Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HDRlvwIO4YUjxEVsuQnLMpKNgAQ.roa
File:                     HDRlvwIO4YUjxEVsuQnLMpKNgAQ.roa (raw, json)
Hash identifier:          b0PaPQWeqsSNNI/WQtMsoRBGdnCSXPDpd4W6V76/T/g=
Subject key identifier:   1C:34:65:BF:02:0E:E1:85:23:C4:45:6C:B9:09:CB:32:92:8D:80:04
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018DCBE96B8A2B94B9CD3652EAFBEBA34940
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HDRlvwIO4YUjxEVsuQnLMpKNgAQ.roa
Signing time:             Wed 21 Feb 2024 13:44:48 +0000
ROA not before:           Wed 21 Feb 2024 13:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22781
IP address blocks:        176.57.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cb:e9:6b:8a:2b:94:b9:cd:36:52:ea:fb:eb:a3:49:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Feb 21 13:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c3465bf020ee18523c4456cb909cb32928d8004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:61:b6:c8:81:26:b6:93:7d:d4:5a:61:a1:62:
                    c8:33:1c:49:ba:55:dc:2c:07:13:2a:75:aa:38:4f:
                    5c:9d:0e:2a:5d:b6:5d:15:91:b8:3d:68:ff:73:ef:
                    fd:ad:69:fb:35:cc:6a:d3:5f:97:60:b5:e2:33:eb:
                    45:f6:24:c0:8d:a5:98:8f:a7:ff:15:4b:54:f2:c3:
                    4c:d7:a1:e5:bc:d6:bd:3d:ae:75:78:af:8a:44:84:
                    7b:df:25:9c:c5:6d:e2:e0:a3:d2:79:f0:3b:b6:f4:
                    1f:c9:e5:df:4b:fe:12:9e:a2:f3:4f:a7:3a:59:cd:
                    0a:3f:5e:cf:cf:67:71:94:d6:80:e5:6b:3d:da:4c:
                    cd:c8:59:dd:5c:8f:0b:09:b0:a7:83:d2:79:ee:d4:
                    b0:7c:b5:8a:39:79:cc:e1:89:b9:cf:39:22:f2:5f:
                    0b:c2:ad:91:fa:7d:bd:5a:83:1a:3c:87:f7:4d:a6:
                    0a:fa:3e:26:ee:0d:8b:4a:73:2d:73:c4:53:e3:a1:
                    36:1f:fc:da:b4:2f:69:2f:12:80:51:a7:4a:01:3e:
                    3d:71:2c:8d:1d:87:04:8f:b2:91:36:30:20:74:12:
                    ec:08:05:d7:0a:74:0b:ed:97:e4:e3:94:66:f7:7a:
                    bf:f9:8a:cf:b1:3b:99:91:49:80:f2:63:16:3e:a6:
                    22:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:34:65:BF:02:0E:E1:85:23:C4:45:6C:B9:09:CB:32:92:8D:80:04
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/HDRlvwIO4YUjxEVsuQnLMpKNgAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c3:ab:f2:68:4c:04:b1:9f:55:e0:1c:f9:41:b2:12:69:66:
         5e:4c:d1:13:ed:42:9a:bc:8d:ed:9f:28:9f:e6:d6:47:37:63:
         79:b5:d0:c7:e4:c6:10:ba:34:f8:5d:84:b1:3c:c1:96:16:f8:
         da:60:f3:e4:09:d2:e8:90:d7:ff:5c:db:15:e1:26:68:0c:dc:
         c7:0f:2a:d0:0f:94:a3:c9:7a:22:49:17:a6:92:57:66:d7:c7:
         70:04:f3:b0:dd:f1:80:7b:8d:ea:ef:38:9f:83:b4:bc:84:a2:
         52:2a:19:00:24:1d:f6:bb:2c:fa:9b:13:c6:42:7b:ed:37:2f:
         62:b2:7a:20:df:b1:15:c4:3e:d7:8a:ea:3c:d6:ed:e6:76:18:
         f0:50:80:51:80:06:79:a5:16:f1:c9:01:fa:1a:a5:69:d6:6d:
         f2:28:1c:74:87:7c:03:95:bf:49:04:82:66:db:37:33:7f:45:
         1a:d9:12:c7:70:21:84:c0:22:5f:96:3e:c6:7b:62:51:56:92:
         4e:95:90:ea:10:40:b9:f3:c7:81:74:c6:94:bc:b5:50:07:c6:
         67:b3:7a:46:17:a2:a4:86:44:1a:fd:b8:27:2d:c2:6c:0e:0f:
         98:91:89:5d:f2:1d:d3:34:fc:9c:06:27:d7:be:da:53:23:d4:
         8e:78:e2:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3L6WuKK5S5zTZS6vvro0lAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMjIxMTM0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzM0NjViZjAyMGVlMTg1MjNjNDQ1NmNiOTA5Y2IzMjkyOGQ4MDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGG2yIEmtpN91FphoWLIMxxJulXc
LAcTKnWqOE9cnQ4qXbZdFZG4PWj/c+/9rWn7Ncxq01+XYLXiM+tF9iTAjaWYj6f/
FUtU8sNM16HlvNa9Pa51eK+KRIR73yWcxW3i4KPSefA7tvQfyeXfS/4SnqLzT6c6
Wc0KP17Pz2dxlNaA5Ws92kzNyFndXI8LCbCng9J57tSwfLWKOXnM4Ym5zzki8l8L
wq2R+n29WoMaPIf3TaYK+j4m7g2LSnMtc8RT46E2H/zatC9pLxKAUadKAT49cSyN
HYcEj7KRNjAgdBLsCAXXCnQL7Zfk45Rm93q/+YrPsTuZkUmA8mMWPqYi+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBw0Zb8CDuGFI8RFbLkJyzKSjYAEMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSERSbHZ3SU80WVVqeEVWc3VRbkxNcEtOZ0FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk0MA0G
CSqGSIb3DQEBCwUAA4IBAQBGw6vyaEwEsZ9V4Bz5QbISaWZeTNET7UKavI3tnyif
5tZHN2N5tdDH5MYQujT4XYSxPMGWFvjaYPPkCdLokNf/XNsV4SZoDNzHDyrQD5Sj
yXoiSRemkldm18dwBPOw3fGAe43q7zifg7S8hKJSKhkAJB32uyz6mxPGQnvtNy9i
snog37EVxD7Xiuo81u3mdhjwUIBRgAZ5pRbxyQH6GqVp1m3yKBx0h3wDlb9JBIJm
2zczf0Ua2RLHcCGEwCJflj7Ge2JRVpJOlZDqEEC588eBdMaUvLVQB8Zns3pGF6Kk
hkQa/bgnLcJsDg+YkYld8h3TNPycBifXvtpTI9SOeOJe
-----END CERTIFICATE-----