Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/HJf34rDfTUPIcPv-xQaRTGMIQAU.roa
File:                     HJf34rDfTUPIcPv-xQaRTGMIQAU.roa (raw, json)
Hash identifier:          xEI3eXaqU5BE25qwCMBQhlmLI6zoK7B8LGcYOpoY7PQ=
Subject key identifier:   1C:97:F7:E2:B0:DF:4D:43:C8:70:FB:FE:C5:06:91:4C:63:08:40:05
Certificate issuer:       /CN=dbe8cc8f5af1e7362d454f3dd91a82952919db61
Certificate serial:       018CC56EC5BA44CA7CB9933A405DF1DA3907
Authority key identifier: DB:E8:CC:8F:5A:F1:E7:36:2D:45:4F:3D:D9:1A:82:95:29:19:DB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/HJf34rDfTUPIcPv-xQaRTGMIQAU.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        88.135.96.0/20 maxlen: 24
                          94.26.110.0/23 maxlen: 24
                          94.26.64.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c5:ba:44:ca:7c:b9:93:3a:40:5d:f1:da:39:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe8cc8f5af1e7362d454f3dd91a82952919db61
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c97f7e2b0df4d43c870fbfec506914c63084005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:66:b6:71:e2:40:47:68:22:f3:55:4a:97:66:
                    ed:64:a3:67:78:d8:c9:4e:c1:f4:c9:55:d2:87:a0:
                    78:f0:eb:10:a8:db:df:85:b5:5a:76:bd:da:32:6e:
                    c3:65:d6:f2:7d:38:92:96:b6:d7:f7:64:29:a7:72:
                    8e:cf:b2:e6:1d:b6:d2:bf:82:16:be:16:d5:1e:c8:
                    5a:ee:ac:6b:08:a6:5f:36:63:43:8e:05:fb:78:71:
                    8d:67:8f:7b:a6:3e:dc:26:d8:06:4c:4e:ac:ff:c1:
                    c3:2b:ae:cd:20:04:58:4d:01:c4:8d:cc:e7:6c:0c:
                    eb:3f:96:87:af:bd:80:6c:71:f2:74:a6:10:2f:a0:
                    14:a2:f5:ea:ef:ce:e0:1a:8e:3c:09:60:9b:49:b4:
                    bc:86:08:7c:7e:84:e1:7c:c3:4e:f6:78:9c:65:b4:
                    9c:8f:7d:e3:7d:5f:6b:50:97:6b:a2:bd:e7:32:ea:
                    18:9f:bb:7d:92:91:7d:3d:da:a0:a5:eb:ba:51:89:
                    aa:09:a9:5a:2c:9c:bc:3a:43:7f:fd:9a:a4:7b:75:
                    b8:fd:a3:29:6c:b2:e4:91:ff:ea:93:68:1d:d9:f7:
                    30:be:d2:b8:97:dc:6d:1b:88:bd:00:09:80:ea:45:
                    72:0e:f6:fa:63:14:10:b7:d8:4f:ae:86:30:0f:61:
                    a2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:97:F7:E2:B0:DF:4D:43:C8:70:FB:FE:C5:06:91:4C:63:08:40:05
            X509v3 Authority Key Identifier:
                keyid:DB:E8:CC:8F:5A:F1:E7:36:2D:45:4F:3D:D9:1A:82:95:29:19:DB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-jMj1rx5zYtRU892RqClSkZ22E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/HJf34rDfTUPIcPv-xQaRTGMIQAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/a573fe-6e0e-4bff-99fc-2621d5c99cab/1/2-jMj1rx5zYtRU892RqClSkZ22E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.96.0/20
                  94.26.64.0/23
                  94.26.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:a6:65:36:cb:4d:97:26:ce:cd:85:31:d3:e8:7f:43:ec:1b:
         ac:6f:6e:f9:43:38:9f:fb:c9:67:bc:bc:f8:05:7b:b9:93:cb:
         21:37:86:52:a6:63:ac:63:8c:cd:0c:a9:c7:ff:fc:bb:2a:cc:
         08:56:f7:74:1d:2e:69:7e:59:56:02:fc:0c:b9:65:63:74:21:
         ff:7b:55:47:12:ca:48:d4:ca:6c:be:17:63:ef:ae:08:97:4f:
         14:a3:54:03:11:aa:bb:e2:ed:0c:f7:b3:06:d5:27:d4:d8:3f:
         b5:f0:42:e1:f0:aa:d5:1e:ac:83:5b:a9:27:9a:b4:80:9b:14:
         ac:b0:f6:8f:bc:48:ea:4b:78:63:59:df:e7:c7:2f:10:09:c6:
         b5:bf:3a:07:8f:09:dc:70:89:ad:88:92:12:87:1b:ea:22:03:
         39:b0:38:30:22:46:f5:f6:2c:7b:10:5f:47:2e:1d:71:ec:2f:
         16:10:01:52:d9:77:79:da:00:64:a7:46:65:f1:c4:04:dc:ad:
         7c:c7:5c:36:4a:30:25:46:b2:24:f2:77:49:62:eb:3c:4c:84:
         d1:04:a0:20:6a:4d:89:51:7a:fc:2f:b6:07:c3:cb:19:0f:0b:
         95:05:30:64:ed:8b:b0:c8:54:08:50:91:fb:da:b8:f3:a9:c9:
         62:89:a1:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFbsW6RMp8uZM6QF3x2jkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZThjYzhmNWFmMWU3MzYyZDQ1NGYzZGQ5MWE4Mjk1Mjkx
OWRiNjEwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzk3ZjdlMmIwZGY0ZDQzYzg3MGZiZmVjNTA2OTE0YzYzMDg0MDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWa2ceJAR2gi81VKl2btZKNneNjJ
TsH0yVXSh6B48OsQqNvfhbVadr3aMm7DZdbyfTiSlrbX92Qpp3KOz7LmHbbSv4IW
vhbVHsha7qxrCKZfNmNDjgX7eHGNZ497pj7cJtgGTE6s/8HDK67NIARYTQHEjczn
bAzrP5aHr72AbHHydKYQL6AUovXq787gGo48CWCbSbS8hgh8foThfMNO9nicZbSc
j33jfV9rUJdror3nMuoYn7t9kpF9Pdqgpeu6UYmqCalaLJy8OkN//Zqke3W4/aMp
bLLkkf/qk2gd2fcwvtK4l9xtG4i9AAmA6kVyDvb6YxQQt9hProYwD2GisQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFByX9+Kw301DyHD7/sUGkUxjCEAFMB8GA1UdIwQY
MBaAFNvozI9a8ec2LUVPPdkagpUpGdthMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1qTWoxcng1ell0UlU4OTJScUNsU2taMjJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9hNTczZmUtNmUwZS00YmZmLTk5ZmMt
MjYyMWQ1Yzk5Y2FiLzEvSEpmMzRyRGZUVVBJY1B2LXhRYVJUR01JUUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9hNTczZmUtNmUwZS00YmZmLTk5ZmMtMjYyMWQ1Yzk5Y2Fi
LzEvMi1qTWoxcng1ell0UlU4OTJScUNsU2taMjJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEWIdgAwQB
XhpAAwQBXhpuMA0GCSqGSIb3DQEBCwUAA4IBAQAhpmU2y02XJs7NhTHT6H9D7Bus
b275Qzif+8lnvLz4BXu5k8shN4ZSpmOsY4zNDKnH//y7KswIVvd0HS5pfllWAvwM
uWVjdCH/e1VHEspI1Mpsvhdj764Il08Uo1QDEaq74u0M97MG1SfU2D+18ELh8KrV
HqyDW6knmrSAmxSssPaPvEjqS3hjWd/nxy8QCca1vzoHjwnccImtiJIShxvqIgM5
sDgwIkb19ix7EF9HLh1x7C8WEAFS2Xd52gBkp0Zl8cQE3K18x1w2SjAlRrIk8ndJ
Yus8TITRBKAgak2JUXr8L7YHw8sZDwuVBTBk7YuwyFQIUJH72rjzqcliiaFN
-----END CERTIFICATE-----