Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/hohcRfMREmsEITiQd7VjoSfH-TM.roa
File:                     hohcRfMREmsEITiQd7VjoSfH-TM.roa (raw, json)
Hash identifier:          zrJbmv3H2hY1EjoIW0C+bSlNXuXx+x+XurD1vyIabqk=
Subject key identifier:   86:88:5C:45:F3:11:12:6B:04:21:38:90:77:B5:63:A1:27:C7:F9:33
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EE3368E2CB412D1D0DBA62BC2FB3A8F38
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/hohcRfMREmsEITiQd7VjoSfH-TM.roa
Signing time:             Mon 15 Apr 2024 19:23:07 +0000
ROA not before:           Mon 15 Apr 2024 19:23:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43278
IP address blocks:        212.46.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e3:36:8e:2c:b4:12:d1:d0:db:a6:2b:c2:fb:3a:8f:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 15 19:23:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86885c45f311126b0421389077b563a127c7f933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e7:a8:d4:b7:94:c7:d9:cd:bf:ae:1f:75:39:
                    a5:53:f8:da:28:e9:ba:b3:53:4a:64:2c:ef:14:b9:
                    55:0a:75:05:1d:6c:7b:42:4c:7e:9b:58:fb:79:7d:
                    e1:f6:ac:48:13:b0:24:52:ca:94:ca:15:8d:28:7c:
                    fc:97:78:36:40:1a:3f:b6:5e:c8:9b:01:c9:76:c7:
                    7c:38:bf:68:5a:6f:33:c8:8c:33:a1:2f:e4:14:80:
                    b7:0f:38:d5:f1:66:a4:0f:0e:a9:24:97:27:d7:4f:
                    b1:98:0e:01:1c:9e:89:d6:42:37:9c:9c:7e:bd:ac:
                    9b:32:e7:d0:3d:9a:88:ff:43:6f:3f:f1:62:4b:87:
                    fd:fb:75:6f:27:d4:6e:47:f1:56:3e:74:02:57:89:
                    ae:b0:b8:97:32:79:bc:43:0e:f6:91:e1:45:0f:1e:
                    f0:3b:3f:98:d5:5b:7a:c7:10:23:13:5f:19:ce:14:
                    cb:1f:7f:68:78:e3:07:78:64:a6:2d:d5:23:fe:96:
                    61:fe:41:79:55:27:8f:2a:d4:0e:b5:36:52:7e:af:
                    e3:41:8b:ad:c3:a8:6c:30:35:ed:22:09:65:3b:68:
                    d2:a0:4c:7b:7c:cf:ce:fa:56:a4:e6:b9:d1:ed:76:
                    d6:c6:af:49:0a:51:0f:80:63:a9:2e:1d:cd:c0:6b:
                    c3:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:88:5C:45:F3:11:12:6B:04:21:38:90:77:B5:63:A1:27:C7:F9:33
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/hohcRfMREmsEITiQd7VjoSfH-TM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:61:a8:bf:06:d0:fc:7a:ff:22:a4:48:79:3a:f7:cc:dd:98:
         82:3c:25:77:f9:e8:5b:e9:2e:69:b8:71:38:58:6c:57:99:b2:
         a9:4c:56:ce:f2:a9:f1:5d:22:fb:f3:81:6f:6f:4d:23:1b:e9:
         93:7c:78:d8:b0:df:ea:d1:c5:ea:76:09:d3:03:59:14:48:55:
         ef:86:dd:80:f0:9c:0f:12:3d:a8:e5:c0:4d:a3:57:77:f2:31:
         cd:ea:ac:de:ea:d3:ea:c0:bd:ca:e6:f0:bb:85:5d:81:29:d7:
         d2:4a:e3:f9:0f:69:b1:0a:e2:6a:28:d3:54:0d:78:55:74:1c:
         96:33:21:9f:6e:32:13:3c:54:c3:02:65:9f:0e:7e:47:ff:e7:
         ed:f1:6b:e0:56:4b:1c:c9:75:c8:5a:df:20:d2:21:4e:a3:4e:
         b5:8a:bd:1b:7f:60:9a:eb:fb:1a:55:fd:46:45:e2:0e:72:f4:
         a8:06:4c:58:65:3d:ff:eb:1f:d2:26:48:35:ff:a2:2f:78:24:
         3a:d2:38:95:dd:5f:60:b7:50:59:82:28:28:a2:53:91:bc:c1:
         9a:e3:e0:46:8b:b7:79:d8:aa:63:25:be:8d:8e:ad:01:e0:71:
         b4:e6:28:3e:08:8c:3f:14:a1:1b:fb:5d:55:95:cb:8c:74:b0:
         64:27:f5:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7jNo4stBLR0NumK8L7Oo84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDE1MTkyMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njg4NWM0NWYzMTExMjZiMDQyMTM4OTA3N2I1NjNhMTI3YzdmOTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheeo1LeUx9nNv64fdTmlU/jaKOm6
s1NKZCzvFLlVCnUFHWx7Qkx+m1j7eX3h9qxIE7AkUsqUyhWNKHz8l3g2QBo/tl7I
mwHJdsd8OL9oWm8zyIwzoS/kFIC3DzjV8WakDw6pJJcn10+xmA4BHJ6J1kI3nJx+
vaybMufQPZqI/0NvP/FiS4f9+3VvJ9RuR/FWPnQCV4musLiXMnm8Qw72keFFDx7w
Oz+Y1Vt6xxAjE18ZzhTLH39oeOMHeGSmLdUj/pZh/kF5VSePKtQOtTZSfq/jQYut
w6hsMDXtIgllO2jSoEx7fM/O+lak5rnR7XbWxq9JClEPgGOpLh3NwGvDOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaIXEXzERJrBCE4kHe1Y6Enx/kzMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvaG9oY1JmTVJFbXNFSVRpUWQ3VmpvU2ZILVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4kMA0G
CSqGSIb3DQEBCwUAA4IBAQAEYai/BtD8ev8ipEh5OvfM3ZiCPCV3+ehb6S5puHE4
WGxXmbKpTFbO8qnxXSL784Fvb00jG+mTfHjYsN/q0cXqdgnTA1kUSFXvht2A8JwP
Ej2o5cBNo1d38jHN6qze6tPqwL3K5vC7hV2BKdfSSuP5D2mxCuJqKNNUDXhVdByW
MyGfbjITPFTDAmWfDn5H/+ft8WvgVkscyXXIWt8g0iFOo061ir0bf2Ca6/saVf1G
ReIOcvSoBkxYZT3/6x/SJkg1/6IveCQ60jiV3V9gt1BZgigoolORvMGa4+BGi7d5
2KpjJb6Njq0B4HG05ig+CIw/FKEb+11VlcuMdLBkJ/WY
-----END CERTIFICATE-----