Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/0_9tCTITsteJbaThRPHTuXVN_HU.roa
File:                     0_9tCTITsteJbaThRPHTuXVN_HU.roa (raw, json)
Hash identifier:          YqSmY/FuXY2XC1pmXwAqPE9tUF9D0PdhpLPeLshiKr4=
Subject key identifier:   D3:FF:6D:09:32:13:B2:D7:89:6D:A4:E1:44:F1:D3:B9:75:4D:FC:75
Certificate issuer:       /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial:       019241EFAE2126FE314BB2145C01B98E3CD8
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/0_9tCTITsteJbaThRPHTuXVN_HU.roa
Signing time:             Mon 30 Sep 2024 07:57:59 +0000
ROA not before:           Mon 30 Sep 2024 07:57:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204779
IP address blocks:        46.254.212.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:41:ef:ae:21:26:fe:31:4b:b2:14:5c:01:b9:8e:3c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
        Validity
            Not Before: Sep 30 07:57:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3ff6d093213b2d7896da4e144f1d3b9754dfc75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:87:77:01:39:d8:c9:25:8d:7c:db:4a:f8:47:
                    9c:36:11:ed:c5:c5:3b:69:e0:d9:5c:1c:66:24:f5:
                    e0:d7:cc:fb:d8:42:94:85:82:b1:97:6d:64:c6:a9:
                    3b:a0:8a:31:68:90:ff:71:06:14:33:e3:dc:7d:41:
                    5b:77:ed:9b:55:d9:f7:e1:a3:c0:5d:ee:f6:b6:53:
                    b3:85:36:7a:38:18:78:98:f8:9f:47:d8:ac:01:f7:
                    69:a3:ef:e7:d5:2c:bf:0a:09:98:61:54:f4:38:36:
                    7e:36:6b:e7:b7:11:8c:b8:2e:fc:05:48:42:69:e3:
                    ce:c4:41:b1:f2:ca:76:9b:ae:07:f2:20:c1:4b:ee:
                    5d:3b:9f:4a:79:a8:23:ba:b0:f8:93:45:4b:a3:b8:
                    8b:ea:99:29:37:0d:84:99:f7:b3:e2:93:0c:47:f9:
                    a3:39:46:7e:47:19:60:31:45:a5:23:76:f2:3b:fa:
                    58:4a:5e:a5:aa:97:ff:95:52:7f:9e:f2:d4:0e:26:
                    ab:08:e2:db:20:40:8d:49:93:27:d0:d3:73:ed:86:
                    87:13:91:a7:d3:f2:5c:20:b2:7a:7e:b3:05:0d:14:
                    af:77:18:2f:a5:26:1c:d7:d1:37:e7:0d:da:a8:ba:
                    58:17:82:d8:6c:d5:7d:69:74:c0:58:22:90:81:51:
                    9b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FF:6D:09:32:13:B2:D7:89:6D:A4:E1:44:F1:D3:B9:75:4D:FC:75
            X509v3 Authority Key Identifier:
                keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/0_9tCTITsteJbaThRPHTuXVN_HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:fe:94:b1:52:d2:ee:66:ef:00:0f:d2:2f:6a:c2:cf:cb:e3:
         ea:e0:c8:26:b9:5d:db:67:3a:57:9b:be:dc:bb:8a:e3:98:e6:
         b1:36:5d:99:4d:de:a6:f7:d3:52:ca:46:5b:f5:24:85:3a:5e:
         7f:34:99:67:7f:73:b4:56:5e:9f:08:fb:2f:0f:6f:48:5d:7b:
         8d:be:99:84:1a:37:96:82:84:3a:8d:0d:d8:2e:5a:5e:4b:3d:
         4b:eb:a1:87:46:9b:ec:6d:4d:57:c8:9e:63:f7:52:a0:c5:dd:
         c3:b5:7b:9f:ac:18:9d:84:a9:86:49:9e:e6:0e:f3:32:ec:c1:
         35:bc:4a:cb:bc:df:80:b1:37:e2:e2:66:2b:d5:8d:e5:e5:7a:
         00:fb:aa:ff:fe:45:7b:2f:b9:f7:39:dc:9a:10:cf:40:13:bd:
         2d:85:a7:13:a9:a2:87:11:db:fa:df:d9:24:cc:12:62:ae:64:
         e8:4f:ad:89:6d:8c:1a:8e:a5:22:35:ff:ff:aa:b8:53:2b:59:
         ce:51:16:01:6d:39:c1:ec:08:56:6b:d5:1e:ab:da:ea:c5:81:
         41:93:7c:f4:8f:39:c3:5e:7b:1c:11:05:a2:2d:2a:e4:c7:a3:
         de:5d:09:1a:16:f7:74:79:80:7c:b3:ce:71:79:12:96:6f:67:
         2e:6c:bb:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJB764hJv4xS7IUXAG5jjzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjQwOTMwMDc1NzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZmNmQwOTMyMTNiMmQ3ODk2ZGE0ZTE0NGYxZDNiOTc1NGRmYzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoId3ATnYySWNfNtK+EecNhHtxcU7
aeDZXBxmJPXg18z72EKUhYKxl21kxqk7oIoxaJD/cQYUM+PcfUFbd+2bVdn34aPA
Xe72tlOzhTZ6OBh4mPifR9isAfdpo+/n1Sy/CgmYYVT0ODZ+NmvntxGMuC78BUhC
aePOxEGx8sp2m64H8iDBS+5dO59KeagjurD4k0VLo7iL6pkpNw2Emfez4pMMR/mj
OUZ+RxlgMUWlI3byO/pYSl6lqpf/lVJ/nvLUDiarCOLbIECNSZMn0NNz7YaHE5Gn
0/JcILJ6frMFDRSvdxgvpSYc19E35w3aqLpYF4LYbNV9aXTAWCKQgVGbGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP/bQkyE7LXiW2k4UTx07l1Tfx1MB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvMF85dENUSVRzdGVKYmFUaFJQSFR1WFZOX0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLv7UMA0G
CSqGSIb3DQEBCwUAA4IBAQA7/pSxUtLuZu8AD9IvasLPy+Pq4MgmuV3bZzpXm77c
u4rjmOaxNl2ZTd6m99NSykZb9SSFOl5/NJlnf3O0Vl6fCPsvD29IXXuNvpmEGjeW
goQ6jQ3YLlpeSz1L66GHRpvsbU1XyJ5j91Kgxd3DtXufrBidhKmGSZ7mDvMy7ME1
vErLvN+AsTfi4mYr1Y3l5XoA+6r//kV7L7n3OdyaEM9AE70thacTqaKHEdv639kk
zBJirmToT62JbYwajqUiNf//qrhTK1nOURYBbTnB7AhWa9Ueq9rqxYFBk3z0jznD
XnscEQWiLSrkx6PeXQkaFvd0eYB8s85xeRKWb2cubLvb
-----END CERTIFICATE-----