM0LWExNTkt
ZDU4M2Y5YTY2ZTNiLzEvSHhaUmwyTWQ1ZGJhS0l4VzFseDBTUlk2QUdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC82ZDU2OWQtYzQ0Yi00YzM0LWExNTktZDU4M2Y5YTY2ZTNi
LzEvaE1GeEFyYnBMaWt1eUt5dlpaNDhLUXFOQzJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/ClMA0G
CSqGSIb3DQEBCwUAA4IBAQCjMO0CQM+8DoZzP35PqYWesCiPxZrSUu+GvC7woJtw
hHwWAGc+SfZs9Tf5OpGJgHziu7sHMQsL9UV4E1oGYucIqIisXoqB9IoE1KbNZCga
BjOZ/l62RUuvOsyvsCEcSz4ojinqwHiEoXHdky+e/2Kyxsu7gdmYXOMS999Ocexx
015ZXiPDxYXg6JYkqwobZEa/7+6n4bK5J59bgck2PUbtwun49paWC0xW53Y6fAUr
CBGQ1ASWni+q2s6PDWSiC4dlOHXL5NznVuH9z4y5c2pfqafZVmoD3/7Q5dCvNHpX
dRbjfZTMnqrksCzqoV+gg72IndvlQck/PfILeld5LFPI
-----END CERTIFICATE-----