Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/Heru_1GAsy1BOUc9TBT23IRr2tA.roa
File:                     Heru_1GAsy1BOUc9TBT23IRr2tA.roa (raw, json)
Hash identifier:          IpryTMLm8d9YTBac8MLjOJjE6EksJBthEHxdcQi9LuM=
Subject key identifier:   1D:EA:EE:FF:51:80:B3:2D:41:39:47:3D:4C:14:F6:DC:84:6B:DA:D0
Certificate issuer:       /CN=9042e83976e35fe29a01d3c43a9bc5964b37b443
Certificate serial:       018CC42473F10A0A28C1A1BFE1904F8B8870
Authority key identifier: 90:42:E8:39:76:E3:5F:E2:9A:01:D3:C4:3A:9B:C5:96:4B:37:B4:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/Heru_1GAsy1BOUc9TBT23IRr2tA.roa
Signing time:             Mon 01 Jan 2024 08:29:32 +0000
ROA not before:           Mon 01 Jan 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60735
IP address blocks:        194.124.236.0/24 maxlen: 24
                          2a0f:3cc6::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:73:f1:0a:0a:28:c1:a1:bf:e1:90:4f:8b:88:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9042e83976e35fe29a01d3c43a9bc5964b37b443
        Validity
            Not Before: Jan  1 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1deaeeff5180b32d4139473d4c14f6dc846bdad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ec:0b:a3:84:fa:b2:64:5f:b4:d2:22:a3:57:
                    c6:e5:cb:c6:93:f9:8c:c5:14:8d:5e:a9:c1:b8:77:
                    9d:91:a9:b4:ce:b6:69:b8:f2:a4:1c:03:72:5d:a6:
                    68:c5:d9:2c:34:74:45:8f:d8:c4:d6:9e:83:c4:bb:
                    e1:fe:4c:14:16:64:66:b5:a7:2f:11:89:85:7a:5d:
                    3d:3e:18:a9:22:df:08:45:47:7a:82:48:42:d7:14:
                    fb:f1:1f:5b:a4:ad:b0:46:07:bd:90:27:50:20:b7:
                    77:77:c3:c5:69:9c:ba:9d:90:b7:93:76:cf:08:cd:
                    0e:03:1d:95:61:38:d2:8f:0e:21:2f:ee:a7:d9:0f:
                    73:cf:55:71:12:9c:45:43:38:75:6d:1b:c5:e5:99:
                    07:26:60:e8:75:72:32:ef:43:90:ba:52:e5:8a:39:
                    1e:be:50:d9:e8:60:61:17:87:f1:bf:da:3c:d7:b4:
                    d3:0c:5e:84:1c:b0:36:23:d8:04:8d:f0:32:3d:42:
                    93:70:f0:b0:54:b4:6e:a8:1b:4c:47:b4:c9:15:24:
                    91:65:23:ea:6a:67:60:f7:68:57:36:92:ba:d7:db:
                    6b:e8:90:24:be:61:f0:e7:c1:f8:6b:9e:bd:6c:5e:
                    d9:e2:c8:dc:dc:0e:9c:81:31:2e:c0:ff:d7:f9:c4:
                    f1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:EA:EE:FF:51:80:B3:2D:41:39:47:3D:4C:14:F6:DC:84:6B:DA:D0
            X509v3 Authority Key Identifier:
                keyid:90:42:E8:39:76:E3:5F:E2:9A:01:D3:C4:3A:9B:C5:96:4B:37:B4:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/Heru_1GAsy1BOUc9TBT23IRr2tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.236.0/24
                IPv6:
                  2a0f:3cc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:a8:b8:49:3c:b9:41:ca:83:32:18:f6:8c:29:95:cc:11:ac:
         03:41:8b:2e:7a:53:94:5a:3a:40:13:52:39:7f:9d:29:de:c9:
         e5:1f:06:d1:f7:34:84:39:48:2d:ee:fe:fa:bd:cd:d2:ca:03:
         60:aa:84:cb:c9:6e:da:44:42:2c:f5:42:77:8b:88:9a:64:8d:
         2d:4f:cf:37:6c:f9:2b:02:62:69:d7:24:fc:27:a0:1f:e8:45:
         57:1f:b8:b4:df:38:69:e2:08:20:38:23:cc:20:0a:eb:3e:94:
         cf:83:cd:80:54:79:d8:e3:94:c5:1d:1b:e6:e4:f3:14:b2:f7:
         43:32:1e:51:6b:3e:4d:23:c0:f2:5c:9b:ac:65:d9:f7:0d:8d:
         e6:a6:97:df:8d:0e:93:26:1c:a3:56:2c:31:32:8d:d5:8e:83:
         aa:cf:a1:c2:5b:68:ac:af:0f:41:88:9a:e6:de:23:5e:b7:96:
         d9:d9:6e:74:21:6c:11:dd:3b:c7:0d:06:1e:33:59:e8:c5:ac:
         06:69:ce:21:57:f0:85:70:7f:e9:24:13:95:53:83:82:3f:0b:
         db:2d:c5:ef:6a:5f:b6:30:10:34:8d:f9:b7:1b:ff:5a:d4:60:
         98:60:be:9d:6b:17:80:f6:5f:b7:dc:21:10:9e:33:38:b6:b9:
         9b:17:c4:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJHPxCgoowaG/4ZBPi4hwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNDJlODM5NzZlMzVmZTI5YTAxZDNjNDNhOWJjNTk2NGIz
N2I0NDMwHhcNMjQwMTAxMDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGVhZWVmZjUxODBiMzJkNDEzOTQ3M2Q0YzE0ZjZkYzg0NmJkYWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgewLo4T6smRftNIio1fG5cvGk/mM
xRSNXqnBuHedkam0zrZpuPKkHANyXaZoxdksNHRFj9jE1p6DxLvh/kwUFmRmtacv
EYmFel09PhipIt8IRUd6gkhC1xT78R9bpK2wRge9kCdQILd3d8PFaZy6nZC3k3bP
CM0OAx2VYTjSjw4hL+6n2Q9zz1VxEpxFQzh1bRvF5ZkHJmDodXIy70OQulLlijke
vlDZ6GBhF4fxv9o817TTDF6EHLA2I9gEjfAyPUKTcPCwVLRuqBtMR7TJFSSRZSPq
amdg92hXNpK619tr6JAkvmHw58H4a569bF7Z4sjc3A6cgTEuwP/X+cTxYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB3q7v9RgLMtQTlHPUwU9tyEa9rQMB8GA1UdIwQY
MBaAFJBC6Dl241/imgHTxDqbxZZLN7RDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0VMb09YYmpYLUthQWRQRU9wdkZsa3MzdEVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hODdiNmUtZDg0Mi00YzBjLTg4MWIt
MjEwOTQwZGExNzdiLzEvSGVydV8xR0FzeTFCT1VjOVRCVDIzSVJyMnRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hODdiNmUtZDg0Mi00YzBjLTg4MWItMjEwOTQwZGExNzdi
LzEva0VMb09YYmpYLUthQWRQRU9wdkZsa3MzdEVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwnzsMA0E
AgACMAcDBQAqDzzGMA0GCSqGSIb3DQEBCwUAA4IBAQC1qLhJPLlByoMyGPaMKZXM
EawDQYsuelOUWjpAE1I5f50p3snlHwbR9zSEOUgt7v76vc3SygNgqoTLyW7aREIs
9UJ3i4iaZI0tT883bPkrAmJp1yT8J6Af6EVXH7i03zhp4gggOCPMIArrPpTPg82A
VHnY45TFHRvm5PMUsvdDMh5Raz5NI8DyXJusZdn3DY3mppffjQ6TJhyjViwxMo3V
joOqz6HCW2isrw9BiJrm3iNet5bZ2W50IWwR3TvHDQYeM1noxawGac4hV/CFcH/p
JBOVU4OCPwvbLcXval+2MBA0jfm3G/9a1GCYYL6daxeA9l+33CEQnjM4trmbF8TB
-----END CERTIFICATE-----