Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/HzRFVvEKI-hPVjC7IE3BhmXzgLo.roa
File:                     HzRFVvEKI-hPVjC7IE3BhmXzgLo.roa (raw, json)
Hash identifier:          8u/vUmB+1TYRb5Vhelw9q8lRI6KNWabczRTEsyVaKxQ=
Subject key identifier:   1F:34:45:56:F1:0A:23:E8:4F:56:30:BB:20:4D:C1:86:65:F3:80:BA
Certificate issuer:       /CN=4b2ec0a9b9e60e8652168ca69d9239f27307c372
Certificate serial:       018CC5DC05A5770D8C90D13D67F0D5B8ACD5
Authority key identifier: 4B:2E:C0:A9:B9:E6:0E:86:52:16:8C:A6:9D:92:39:F2:73:07:C3:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sy7AqbnmDoZSFoymnZI58nMHw3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/HzRFVvEKI-hPVjC7IE3BhmXzgLo.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39661
IP address blocks:        194.50.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/Sy7AqbnmDoZSFoymnZI58nMHw3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/Sy7AqbnmDoZSFoymnZI58nMHw3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sy7AqbnmDoZSFoymnZI58nMHw3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:05:a5:77:0d:8c:90:d1:3d:67:f0:d5:b8:ac:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b2ec0a9b9e60e8652168ca69d9239f27307c372
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f344556f10a23e84f5630bb204dc18665f380ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d9:b0:06:da:f9:a4:aa:41:9a:81:6c:5d:a8:
                    38:3b:34:20:d0:1b:22:f0:f0:ce:78:fb:5d:e2:44:
                    db:bc:0d:3e:89:0f:7c:d8:33:8f:eb:3f:ca:07:48:
                    1b:c4:b4:c5:84:4c:81:21:06:58:46:d0:4e:3f:12:
                    3f:bd:eb:cc:51:d5:73:37:ce:cb:5b:dd:6b:28:90:
                    1e:31:ee:c9:89:53:50:96:22:1e:58:25:2c:5f:bd:
                    4b:92:64:43:ef:51:20:3f:8b:29:ae:da:3a:29:c7:
                    be:4e:dc:8a:69:c1:26:11:89:2a:29:f8:de:67:96:
                    79:af:a3:b9:b8:12:06:15:e5:76:77:69:63:37:54:
                    bc:da:71:ec:9a:6b:02:f1:28:52:8f:07:c1:f1:cb:
                    b9:f6:3f:f6:65:d8:dc:11:47:d7:38:ed:4f:a2:d3:
                    01:1d:59:28:d3:3c:32:90:34:51:cb:37:32:01:09:
                    da:85:79:65:d7:b8:e7:9c:29:69:09:38:d2:67:60:
                    a0:d3:b2:61:5a:60:2a:8c:e8:07:69:bc:81:2a:7e:
                    cc:ab:c2:0a:69:13:32:bc:9f:13:5e:ce:33:03:a1:
                    62:1b:0d:bc:56:30:f1:0a:68:5b:77:38:bb:a9:cd:
                    43:93:79:12:ee:45:cf:36:d8:69:89:28:d4:88:b5:
                    cd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:34:45:56:F1:0A:23:E8:4F:56:30:BB:20:4D:C1:86:65:F3:80:BA
            X509v3 Authority Key Identifier:
                keyid:4B:2E:C0:A9:B9:E6:0E:86:52:16:8C:A6:9D:92:39:F2:73:07:C3:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sy7AqbnmDoZSFoymnZI58nMHw3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/HzRFVvEKI-hPVjC7IE3BhmXzgLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/Sy7AqbnmDoZSFoymnZI58nMHw3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:5e:6a:84:62:10:2c:ac:66:fc:f9:ab:b5:24:c3:96:43:31:
         33:c7:55:2d:bd:50:c0:58:22:72:be:eb:e9:08:62:1c:ab:64:
         c4:b1:ea:7c:0b:1c:ad:0f:cc:cb:d7:79:3c:98:00:de:13:d5:
         94:f5:dd:1c:45:e9:13:79:8b:d0:ba:14:9c:da:8d:6f:5e:a3:
         51:bc:6d:54:10:e6:79:75:33:8f:72:e1:88:fb:15:03:5d:83:
         39:5e:d2:1f:f7:61:84:e5:40:bb:5c:7c:e5:38:c5:b2:fd:ea:
         03:32:ed:2b:84:ed:e0:7b:57:81:69:ae:d2:f9:cd:79:b6:13:
         07:f3:4e:d6:d6:69:cc:37:a2:85:b4:53:77:5f:d8:2f:b8:1e:
         eb:90:c3:0e:5c:05:b5:a9:e8:ea:71:0f:db:00:78:9b:49:6e:
         38:3e:11:2b:f8:4e:56:cf:d2:46:fa:f9:89:68:25:54:34:21:
         53:10:46:21:55:5f:cd:b6:9b:38:e0:72:a4:cc:55:1e:96:f0:
         92:89:53:5a:67:83:a9:61:32:aa:75:73:d7:36:af:90:7b:21:
         2e:dd:04:0b:6e:46:10:f9:8c:65:6d:aa:f2:f4:1e:aa:11:88:
         0f:ce:0b:5a:12:f3:9e:8e:49:c3:8b:98:88:37:51:73:51:17:
         84:68:23:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3AWldw2MkNE9Z/DVuKzVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMmVjMGE5YjllNjBlODY1MjE2OGNhNjlkOTIzOWYyNzMw
N2MzNzIwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM0NDU1NmYxMGEyM2U4NGY1NjMwYmIyMDRkYzE4NjY1ZjM4MGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidmwBtr5pKpBmoFsXag4OzQg0Bsi
8PDOePtd4kTbvA0+iQ982DOP6z/KB0gbxLTFhEyBIQZYRtBOPxI/vevMUdVzN87L
W91rKJAeMe7JiVNQliIeWCUsX71LkmRD71EgP4sprto6Kce+TtyKacEmEYkqKfje
Z5Z5r6O5uBIGFeV2d2ljN1S82nHsmmsC8ShSjwfB8cu59j/2ZdjcEUfXOO1PotMB
HVko0zwykDRRyzcyAQnahXll17jnnClpCTjSZ2Cg07JhWmAqjOgHabyBKn7Mq8IK
aRMyvJ8TXs4zA6FiGw28VjDxCmhbdzi7qc1Dk3kS7kXPNthpiSjUiLXNawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB80RVbxCiPoT1YwuyBNwYZl84C6MB8GA1UdIwQY
MBaAFEsuwKm55g6GUhaMpp2SOfJzB8NyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3k3QXFibm1Eb1pTRm95bW5aSTU4bk1IdzNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mZDUzZjctODMxNS00MGQyLTkxNWIt
Y2QwZjU5YzI4ZDJkLzEvSHpSRlZ2RUtJLWhQVmpDN0lFM0JobVh6Z0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mZDUzZjctODMxNS00MGQyLTkxNWItY2QwZjU5YzI4ZDJk
LzEvU3k3QXFibm1Eb1pTRm95bW5aSTU4bk1IdzNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJuMA0G
CSqGSIb3DQEBCwUAA4IBAQBbXmqEYhAsrGb8+au1JMOWQzEzx1UtvVDAWCJyvuvp
CGIcq2TEsep8CxytD8zL13k8mADeE9WU9d0cRekTeYvQuhSc2o1vXqNRvG1UEOZ5
dTOPcuGI+xUDXYM5XtIf92GE5UC7XHzlOMWy/eoDMu0rhO3ge1eBaa7S+c15thMH
807W1mnMN6KFtFN3X9gvuB7rkMMOXAW1qejqcQ/bAHibSW44PhEr+E5Wz9JG+vmJ
aCVUNCFTEEYhVV/Ntps44HKkzFUelvCSiVNaZ4OpYTKqdXPXNq+QeyEu3QQLbkYQ
+Yxlbary9B6qEYgPzgtaEvOejknDi5iIN1FzUReEaCNB
-----END CERTIFICATE-----