Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/HVybvzuaRsaxkf4VQEpz4k4vzOA.roa
File:                     HVybvzuaRsaxkf4VQEpz4k4vzOA.roa (raw, json)
Hash identifier:          GjOYKRMRN1kW9mUXTWs+TTBGbCXq0UgM/m0BCTG80Lw=
Subject key identifier:   1D:5C:9B:BF:3B:9A:46:C6:B1:91:FE:15:40:4A:73:E2:4E:2F:CC:E0
Certificate issuer:       /CN=a84570854fe886b94ae625363c625dda60bb3efc
Certificate serial:       018CC4931FA5FBB94D2A66E322D4269E25F3
Authority key identifier: A8:45:70:85:4F:E8:86:B9:4A:E6:25:36:3C:62:5D:DA:60:BB:3E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/HVybvzuaRsaxkf4VQEpz4k4vzOA.roa
Signing time:             Mon 01 Jan 2024 10:30:25 +0000
ROA not before:           Mon 01 Jan 2024 10:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35407
IP address blocks:        193.138.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1f:a5:fb:b9:4d:2a:66:e3:22:d4:26:9e:25:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a84570854fe886b94ae625363c625dda60bb3efc
        Validity
            Not Before: Jan  1 10:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d5c9bbf3b9a46c6b191fe15404a73e24e2fcce0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5a:59:31:24:df:07:3a:7f:c9:b5:3b:7e:d0:
                    14:be:54:ec:19:c5:79:d1:6d:d1:5d:83:e0:50:ee:
                    fd:b5:c6:f9:6b:62:bc:22:d8:93:36:7b:a3:74:51:
                    8a:b2:31:8b:df:a3:77:e9:36:13:4f:ad:f9:61:a5:
                    00:79:8d:90:18:68:71:f9:0b:e7:15:fc:0b:14:95:
                    39:bf:3c:c7:ec:98:f3:cf:21:38:e4:59:cf:be:07:
                    0d:96:3d:41:e8:53:98:40:bf:e0:67:74:aa:a6:35:
                    ed:33:08:ef:5d:18:6a:f6:f4:18:de:b6:52:4e:56:
                    d3:30:f8:2c:ba:ae:0b:91:22:d0:a6:6d:21:43:ac:
                    fa:e8:0f:d5:10:f5:9a:3f:28:ba:3b:9d:fc:b8:25:
                    30:4b:76:46:f2:ad:92:f9:20:dd:fa:21:02:9d:a2:
                    d8:2f:98:04:eb:48:b4:55:46:79:c6:43:d1:5c:77:
                    79:ab:a9:b5:cb:b2:cf:7c:fb:6c:e8:73:96:b5:35:
                    cb:2f:95:78:fc:7d:a3:80:4f:8a:ed:92:32:27:81:
                    e4:3c:6f:a5:6e:ed:d5:40:ee:e1:14:45:3c:a9:ba:
                    6f:97:a4:2f:ea:73:55:99:3d:15:75:33:b6:78:65:
                    cd:70:d6:bb:d6:0d:8e:17:57:7e:5f:96:83:de:47:
                    eb:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:5C:9B:BF:3B:9A:46:C6:B1:91:FE:15:40:4A:73:E2:4E:2F:CC:E0
            X509v3 Authority Key Identifier:
                keyid:A8:45:70:85:4F:E8:86:B9:4A:E6:25:36:3C:62:5D:DA:60:BB:3E:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/HVybvzuaRsaxkf4VQEpz4k4vzOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:8b:17:63:a5:f0:d5:9a:76:98:f0:2e:3a:4e:21:49:aa:68:
         58:d2:42:67:2e:ae:b5:b0:e1:59:c6:d3:00:36:23:2d:bc:74:
         0c:37:24:d0:29:fd:2b:43:d0:eb:44:a6:23:2b:bf:d1:7b:97:
         09:f0:95:b2:8a:2f:55:1f:f2:e7:5e:c5:8a:40:92:e5:de:43:
         23:74:85:4f:5c:29:6c:b2:62:82:de:58:90:f6:71:c0:0a:46:
         9d:d4:06:af:02:04:2d:2f:f4:ca:9a:b2:e3:cd:8a:0a:21:2f:
         ca:f3:46:39:0d:64:13:56:8d:65:91:9d:aa:24:a1:59:04:36:
         93:fd:ce:d9:3f:cc:64:10:bf:7f:b1:4b:f7:0e:ba:b5:67:9b:
         8f:d8:bd:b7:c4:14:86:5a:0b:63:7d:04:d0:72:00:f7:07:28:
         21:57:8d:eb:5b:a1:bd:2f:aa:92:ae:2d:12:9d:17:a6:2b:1d:
         a4:9c:51:3d:ce:7e:46:31:89:34:71:33:3c:fc:d6:40:38:0f:
         7e:01:67:6f:d5:b0:e2:30:fb:c0:75:ce:ed:cd:07:29:04:86:
         19:cf:3e:04:39:9c:0a:52:68:63:86:52:09:06:b4:b4:42:81:
         81:94:25:72:cc:4e:0c:a8:ae:84:6c:19:85:a9:fb:2b:5b:89:
         ca:b0:f8:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkx+l+7lNKmbjItQmniXzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDU3MDg1NGZlODg2Yjk0YWU2MjUzNjNjNjI1ZGRhNjBi
YjNlZmMwHhcNMjQwMTAxMTAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDVjOWJiZjNiOWE0NmM2YjE5MWZlMTU0MDRhNzNlMjRlMmZjY2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFpZMSTfBzp/ybU7ftAUvlTsGcV5
0W3RXYPgUO79tcb5a2K8ItiTNnujdFGKsjGL36N36TYTT635YaUAeY2QGGhx+Qvn
FfwLFJU5vzzH7JjzzyE45FnPvgcNlj1B6FOYQL/gZ3SqpjXtMwjvXRhq9vQY3rZS
TlbTMPgsuq4LkSLQpm0hQ6z66A/VEPWaPyi6O538uCUwS3ZG8q2S+SDd+iECnaLY
L5gE60i0VUZ5xkPRXHd5q6m1y7LPfPts6HOWtTXLL5V4/H2jgE+K7ZIyJ4HkPG+l
bu3VQO7hFEU8qbpvl6Qv6nNVmT0VdTO2eGXNcNa71g2OF1d+X5aD3kfrBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1cm787mkbGsZH+FUBKc+JOL8zgMB8GA1UdIwQY
MBaAFKhFcIVP6Ia5SuYlNjxiXdpguz78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVWd2hVX29ocmxLNWlVMlBHSmQybUM3UHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9mYWMyYTItNWY2OS00MDQzLThkNjUt
NWJjODc5NWMyY2JhLzEvSFZ5YnZ6dWFSc2F4a2Y0VlFFcHo0azR2ek9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9mYWMyYTItNWY2OS00MDQzLThkNjUtNWJjODc5NWMyY2Jh
LzEvcUVWd2hVX29ocmxLNWlVMlBHSmQybUM3UHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYoeMA0G
CSqGSIb3DQEBCwUAA4IBAQBPixdjpfDVmnaY8C46TiFJqmhY0kJnLq61sOFZxtMA
NiMtvHQMNyTQKf0rQ9DrRKYjK7/Re5cJ8JWyii9VH/LnXsWKQJLl3kMjdIVPXCls
smKC3liQ9nHACkad1AavAgQtL/TKmrLjzYoKIS/K80Y5DWQTVo1lkZ2qJKFZBDaT
/c7ZP8xkEL9/sUv3Drq1Z5uP2L23xBSGWgtjfQTQcgD3ByghV43rW6G9L6qSri0S
nRemKx2knFE9zn5GMYk0cTM8/NZAOA9+AWdv1bDiMPvAdc7tzQcpBIYZzz4EOZwK
UmhjhlIJBrS0QoGBlCVyzE4MqK6EbBmFqfsrW4nKsPjH
-----END CERTIFICATE-----