Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/HBNPjK-gkdmlYHloFrQk56rXC7c.roa
File:                     HBNPjK-gkdmlYHloFrQk56rXC7c.roa (raw, json)
Hash identifier:          BmEhEyojEc9u79U1s9txf4lo5E6RjqU8yfcz/jZSw6M=
Subject key identifier:   1C:13:4F:8C:AF:A0:91:D9:A5:60:79:68:16:B4:24:E7:AA:D7:0B:B7
Certificate issuer:       /CN=e9accfd21abd7fe3fa0d6bb31df4820bfb5a4188
Certificate serial:       018D125591134FE77EDCA417C797252F6F64
Authority key identifier: E9:AC:CF:D2:1A:BD:7F:E3:FA:0D:6B:B3:1D:F4:82:0B:FB:5A:41:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/HBNPjK-gkdmlYHloFrQk56rXC7c.roa
Signing time:             Tue 16 Jan 2024 12:53:34 +0000
ROA not before:           Tue 16 Jan 2024 12:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6730
IP address blocks:        194.147.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:12:55:91:13:4f:e7:7e:dc:a4:17:c7:97:25:2f:6f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9accfd21abd7fe3fa0d6bb31df4820bfb5a4188
        Validity
            Not Before: Jan 16 12:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c134f8cafa091d9a560796816b424e7aad70bb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6f:a0:62:ba:95:9a:a8:e5:ba:45:dc:1a:e2:
                    10:82:b7:57:a5:2c:5e:c4:70:0c:ff:a0:7d:b3:5e:
                    28:5e:1e:85:57:db:f2:ac:c1:9e:a8:58:d6:4b:42:
                    86:dd:11:e8:12:02:41:9c:a2:81:aa:d9:35:53:a6:
                    fc:60:1c:6f:9a:22:a8:f7:ad:90:f6:d7:aa:1e:47:
                    fc:4e:19:d5:fc:97:c8:db:e2:55:53:a8:00:f5:95:
                    76:26:45:b4:77:0a:2d:1d:48:7c:9a:c5:f2:1e:a0:
                    65:97:0f:ef:56:a7:e6:19:83:ac:77:4f:0d:0d:2c:
                    f3:a4:64:fb:f4:8e:98:9c:f6:cd:38:ef:36:6d:a5:
                    0d:b8:c4:a1:23:a4:74:d0:43:87:cd:d1:00:eb:05:
                    d6:a3:f9:4c:8c:71:ad:4f:18:f2:16:b7:12:68:6c:
                    5f:3a:8d:72:8e:7b:fb:f5:a0:03:61:1a:7e:a6:27:
                    8c:20:2a:e9:a6:05:c8:d4:53:6f:b4:94:6f:38:50:
                    91:1b:26:7b:6e:7d:89:79:ef:2b:78:1e:3f:dd:1c:
                    8f:bc:85:94:1d:7e:1d:67:6f:a4:89:cd:f4:16:55:
                    c9:2a:ab:8a:f2:6b:96:8f:33:74:ab:1d:b6:29:04:
                    8b:e7:d2:79:ef:e9:be:cf:7a:fe:81:b7:09:4a:83:
                    63:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:13:4F:8C:AF:A0:91:D9:A5:60:79:68:16:B4:24:E7:AA:D7:0B:B7
            X509v3 Authority Key Identifier:
                keyid:E9:AC:CF:D2:1A:BD:7F:E3:FA:0D:6B:B3:1D:F4:82:0B:FB:5A:41:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6azP0hq9f-P6DWuzHfSCC_taQYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/HBNPjK-gkdmlYHloFrQk56rXC7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6f2886-2ff7-40b0-9673-75b684f890b4/1/6azP0hq9f-P6DWuzHfSCC_taQYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:25:15:59:b1:27:83:0e:3f:2d:f6:3b:3e:f8:83:9b:cf:98:
         46:69:23:b7:c4:aa:4d:28:42:9b:b3:a8:c0:27:26:7f:23:69:
         6a:41:0a:ab:03:62:4c:e3:a6:2c:32:7a:6c:79:d0:f3:1f:df:
         ff:8f:75:93:9d:eb:e6:95:08:7b:71:d5:98:51:69:28:b4:02:
         56:51:f4:61:8c:1a:6c:e3:75:8d:77:76:57:9d:75:e3:e7:7a:
         aa:e7:41:3f:1d:21:39:e2:f3:fd:ed:c4:17:4c:ca:a7:b9:30:
         2c:94:27:7d:52:84:a4:85:f2:70:86:9e:db:8a:40:e0:b6:6d:
         b7:30:69:be:aa:eb:3e:f7:52:38:10:30:99:c9:3c:74:09:07:
         5e:d1:4c:3f:15:a1:08:5e:02:eb:96:b8:dd:72:a2:a6:26:88:
         02:88:9d:fe:9b:27:1d:33:67:97:02:4e:69:4f:b9:57:24:62:
         e4:39:41:39:5a:7e:69:aa:1a:7a:76:99:f1:9f:b9:f7:9e:ae:
         e6:c9:c5:d3:c0:30:fd:25:99:99:40:33:8b:82:9d:1e:21:06:
         60:34:61:2c:bb:1f:bb:34:26:4e:52:d4:c1:ef:09:28:21:39:
         6a:e7:b6:cf:20:e1:e2:04:fc:08:68:e1:03:4b:29:9d:3e:21:
         0e:04:37:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0SVZETT+d+3KQXx5clL29kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YWNjZmQyMWFiZDdmZTNmYTBkNmJiMzFkZjQ4MjBiZmI1
YTQxODgwHhcNMjQwMTE2MTI1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzEzNGY4Y2FmYTA5MWQ5YTU2MDc5NjgxNmI0MjRlN2FhZDcwYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2+gYrqVmqjlukXcGuIQgrdXpSxe
xHAM/6B9s14oXh6FV9vyrMGeqFjWS0KG3RHoEgJBnKKBqtk1U6b8YBxvmiKo962Q
9teqHkf8ThnV/JfI2+JVU6gA9ZV2JkW0dwotHUh8msXyHqBllw/vVqfmGYOsd08N
DSzzpGT79I6YnPbNOO82baUNuMShI6R00EOHzdEA6wXWo/lMjHGtTxjyFrcSaGxf
Oo1yjnv79aADYRp+pieMICrppgXI1FNvtJRvOFCRGyZ7bn2Jee8reB4/3RyPvIWU
HX4dZ2+kic30FlXJKquK8muWjzN0qx22KQSL59J57+m+z3r+gbcJSoNjzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwTT4yvoJHZpWB5aBa0JOeq1wu3MB8GA1UdIwQY
MBaAFOmsz9IavX/j+g1rsx30ggv7WkGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmF6UDBocTlmLVA2RFd1ekhmU0NDX3RhUVlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC82ZjI4ODYtMmZmNy00MGIwLTk2NzMt
NzViNjg0Zjg5MGI0LzEvSEJOUGpLLWdrZG1sWUhsb0ZyUWs1NnJYQzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC82ZjI4ODYtMmZmNy00MGIwLTk2NzMtNzViNjg0Zjg5MGI0
LzEvNmF6UDBocTlmLVA2RFd1ekhmU0NDX3RhUVlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNwMA0G
CSqGSIb3DQEBCwUAA4IBAQB7JRVZsSeDDj8t9js++IObz5hGaSO3xKpNKEKbs6jA
JyZ/I2lqQQqrA2JM46YsMnpsedDzH9//j3WTnevmlQh7cdWYUWkotAJWUfRhjBps
43WNd3ZXnXXj53qq50E/HSE54vP97cQXTMqnuTAslCd9UoSkhfJwhp7bikDgtm23
MGm+qus+91I4EDCZyTx0CQde0Uw/FaEIXgLrlrjdcqKmJogCiJ3+mycdM2eXAk5p
T7lXJGLkOUE5Wn5pqhp6dpnxn7n3nq7mycXTwDD9JZmZQDOLgp0eIQZgNGEsux+7
NCZOUtTB7wkoITlq57bPIOHiBPwIaOEDSymdPiEOBDeP
-----END CERTIFICATE-----