Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/hapRH7fYH_aNNjly-DxZ2NI7v08.roa
File:                     hapRH7fYH_aNNjly-DxZ2NI7v08.roa (raw, json)
Hash identifier:          Rdc9R9sR2nFX0j4G0JydiYtZHM8LyhcQIZ6BnAyxEmk=
Subject key identifier:   85:AA:51:1F:B7:D8:1F:F6:8D:36:39:72:F8:3C:59:D8:D2:3B:BF:4F
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A76167475391FCB1A9750CB3F16B3
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/hapRH7fYH_aNNjly-DxZ2NI7v08.roa
Signing time:             Mon 01 Jan 2024 18:30:17 +0000
ROA not before:           Mon 01 Jan 2024 18:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42484
IP address blocks:        141.101.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:76:16:74:75:39:1f:cb:1a:97:50:cb:3f:16:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85aa511fb7d81ff68d363972f83c59d8d23bbf4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e1:89:cf:44:9c:86:bb:45:88:e3:e7:ec:ad:
                    dd:b0:ee:9d:84:45:b2:e0:90:71:2b:94:ce:b3:0a:
                    8e:cd:e4:46:4b:6f:94:61:54:8d:97:99:f9:56:ad:
                    04:5c:01:5c:6a:aa:06:56:31:81:b3:57:db:45:b2:
                    76:b5:d8:f3:a1:ed:67:81:4a:4d:27:34:63:ef:c3:
                    90:d7:7b:53:77:76:b3:74:c9:e8:f0:f8:5a:6f:89:
                    f5:08:02:a6:b5:c2:de:a3:0d:6b:7a:50:62:fb:b4:
                    5d:79:db:9c:a0:48:ad:ad:57:74:3e:d1:ef:e9:49:
                    c2:54:2c:08:56:ff:72:65:b1:40:66:31:a4:f8:43:
                    4b:be:60:be:3a:b3:fb:9b:44:38:86:71:94:9a:ee:
                    da:2f:bb:82:3f:4b:40:fe:8c:3a:9f:b9:b4:e7:1d:
                    c1:da:99:8a:cc:13:fc:51:fc:d0:36:81:4e:2c:ab:
                    65:52:90:20:e8:64:53:1c:a5:b7:ef:20:2b:02:bc:
                    c1:05:5f:8b:75:dd:a3:2d:16:7b:56:10:be:a0:a1:
                    6e:bf:ca:fe:b4:bc:1c:e2:c4:71:07:08:e7:f9:fb:
                    f3:9e:db:71:a7:d9:b4:ee:17:fd:eb:71:0c:2f:31:
                    3f:c3:fa:e4:d3:cc:bf:41:21:2d:07:d4:1d:39:c6:
                    d4:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AA:51:1F:B7:D8:1F:F6:8D:36:39:72:F8:3C:59:D8:D2:3B:BF:4F
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/hapRH7fYH_aNNjly-DxZ2NI7v08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:19:8a:b6:fa:46:fc:ca:dc:72:57:82:95:df:92:0a:93:86:
         28:8b:27:5c:95:40:67:4c:f6:72:6c:bb:47:4f:c4:fa:36:c8:
         ec:1c:a1:0b:01:64:58:44:46:81:04:74:71:8d:08:22:89:4a:
         9c:ec:86:94:b3:40:30:45:f8:45:5f:8d:71:f7:a2:05:ee:fc:
         1d:b0:4b:0a:b8:89:2e:15:ab:cd:e8:52:f2:2c:94:18:36:34:
         4a:4e:29:3e:c7:bd:bf:a4:c0:29:c2:6c:25:c5:8d:85:b1:a6:
         8e:06:58:0d:75:d7:4f:22:11:ed:dc:c1:42:45:38:07:7a:fe:
         7c:b4:24:ee:7e:c3:a8:51:a8:28:9d:f5:07:0b:b0:a6:e9:97:
         a9:7b:44:f4:c1:71:44:93:da:b9:e4:1e:a0:b6:e3:8b:30:b8:
         17:e5:ed:93:d5:d2:f3:5b:a4:2c:90:ee:45:2a:d7:e7:b9:4b:
         7e:c4:1e:fa:a7:ab:cf:31:bd:c7:4d:42:48:d9:7c:b0:97:25:
         d3:c1:99:19:79:6d:7d:78:1c:e5:0b:37:63:cc:5b:44:38:87:
         b4:ac:59:2f:bd:63:71:f7:53:bc:9d:65:17:1d:39:61:85:20:
         dd:08:2b:40:39:b2:cc:91:3a:8a:ca:5a:a1:94:30:c1:b0:9b:
         ad:45:14:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnYWdHU5H8sal1DLPxazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWFhNTExZmI3ZDgxZmY2OGQzNjM5NzJmODNjNTlkOGQyM2JiZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOGJz0SchrtFiOPn7K3dsO6dhEWy
4JBxK5TOswqOzeRGS2+UYVSNl5n5Vq0EXAFcaqoGVjGBs1fbRbJ2tdjzoe1ngUpN
JzRj78OQ13tTd3azdMno8Phab4n1CAKmtcLeow1relBi+7RdeducoEitrVd0PtHv
6UnCVCwIVv9yZbFAZjGk+ENLvmC+OrP7m0Q4hnGUmu7aL7uCP0tA/ow6n7m05x3B
2pmKzBP8UfzQNoFOLKtlUpAg6GRTHKW37yArArzBBV+Ldd2jLRZ7VhC+oKFuv8r+
tLwc4sRxBwjn+fvznttxp9m07hf963EMLzE/w/rk08y/QSEtB9QdOcbUIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWqUR+32B/2jTY5cvg8WdjSO79PMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvaGFwUkg3ZllIX2FOTmpseS1EeFoyTkk3djA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWWvMA0G
CSqGSIb3DQEBCwUAA4IBAQCWGYq2+kb8ytxyV4KV35IKk4YoiydclUBnTPZybLtH
T8T6NsjsHKELAWRYREaBBHRxjQgiiUqc7IaUs0AwRfhFX41x96IF7vwdsEsKuIku
FavN6FLyLJQYNjRKTik+x72/pMApwmwlxY2FsaaOBlgNdddPIhHt3MFCRTgHev58
tCTufsOoUagonfUHC7Cm6Zepe0T0wXFEk9q55B6gtuOLMLgX5e2T1dLzW6QskO5F
KtfnuUt+xB76p6vPMb3HTUJI2XywlyXTwZkZeW19eBzlCzdjzFtEOIe0rFkvvWNx
91O8nWUXHTlhhSDdCCtAObLMkTqKylqhlDDBsJutRRTO
-----END CERTIFICATE-----