Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/HtVs7egYtoYS8MPmCx_rkA8wm-U.roa
File:                     HtVs7egYtoYS8MPmCx_rkA8wm-U.roa (raw, json)
Hash identifier:          qBGzENqpU3pogqtNbWdFeMwcQ4Ff64UFlbojMglbYGw=
Subject key identifier:   1E:D5:6C:ED:E8:18:B6:86:12:F0:C3:E6:0B:1F:EB:90:0F:30:9B:E5
Certificate issuer:       /CN=61b95518ed4f5582a2f6c11955740284bc088134
Certificate serial:       018CC5DC697D230E369495F4E0C3781A1921
Authority key identifier: 61:B9:55:18:ED:4F:55:82:A2:F6:C1:19:55:74:02:84:BC:08:81:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YblVGO1PVYKi9sEZVXQChLwIgTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/HtVs7egYtoYS8MPmCx_rkA8wm-U.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206433
IP address blocks:        195.122.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/YblVGO1PVYKi9sEZVXQChLwIgTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/YblVGO1PVYKi9sEZVXQChLwIgTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YblVGO1PVYKi9sEZVXQChLwIgTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:69:7d:23:0e:36:94:95:f4:e0:c3:78:1a:19:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b95518ed4f5582a2f6c11955740284bc088134
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ed56cede818b68612f0c3e60b1feb900f309be5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:e9:b6:e6:c0:6f:2c:6c:8c:ae:91:1d:ac:8e:
                    97:57:99:88:a7:b1:df:4e:92:30:fe:a8:e6:dc:c9:
                    39:f5:98:b1:00:d3:4f:7d:1a:40:91:8c:3d:40:37:
                    1c:ce:c9:61:13:8e:e8:77:e3:3c:2f:ed:3f:1c:9e:
                    fc:36:29:7f:31:59:70:1b:e7:85:af:32:46:5f:f1:
                    bf:34:ae:db:0f:9b:26:5e:be:bd:e0:4b:30:17:89:
                    9e:78:1f:d0:43:9c:be:3f:4b:6a:bc:1f:fa:ec:51:
                    f2:29:b2:fc:8e:1d:18:c7:f4:cd:c8:d4:04:b2:d6:
                    a9:31:16:5f:30:80:45:c0:42:2e:f8:54:b5:ce:d8:
                    22:5e:f4:d2:61:9e:28:65:21:76:9e:7e:d0:b9:a5:
                    db:c7:8e:7a:13:f1:84:3d:20:93:11:84:4f:63:b5:
                    00:d8:95:a2:1e:bb:51:2c:3a:90:a7:41:ab:5c:15:
                    51:f1:b7:ee:4f:33:69:44:cb:cc:1f:1a:81:f4:7f:
                    fa:35:a9:11:f4:58:eb:21:9c:a4:a9:e0:2e:f0:bb:
                    da:1a:f5:a7:64:29:06:85:cf:3f:6b:2c:ab:72:63:
                    43:c2:f9:06:6a:27:b9:09:3d:be:f7:34:48:f4:83:
                    9b:38:4e:5c:02:72:a4:ec:47:fc:2d:23:cd:4e:58:
                    33:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D5:6C:ED:E8:18:B6:86:12:F0:C3:E6:0B:1F:EB:90:0F:30:9B:E5
            X509v3 Authority Key Identifier:
                keyid:61:B9:55:18:ED:4F:55:82:A2:F6:C1:19:55:74:02:84:BC:08:81:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YblVGO1PVYKi9sEZVXQChLwIgTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/HtVs7egYtoYS8MPmCx_rkA8wm-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/3240e9-0eab-48fb-960b-3b651bb08efb/1/YblVGO1PVYKi9sEZVXQChLwIgTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.122.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:fb:fa:c9:bb:a9:e4:de:e8:fe:3c:ab:56:25:1c:cc:15:61:
         13:21:7f:f8:ba:cc:e8:49:a7:de:73:41:e6:2c:e9:c2:73:f9:
         c6:89:0a:de:d0:9b:01:70:51:7f:ac:72:f5:28:87:61:36:dd:
         5b:c0:ed:2b:a9:51:78:7d:2c:96:07:ce:b3:16:cb:c6:2a:30:
         7d:23:35:e5:08:ee:6e:61:f7:e7:fb:52:f7:4b:e2:64:92:e8:
         63:8a:d0:02:70:89:3c:81:f8:97:03:5e:49:e3:39:5b:89:33:
         32:f8:2a:32:20:ca:54:c2:de:15:6a:b4:5c:a0:65:16:5c:7a:
         57:21:42:39:82:04:2f:30:2a:fa:6f:71:63:c9:56:ae:4b:ab:
         a5:c7:72:96:fa:10:63:68:33:92:1a:cc:bb:25:47:49:41:fa:
         08:a8:f8:cf:ce:18:73:01:42:78:97:cf:a9:4f:cb:5f:4e:df:
         bb:b1:a6:a8:60:08:1c:74:2e:36:4e:0f:24:c8:94:8e:d5:4a:
         78:63:84:e8:92:83:a2:95:76:5f:36:58:4a:d7:10:64:8a:4a:
         96:bb:a3:f9:13:06:95:75:51:f1:6e:54:99:ba:85:c0:1d:ca:
         59:71:50:19:00:e1:ef:0c:13:73:d7:a9:40:be:fb:6e:bd:a3:
         17:39:cb:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Gl9Iw42lJX04MN4GhkhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjk1NTE4ZWQ0ZjU1ODJhMmY2YzExOTU1NzQwMjg0YmMw
ODgxMzQwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ1NmNlZGU4MThiNjg2MTJmMGMzZTYwYjFmZWI5MDBmMzA5YmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhum25sBvLGyMrpEdrI6XV5mIp7Hf
TpIw/qjm3Mk59ZixANNPfRpAkYw9QDcczslhE47od+M8L+0/HJ78Nil/MVlwG+eF
rzJGX/G/NK7bD5smXr694EswF4meeB/QQ5y+P0tqvB/67FHyKbL8jh0Yx/TNyNQE
stapMRZfMIBFwEIu+FS1ztgiXvTSYZ4oZSF2nn7QuaXbx456E/GEPSCTEYRPY7UA
2JWiHrtRLDqQp0GrXBVR8bfuTzNpRMvMHxqB9H/6NakR9FjrIZykqeAu8LvaGvWn
ZCkGhc8/ayyrcmNDwvkGaie5CT2+9zRI9IObOE5cAnKk7Ef8LSPNTlgzswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7VbO3oGLaGEvDD5gsf65APMJvlMB8GA1UdIwQY
MBaAFGG5VRjtT1WCovbBGVV0AoS8CIE0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJsVkdPMVBWWUtpOXNFWlZYUUNoTHdJZ1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8zMjQwZTktMGVhYi00OGZiLTk2MGIt
M2I2NTFiYjA4ZWZiLzEvSHRWczdlZ1l0b1lTOE1QbUN4X3JrQTh3bS1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8zMjQwZTktMGVhYi00OGZiLTk2MGItM2I2NTFiYjA4ZWZi
LzEvWWJsVkdPMVBWWUtpOXNFWlZYUUNoTHdJZ1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3pcMA0G
CSqGSIb3DQEBCwUAA4IBAQBU+/rJu6nk3uj+PKtWJRzMFWETIX/4uszoSafec0Hm
LOnCc/nGiQre0JsBcFF/rHL1KIdhNt1bwO0rqVF4fSyWB86zFsvGKjB9IzXlCO5u
Yffn+1L3S+JkkuhjitACcIk8gfiXA15J4zlbiTMy+CoyIMpUwt4VarRcoGUWXHpX
IUI5ggQvMCr6b3FjyVauS6ulx3KW+hBjaDOSGsy7JUdJQfoIqPjPzhhzAUJ4l8+p
T8tfTt+7saaoYAgcdC42Tg8kyJSO1Up4Y4TokoOilXZfNlhK1xBkikqWu6P5EwaV
dVHxblSZuoXAHcpZcVAZAOHvDBNz16lAvvtuvaMXOcuF
-----END CERTIFICATE-----