Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/huE_lGTIe8YcDPyp54o9FKCzR2Y.roa
File:                     huE_lGTIe8YcDPyp54o9FKCzR2Y.roa (raw, json)
Hash identifier:          O0SsxMhDtYxUt3I09lpGRVB8HoosRwhDF6UAgEjNGkA=
Subject key identifier:   86:E1:3F:94:64:C8:7B:C6:1C:0C:FC:A9:E7:8A:3D:14:A0:B3:47:66
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       018CC2DB285A44236514F5169B79BCB14B4E
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/huE_lGTIe8YcDPyp54o9FKCzR2Y.roa
Signing time:             Mon 01 Jan 2024 02:29:51 +0000
ROA not before:           Mon 01 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39205
IP address blocks:        84.247.127.0/24 maxlen: 24
                          188.240.8.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:28:5a:44:23:65:14:f5:16:9b:79:bc:b1:4b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Jan  1 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86e13f9464c87bc61c0cfca9e78a3d14a0b34766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a9:ed:bd:37:d4:dd:b2:ff:5d:f9:8f:0a:de:
                    68:0d:40:a2:e2:e4:83:d1:da:33:d5:00:19:d2:ca:
                    e4:49:a4:d2:96:60:9f:2c:3a:c7:2e:b3:94:35:58:
                    2b:d4:c3:13:73:70:4a:2e:ba:6e:7c:15:c1:ea:2e:
                    6a:c8:c3:db:11:dc:94:bf:86:0b:21:6c:3b:a0:01:
                    7f:64:21:5c:99:34:69:7e:06:d3:d7:c0:4f:36:8b:
                    5c:a8:bf:0d:f5:66:b3:80:35:ac:41:f7:5f:11:15:
                    32:24:b4:b4:3c:1b:30:35:b5:d2:04:ca:a0:2f:e2:
                    6e:c5:fe:45:39:98:55:95:95:a8:78:9d:70:46:11:
                    ae:42:56:44:75:8e:55:b1:e7:6e:ba:c6:85:7c:e7:
                    8c:78:b2:3a:10:03:b1:1f:68:b7:7f:b7:09:ed:97:
                    b4:59:8c:9b:94:b7:39:dc:9a:01:f2:18:b3:04:66:
                    e4:f8:63:24:27:2a:da:4c:96:31:4c:4c:a9:ff:49:
                    69:f1:f2:9d:8c:4d:85:90:cb:ea:92:61:83:2a:1d:
                    a3:56:02:5a:96:90:64:fb:73:f3:c1:44:6d:72:66:
                    fa:8e:db:b3:dc:d3:c3:45:3f:6b:71:21:b6:20:d0:
                    49:58:9c:68:07:8a:cd:c0:fb:1c:40:fa:d8:f8:90:
                    13:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E1:3F:94:64:C8:7B:C6:1C:0C:FC:A9:E7:8A:3D:14:A0:B3:47:66
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/huE_lGTIe8YcDPyp54o9FKCzR2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.127.0/24
                  188.240.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:c5:b8:31:e7:f1:bd:df:fc:fe:07:4f:fa:1d:bf:9d:6b:80:
         5a:71:3d:ff:9e:b7:d4:17:31:32:45:d0:87:9a:88:87:d3:2b:
         1b:d6:0d:b1:94:ba:f8:11:48:5d:0a:e8:ca:81:a1:f0:9c:d4:
         3a:3a:7f:96:7f:2d:49:61:6d:0a:c4:46:f6:c6:f1:7d:95:4c:
         10:60:a3:1f:4f:6d:b6:8c:71:7e:14:3f:22:d5:d3:8f:ae:91:
         ed:fb:a3:cf:af:d3:ca:0f:bf:ec:f6:86:36:a1:e8:db:11:fc:
         38:bc:07:06:57:83:6b:3b:d5:a4:22:8e:3f:9c:40:5f:bb:6f:
         f8:54:5a:83:af:54:cd:00:7a:51:64:6f:12:24:b8:93:54:58:
         d8:5c:7d:29:6d:fc:16:59:37:20:49:5c:ee:9c:42:0b:52:38:
         de:38:17:33:27:d0:5d:91:5e:69:b2:ad:dc:2c:b7:95:f6:eb:
         ba:3b:10:6c:77:d9:af:04:44:d1:9a:c5:de:56:62:eb:17:12:
         79:77:91:7c:7c:44:a1:70:41:b0:03:bc:42:0b:aa:22:ed:46:
         a9:c6:0d:24:85:74:65:c9:2b:d4:ff:85:23:d6:f8:7b:0c:d1:
         e3:41:b5:38:89:94:54:0c:55:03:eb:b7:cc:67:b2:69:2f:9b:
         32:0f:2e:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2yhaRCNlFPUWm3m8sUtOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmUxM2Y5NDY0Yzg3YmM2MWMwY2ZjYTllNzhhM2QxNGEwYjM0NzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiantvTfU3bL/XfmPCt5oDUCi4uSD
0doz1QAZ0srkSaTSlmCfLDrHLrOUNVgr1MMTc3BKLrpufBXB6i5qyMPbEdyUv4YL
IWw7oAF/ZCFcmTRpfgbT18BPNotcqL8N9WazgDWsQfdfERUyJLS0PBswNbXSBMqg
L+Juxf5FOZhVlZWoeJ1wRhGuQlZEdY5VseduusaFfOeMeLI6EAOxH2i3f7cJ7Ze0
WYyblLc53JoB8hizBGbk+GMkJyraTJYxTEyp/0lp8fKdjE2FkMvqkmGDKh2jVgJa
lpBk+3PzwURtcmb6jtuz3NPDRT9rcSG2INBJWJxoB4rNwPscQPrY+JATDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIbhP5RkyHvGHAz8qeeKPRSgs0dmMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvaHVFX2xHVEllOFljRFB5cDU0bzlGS0N6UjJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVPd/AwQB
vPAIMA0GCSqGSIb3DQEBCwUAA4IBAQCRxbgx5/G93/z+B0/6Hb+da4BacT3/nrfU
FzEyRdCHmoiH0ysb1g2xlLr4EUhdCujKgaHwnNQ6On+Wfy1JYW0KxEb2xvF9lUwQ
YKMfT222jHF+FD8i1dOPrpHt+6PPr9PKD7/s9oY2oejbEfw4vAcGV4NrO9WkIo4/
nEBfu2/4VFqDr1TNAHpRZG8SJLiTVFjYXH0pbfwWWTcgSVzunEILUjjeOBczJ9Bd
kV5psq3cLLeV9uu6OxBsd9mvBETRmsXeVmLrFxJ5d5F8fEShcEGwA7xCC6oi7Uap
xg0khXRlySvU/4Uj1vh7DNHjQbU4iZRUDFUD67fMZ7JpL5syDy6c
-----END CERTIFICATE-----