Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e1545b-fc52-44c0-8f57-2884dd8248d6/1/HjsotzSBKeLsTxfD4SsF7FMQ2jE.roa
File:                     HjsotzSBKeLsTxfD4SsF7FMQ2jE.roa (raw, json)
Hash identifier:          iRy2FphE95fpz3BcHP5q/yjN3LL0x9vZzyLNWRGpH5A=
Subject key identifier:   1E:3B:28:B7:34:81:29:E2:EC:4F:17:C3:E1:2B:05:EC:53:10:DA:31
Certificate issuer:       /CN=af48f67f53fce9891d41593ac84cae304abfcbcf
Certificate serial:       018CC56EDDB379D35F2B728724FC33FE70AE
Authority key identifier: AF:48:F6:7F:53:FC:E9:89:1D:41:59:3A:C8:4C:AE:30:4A:BF:CB:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r0j2f1P86YkdQVk6yEyuMEq_y88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e1545b-fc52-44c0-8f57-2884dd8248d6/1/HjsotzSBKeLsTxfD4SsF7FMQ2jE.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202796
IP address blocks:        193.169.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/e1545b-fc52-44c0-8f57-2884dd8248d6/1/r0j2f1P86YkdQVk6yEyuMEq_y88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/e1545b-fc52-44c0-8f57-2884dd8248d6/1/r0j2f1P86YkdQVk6yEyuMEq_y88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r0j2f1P86YkdQVk6yEyuMEq_y88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:dd:b3:79:d3:5f:2b:72:87:24:fc:33:fe:70:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af48f67f53fce9891d41593ac84cae304abfcbcf
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e3b28b7348129e2ec4f17c3e12b05ec5310da31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ec:c8:8b:a3:ba:4e:d1:e8:4a:b5:b6:34:d6:
                    77:fc:b4:18:9f:ad:22:49:73:df:45:34:38:99:ba:
                    31:2b:08:64:2d:c1:f4:80:ea:fb:14:34:5f:20:e9:
                    f7:03:9c:60:cd:ae:7a:d9:1d:f0:b0:85:52:8a:4e:
                    1a:23:fc:f5:be:ba:e6:86:fc:94:84:91:92:43:57:
                    87:e2:f8:86:ea:e4:ec:de:65:15:22:68:29:c8:3a:
                    69:cd:4c:8d:07:56:c9:8e:e7:b6:da:39:cb:79:37:
                    68:d7:f7:16:03:90:de:23:88:16:0f:96:6f:90:24:
                    31:69:10:d8:fe:c1:aa:fa:21:73:a5:7f:3e:f5:f9:
                    9b:fd:3b:16:ca:d9:12:f8:6f:5f:ba:88:70:5e:1a:
                    0d:3f:09:5d:f9:c8:67:85:bc:f1:8e:39:81:d5:e8:
                    0e:8c:85:57:6d:f5:a9:4b:85:07:9f:2c:8a:99:24:
                    51:52:ed:1f:58:5b:b7:1f:37:7e:46:90:97:f3:74:
                    d1:8b:dd:ae:0d:ed:8e:4f:9c:4b:38:ce:dc:d3:20:
                    e5:4c:6d:43:ce:e5:a1:19:85:42:06:a6:ae:a6:06:
                    23:ce:1d:a8:76:9c:73:2b:59:d3:d4:4d:be:fc:2e:
                    a9:f5:e0:be:26:8d:e0:68:e8:39:98:de:ee:c7:74:
                    85:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:3B:28:B7:34:81:29:E2:EC:4F:17:C3:E1:2B:05:EC:53:10:DA:31
            X509v3 Authority Key Identifier:
                keyid:AF:48:F6:7F:53:FC:E9:89:1D:41:59:3A:C8:4C:AE:30:4A:BF:CB:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r0j2f1P86YkdQVk6yEyuMEq_y88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e1545b-fc52-44c0-8f57-2884dd8248d6/1/HjsotzSBKeLsTxfD4SsF7FMQ2jE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e1545b-fc52-44c0-8f57-2884dd8248d6/1/r0j2f1P86YkdQVk6yEyuMEq_y88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:ff:c5:bf:51:55:c4:0a:3d:82:d4:02:dc:21:3b:71:d8:b7:
         e4:8e:d5:ad:a1:98:93:a0:fe:de:c4:6a:10:62:e5:d2:c4:24:
         5a:29:31:87:21:7c:8a:ef:5d:de:7c:b1:f4:7a:f2:e9:f6:9f:
         40:74:f3:54:23:21:ae:c5:79:10:8a:94:e6:83:a4:73:97:61:
         43:f9:fe:ed:0a:dc:f4:f1:8f:79:c8:f9:7f:f4:7d:7e:6e:db:
         bd:02:3f:c1:ea:d3:29:0a:83:7b:a9:a9:e9:81:ae:11:cd:9a:
         78:04:cf:15:a2:f0:74:35:ec:1c:0f:9f:32:fd:26:16:4a:de:
         09:b3:58:2e:ad:2a:43:ad:d0:dc:78:12:cc:67:35:da:f5:8e:
         a9:3b:b9:4f:8f:d1:62:b2:1f:93:3b:d8:7d:f7:b7:63:f2:5b:
         a1:72:ec:a9:5d:dd:69:83:23:de:21:af:1e:b9:0a:74:ac:6c:
         5b:9c:0d:bb:37:28:cf:58:16:aa:34:a5:23:d3:16:e5:15:2e:
         c7:57:bc:63:b0:ad:ff:f4:0a:c9:fa:ea:5e:fc:50:da:cf:75:
         39:a9:80:2d:a6:26:61:ba:fa:82:3c:d6:20:75:21:d0:ba:52:
         6d:70:60:d4:c5:88:eb:b0:1e:73:ef:89:9e:09:13:3d:f8:62:
         4c:18:8d:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbt2zedNfK3KHJPwz/nCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNDhmNjdmNTNmY2U5ODkxZDQxNTkzYWM4NGNhZTMwNGFi
ZmNiY2YwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTNiMjhiNzM0ODEyOWUyZWM0ZjE3YzNlMTJiMDVlYzUzMTBkYTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOzIi6O6TtHoSrW2NNZ3/LQYn60i
SXPfRTQ4mboxKwhkLcH0gOr7FDRfIOn3A5xgza562R3wsIVSik4aI/z1vrrmhvyU
hJGSQ1eH4viG6uTs3mUVImgpyDppzUyNB1bJjue22jnLeTdo1/cWA5DeI4gWD5Zv
kCQxaRDY/sGq+iFzpX8+9fmb/TsWytkS+G9fuohwXhoNPwld+chnhbzxjjmB1egO
jIVXbfWpS4UHnyyKmSRRUu0fWFu3Hzd+RpCX83TRi92uDe2OT5xLOM7c0yDlTG1D
zuWhGYVCBqaupgYjzh2odpxzK1nT1E2+/C6p9eC+Jo3gaOg5mN7ux3SFKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB47KLc0gSni7E8Xw+ErBexTENoxMB8GA1UdIwQY
MBaAFK9I9n9T/OmJHUFZOshMrjBKv8vPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjBqMmYxUDg2WWtkUVZrNnlFeXVNRXFfeTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lMTU0NWItZmM1Mi00NGMwLThmNTct
Mjg4NGRkODI0OGQ2LzEvSGpzb3R6U0JLZUxzVHhmRDRTc0Y3Rk1RMmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lMTU0NWItZmM1Mi00NGMwLThmNTctMjg4NGRkODI0OGQ2
LzEvcjBqMmYxUDg2WWtkUVZrNnlFeXVNRXFfeTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwamrMA0G
CSqGSIb3DQEBCwUAA4IBAQAA/8W/UVXECj2C1ALcITtx2LfkjtWtoZiToP7exGoQ
YuXSxCRaKTGHIXyK713efLH0evLp9p9AdPNUIyGuxXkQipTmg6Rzl2FD+f7tCtz0
8Y95yPl/9H1+btu9Aj/B6tMpCoN7qanpga4RzZp4BM8VovB0NewcD58y/SYWSt4J
s1gurSpDrdDceBLMZzXa9Y6pO7lPj9Fish+TO9h997dj8luhcuypXd1pgyPeIa8e
uQp0rGxbnA27NyjPWBaqNKUj0xblFS7HV7xjsK3/9ArJ+upe/FDaz3U5qYAtpiZh
uvqCPNYgdSHQulJtcGDUxYjrsB5z74meCRM9+GJMGI0E
-----END CERTIFICATE-----