Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/310130-6cad-4c2b-9dd1-40e21ea5701e/1/lHMftDdPtm-3MTu6jLA-8XHsbhg.roa
File:                     lHMftDdPtm-3MTu6jLA-8XHsbhg.roa (raw, json)
Hash identifier:          2UdTafRAKw5bRQTinN0kFRIlxr9mpJeiWAlPUUeVIDo=
Subject key identifier:   94:73:1F:B4:37:4F:B6:6F:B7:31:3B:BA:8C:B0:3E:F1:71:EC:6E:18
Certificate issuer:       /CN=1623c2f37d243494853594fd297c658f7692cbbd
Certificate serial:       018CC86F1EFBC0BF02B25AA2CFD21FAF7DB1
Authority key identifier: 16:23:C2:F3:7D:24:34:94:85:35:94:FD:29:7C:65:8F:76:92:CB:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FiPC830kNJSFNZT9KXxlj3aSy70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/310130-6cad-4c2b-9dd1-40e21ea5701e/1/lHMftDdPtm-3MTu6jLA-8XHsbhg.roa
Signing time:             Tue 02 Jan 2024 04:29:34 +0000
ROA not before:           Tue 02 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30742
IP address blocks:        192.145.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/310130-6cad-4c2b-9dd1-40e21ea5701e/1/FiPC830kNJSFNZT9KXxlj3aSy70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/310130-6cad-4c2b-9dd1-40e21ea5701e/1/FiPC830kNJSFNZT9KXxlj3aSy70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FiPC830kNJSFNZT9KXxlj3aSy70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1e:fb:c0:bf:02:b2:5a:a2:cf:d2:1f:af:7d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1623c2f37d243494853594fd297c658f7692cbbd
        Validity
            Not Before: Jan  2 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94731fb4374fb66fb7313bba8cb03ef171ec6e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1e:32:83:a7:a0:f6:37:7a:9a:0a:b0:19:d9:
                    ee:89:d9:d1:e9:e2:d2:07:b8:d4:94:30:91:89:24:
                    b9:7c:09:8e:2d:24:8e:ac:60:ff:9b:d1:e6:2f:3b:
                    c8:3f:40:29:fb:91:7a:fa:f3:fc:bc:51:9e:23:94:
                    f2:8f:34:83:5b:b0:4c:af:df:ca:ac:9d:86:ef:55:
                    8d:5e:ce:41:16:0a:91:bd:e6:ad:4a:2e:04:a7:f3:
                    6c:64:65:12:06:46:5f:b5:f3:99:ea:64:8a:a8:da:
                    41:9c:98:ac:c8:1a:44:ea:96:15:d8:25:87:cb:20:
                    25:cb:ee:98:14:70:cb:77:7c:1a:a4:3d:43:04:ae:
                    ef:a1:ef:2d:92:95:f0:fe:03:7b:be:d1:59:1e:80:
                    58:15:8f:41:d7:88:e9:f1:37:48:b9:db:98:91:48:
                    4d:3c:49:cf:96:cf:59:01:e7:8e:f3:36:ac:d7:79:
                    ee:f9:8d:42:c7:c0:05:fe:44:9c:ea:1f:30:f0:b7:
                    8a:93:19:b9:88:91:2f:e9:54:d1:07:e8:4c:aa:f1:
                    22:8c:a5:cb:c0:36:ce:ff:00:20:a4:74:14:ea:79:
                    cd:9a:a7:0e:17:e1:66:b8:2d:36:9a:4f:c2:9f:ff:
                    cb:70:da:17:80:7c:90:ea:d9:e5:ff:fe:a2:59:41:
                    39:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:73:1F:B4:37:4F:B6:6F:B7:31:3B:BA:8C:B0:3E:F1:71:EC:6E:18
            X509v3 Authority Key Identifier:
                keyid:16:23:C2:F3:7D:24:34:94:85:35:94:FD:29:7C:65:8F:76:92:CB:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FiPC830kNJSFNZT9KXxlj3aSy70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/310130-6cad-4c2b-9dd1-40e21ea5701e/1/lHMftDdPtm-3MTu6jLA-8XHsbhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/310130-6cad-4c2b-9dd1-40e21ea5701e/1/FiPC830kNJSFNZT9KXxlj3aSy70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d0:41:bb:c1:d3:31:39:4e:e4:14:e9:d7:ab:26:40:ec:36:71:
         3e:b5:e3:d6:12:4c:a5:c7:76:af:38:0a:ea:db:e5:87:0c:77:
         ed:ff:68:94:7f:b0:76:1c:60:7b:34:7a:70:f7:06:d8:b2:96:
         44:d8:71:bd:9f:c3:1a:72:dc:bd:0b:58:1c:f4:21:aa:8c:58:
         41:cd:a9:8f:63:fd:09:00:6a:b1:7c:76:44:27:3b:56:d0:aa:
         88:8d:9b:00:39:50:a3:b5:e5:c2:a4:e5:e8:78:1f:65:d2:ff:
         2d:b8:af:b8:0d:e8:51:bb:cc:6c:83:df:e2:30:cf:5b:b9:30:
         ff:7c:0c:eb:4f:2f:1a:4a:f0:ef:47:21:4a:b8:7d:20:74:7f:
         4c:96:4f:6e:54:ce:96:37:7a:00:54:77:03:c4:6f:7b:3c:87:
         00:07:57:c5:89:5d:0f:74:0e:48:40:11:21:26:de:02:ef:af:
         e3:a1:18:ae:72:51:f8:22:fe:6d:b7:98:09:f2:13:94:19:e1:
         96:63:63:b3:17:37:12:05:4d:52:bc:fd:ef:98:ce:73:8a:8b:
         0c:ca:d1:51:c7:0c:ba:19:39:b2:c5:e7:e1:de:1a:38:b7:8d:
         85:82:ef:87:9b:3a:71:95:1d:51:28:94:dc:49:ff:06:b3:b5:
         5c:ad:30:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbx77wL8Cslqiz9Ifr32xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MjNjMmYzN2QyNDM0OTQ4NTM1OTRmZDI5N2M2NThmNzY5
MmNiYmQwHhcNMjQwMTAyMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDczMWZiNDM3NGZiNjZmYjczMTNiYmE4Y2IwM2VmMTcxZWM2ZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB4yg6eg9jd6mgqwGdnuidnR6eLS
B7jUlDCRiSS5fAmOLSSOrGD/m9HmLzvIP0Ap+5F6+vP8vFGeI5TyjzSDW7BMr9/K
rJ2G71WNXs5BFgqRveatSi4Ep/NsZGUSBkZftfOZ6mSKqNpBnJisyBpE6pYV2CWH
yyAly+6YFHDLd3wapD1DBK7voe8tkpXw/gN7vtFZHoBYFY9B14jp8TdIuduYkUhN
PEnPls9ZAeeO8zas13nu+Y1Cx8AF/kSc6h8w8LeKkxm5iJEv6VTRB+hMqvEijKXL
wDbO/wAgpHQU6nnNmqcOF+FmuC02mk/Cn//LcNoXgHyQ6tnl//6iWUE5cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRzH7Q3T7ZvtzE7uoywPvFx7G4YMB8GA1UdIwQY
MBaAFBYjwvN9JDSUhTWU/Sl8ZY92ksu9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmlQQzgzMGtOSlNGTlpUOUtYeGxqM2FTeTcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8zMTAxMzAtNmNhZC00YzJiLTlkZDEt
NDBlMjFlYTU3MDFlLzEvbEhNZnREZFB0bS0zTVR1NmpMQS04WEhzYmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8zMTAxMzAtNmNhZC00YzJiLTlkZDEtNDBlMjFlYTU3MDFl
LzEvRmlQQzgzMGtOSlNGTlpUOUtYeGxqM2FTeTcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwJFwMA0G
CSqGSIb3DQEBCwUAA4IBAQDQQbvB0zE5TuQU6derJkDsNnE+tePWEkylx3avOArq
2+WHDHft/2iUf7B2HGB7NHpw9wbYspZE2HG9n8Macty9C1gc9CGqjFhBzamPY/0J
AGqxfHZEJztW0KqIjZsAOVCjteXCpOXoeB9l0v8tuK+4DehRu8xsg9/iMM9buTD/
fAzrTy8aSvDvRyFKuH0gdH9Mlk9uVM6WN3oAVHcDxG97PIcAB1fFiV0PdA5IQBEh
Jt4C76/joRiuclH4Iv5tt5gJ8hOUGeGWY2OzFzcSBU1SvP3vmM5ziosMytFRxwy6
GTmyxefh3ho4t42Fgu+HmzpxlR1RKJTcSf8Gs7VcrTCd
-----END CERTIFICATE-----