Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/HlCghOq7PkOdUgijVqn7I2QcYKI.roa
File:                     HlCghOq7PkOdUgijVqn7I2QcYKI.roa (raw, json)
Hash identifier:          gRzOHMfeafrFnHS1rd44qFTTGTE306ZvWN4NRiR5XN8=
Subject key identifier:   1E:50:A0:84:EA:BB:3E:43:9D:52:08:A3:56:A9:FB:23:64:1C:60:A2
Certificate issuer:       /CN=27f48c85a42b00b39d1803e63c9fd5adebf7f95e
Certificate serial:       018CC348A204FB0F2F0A4E6A3B36A82AB024
Authority key identifier: 27:F4:8C:85:A4:2B:00:B3:9D:18:03:E6:3C:9F:D5:AD:EB:F7:F9:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J_SMhaQrALOdGAPmPJ_Vrev3-V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/HlCghOq7PkOdUgijVqn7I2QcYKI.roa
Signing time:             Mon 01 Jan 2024 04:29:26 +0000
ROA not before:           Mon 01 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44005
IP address blocks:        91.198.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/J_SMhaQrALOdGAPmPJ_Vrev3-V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/J_SMhaQrALOdGAPmPJ_Vrev3-V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J_SMhaQrALOdGAPmPJ_Vrev3-V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a2:04:fb:0f:2f:0a:4e:6a:3b:36:a8:2a:b0:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27f48c85a42b00b39d1803e63c9fd5adebf7f95e
        Validity
            Not Before: Jan  1 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e50a084eabb3e439d5208a356a9fb23641c60a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:73:91:24:a8:ad:d4:c9:a5:d4:1b:1f:48:4e:
                    d9:8f:85:5b:14:f7:15:15:9c:9e:0a:4a:18:fc:35:
                    ed:3b:43:5f:af:ec:57:74:48:ba:a3:9c:73:cb:6c:
                    fb:fb:00:68:84:de:8a:8f:72:80:51:b0:bf:fc:f3:
                    a4:6a:e3:dc:a9:25:32:ef:3f:c9:44:02:05:2c:e0:
                    56:a5:9c:62:d5:7c:69:16:27:a1:e5:a0:8e:18:10:
                    f7:47:63:05:56:ad:19:44:3b:76:2b:81:47:b2:06:
                    f3:ab:ab:00:17:77:3b:df:b2:d4:80:51:08:82:ff:
                    e4:d3:22:b2:2c:8d:f8:04:7e:15:de:83:8b:13:83:
                    f9:89:b4:5f:b9:1e:32:0d:78:39:95:42:db:3a:0e:
                    88:76:16:74:97:42:45:03:1e:a8:1a:57:90:07:06:
                    57:8c:0a:7e:23:4f:e3:ab:6a:ec:36:18:0f:e1:cf:
                    4c:1a:0e:60:4c:f0:f8:53:7f:de:f7:4f:5a:69:f4:
                    14:68:6d:9a:11:05:53:cb:03:bb:74:21:db:e6:23:
                    02:55:00:1d:f9:02:22:76:24:99:a4:21:c5:00:ff:
                    38:37:39:10:d4:af:1f:ef:7f:26:cf:1d:8d:9c:03:
                    e6:cb:ed:03:f2:7c:27:5e:37:6a:73:7d:7c:15:14:
                    05:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:50:A0:84:EA:BB:3E:43:9D:52:08:A3:56:A9:FB:23:64:1C:60:A2
            X509v3 Authority Key Identifier:
                keyid:27:F4:8C:85:A4:2B:00:B3:9D:18:03:E6:3C:9F:D5:AD:EB:F7:F9:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J_SMhaQrALOdGAPmPJ_Vrev3-V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/HlCghOq7PkOdUgijVqn7I2QcYKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/4d4b24-9b58-4e3c-a515-e325621e86dd/1/J_SMhaQrALOdGAPmPJ_Vrev3-V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:69:7d:cb:0a:6c:85:6f:c1:3e:b2:e1:12:74:7e:96:e0:49:
         9f:65:10:dd:d7:c6:40:aa:14:2f:8b:61:94:08:a5:26:06:97:
         6e:8a:c5:af:2e:fe:4e:17:ae:0a:3a:ae:fb:f0:4d:9e:b9:83:
         54:05:59:e6:fe:f2:16:67:68:19:68:d0:cd:d9:75:50:1c:00:
         1c:c4:75:a9:6d:ae:ac:21:c4:cf:87:b1:71:3f:38:6f:65:da:
         e8:bf:dd:9d:14:48:74:00:ee:a5:80:ea:3b:b5:0d:f6:4a:e3:
         41:cb:6e:1b:f1:ae:6f:d2:8d:13:69:e1:78:c4:14:f6:3c:55:
         06:7d:64:9b:6c:49:7d:a1:fc:01:5b:1b:cd:92:68:9f:c3:f4:
         c8:56:0c:c1:28:64:ab:ab:7f:b2:c8:0e:ca:95:a9:6f:22:ac:
         30:1b:a0:86:41:60:71:c6:ef:e0:ad:0e:7a:6b:a8:e5:59:97:
         22:48:14:5e:f2:b8:5a:6a:94:a6:3f:8d:ca:38:df:70:23:76:
         1b:ff:79:a3:bf:8a:07:54:c1:73:9a:2e:e6:38:33:cd:05:97:
         c2:5f:06:ec:9e:c3:89:2e:66:78:3d:1e:83:4d:27:49:12:8e:
         d4:4a:64:3e:89:1b:23:ea:43:8b:14:7e:b1:e6:39:f5:39:41:
         1f:85:08:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKIE+w8vCk5qOzaoKrAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZjQ4Yzg1YTQyYjAwYjM5ZDE4MDNlNjNjOWZkNWFkZWJm
N2Y5NWUwHhcNMjQwMTAxMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTUwYTA4NGVhYmIzZTQzOWQ1MjA4YTM1NmE5ZmIyMzY0MWM2MGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXORJKit1Mml1BsfSE7Zj4VbFPcV
FZyeCkoY/DXtO0Nfr+xXdEi6o5xzy2z7+wBohN6Kj3KAUbC//POkauPcqSUy7z/J
RAIFLOBWpZxi1XxpFieh5aCOGBD3R2MFVq0ZRDt2K4FHsgbzq6sAF3c737LUgFEI
gv/k0yKyLI34BH4V3oOLE4P5ibRfuR4yDXg5lULbOg6IdhZ0l0JFAx6oGleQBwZX
jAp+I0/jq2rsNhgP4c9MGg5gTPD4U3/e909aafQUaG2aEQVTywO7dCHb5iMCVQAd
+QIidiSZpCHFAP84NzkQ1K8f738mzx2NnAPmy+0D8nwnXjdqc318FRQF8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5QoITquz5DnVIIo1ap+yNkHGCiMB8GA1UdIwQY
MBaAFCf0jIWkKwCznRgD5jyf1a3r9/leMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSl9TTWhhUXJBTE9kR0FQbVBKX1ZyZXYzLVY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi80ZDRiMjQtOWI1OC00ZTNjLWE1MTUt
ZTMyNTYyMWU4NmRkLzEvSGxDZ2hPcTdQa09kVWdpalZxbjdJMlFjWUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi80ZDRiMjQtOWI1OC00ZTNjLWE1MTUtZTMyNTYyMWU4NmRk
LzEvSl9TTWhhUXJBTE9kR0FQbVBKX1ZyZXYzLVY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8brMA0G
CSqGSIb3DQEBCwUAA4IBAQA/aX3LCmyFb8E+suESdH6W4EmfZRDd18ZAqhQvi2GU
CKUmBpduisWvLv5OF64KOq778E2euYNUBVnm/vIWZ2gZaNDN2XVQHAAcxHWpba6s
IcTPh7FxPzhvZdrov92dFEh0AO6lgOo7tQ32SuNBy24b8a5v0o0TaeF4xBT2PFUG
fWSbbEl9ofwBWxvNkmifw/TIVgzBKGSrq3+yyA7KlalvIqwwG6CGQWBxxu/grQ56
a6jlWZciSBRe8rhaapSmP43KON9wI3Yb/3mjv4oHVMFzmi7mODPNBZfCXwbsnsOJ
LmZ4PR6DTSdJEo7USmQ+iRsj6kOLFH6x5jn1OUEfhQgn
-----END CERTIFICATE-----