Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/HnNefyMmDDQOC3VaHFmtRD7oeBc.roa
File:                     HnNefyMmDDQOC3VaHFmtRD7oeBc.roa (raw, json)
Hash identifier:          v70MDvPCN6bs1yTeKB+Wk1qGMYTJ4uKhui6eOH8VUYc=
Subject key identifier:   1E:73:5E:7F:23:26:0C:34:0E:0B:75:5A:1C:59:AD:44:3E:E8:78:17
Certificate issuer:       /CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
Certificate serial:       018CC9BB0B6949EF0064FFC7F94BB5745898
Authority key identifier: 72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/HnNefyMmDDQOC3VaHFmtRD7oeBc.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43902
IP address blocks:        185.56.107.0/24 maxlen: 24
                          2a00:7fc0:8001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:0b:69:49:ef:00:64:ff:c7:f9:4b:b5:74:58:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e735e7f23260c340e0b755a1c59ad443ee87817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:17:fb:4b:8b:e9:6d:28:b2:e6:12:1d:4e:ab:
                    55:49:3b:74:ec:99:36:50:9d:d8:1e:74:34:d2:89:
                    2d:86:33:22:60:ad:e7:6e:e7:cd:3a:d8:4d:96:85:
                    43:2d:3d:de:82:48:e8:ea:78:a6:40:24:c8:7d:31:
                    95:54:43:e2:6f:3d:18:f9:9d:95:52:25:13:7a:f4:
                    91:dd:da:18:40:5f:cb:77:1e:88:64:28:e0:9d:62:
                    84:4e:77:a6:29:63:57:d7:79:84:5f:1a:16:00:30:
                    f1:d9:4a:cb:75:ea:9b:1b:c6:dc:13:87:3b:62:24:
                    fe:c5:12:68:5a:6f:06:8f:3a:69:8b:2f:29:4c:82:
                    bd:8d:7d:15:8a:ec:11:11:db:1b:15:a3:fa:e6:72:
                    3e:2e:c4:87:a9:5e:f3:ca:8b:d8:5a:59:81:94:bc:
                    d7:36:f4:f8:04:e3:cf:07:45:18:d2:3f:67:55:c9:
                    12:13:86:58:8d:fa:c8:4f:2f:d5:91:9f:d9:37:a6:
                    59:b3:f5:ff:2d:fd:28:4b:0a:63:8f:a4:7a:36:c8:
                    57:79:c0:70:9b:25:3c:eb:a5:be:4d:dc:bb:cb:61:
                    81:76:3f:13:d2:75:cf:95:a8:ea:14:fd:d2:5c:eb:
                    98:65:d4:56:28:96:fd:2b:6a:47:4d:a8:64:5b:35:
                    34:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:73:5E:7F:23:26:0C:34:0E:0B:75:5A:1C:59:AD:44:3E:E8:78:17
            X509v3 Authority Key Identifier:
                keyid:72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/HnNefyMmDDQOC3VaHFmtRD7oeBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.107.0/24
                IPv6:
                  2a00:7fc0:8001::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:20:ff:f8:d4:f6:7a:41:e8:c9:29:6f:b9:ca:e1:30:b5:ce:
         a4:1b:e4:de:89:57:03:d9:eb:4c:e0:05:7f:e0:ef:2c:2f:84:
         d4:ac:a5:d8:62:ba:1a:0b:4a:1b:65:49:a7:74:ec:83:58:a6:
         96:1c:45:a6:56:71:10:84:cd:ef:c1:5a:a7:aa:8a:00:ae:04:
         cc:e5:28:96:0a:54:c8:f5:22:32:03:0f:22:5a:90:ba:90:dd:
         2a:2f:be:7e:b0:2e:33:2e:51:bf:a6:92:7e:40:07:87:7f:a9:
         91:b9:af:63:b7:cb:e1:fe:5b:10:fa:9b:d3:b5:7c:19:d9:24:
         c5:37:d1:2a:79:5f:52:e8:ab:47:68:05:da:f1:bd:0d:19:bc:
         5c:1f:d8:c2:d3:37:48:19:c7:8a:d1:9a:ec:f9:2b:3b:22:7e:
         32:a0:c0:1c:71:0e:ba:10:14:e7:d1:c3:82:85:53:c4:ad:c9:
         d2:75:d5:b2:16:66:ac:66:c8:e6:76:eb:dc:87:bd:3f:55:6d:
         f9:bf:ed:15:22:7b:b4:e9:98:14:c5:44:ac:15:ce:00:f6:b4:
         d9:55:95:7a:e2:df:3e:6c:7f:08:4a:58:e2:0c:63:33:d3:89:
         59:52:9e:27:59:11:06:82:46:cb:a6:de:84:ec:b6:fb:e9:0b:
         de:57:37:82
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJuwtpSe8AZP/H+Uu1dFiYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzI2YWJjOWUwNmMxYWZlZjliNWZkMmRhNDA0MTJlN2Fl
ZTZiNDcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTczNWU3ZjIzMjYwYzM0MGUwYjc1NWExYzU5YWQ0NDNlZTg3ODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhf7S4vpbSiy5hIdTqtVSTt07Jk2
UJ3YHnQ00okthjMiYK3nbufNOthNloVDLT3egkjo6nimQCTIfTGVVEPibz0Y+Z2V
UiUTevSR3doYQF/Ldx6IZCjgnWKETnemKWNX13mEXxoWADDx2UrLdeqbG8bcE4c7
YiT+xRJoWm8Gjzppiy8pTIK9jX0ViuwREdsbFaP65nI+LsSHqV7zyovYWlmBlLzX
NvT4BOPPB0UY0j9nVckSE4ZYjfrITy/VkZ/ZN6ZZs/X/Lf0oSwpjj6R6NshXecBw
myU866W+Tdy7y2GBdj8T0nXPlajqFP3SXOuYZdRWKJb9K2pHTahkWzU0EwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB5zXn8jJgw0Dgt1WhxZrUQ+6HgXMB8GA1UdIwQY
MBaAFHLCaryeBsGv75tf0tpAQS567mtHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMt
Y2Q3ZDYxOTEzMjg4LzEvSG5OZWZ5TW1ERFFPQzNWYUhGbXRSRDdvZUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMtY2Q3ZDYxOTEzMjg4
LzEvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuThrMA8E
AgACMAkDBwAqAH/AgAEwDQYJKoZIhvcNAQELBQADggEBAGwg//jU9npB6Mkpb7nK
4TC1zqQb5N6JVwPZ60zgBX/g7ywvhNSspdhiuhoLShtlSad07INYppYcRaZWcRCE
ze/BWqeqigCuBMzlKJYKVMj1IjIDDyJakLqQ3Sovvn6wLjMuUb+mkn5AB4d/qZG5
r2O3y+H+WxD6m9O1fBnZJMU30Sp5X1Loq0doBdrxvQ0ZvFwf2MLTN0gZx4rRmuz5
KzsifjKgwBxxDroQFOfRw4KFU8StydJ11bIWZqxmyOZ269yHvT9Vbfm/7RUie7Tp
mBTFRKwVzgD2tNlVlXri3z5sfwhKWOIMYzPTiVlSnidZEQaCRsum3oTstvvpC95X
N4I=
-----END CERTIFICATE-----