Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/HR23Ad1BgAt7pD3EksRpN3cvfLw.roa
File:                     HR23Ad1BgAt7pD3EksRpN3cvfLw.roa (raw, json)
Hash identifier:          PMnk5YwtP2abZR1Jd2fZA2BPr5ineBP1wA1uk5Q+TTQ=
Subject key identifier:   1D:1D:B7:01:DD:41:80:0B:7B:A4:3D:C4:92:C4:69:37:77:2F:7C:BC
Certificate issuer:       /CN=4f9d5fbaaf76a80a65e0e92c02061e895b2b8117
Certificate serial:       018CC7942F49EAEF370CE3F86EAB183D6491
Authority key identifier: 4F:9D:5F:BA:AF:76:A8:0A:65:E0:E9:2C:02:06:1E:89:5B:2B:81:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/HR23Ad1BgAt7pD3EksRpN3cvfLw.roa
Signing time:             Tue 02 Jan 2024 00:30:26 +0000
ROA not before:           Tue 02 Jan 2024 00:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21183
IP address blocks:        185.204.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2f:49:ea:ef:37:0c:e3:f8:6e:ab:18:3d:64:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9d5fbaaf76a80a65e0e92c02061e895b2b8117
        Validity
            Not Before: Jan  2 00:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d1db701dd41800b7ba43dc492c46937772f7cbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:12:19:87:6b:4d:b5:be:1e:77:6d:7a:d8:ef:
                    0f:c1:82:39:de:32:96:ce:66:ad:d7:b7:e0:8b:ec:
                    35:4f:5d:44:9a:84:b2:b7:6b:d8:35:f6:a1:1e:7f:
                    ab:ed:5f:63:12:f3:68:72:64:9d:0f:0b:97:ad:b6:
                    5a:1a:58:2f:33:aa:d5:cc:fd:36:0a:27:04:9e:6d:
                    75:87:17:d6:80:27:5e:46:27:85:7d:c3:26:a6:21:
                    ce:9b:a2:1b:28:c0:2f:c5:9e:c7:f0:19:c8:59:04:
                    4c:5f:0f:1d:68:ec:6f:93:f9:a0:88:03:71:ab:79:
                    3d:01:97:17:23:83:8c:a7:b5:35:f7:59:d1:9a:0e:
                    28:08:e7:c4:64:93:9c:ce:eb:4f:8d:5d:c5:92:82:
                    21:11:29:5a:1c:eb:2e:d6:ec:d3:aa:80:3f:9e:88:
                    b4:97:3c:c5:0a:dc:d1:16:95:6f:01:da:c2:ba:ba:
                    ad:df:27:38:9a:3e:54:a7:b8:95:f0:9e:9c:9e:ae:
                    60:34:f6:f1:e2:ab:09:e9:3b:a8:cd:7e:cb:39:29:
                    9b:2a:a8:12:e9:8e:73:cf:a2:27:56:70:73:3b:29:
                    d9:b4:f4:16:52:8a:b5:a6:40:07:40:80:3a:db:d7:
                    49:6c:9c:2b:bb:86:d8:a4:c9:c2:7c:21:7c:8e:29:
                    c5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:1D:B7:01:DD:41:80:0B:7B:A4:3D:C4:92:C4:69:37:77:2F:7C:BC
            X509v3 Authority Key Identifier:
                keyid:4F:9D:5F:BA:AF:76:A8:0A:65:E0:E9:2C:02:06:1E:89:5B:2B:81:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T51fuq92qApl4OksAgYeiVsrgRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/HR23Ad1BgAt7pD3EksRpN3cvfLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/c70928-cede-4b62-89a7-60f6fa9110e2/1/T51fuq92qApl4OksAgYeiVsrgRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:25:b2:31:b6:ae:c0:3e:cb:95:88:e5:8a:6e:8b:f4:38:1e:
         58:4b:26:7d:40:e3:b5:9b:7a:42:26:92:f2:fe:18:87:fd:8e:
         f7:7f:c4:1f:ca:0c:01:75:d6:8c:03:23:92:43:8d:51:1b:8c:
         75:5d:a8:10:7d:82:84:2a:29:c7:bc:45:3e:85:90:7c:52:bd:
         1a:d1:cb:df:c0:0b:87:3b:c6:ef:69:0c:c0:17:bc:92:c2:77:
         ba:53:74:b7:74:a9:a9:3a:0f:63:41:c4:00:ec:28:42:44:46:
         b4:a0:e9:76:07:f9:e8:7c:0b:0f:ec:eb:7e:35:23:c3:10:ae:
         d7:ac:d0:3f:4f:b7:8b:c4:33:a8:53:c4:af:12:c8:9f:a7:36:
         1e:31:eb:94:81:4a:f5:a7:b4:bd:84:eb:13:14:65:2e:92:70:
         d2:07:d0:8c:77:4a:f9:b6:81:72:d8:93:05:61:1a:de:ab:da:
         f6:29:50:61:9a:e1:ec:5d:24:2d:34:93:95:58:34:6c:b6:62:
         30:a3:bc:95:ac:f8:1b:24:90:ae:0d:1d:8b:43:bf:a5:43:83:
         d7:4f:7f:b4:1e:e3:dd:02:3c:47:19:fb:08:85:75:0e:0b:c0:
         35:05:ee:f5:1f:73:25:7f:4f:55:f6:34:96:19:9e:e8:57:0b:
         f1:d0:c7:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlC9J6u83DOP4bqsYPWSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOWQ1ZmJhYWY3NmE4MGE2NWUwZTkyYzAyMDYxZTg5NWIy
YjgxMTcwHhcNMjQwMTAyMDAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDFkYjcwMWRkNDE4MDBiN2JhNDNkYzQ5MmM0NjkzNzc3MmY3Y2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBIZh2tNtb4ed2162O8PwYI53jKW
zmat17fgi+w1T11EmoSyt2vYNfahHn+r7V9jEvNocmSdDwuXrbZaGlgvM6rVzP02
CicEnm11hxfWgCdeRieFfcMmpiHOm6IbKMAvxZ7H8BnIWQRMXw8daOxvk/mgiANx
q3k9AZcXI4OMp7U191nRmg4oCOfEZJOczutPjV3FkoIhESlaHOsu1uzTqoA/noi0
lzzFCtzRFpVvAdrCurqt3yc4mj5Up7iV8J6cnq5gNPbx4qsJ6TuozX7LOSmbKqgS
6Y5zz6InVnBzOynZtPQWUoq1pkAHQIA629dJbJwru4bYpMnCfCF8jinFXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0dtwHdQYALe6Q9xJLEaTd3L3y8MB8GA1UdIwQY
MBaAFE+dX7qvdqgKZeDpLAIGHolbK4EXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDUxZnVxOTJxQXBsNE9rc0FnWWVpVnNyZ1JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9jNzA5MjgtY2VkZS00YjYyLTg5YTct
NjBmNmZhOTExMGUyLzEvSFIyM0FkMUJnQXQ3cEQzRWtzUnBOM2N2Zkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9jNzA5MjgtY2VkZS00YjYyLTg5YTctNjBmNmZhOTExMGUy
LzEvVDUxZnVxOTJxQXBsNE9rc0FnWWVpVnNyZ1JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucwgMA0G
CSqGSIb3DQEBCwUAA4IBAQAwJbIxtq7APsuViOWKbov0OB5YSyZ9QOO1m3pCJpLy
/hiH/Y73f8QfygwBddaMAyOSQ41RG4x1XagQfYKEKinHvEU+hZB8Ur0a0cvfwAuH
O8bvaQzAF7ySwne6U3S3dKmpOg9jQcQA7ChCREa0oOl2B/nofAsP7Ot+NSPDEK7X
rNA/T7eLxDOoU8SvEsifpzYeMeuUgUr1p7S9hOsTFGUuknDSB9CMd0r5toFy2JMF
YRreq9r2KVBhmuHsXSQtNJOVWDRstmIwo7yVrPgbJJCuDR2LQ7+lQ4PXT3+0HuPd
AjxHGfsIhXUOC8A1Be71H3Mlf09V9jSWGZ7oVwvx0Mec
-----END CERTIFICATE-----