Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/HGt86srUmoHr2dpRQwzjV1EvV74.roa
File:                     HGt86srUmoHr2dpRQwzjV1EvV74.roa (raw, json)
Hash identifier:          QbyctLv0ItbvfYbpEQ16e53Rq3kndx0pw93MttIQUnM=
Subject key identifier:   1C:6B:7C:EA:CA:D4:9A:81:EB:D9:DA:51:43:0C:E3:57:51:2F:57:BE
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D21424EFAB5ADB42F70DB2EB7FCB8
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/HGt86srUmoHr2dpRQwzjV1EvV74.roa
Signing time:             Mon 01 Jan 2024 00:29:40 +0000
ROA not before:           Mon 01 Jan 2024 00:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.9.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:21:42:4e:fa:b5:ad:b4:2f:70:db:2e:b7:fc:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c6b7ceacad49a81ebd9da51430ce357512f57be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:27:ce:7b:eb:ec:49:ce:4e:f4:c1:de:b1:b0:
                    b9:27:72:6c:b6:bd:bc:51:23:64:81:40:11:f5:19:
                    f2:07:71:1b:8a:51:b0:69:a3:03:59:b2:d0:37:c4:
                    c4:62:af:61:82:51:ce:88:f8:95:c7:c3:76:53:aa:
                    f8:eb:92:eb:5e:be:ca:30:b0:cd:9f:98:2f:dd:b8:
                    e9:89:f9:76:db:9d:fb:38:59:de:05:f5:2c:9b:de:
                    d0:f1:eb:ad:fb:b5:97:c7:be:2a:af:c0:62:db:6d:
                    6b:1c:8a:45:c3:59:cb:e5:91:b3:43:da:4b:0a:de:
                    cd:3f:8b:ca:0a:d0:fa:ca:cc:75:44:30:e0:07:d5:
                    6d:02:d8:d4:f7:17:99:b0:21:79:cb:42:66:b1:77:
                    9f:21:91:a2:7c:f6:b7:3e:e0:68:80:18:48:f7:93:
                    a4:97:45:42:ed:1c:11:82:c3:3f:17:58:49:e1:dc:
                    94:da:4e:d0:7e:de:83:ca:e2:09:03:10:12:a0:70:
                    bc:4a:1c:b9:83:39:3f:d8:20:c6:43:54:9f:71:24:
                    f7:20:d3:60:24:3f:64:d2:e8:20:10:dc:24:5c:a6:
                    46:f7:f1:c8:97:fa:13:40:aa:cd:e7:c8:65:12:0c:
                    d5:13:1f:ec:72:4c:f3:93:74:99:10:46:f2:65:b3:
                    8a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:6B:7C:EA:CA:D4:9A:81:EB:D9:DA:51:43:0C:E3:57:51:2F:57:BE
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/HGt86srUmoHr2dpRQwzjV1EvV74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:d0:9f:f2:0a:8e:07:9a:ac:c9:96:b2:74:62:8d:c7:68:a2:
         c6:58:d8:e7:a8:d5:32:3f:5d:48:39:5d:1b:8d:01:8f:a7:6f:
         f9:1e:14:48:a3:fa:2c:a8:4f:9a:71:a5:33:e0:6c:46:7b:90:
         21:5e:05:e7:65:47:ea:f2:8a:5b:67:72:3a:fa:c5:92:bb:e5:
         2c:f1:a9:55:2b:dd:b1:f2:63:3a:e5:ba:a5:4b:ce:a0:30:f1:
         12:25:c9:4a:b5:8d:14:85:87:e2:5d:0c:6b:5e:07:be:47:48:
         44:bd:d2:7c:bf:ab:15:ea:01:66:83:25:94:df:7a:ee:26:d2:
         59:7d:35:9a:a7:32:63:9c:1d:2b:d0:7d:79:dc:76:8d:5d:e6:
         88:46:cc:f7:66:34:b7:92:f6:83:fd:58:28:e6:ad:1a:d1:fd:
         a5:a2:61:ca:99:a9:6c:98:45:53:f1:ac:e5:e0:3e:fd:a2:3d:
         12:9a:c8:45:7f:01:b4:53:76:18:6e:0c:28:ae:82:93:1e:96:
         f7:36:37:00:a4:ee:ef:58:50:d0:52:da:99:0c:04:6a:b0:62:
         14:9a:aa:99:c4:b4:fa:2a:e3:57:5e:8b:1e:bb:21:d4:e5:7c:
         a9:8a:81:d6:ab:5a:6e:a0:c5:74:06:93:c8:38:30:0f:a5:87:
         ef:4b:73:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbSFCTvq1rbQvcNsut/y4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzZiN2NlYWNhZDQ5YTgxZWJkOWRhNTE0MzBjZTM1NzUxMmY1N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyfOe+vsSc5O9MHesbC5J3Jstr28
USNkgUAR9RnyB3EbilGwaaMDWbLQN8TEYq9hglHOiPiVx8N2U6r465LrXr7KMLDN
n5gv3bjpifl22537OFneBfUsm97Q8eut+7WXx74qr8Bi221rHIpFw1nL5ZGzQ9pL
Ct7NP4vKCtD6ysx1RDDgB9VtAtjU9xeZsCF5y0JmsXefIZGifPa3PuBogBhI95Ok
l0VC7RwRgsM/F1hJ4dyU2k7Qft6DyuIJAxASoHC8Shy5gzk/2CDGQ1SfcST3INNg
JD9k0uggENwkXKZG9/HIl/oTQKrN58hlEgzVEx/sckzzk3SZEEbyZbOKcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxrfOrK1JqB69naUUMM41dRL1e+MB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvSEd0ODZzclVtb0hyMmRwUlF3empWMUV2Vjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkIMA0G
CSqGSIb3DQEBCwUAA4IBAQAA0J/yCo4HmqzJlrJ0Yo3HaKLGWNjnqNUyP11IOV0b
jQGPp2/5HhRIo/osqE+acaUz4GxGe5AhXgXnZUfq8opbZ3I6+sWSu+Us8alVK92x
8mM65bqlS86gMPESJclKtY0UhYfiXQxrXge+R0hEvdJ8v6sV6gFmgyWU33ruJtJZ
fTWapzJjnB0r0H153HaNXeaIRsz3ZjS3kvaD/Vgo5q0a0f2lomHKmalsmEVT8azl
4D79oj0SmshFfwG0U3YYbgworoKTHpb3NjcApO7vWFDQUtqZDARqsGIUmqqZxLT6
KuNXXoseuyHU5XypioHWq1puoMV0BpPIODAPpYfvS3Mq
-----END CERTIFICATE-----