Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/f08170-8d92-4cfa-b733-fbdbe514df5a/1/hxvqiu5LinXGS2qaHQyKf-cF4vk.roa
File:                     hxvqiu5LinXGS2qaHQyKf-cF4vk.roa (raw, json)
Hash identifier:          XWSwIo4PFCngWctJrJ/wBxrXOrppItCSdQng+cqQftU=
Subject key identifier:   87:1B:EA:8A:EE:4B:8A:75:C6:4B:6A:9A:1D:0C:8A:7F:E7:05:E2:F9
Certificate issuer:       /CN=2989b589120d39ea14ff53963bf23157d32495ea
Certificate serial:       018CCA2B75C6FFE9E9FABC588619DCADD6A7
Authority key identifier: 29:89:B5:89:12:0D:39:EA:14:FF:53:96:3B:F2:31:57:D3:24:95:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYm1iRINOeoU_1OWO_IxV9Mkleo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/f08170-8d92-4cfa-b733-fbdbe514df5a/1/hxvqiu5LinXGS2qaHQyKf-cF4vk.roa
Signing time:             Tue 02 Jan 2024 12:34:54 +0000
ROA not before:           Tue 02 Jan 2024 12:34:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42010
IP address blocks:        193.8.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/f08170-8d92-4cfa-b733-fbdbe514df5a/1/KYm1iRINOeoU_1OWO_IxV9Mkleo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/f08170-8d92-4cfa-b733-fbdbe514df5a/1/KYm1iRINOeoU_1OWO_IxV9Mkleo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYm1iRINOeoU_1OWO_IxV9Mkleo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:75:c6:ff:e9:e9:fa:bc:58:86:19:dc:ad:d6:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2989b589120d39ea14ff53963bf23157d32495ea
        Validity
            Not Before: Jan  2 12:34:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=871bea8aee4b8a75c64b6a9a1d0c8a7fe705e2f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:39:8a:31:6e:8c:27:79:09:b6:78:59:e0:
                    3b:32:b0:d2:3d:e9:b3:25:ee:12:e4:aa:04:99:a2:
                    6a:f1:44:8b:4d:83:d3:21:4a:e5:74:27:de:8d:7c:
                    ae:97:8b:70:61:95:5c:28:33:d1:0b:50:ba:4c:8f:
                    7a:b3:b0:a0:a5:72:c3:e2:d4:bb:7a:76:93:1a:cd:
                    d5:ee:7a:73:12:ef:11:a2:91:fe:d1:0f:32:d1:60:
                    59:2b:53:5c:a1:42:12:7f:8d:1e:89:44:f3:46:92:
                    0e:4e:b0:db:c6:b9:01:a0:16:24:09:ea:45:3e:1b:
                    25:ad:5a:6a:db:53:3f:6e:2a:1b:5e:f7:95:fd:a8:
                    50:aa:45:5d:e6:32:a4:cd:53:ff:63:0e:1b:6f:0c:
                    8b:62:bb:4d:1e:69:92:22:e1:96:c1:fe:57:09:e8:
                    6f:de:65:cd:a4:bb:64:66:96:37:bf:53:cc:65:5b:
                    75:55:58:02:b5:26:ae:21:20:9b:5a:69:a6:96:ce:
                    ed:c5:72:8d:c4:9d:61:69:98:ce:28:3a:49:2d:3d:
                    b2:d7:42:4a:42:43:30:3d:7a:dd:b5:a4:90:2f:3d:
                    1a:b1:28:37:3a:ac:9c:98:d7:fb:02:a8:1a:32:52:
                    45:45:86:0e:ba:ec:b2:4f:74:91:04:67:86:31:e9:
                    d8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:1B:EA:8A:EE:4B:8A:75:C6:4B:6A:9A:1D:0C:8A:7F:E7:05:E2:F9
            X509v3 Authority Key Identifier:
                keyid:29:89:B5:89:12:0D:39:EA:14:FF:53:96:3B:F2:31:57:D3:24:95:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYm1iRINOeoU_1OWO_IxV9Mkleo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f08170-8d92-4cfa-b733-fbdbe514df5a/1/hxvqiu5LinXGS2qaHQyKf-cF4vk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/f08170-8d92-4cfa-b733-fbdbe514df5a/1/KYm1iRINOeoU_1OWO_IxV9Mkleo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:be:0d:a1:09:40:ba:c8:60:51:7e:f4:6e:46:9e:59:dd:22:
         a8:b6:87:38:d7:29:43:7e:8d:15:5c:79:a3:7d:b1:1f:91:b5:
         7a:ab:ad:32:be:cb:5e:f3:c7:b9:3e:47:40:12:99:ff:aa:41:
         68:07:db:20:0d:36:09:6e:c3:0f:96:76:39:95:de:a2:30:fb:
         5a:df:e1:10:97:11:0d:09:20:24:92:1c:94:5c:bc:d6:ec:fa:
         84:f0:fe:fd:c8:05:08:11:51:fc:06:ee:8a:e5:df:75:70:e8:
         7c:97:92:23:45:bf:82:00:26:e9:8a:67:01:5d:37:3f:5e:54:
         d8:df:12:b3:5a:45:43:04:cb:93:16:ae:c9:34:84:81:4f:25:
         d9:d5:56:38:94:9c:4f:be:4a:c0:5f:9a:d1:f6:5f:16:bd:48:
         3f:87:b0:95:b7:54:25:e4:27:0f:3b:14:89:86:10:ef:c5:43:
         16:a9:ed:e8:c5:15:ab:c1:f4:1b:b7:6b:32:e7:d2:34:16:01:
         37:44:91:aa:30:89:c3:bb:83:8b:a2:1a:d6:e9:17:3d:39:bc:
         3f:52:4c:cb:35:d5:4b:27:0b:b3:bb:3c:a3:44:9b:4c:c1:69:
         13:22:fc:8b:29:43:1e:d7:48:43:ef:7b:6d:36:05:d2:11:38:
         17:0d:01:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK3XG/+np+rxYhhncrdanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODliNTg5MTIwZDM5ZWExNGZmNTM5NjNiZjIzMTU3ZDMy
NDk1ZWEwHhcNMjQwMTAyMTIzNDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzFiZWE4YWVlNGI4YTc1YzY0YjZhOWExZDBjOGE3ZmU3MDVlMmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomM5ijFujCd5CbZ4WeA7MrDSPemz
Je4S5KoEmaJq8USLTYPTIUrldCfejXyul4twYZVcKDPRC1C6TI96s7CgpXLD4tS7
enaTGs3V7npzEu8RopH+0Q8y0WBZK1NcoUISf40eiUTzRpIOTrDbxrkBoBYkCepF
PhslrVpq21M/biobXveV/ahQqkVd5jKkzVP/Yw4bbwyLYrtNHmmSIuGWwf5XCehv
3mXNpLtkZpY3v1PMZVt1VVgCtSauISCbWmmmls7txXKNxJ1haZjOKDpJLT2y10JK
QkMwPXrdtaSQLz0asSg3OqycmNf7AqgaMlJFRYYOuuyyT3SRBGeGMenYZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcb6oruS4p1xktqmh0Min/nBeL5MB8GA1UdIwQY
MBaAFCmJtYkSDTnqFP9TljvyMVfTJJXqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ltMWlSSU5PZW9VXzFPV09fSXhWOU1rbGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9mMDgxNzAtOGQ5Mi00Y2ZhLWI3MzMt
ZmJkYmU1MTRkZjVhLzEvaHh2cWl1NUxpblhHUzJxYUhReUtmLWNGNHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9mMDgxNzAtOGQ5Mi00Y2ZhLWI3MzMtZmJkYmU1MTRkZjVh
LzEvS1ltMWlSSU5PZW9VXzFPV09fSXhWOU1rbGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwQjwMA0G
CSqGSIb3DQEBCwUAA4IBAQBnvg2hCUC6yGBRfvRuRp5Z3SKotoc41ylDfo0VXHmj
fbEfkbV6q60yvste88e5PkdAEpn/qkFoB9sgDTYJbsMPlnY5ld6iMPta3+EQlxEN
CSAkkhyUXLzW7PqE8P79yAUIEVH8Bu6K5d91cOh8l5IjRb+CACbpimcBXTc/XlTY
3xKzWkVDBMuTFq7JNISBTyXZ1VY4lJxPvkrAX5rR9l8WvUg/h7CVt1Ql5CcPOxSJ
hhDvxUMWqe3oxRWrwfQbt2sy59I0FgE3RJGqMInDu4OLohrW6Rc9Obw/UkzLNdVL
JwuzuzyjRJtMwWkTIvyLKUMe10hD73ttNgXSETgXDQHK
-----END CERTIFICATE-----