Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/hVSpcz72F_3hGT_ih8BBg9MjSz8.roa
File:                     hVSpcz72F_3hGT_ih8BBg9MjSz8.roa (raw, json)
Hash identifier:          /aC7JTzrFSFyjshV3SREAKDrKAlAXukiZvxSVLATCaM=
Subject key identifier:   85:54:A9:73:3E:F6:17:FD:E1:19:3F:E2:87:C0:41:83:D3:23:4B:3F
Certificate issuer:       /CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
Certificate serial:       018CC5011FBB9E8FEEBC53EF9DA76103EDC4
Authority key identifier: 0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/hVSpcz72F_3hGT_ih8BBg9MjSz8.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212431
IP address blocks:        212.110.155.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1f:bb:9e:8f:ee:bc:53:ef:9d:a7:61:03:ed:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d87142bdc2b3f0d0848a0d800b6930b1abb34bc
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8554a9733ef617fde1193fe287c04183d3234b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ba:9d:fb:87:82:07:be:3b:35:d6:b9:f5:d3:
                    89:c5:81:96:f5:5e:f6:72:76:f3:8d:77:2e:59:f5:
                    2a:3d:8c:04:b1:e6:4c:66:5b:6e:46:cf:d2:cb:33:
                    2e:74:d7:2e:fa:0c:a8:a2:b9:ae:f3:a6:c1:cb:8d:
                    78:8a:8c:a8:bd:f2:7a:44:fc:8e:fb:64:9f:59:fa:
                    a1:ea:f7:3d:72:fd:a3:f5:a6:61:dd:c7:33:16:d3:
                    cc:e7:f0:9f:1f:16:cc:c3:5e:27:f3:94:1b:b8:91:
                    e9:07:51:f1:51:cf:c0:ad:0b:e3:73:7a:c7:f5:2d:
                    d8:db:9d:9f:4a:94:3d:5c:2b:82:f9:b7:f5:02:69:
                    1c:6b:2f:7a:87:70:cc:08:cf:0b:8e:74:a3:f3:51:
                    11:59:44:9a:6a:0e:de:7b:14:18:98:68:bb:46:c7:
                    01:a5:88:0d:11:d1:2c:e7:2f:1e:20:25:0c:8d:b7:
                    1b:b0:bf:f0:62:90:01:93:8e:fd:05:96:50:33:0c:
                    8c:8b:35:1c:4d:b1:b0:eb:0b:01:5b:5e:c3:9d:76:
                    be:26:48:5c:9c:4c:16:5e:2f:81:89:03:08:16:d5:
                    1f:cd:8f:80:85:55:a7:5f:7d:12:23:25:8a:76:af:
                    74:c4:ee:38:10:1e:5b:6b:cb:c7:61:fb:9e:65:d4:
                    ef:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:54:A9:73:3E:F6:17:FD:E1:19:3F:E2:87:C0:41:83:D3:23:4B:3F
            X509v3 Authority Key Identifier:
                keyid:0D:87:14:2B:DC:2B:3F:0D:08:48:A0:D8:00:B6:93:0B:1A:BB:34:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYcUK9wrPw0ISKDYALaTCxq7NLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/hVSpcz72F_3hGT_ih8BBg9MjSz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/8f8cc0-f693-421c-bc54-a31708d40391/1/DYcUK9wrPw0ISKDYALaTCxq7NLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.110.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:97:45:e2:ff:83:7c:b8:2c:03:e4:ac:5c:d7:41:0b:08:fb:
         b1:8c:fc:a1:78:b2:29:b5:50:0a:7a:ec:87:ed:1b:ef:bf:c6:
         1a:00:2b:66:aa:eb:cb:c9:26:0d:af:7a:36:19:6f:9c:11:60:
         31:07:97:ee:ee:49:bf:62:e5:ad:b8:78:30:fe:f4:20:c6:ca:
         df:3f:f3:47:e0:8a:cd:f2:e1:ec:99:0f:0b:7c:4f:e2:f0:d9:
         8f:f1:32:da:6f:f6:9d:58:bf:bf:33:e9:94:6e:89:ed:c3:60:
         ea:d7:d5:1c:be:0d:86:db:56:e9:19:3e:70:00:78:05:b7:0b:
         ca:5f:17:1d:72:8e:fb:41:72:aa:53:31:d9:ef:48:09:70:bc:
         9a:27:5f:0b:fd:55:3c:06:96:6a:1f:81:0e:1f:b9:76:2a:73:
         4c:0d:39:15:b3:7d:2b:2c:0b:ed:b8:1e:6f:e1:f9:5f:e0:7b:
         d8:00:ab:4a:4c:68:c8:f2:70:45:71:af:c0:3e:01:c8:d8:94:
         84:79:44:74:41:c9:1d:12:8e:f4:e6:19:88:dd:1a:33:36:29:
         be:45:e8:11:41:42:5f:9a:12:8d:26:36:51:44:f4:23:36:dd:
         07:25:b1:c0:fe:64:d3:cf:45:48:02:3d:99:9e:e5:ca:5a:e5:
         86:b3:9a:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR+7no/uvFPvnadhA+3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkODcxNDJiZGMyYjNmMGQwODQ4YTBkODAwYjY5MzBiMWFi
YjM0YmMwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTU0YTk3MzNlZjYxN2ZkZTExOTNmZTI4N2MwNDE4M2QzMjM0YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbqd+4eCB747Nda59dOJxYGW9V72
cnbzjXcuWfUqPYwEseZMZltuRs/SyzMudNcu+gyoormu86bBy414ioyovfJ6RPyO
+2SfWfqh6vc9cv2j9aZh3cczFtPM5/CfHxbMw14n85QbuJHpB1HxUc/ArQvjc3rH
9S3Y252fSpQ9XCuC+bf1Amkcay96h3DMCM8LjnSj81ERWUSaag7eexQYmGi7RscB
pYgNEdEs5y8eICUMjbcbsL/wYpABk479BZZQMwyMizUcTbGw6wsBW17DnXa+Jkhc
nEwWXi+BiQMIFtUfzY+AhVWnX30SIyWKdq90xO44EB5ba8vHYfueZdTvbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVUqXM+9hf94Rk/4ofAQYPTI0s/MB8GA1UdIwQY
MBaAFA2HFCvcKz8NCEig2AC2kwsauzS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQt
YTMxNzA4ZDQwMzkxLzEvaFZTcGN6NzJGXzNoR1RfaWg4QkJnOU1qU3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84ZjhjYzAtZjY5My00MjFjLWJjNTQtYTMxNzA4ZDQwMzkx
LzEvRFljVUs5d3JQdzBJU0tEWUFMYVRDeHE3Tkx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G6bMA0G
CSqGSIb3DQEBCwUAA4IBAQCkl0Xi/4N8uCwD5Kxc10ELCPuxjPyheLIptVAKeuyH
7Rvvv8YaACtmquvLySYNr3o2GW+cEWAxB5fu7km/YuWtuHgw/vQgxsrfP/NH4IrN
8uHsmQ8LfE/i8NmP8TLab/adWL+/M+mUbontw2Dq19Ucvg2G21bpGT5wAHgFtwvK
Xxcdco77QXKqUzHZ70gJcLyaJ18L/VU8BpZqH4EOH7l2KnNMDTkVs30rLAvtuB5v
4flf4HvYAKtKTGjI8nBFca/APgHI2JSEeUR0QckdEo705hmI3RozNim+RegRQUJf
mhKNJjZRRPQjNt0HJbHA/mTTz0VIAj2ZnuXKWuWGs5q1
-----END CERTIFICATE-----