Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/huxuj0-9cOQqIeyGs6o9EhLGLjM.roa
File:                     huxuj0-9cOQqIeyGs6o9EhLGLjM.roa (raw, json)
Hash identifier:          vt/7gDRuNzTkySaU0jgP3ggt8BaGtJYxApiZ7dlSJ6o=
Subject key identifier:   86:EC:6E:8F:4F:BD:70:E4:2A:21:EC:86:B3:AA:3D:12:12:C6:2E:33
Certificate issuer:       /CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
Certificate serial:       018CC26D6B304063BC618357ED1CD9CCFBA0
Authority key identifier: 84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/huxuj0-9cOQqIeyGs6o9EhLGLjM.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        185.106.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6b:30:40:63:bc:61:83:57:ed:1c:d9:cc:fb:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86ec6e8f4fbd70e42a21ec86b3aa3d1212c62e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:19:07:45:c5:aa:28:e7:57:81:10:f9:3f:fb:
                    6d:da:dd:20:cb:7a:68:61:4d:06:7c:fb:01:e7:83:
                    42:ca:c1:e1:91:d0:cf:94:82:40:46:a3:88:b0:97:
                    f3:89:ef:05:e7:2e:38:a8:8c:cb:c7:4f:8f:0a:21:
                    9b:6b:e9:fb:ca:1e:18:e1:f6:ca:e2:cb:19:86:43:
                    b8:79:b8:71:11:a9:e6:0a:b1:ff:1a:3b:1f:ec:9c:
                    ec:07:66:26:2f:0b:dd:4e:65:57:b4:44:6c:2c:47:
                    9f:6d:0b:2c:66:36:f3:17:7a:ff:79:a8:77:87:21:
                    25:80:31:6d:27:14:12:08:1f:4f:99:c5:df:98:69:
                    28:6d:d1:ec:d8:42:96:bf:57:46:59:f9:3e:0c:cf:
                    1a:2c:46:3b:87:4a:55:4f:df:1f:c5:f9:af:d0:bd:
                    7d:c5:a0:71:23:0f:c9:06:22:11:21:94:65:15:d1:
                    d7:e2:d5:3f:7b:41:ca:5f:da:8c:63:61:db:bc:e3:
                    65:85:98:fd:a5:df:11:e4:4b:3e:41:45:86:9e:94:
                    40:bc:1d:8e:1f:33:55:a8:4a:de:cb:ac:22:dc:53:
                    5e:38:ac:39:c5:40:f0:82:be:bc:57:80:0d:87:5e:
                    23:34:c3:ec:6b:d5:15:bb:f1:8f:a3:ab:17:f0:fb:
                    4f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:EC:6E:8F:4F:BD:70:E4:2A:21:EC:86:B3:AA:3D:12:12:C6:2E:33
            X509v3 Authority Key Identifier:
                keyid:84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/huxuj0-9cOQqIeyGs6o9EhLGLjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:9e:4d:f4:b7:0c:d5:ff:2c:0c:8f:ca:92:88:c1:97:05:b2:
         3e:ca:6c:d1:da:e5:d1:96:dd:4f:3e:ea:52:61:2a:77:8b:7f:
         0a:70:3d:dd:d9:87:45:24:50:0b:e1:b2:94:b8:72:4f:7a:1e:
         8c:db:12:f5:ba:4a:a8:e5:f6:43:4a:53:2b:0c:4b:36:79:7a:
         01:b9:f1:e5:37:e8:bd:d9:a2:f2:ae:cd:af:08:ff:fb:e3:86:
         79:68:6c:4d:d9:a0:9f:e6:7b:02:56:ed:6c:12:00:68:01:82:
         ef:dc:e0:53:8e:a0:2c:75:09:a9:fe:78:86:2d:f2:76:45:a7:
         cf:cc:b2:44:d5:b6:e1:f8:e6:46:94:06:06:c9:69:28:56:f5:
         c3:f7:8b:d7:f6:b7:2b:1c:f3:a4:c0:4e:fe:ea:45:71:ae:c4:
         5d:e9:e4:01:5d:88:62:b2:51:2e:1a:ad:f8:e3:46:a3:08:f9:
         00:5e:a0:2f:b7:97:53:32:1c:62:76:b9:14:7c:2c:49:38:7b:
         c8:20:c4:4e:72:94:88:4a:4d:d0:97:b9:87:58:eb:f1:c9:80:
         e1:71:0b:8e:b7:42:73:25:ab:7a:e5:12:79:68:76:47:77:71:
         74:9d:d1:fd:3c:38:02:a7:32:c5:dc:04:ff:fb:38:80:cf:56:
         b0:4b:0b:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWswQGO8YYNX7RzZzPugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MWYzNmZjYmY3MzM0ZWZmNmI5MWU4MDI5N2VhNWIyNWM0
ZWNmZDIwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmVjNmU4ZjRmYmQ3MGU0MmEyMWVjODZiM2FhM2QxMjEyYzYyZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxkHRcWqKOdXgRD5P/tt2t0gy3po
YU0GfPsB54NCysHhkdDPlIJARqOIsJfzie8F5y44qIzLx0+PCiGba+n7yh4Y4fbK
4ssZhkO4ebhxEanmCrH/Gjsf7JzsB2YmLwvdTmVXtERsLEefbQssZjbzF3r/eah3
hyElgDFtJxQSCB9PmcXfmGkobdHs2EKWv1dGWfk+DM8aLEY7h0pVT98fxfmv0L19
xaBxIw/JBiIRIZRlFdHX4tU/e0HKX9qMY2HbvONlhZj9pd8R5Es+QUWGnpRAvB2O
HzNVqErey6wi3FNeOKw5xUDwgr68V4ANh14jNMPsa9UVu/GPo6sX8PtPQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbsbo9PvXDkKiHshrOqPRISxi4zMB8GA1UdIwQY
MBaAFIQfNvy/czTv9rkegCl+pbJcTs/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQt
OTVkZGIwOTc0ZTRiLzEvaHV4dWowLTljT1FxSWV5R3M2bzlFaExHTGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQtOTVkZGIwOTc0ZTRi
LzEvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWqHMA0G
CSqGSIb3DQEBCwUAA4IBAQA0nk30twzV/ywMj8qSiMGXBbI+ymzR2uXRlt1PPupS
YSp3i38KcD3d2YdFJFAL4bKUuHJPeh6M2xL1ukqo5fZDSlMrDEs2eXoBufHlN+i9
2aLyrs2vCP/744Z5aGxN2aCf5nsCVu1sEgBoAYLv3OBTjqAsdQmp/niGLfJ2RafP
zLJE1bbh+OZGlAYGyWkoVvXD94vX9rcrHPOkwE7+6kVxrsRd6eQBXYhislEuGq34
40ajCPkAXqAvt5dTMhxidrkUfCxJOHvIIMROcpSISk3Ql7mHWOvxyYDhcQuOt0Jz
Jat65RJ5aHZHd3F0ndH9PDgCpzLF3AT/+ziAz1awSwsM
-----END CERTIFICATE-----