Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2df6af-edc3-498e-a5fd-09303e418e7d/1/hgSQHPBMAipgEiJKp8kNBLJOvRY.roa
File:                     hgSQHPBMAipgEiJKp8kNBLJOvRY.roa (raw, json)
Hash identifier:          q7M48E7g1KRxix95RsaPk3AEp2mKSXJu+KVNzxGL4Kc=
Subject key identifier:   86:04:90:1C:F0:4C:02:2A:60:12:22:4A:A7:C9:0D:04:B2:4E:BD:16
Certificate issuer:       /CN=0be6d52874a0c8edbea9c81c420676b614ea29c8
Certificate serial:       018CC94D80EB2555041734B70D7B4A68C3C0
Authority key identifier: 0B:E6:D5:28:74:A0:C8:ED:BE:A9:C8:1C:42:06:76:B6:14:EA:29:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C-bVKHSgyO2-qcgcQgZ2thTqKcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2df6af-edc3-498e-a5fd-09303e418e7d/1/hgSQHPBMAipgEiJKp8kNBLJOvRY.roa
Signing time:             Tue 02 Jan 2024 08:32:28 +0000
ROA not before:           Tue 02 Jan 2024 08:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        193.193.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2df6af-edc3-498e-a5fd-09303e418e7d/1/C-bVKHSgyO2-qcgcQgZ2thTqKcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2df6af-edc3-498e-a5fd-09303e418e7d/1/C-bVKHSgyO2-qcgcQgZ2thTqKcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C-bVKHSgyO2-qcgcQgZ2thTqKcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:80:eb:25:55:04:17:34:b7:0d:7b:4a:68:c3:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0be6d52874a0c8edbea9c81c420676b614ea29c8
        Validity
            Not Before: Jan  2 08:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8604901cf04c022a6012224aa7c90d04b24ebd16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a9:d4:60:b2:ad:64:0d:ca:d7:70:5f:71:60:
                    9e:2f:b9:89:7e:ab:cd:05:40:1d:f7:be:a9:4c:6a:
                    0b:07:f2:52:83:59:c5:4e:f9:2f:2e:69:05:f5:bf:
                    61:56:3a:1b:04:58:6a:ad:20:13:09:c1:a7:8c:76:
                    3d:27:10:8f:1e:41:c8:d4:86:76:c7:bb:26:b8:98:
                    b8:ca:8e:ff:0b:2e:1e:71:89:69:40:5a:c9:09:bf:
                    ea:3f:54:d4:97:8b:33:23:83:6d:11:88:c1:62:c0:
                    40:8e:66:80:3a:2e:78:77:64:05:62:be:9c:97:c6:
                    8f:63:ce:26:c1:cb:f1:52:62:dc:e6:b7:0a:cc:e5:
                    54:24:8f:78:57:02:95:9c:62:d9:ef:db:d7:7e:00:
                    d9:82:48:f3:a4:62:c7:c0:09:8f:98:0b:1e:2c:30:
                    7e:8c:8f:fc:f7:ef:95:bf:04:cd:3c:c6:57:2a:c5:
                    1c:9c:53:96:fd:6b:d9:ae:6e:54:47:9a:52:0f:d6:
                    02:ea:58:8c:7e:fa:5f:04:0b:b3:7b:53:64:e2:a4:
                    ed:89:6f:f7:74:ef:45:33:79:e5:2a:ea:de:73:e7:
                    d9:e0:a7:1a:07:64:6c:b5:13:49:90:0c:42:30:24:
                    2d:39:1e:d7:ff:8a:80:69:c0:46:95:e5:01:61:45:
                    4b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:04:90:1C:F0:4C:02:2A:60:12:22:4A:A7:C9:0D:04:B2:4E:BD:16
            X509v3 Authority Key Identifier:
                keyid:0B:E6:D5:28:74:A0:C8:ED:BE:A9:C8:1C:42:06:76:B6:14:EA:29:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C-bVKHSgyO2-qcgcQgZ2thTqKcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2df6af-edc3-498e-a5fd-09303e418e7d/1/hgSQHPBMAipgEiJKp8kNBLJOvRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2df6af-edc3-498e-a5fd-09303e418e7d/1/C-bVKHSgyO2-qcgcQgZ2thTqKcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.193.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:0c:98:87:23:86:d9:9d:75:ba:9c:d5:94:13:0d:a7:c3:25:
         e4:ba:ff:c3:9d:5b:e6:3e:63:d9:0d:85:7d:1d:55:06:7d:18:
         36:e6:6b:e5:81:84:50:0c:77:5b:b0:12:1a:8e:d5:84:b3:ab:
         f6:5a:9c:a2:0a:81:cc:94:1e:f6:38:f7:83:fd:ce:5a:bf:b3:
         99:ee:f9:8c:9f:b4:3e:be:7b:f6:31:55:70:b7:fa:ec:de:b8:
         c4:d6:56:f1:6b:76:91:09:1a:c5:aa:b9:e1:f5:52:b4:cb:0f:
         c8:c6:7d:0f:11:d5:d2:c0:9b:50:2c:10:27:80:e0:dd:3c:f0:
         01:37:1d:d0:f5:94:80:16:be:ec:81:36:1e:c6:b9:10:77:67:
         06:ac:77:4d:f4:e2:92:0f:2b:21:66:af:a1:d3:2c:75:9c:0f:
         c0:d2:06:eb:4b:34:91:4a:14:f8:3c:b8:2b:a9:c3:29:f4:5d:
         7c:89:55:cb:33:4b:37:96:44:58:78:b2:0b:48:a9:f0:f7:77:
         9f:1c:26:35:f5:23:6f:0d:27:d6:3a:02:f0:20:b1:f2:56:c1:
         03:df:9e:ed:6d:6b:1f:d3:3b:08:0c:68:3b:49:7d:f1:48:99:
         8c:e7:9b:0e:f4:98:6a:b6:7c:b8:ea:6c:ad:28:90:32:52:a6:
         23:12:b5:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTYDrJVUEFzS3DXtKaMPAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZTZkNTI4NzRhMGM4ZWRiZWE5YzgxYzQyMDY3NmI2MTRl
YTI5YzgwHhcNMjQwMTAyMDgzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjA0OTAxY2YwNGMwMjJhNjAxMjIyNGFhN2M5MGQwNGIyNGViZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqnUYLKtZA3K13BfcWCeL7mJfqvN
BUAd976pTGoLB/JSg1nFTvkvLmkF9b9hVjobBFhqrSATCcGnjHY9JxCPHkHI1IZ2
x7smuJi4yo7/Cy4ecYlpQFrJCb/qP1TUl4szI4NtEYjBYsBAjmaAOi54d2QFYr6c
l8aPY84mwcvxUmLc5rcKzOVUJI94VwKVnGLZ79vXfgDZgkjzpGLHwAmPmAseLDB+
jI/89++VvwTNPMZXKsUcnFOW/WvZrm5UR5pSD9YC6liMfvpfBAuze1Nk4qTtiW/3
dO9FM3nlKurec+fZ4KcaB2RstRNJkAxCMCQtOR7X/4qAacBGleUBYUVL7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYEkBzwTAIqYBIiSqfJDQSyTr0WMB8GA1UdIwQY
MBaAFAvm1Sh0oMjtvqnIHEIGdrYU6inIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQy1iVktIU2d5TzItcWNnY1FnWjJ0aFRxS2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yZGY2YWYtZWRjMy00OThlLWE1ZmQt
MDkzMDNlNDE4ZTdkLzEvaGdTUUhQQk1BaXBnRWlKS3A4a05CTEpPdlJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yZGY2YWYtZWRjMy00OThlLWE1ZmQtMDkzMDNlNDE4ZTdk
LzEvQy1iVktIU2d5TzItcWNnY1FnWjJ0aFRxS2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcG8MA0G
CSqGSIb3DQEBCwUAA4IBAQCTDJiHI4bZnXW6nNWUEw2nwyXkuv/DnVvmPmPZDYV9
HVUGfRg25mvlgYRQDHdbsBIajtWEs6v2WpyiCoHMlB72OPeD/c5av7OZ7vmMn7Q+
vnv2MVVwt/rs3rjE1lbxa3aRCRrFqrnh9VK0yw/Ixn0PEdXSwJtQLBAngODdPPAB
Nx3Q9ZSAFr7sgTYexrkQd2cGrHdN9OKSDyshZq+h0yx1nA/A0gbrSzSRShT4PLgr
qcMp9F18iVXLM0s3lkRYeLILSKnw93efHCY19SNvDSfWOgLwILHyVsED357tbWsf
0zsIDGg7SX3xSJmM55sO9Jhqtny46mytKJAyUqYjErWe
-----END CERTIFICATE-----