Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1bc6db-4576-4f1b-8672-c3326ad2cf8f/1/hjAUYySazW45Fy_3qG6c9jWRcMA.roa
File:                     hjAUYySazW45Fy_3qG6c9jWRcMA.roa (raw, json)
Hash identifier:          /wGrlZyYN9C8yFnVGkEqQ9BOvqyLPzPKVVyJU5JMbKo=
Subject key identifier:   86:30:14:63:24:9A:CD:6E:39:17:2F:F7:A8:6E:9C:F6:35:91:70:C0
Certificate issuer:       /CN=0ee3d4d810f2477841a8b85593b8f30e8aecd409
Certificate serial:       018CC2DB467A4DE977FBEF488BA176443710
Authority key identifier: 0E:E3:D4:D8:10:F2:47:78:41:A8:B8:55:93:B8:F3:0E:8A:EC:D4:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DuPU2BDyR3hBqLhVk7jzDors1Ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/1bc6db-4576-4f1b-8672-c3326ad2cf8f/1/hjAUYySazW45Fy_3qG6c9jWRcMA.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58138
IP address blocks:        185.43.80.0/22 maxlen: 24
                          91.239.32.0/23 maxlen: 24
                          2a04:9040::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/1bc6db-4576-4f1b-8672-c3326ad2cf8f/1/DuPU2BDyR3hBqLhVk7jzDors1Ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/1bc6db-4576-4f1b-8672-c3326ad2cf8f/1/DuPU2BDyR3hBqLhVk7jzDors1Ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DuPU2BDyR3hBqLhVk7jzDors1Ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:7a:4d:e9:77:fb:ef:48:8b:a1:76:44:37:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ee3d4d810f2477841a8b85593b8f30e8aecd409
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86301463249acd6e39172ff7a86e9cf6359170c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:af:3a:b1:78:5e:25:40:c9:ec:51:8f:51:6e:
                    a5:b0:dc:f0:32:f4:e0:28:09:5b:6e:e2:2d:6f:47:
                    33:53:62:83:1c:6d:1d:7c:c2:23:77:ce:4b:80:03:
                    89:e0:9f:9c:a6:74:22:70:20:4e:1f:9a:12:88:33:
                    5f:f5:76:3d:68:30:e6:b5:8a:c1:7e:2c:04:dd:02:
                    67:d7:6a:9c:82:3c:03:24:be:6c:bf:24:66:f5:bf:
                    56:f0:e1:39:55:a3:d1:d4:af:53:21:c4:33:c0:60:
                    63:4b:bd:89:3b:34:0d:02:59:66:ed:da:a5:59:1a:
                    f7:e0:16:2c:8c:77:74:15:f6:33:5f:bf:2f:27:fa:
                    7a:8c:d0:cc:87:0b:aa:44:73:c9:03:0b:99:51:95:
                    f6:d5:d7:a2:0e:a6:2f:c8:e3:13:5a:42:99:2c:48:
                    ee:e1:84:6a:45:c4:31:ef:78:3d:b0:dd:0d:83:30:
                    48:24:d0:7d:a2:97:85:cf:a6:0b:1d:61:b9:9e:61:
                    0d:b1:c0:20:05:18:06:a6:c6:de:04:af:86:f2:2d:
                    3a:36:1a:a2:7c:73:df:d6:1b:c5:bd:15:a0:f3:2e:
                    ab:13:5b:e3:94:f4:9b:34:0b:84:0e:51:df:af:99:
                    e3:1d:37:65:20:fa:15:91:7a:42:f6:04:a4:b7:32:
                    ab:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:30:14:63:24:9A:CD:6E:39:17:2F:F7:A8:6E:9C:F6:35:91:70:C0
            X509v3 Authority Key Identifier:
                keyid:0E:E3:D4:D8:10:F2:47:78:41:A8:B8:55:93:B8:F3:0E:8A:EC:D4:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DuPU2BDyR3hBqLhVk7jzDors1Ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1bc6db-4576-4f1b-8672-c3326ad2cf8f/1/hjAUYySazW45Fy_3qG6c9jWRcMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1bc6db-4576-4f1b-8672-c3326ad2cf8f/1/DuPU2BDyR3hBqLhVk7jzDors1Ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.32.0/23
                  185.43.80.0/22
                IPv6:
                  2a04:9040::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:cd:5b:e5:38:ba:b0:d1:db:01:65:d1:c1:fb:5e:71:63:c7:
         db:91:db:10:fe:f7:25:be:9c:0a:f6:a0:11:f7:6b:47:a2:43:
         85:66:d4:b1:94:2a:3a:5b:30:e8:a6:4f:d1:7a:a5:e7:90:f8:
         62:86:bf:95:a5:22:fd:4b:b0:97:17:db:06:f2:fa:7a:3e:91:
         61:43:75:e3:2b:26:04:de:7e:61:9b:61:95:94:14:32:26:3a:
         dc:9e:e1:d3:6b:4f:0d:ea:5b:1c:14:47:d3:05:b0:91:d8:fa:
         2b:84:c3:5d:fc:3c:f6:85:22:76:7b:03:a4:93:90:b4:1f:1f:
         c9:d5:d6:2b:26:4d:0d:ef:a3:9b:71:97:16:8a:b5:0f:d9:c8:
         e4:09:6a:6b:1f:6a:15:a6:d5:12:cb:7b:dd:13:69:36:37:4d:
         b7:b0:db:94:7e:e9:77:a3:f4:c5:0d:d0:db:c8:4d:7d:b2:6c:
         80:f7:5c:5b:00:1b:90:5c:11:5e:4a:43:0d:1b:a6:a1:6d:6b:
         a9:e8:4a:ad:6c:ec:e8:4d:d1:8e:18:63:19:94:25:32:c9:ba:
         88:22:52:2c:4b:48:ca:3a:b8:44:f2:73:cf:15:f8:30:4f:5a:
         fb:85:a8:7a:0f:e3:35:94:5c:5f:84:42:42:85:f1:a7:b2:0a:
         22:4b:c5:01
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC20Z6Tel3++9Ii6F2RDcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZTNkNGQ4MTBmMjQ3Nzg0MWE4Yjg1NTkzYjhmMzBlOGFl
Y2Q0MDkwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjMwMTQ2MzI0OWFjZDZlMzkxNzJmZjdhODZlOWNmNjM1OTE3MGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla86sXheJUDJ7FGPUW6lsNzwMvTg
KAlbbuItb0czU2KDHG0dfMIjd85LgAOJ4J+cpnQicCBOH5oSiDNf9XY9aDDmtYrB
fiwE3QJn12qcgjwDJL5svyRm9b9W8OE5VaPR1K9TIcQzwGBjS72JOzQNAllm7dql
WRr34BYsjHd0FfYzX78vJ/p6jNDMhwuqRHPJAwuZUZX21deiDqYvyOMTWkKZLEju
4YRqRcQx73g9sN0NgzBIJNB9opeFz6YLHWG5nmENscAgBRgGpsbeBK+G8i06Nhqi
fHPf1hvFvRWg8y6rE1vjlPSbNAuEDlHfr5njHTdlIPoVkXpC9gSktzKrGwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIYwFGMkms1uORcv96hunPY1kXDAMB8GA1UdIwQY
MBaAFA7j1NgQ8kd4Qai4VZO48w6K7NQJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHVQVTJCRHlSM2hCcUxoVms3anpEb3JzMUFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xYmM2ZGItNDU3Ni00ZjFiLTg2NzIt
YzMzMjZhZDJjZjhmLzEvaGpBVVl5U2F6VzQ1RnlfM3FHNmM5aldSY01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xYmM2ZGItNDU3Ni00ZjFiLTg2NzItYzMzMjZhZDJjZjhm
LzEvRHVQVTJCRHlSM2hCcUxoVms3anpEb3JzMUFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+8gAwQC
uStQMA0EAgACMAcDBQMqBJBAMA0GCSqGSIb3DQEBCwUAA4IBAQBczVvlOLqw0dsB
ZdHB+15xY8fbkdsQ/vclvpwK9qAR92tHokOFZtSxlCo6WzDopk/ReqXnkPhihr+V
pSL9S7CXF9sG8vp6PpFhQ3XjKyYE3n5hm2GVlBQyJjrcnuHTa08N6lscFEfTBbCR
2PorhMNd/Dz2hSJ2ewOkk5C0Hx/J1dYrJk0N76ObcZcWirUP2cjkCWprH2oVptUS
y3vdE2k2N023sNuUful3o/TFDdDbyE19smyA91xbABuQXBFeSkMNG6ahbWup6Eqt
bOzoTdGOGGMZlCUyybqIIlIsS0jKOrhE8nPPFfgwT1r7hah6D+M1lFxfhEJChfGn
sgoiS8UB
-----END CERTIFICATE-----