Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/817c14-b800-4c15-a89e-704f263389e2/1/hJmMPs6xQZ6psU6uhrcv65AI0O0.roa
File:                     hJmMPs6xQZ6psU6uhrcv65AI0O0.roa (raw, json)
Hash identifier:          VYTr73AVaw+hq+ZiCnwh04bHXRL5Sw5SFL/i4pu0iKE=
Subject key identifier:   84:99:8C:3E:CE:B1:41:9E:A9:B1:4E:AE:86:B7:2F:EB:90:08:D0:ED
Certificate issuer:       /CN=e73cf9433eb80fe9027084529a25412ddfe5bd01
Certificate serial:       018F53B7F8EDECC0B94EFD76B5FF79A91319
Authority key identifier: E7:3C:F9:43:3E:B8:0F:E9:02:70:84:52:9A:25:41:2D:DF:E5:BD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5zz5Qz64D-kCcIRSmiVBLd_lvQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/817c14-b800-4c15-a89e-704f263389e2/1/hJmMPs6xQZ6psU6uhrcv65AI0O0.roa
Signing time:             Tue 07 May 2024 15:41:56 +0000
ROA not before:           Tue 07 May 2024 15:41:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207160
IP address blocks:        185.65.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/817c14-b800-4c15-a89e-704f263389e2/1/5zz5Qz64D-kCcIRSmiVBLd_lvQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/817c14-b800-4c15-a89e-704f263389e2/1/5zz5Qz64D-kCcIRSmiVBLd_lvQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5zz5Qz64D-kCcIRSmiVBLd_lvQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:b7:f8:ed:ec:c0:b9:4e:fd:76:b5:ff:79:a9:13:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e73cf9433eb80fe9027084529a25412ddfe5bd01
        Validity
            Not Before: May  7 15:41:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84998c3eceb1419ea9b14eae86b72feb9008d0ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0f:8d:2e:e5:98:92:70:1e:da:97:84:cf:c6:
                    8f:65:2f:de:bc:da:f9:2a:9d:e4:e2:39:f1:c4:8a:
                    98:13:41:81:24:ee:3c:ef:44:05:9a:7d:ea:65:e3:
                    95:3f:6f:fb:12:7a:74:1d:de:8b:95:c4:83:b2:01:
                    bb:26:3a:6d:41:c2:b7:36:7d:3d:6b:c6:39:32:f0:
                    b9:1b:eb:d1:89:c0:b9:44:6b:8b:c1:71:26:70:c9:
                    4e:82:55:40:93:96:cb:1f:81:51:54:16:8e:cd:a5:
                    9d:08:8d:4e:3c:02:d9:50:54:d2:b8:2d:2d:02:28:
                    43:d5:af:91:a0:20:91:9a:52:39:17:7d:9e:10:30:
                    d3:4a:a8:2f:b0:01:20:00:5a:1f:03:68:db:18:a1:
                    ed:9e:93:73:08:11:d2:8b:be:85:df:b3:63:11:91:
                    74:98:ae:9f:52:8d:93:ec:83:e3:db:5e:bc:58:30:
                    34:4f:c0:d8:5b:c9:46:61:c5:91:c6:30:f7:0a:e3:
                    0f:d3:e2:02:d8:c8:8e:f0:93:3e:ab:27:40:06:02:
                    d6:5e:f6:80:cc:4f:8b:1f:36:04:ae:83:02:5c:4f:
                    20:09:2e:f0:62:b2:b2:a4:56:91:af:87:36:fa:8b:
                    6d:bb:94:89:d2:c5:d7:e2:7c:91:fb:e3:d2:51:a8:
                    4c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:99:8C:3E:CE:B1:41:9E:A9:B1:4E:AE:86:B7:2F:EB:90:08:D0:ED
            X509v3 Authority Key Identifier:
                keyid:E7:3C:F9:43:3E:B8:0F:E9:02:70:84:52:9A:25:41:2D:DF:E5:BD:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5zz5Qz64D-kCcIRSmiVBLd_lvQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/817c14-b800-4c15-a89e-704f263389e2/1/hJmMPs6xQZ6psU6uhrcv65AI0O0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/817c14-b800-4c15-a89e-704f263389e2/1/5zz5Qz64D-kCcIRSmiVBLd_lvQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:e6:68:ce:64:d0:58:f9:5c:6c:5a:ce:1b:ee:06:f1:ea:50:
         17:0c:31:8b:2d:11:18:cd:4d:22:02:51:82:54:ee:0b:15:a8:
         62:47:43:68:0e:99:7a:52:60:71:dd:b7:8e:b8:2b:ab:97:3d:
         8c:9b:d5:2c:84:30:d2:f0:fa:42:23:16:49:1f:05:14:65:e0:
         dc:a8:b9:e9:14:e4:87:c2:95:69:62:d1:d5:8a:63:36:06:5d:
         1e:50:3e:a8:5d:a1:08:bc:21:6c:ca:f0:f6:09:87:c3:94:0c:
         2f:a3:c8:1b:f1:5a:19:33:4f:61:63:d1:65:55:ac:b7:12:e0:
         c8:ac:0b:61:b0:2c:93:f9:3d:49:44:e9:33:6a:32:d7:0c:69:
         7a:42:e5:c2:8c:14:b4:6f:88:a4:d4:98:53:68:d0:c1:c8:54:
         62:d7:f1:35:cd:d7:d6:13:25:51:7c:62:e6:5b:b7:4e:23:4a:
         e9:d9:2b:a2:65:44:5e:59:75:3f:c9:86:a8:71:3a:28:ba:21:
         32:53:09:0d:56:fe:69:29:73:e2:6d:51:79:ca:7b:ee:3f:36:
         a0:6c:d7:93:1a:07:cf:e8:04:b6:b4:34:e7:c7:95:89:dd:f9:
         73:a2:9c:72:2a:a4:7b:c7:02:8d:ad:a1:69:79:fd:5d:c8:bf:
         54:f2:45:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9Tt/jt7MC5Tv12tf95qRMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3M2NmOTQzM2ViODBmZTkwMjcwODQ1MjlhMjU0MTJkZGZl
NWJkMDEwHhcNMjQwNTA3MTU0MTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk5OGMzZWNlYjE0MTllYTliMTRlYWU4NmI3MmZlYjkwMDhkMGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvA+NLuWYknAe2peEz8aPZS/evNr5
Kp3k4jnxxIqYE0GBJO4870QFmn3qZeOVP2/7Enp0Hd6LlcSDsgG7JjptQcK3Nn09
a8Y5MvC5G+vRicC5RGuLwXEmcMlOglVAk5bLH4FRVBaOzaWdCI1OPALZUFTSuC0t
AihD1a+RoCCRmlI5F32eEDDTSqgvsAEgAFofA2jbGKHtnpNzCBHSi76F37NjEZF0
mK6fUo2T7IPj2168WDA0T8DYW8lGYcWRxjD3CuMP0+IC2MiO8JM+qydABgLWXvaA
zE+LHzYEroMCXE8gCS7wYrKypFaRr4c2+ottu5SJ0sXX4nyR++PSUahMYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISZjD7OsUGeqbFOroa3L+uQCNDtMB8GA1UdIwQY
MBaAFOc8+UM+uA/pAnCEUpolQS3f5b0BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXp6NVF6NjRELWtDY0lSU21pVkJMZF9sdlFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni84MTdjMTQtYjgwMC00YzE1LWE4OWUt
NzA0ZjI2MzM4OWUyLzEvaEptTVBzNnhRWjZwc1U2dWhyY3Y2NUFJME8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni84MTdjMTQtYjgwMC00YzE1LWE4OWUtNzA0ZjI2MzM4OWUy
LzEvNXp6NVF6NjRELWtDY0lSU21pVkJMZF9sdlFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUHzMA0G
CSqGSIb3DQEBCwUAA4IBAQBG5mjOZNBY+VxsWs4b7gbx6lAXDDGLLREYzU0iAlGC
VO4LFahiR0NoDpl6UmBx3beOuCurlz2Mm9UshDDS8PpCIxZJHwUUZeDcqLnpFOSH
wpVpYtHVimM2Bl0eUD6oXaEIvCFsyvD2CYfDlAwvo8gb8VoZM09hY9FlVay3EuDI
rAthsCyT+T1JROkzajLXDGl6QuXCjBS0b4ik1JhTaNDByFRi1/E1zdfWEyVRfGLm
W7dOI0rp2SuiZUReWXU/yYaocToouiEyUwkNVv5pKXPibVF5ynvuPzagbNeTGgfP
6AS2tDTnx5WJ3flzopxyKqR7xwKNraFpef1dyL9U8kXY
-----END CERTIFICATE-----