Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/HasPSV8hg4L1tTixMFZgiyib0PM.roa
File:                     HasPSV8hg4L1tTixMFZgiyib0PM.roa (raw, json)
Hash identifier:          TK8CzcOalBj6MspCSWaobDj860V0bhQhkvDbEIxPlR4=
Subject key identifier:   1D:AB:0F:49:5F:21:83:82:F5:B5:38:B1:30:56:60:8B:28:9B:D0:F3
Certificate issuer:       /CN=bc4e21b27d6f84ebdd888c68e79ce555c846dacb
Certificate serial:       018CC56E67460D90944317E004D8933212A7
Authority key identifier: BC:4E:21:B2:7D:6F:84:EB:DD:88:8C:68:E7:9C:E5:55:C8:46:DA:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vE4hsn1vhOvdiIxo55zlVchG2ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/HasPSV8hg4L1tTixMFZgiyib0PM.roa
Signing time:             Mon 01 Jan 2024 14:29:56 +0000
ROA not before:           Mon 01 Jan 2024 14:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.151.44.0/23 maxlen: 23
                          185.151.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/vE4hsn1vhOvdiIxo55zlVchG2ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/vE4hsn1vhOvdiIxo55zlVchG2ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vE4hsn1vhOvdiIxo55zlVchG2ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:67:46:0d:90:94:43:17:e0:04:d8:93:32:12:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4e21b27d6f84ebdd888c68e79ce555c846dacb
        Validity
            Not Before: Jan  1 14:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dab0f495f218382f5b538b13056608b289bd0f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:bb:92:af:f0:99:23:53:ec:dc:ab:82:17:dd:
                    da:dc:55:af:8d:33:08:5d:04:7d:5b:ad:14:c5:9f:
                    28:19:65:65:06:38:f2:2c:09:96:11:25:d3:00:08:
                    3b:b6:ba:35:65:8c:3e:2f:6c:41:a3:eb:f6:1f:57:
                    ad:3e:eb:03:e6:c9:2d:48:a6:72:88:0b:ca:be:65:
                    f9:5f:a3:21:ed:60:7c:9c:3e:a7:72:8b:73:dd:fc:
                    2b:fd:0c:80:bc:8a:f8:ab:c2:1e:47:6c:e1:77:af:
                    5a:6c:54:5e:3b:8a:55:00:a4:41:c8:a7:86:37:02:
                    21:6f:50:41:5d:b8:e0:a7:53:b8:3b:56:1a:87:21:
                    f4:34:15:c8:4a:e0:84:8c:73:72:ac:e3:06:f7:e0:
                    82:50:91:19:f1:75:0c:6e:0a:c0:0b:83:fd:0b:2c:
                    d3:cd:1a:6a:22:f9:62:7f:8e:d6:7f:69:42:6f:db:
                    0e:8b:e9:b5:b9:aa:30:fa:5f:8c:57:b3:c6:d1:13:
                    53:ce:08:ea:b8:22:7c:d2:16:11:9f:cc:dd:6c:c3:
                    39:01:3d:bf:92:10:81:67:4e:b3:14:47:ab:16:92:
                    70:98:e5:b3:fb:c7:df:7c:b4:ed:29:e6:d6:f4:72:
                    b2:99:5b:35:f6:76:20:78:3e:0b:80:a9:33:ca:1f:
                    54:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:AB:0F:49:5F:21:83:82:F5:B5:38:B1:30:56:60:8B:28:9B:D0:F3
            X509v3 Authority Key Identifier:
                keyid:BC:4E:21:B2:7D:6F:84:EB:DD:88:8C:68:E7:9C:E5:55:C8:46:DA:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vE4hsn1vhOvdiIxo55zlVchG2ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/HasPSV8hg4L1tTixMFZgiyib0PM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/vE4hsn1vhOvdiIxo55zlVchG2ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.44.0/23
                  185.151.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:ab:37:2a:b4:38:81:fe:d3:41:a3:fa:da:f4:71:7a:79:7e:
         18:7f:bd:0d:dd:3d:50:d9:c3:f1:92:98:fc:52:1e:20:20:cc:
         f6:a3:42:ef:9e:b5:9a:d6:41:d6:38:8b:29:10:23:61:6a:a9:
         ff:70:07:d1:a3:0f:d2:1c:29:67:84:47:82:72:d6:94:df:f8:
         49:32:8a:6a:ee:0f:ec:05:be:ea:91:ac:36:7e:90:05:ca:ac:
         61:66:8f:e1:11:a2:fc:b3:85:ac:b2:77:73:6a:71:c6:2b:14:
         d4:b7:55:5a:31:21:54:e7:b8:06:51:b0:d3:9c:24:36:46:2c:
         6b:42:60:86:e5:a4:35:61:c6:93:77:53:d9:f7:ee:2d:66:c2:
         33:9a:44:d1:c0:af:f0:2d:de:51:a4:30:2f:ac:70:6e:02:ef:
         d6:d6:0f:b0:14:67:ec:6a:e2:ab:0e:dd:be:8a:5e:61:e8:26:
         40:47:6f:23:f7:c5:92:64:63:e2:18:e9:f9:78:09:18:98:0c:
         31:21:15:3c:f6:87:ce:b0:ad:c7:1d:1c:67:7e:ad:c0:47:f7:
         8f:54:3a:10:f2:52:49:36:8a:bc:e9:2e:7d:e3:a1:8d:55:e9:
         c4:80:7b:a2:d0:d9:2d:2e:ae:dd:65:77:e0:49:38:f8:36:8e:
         56:ea:c8:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbmdGDZCUQxfgBNiTMhKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNGUyMWIyN2Q2Zjg0ZWJkZDg4OGM2OGU3OWNlNTU1Yzg0
NmRhY2IwHhcNMjQwMTAxMTQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGFiMGY0OTVmMjE4MzgyZjViNTM4YjEzMDU2NjA4YjI4OWJkMGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbuSr/CZI1Ps3KuCF93a3FWvjTMI
XQR9W60UxZ8oGWVlBjjyLAmWESXTAAg7tro1ZYw+L2xBo+v2H1etPusD5sktSKZy
iAvKvmX5X6Mh7WB8nD6ncotz3fwr/QyAvIr4q8IeR2zhd69abFReO4pVAKRByKeG
NwIhb1BBXbjgp1O4O1YahyH0NBXISuCEjHNyrOMG9+CCUJEZ8XUMbgrAC4P9CyzT
zRpqIvlif47Wf2lCb9sOi+m1uaow+l+MV7PG0RNTzgjquCJ80hYRn8zdbMM5AT2/
khCBZ06zFEerFpJwmOWz+8fffLTtKebW9HKymVs19nYgeD4LgKkzyh9UWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB2rD0lfIYOC9bU4sTBWYIsom9DzMB8GA1UdIwQY
MBaAFLxOIbJ9b4Tr3YiMaOec5VXIRtrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkU0aHNuMXZoT3ZkaUl4bzU1emxWY2hHMnNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9hMGQ3M2QtNjU2NC00MTQyLWE2ZWUt
ODNlNzNjYjI1ZWE1LzEvSGFzUFNWOGhnNEwxdFRpeE1GWmdpeWliMFBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9hMGQ3M2QtNjU2NC00MTQyLWE2ZWUtODNlNzNjYjI1ZWE1
LzEvdkU0aHNuMXZoT3ZkaUl4bzU1emxWY2hHMnNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuZcsAwQA
uZcvMA0GCSqGSIb3DQEBCwUAA4IBAQAdqzcqtDiB/tNBo/ra9HF6eX4Yf70N3T1Q
2cPxkpj8Uh4gIMz2o0LvnrWa1kHWOIspECNhaqn/cAfRow/SHClnhEeCctaU3/hJ
Mopq7g/sBb7qkaw2fpAFyqxhZo/hEaL8s4WssndzanHGKxTUt1VaMSFU57gGUbDT
nCQ2RixrQmCG5aQ1YcaTd1PZ9+4tZsIzmkTRwK/wLd5RpDAvrHBuAu/W1g+wFGfs
auKrDt2+il5h6CZAR28j98WSZGPiGOn5eAkYmAwxIRU89ofOsK3HHRxnfq3AR/eP
VDoQ8lJJNoq86S5946GNVenEgHui0NktLq7dZXfgSTj4No5W6sgH
-----END CERTIFICATE-----