Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/3fae96-4aae-4544-bef2-c1d521166bec/1/hrr-2fm378jfwJ3SghDlo3ID40U.roa
File:                     hrr-2fm378jfwJ3SghDlo3ID40U.roa (raw, json)
Hash identifier:          /BVHblLCNkZN5eXq/9KRsviDHjUu3JHm1zu49Zq8Z0Y=
Subject key identifier:   86:BA:FE:D9:F9:B7:EF:C8:DF:C0:9D:D2:82:10:E5:A3:72:03:E3:45
Certificate issuer:       /CN=38b912a1eab18eb729745e8978138b25c4407761
Certificate serial:       018CCA2A6DD4742CB2B59851CCEC335CDDFC
Authority key identifier: 38:B9:12:A1:EA:B1:8E:B7:29:74:5E:89:78:13:8B:25:C4:40:77:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLkSoeqxjrcpdF6JeBOLJcRAd2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/3fae96-4aae-4544-bef2-c1d521166bec/1/hrr-2fm378jfwJ3SghDlo3ID40U.roa
Signing time:             Tue 02 Jan 2024 12:33:47 +0000
ROA not before:           Tue 02 Jan 2024 12:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44872
IP address blocks:        194.8.60.0/24 maxlen: 24
                          2001:678:16c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/3fae96-4aae-4544-bef2-c1d521166bec/1/OLkSoeqxjrcpdF6JeBOLJcRAd2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/3fae96-4aae-4544-bef2-c1d521166bec/1/OLkSoeqxjrcpdF6JeBOLJcRAd2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLkSoeqxjrcpdF6JeBOLJcRAd2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:6d:d4:74:2c:b2:b5:98:51:cc:ec:33:5c:dd:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b912a1eab18eb729745e8978138b25c4407761
        Validity
            Not Before: Jan  2 12:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86bafed9f9b7efc8dfc09dd28210e5a37203e345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c7:96:7e:0b:f3:65:7c:f0:ec:76:39:ce:37:
                    8e:59:8e:51:dd:c8:a0:7d:1c:2c:26:98:db:01:9d:
                    f9:cb:c8:68:1c:9b:d9:db:47:78:20:d8:d9:1e:13:
                    24:44:e1:5a:b6:f5:d6:44:1c:12:f5:6e:63:08:ee:
                    40:7b:53:db:ef:db:f1:2d:f1:15:69:aa:9e:5a:49:
                    09:80:59:10:45:da:92:86:9c:27:53:33:d3:a2:27:
                    a9:16:af:e5:f1:9f:ee:c6:4c:c4:ca:88:9a:96:5b:
                    c2:74:d0:2f:34:9d:26:4b:ed:ae:d9:1b:a5:15:83:
                    7c:06:eb:bc:50:a0:27:46:74:c2:f4:51:c8:e3:c6:
                    e4:3a:ae:3c:5c:3d:7a:09:77:d2:bd:3f:f2:0f:9e:
                    38:73:9f:4a:65:2e:dc:c5:93:8b:a6:ae:78:c2:3e:
                    31:50:83:24:0a:06:e0:56:41:73:ca:22:d4:28:4e:
                    63:82:84:fc:27:55:c0:14:26:e5:c0:2a:cb:e8:3f:
                    d2:95:3c:66:bd:6b:16:bf:66:d3:52:9e:1f:81:6d:
                    23:d8:90:9d:58:00:ce:28:14:77:1b:22:61:8f:37:
                    37:a3:ac:71:94:9d:d0:28:08:c9:48:72:5f:8e:f8:
                    a7:90:e1:06:b7:22:5e:fe:b4:62:ed:ec:f4:04:68:
                    3b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:BA:FE:D9:F9:B7:EF:C8:DF:C0:9D:D2:82:10:E5:A3:72:03:E3:45
            X509v3 Authority Key Identifier:
                keyid:38:B9:12:A1:EA:B1:8E:B7:29:74:5E:89:78:13:8B:25:C4:40:77:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLkSoeqxjrcpdF6JeBOLJcRAd2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/3fae96-4aae-4544-bef2-c1d521166bec/1/hrr-2fm378jfwJ3SghDlo3ID40U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/3fae96-4aae-4544-bef2-c1d521166bec/1/OLkSoeqxjrcpdF6JeBOLJcRAd2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.8.60.0/24
                IPv6:
                  2001:678:16c::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:e4:0f:5e:ee:2e:d9:21:1f:b1:b6:66:cf:b7:c2:a7:d8:6c:
         e8:dc:9d:82:06:c4:3c:c2:ad:9f:51:c7:4c:18:ba:83:29:04:
         5f:45:98:ec:37:eb:23:2b:d2:bb:97:13:28:4d:17:69:2e:87:
         32:bd:e6:89:68:04:41:1e:de:c0:4a:fe:81:8d:81:f2:7f:3c:
         b4:71:51:1b:42:14:ae:51:65:2d:38:2e:27:8a:0d:6b:d1:c6:
         8d:1f:49:7c:7c:8e:fc:1b:58:e4:ce:b9:1d:11:a9:7e:60:08:
         c7:f9:4e:0e:79:13:aa:67:1e:ba:8f:ad:04:9d:9b:09:50:4c:
         e3:dd:35:38:44:67:23:63:13:9b:d0:cf:c1:06:0e:e6:8e:89:
         12:d0:ec:aa:b4:8c:59:cb:4b:e3:53:85:98:a4:6f:2f:54:5d:
         88:48:2c:7d:b7:f1:72:4d:e4:15:03:79:f7:e7:e0:cd:78:73:
         65:6c:37:e9:4d:9b:4b:05:ca:f7:59:43:c1:01:79:40:03:61:
         23:d8:83:ea:7e:31:4a:ff:5b:50:44:f3:fb:bb:97:fd:0a:b5:
         c1:80:08:e8:90:6b:77:fd:b3:9e:bf:bf:9e:24:ec:6c:1f:d2:
         c7:2e:1a:98:f7:ae:15:23:4c:0b:70:2f:56:16:f4:ef:50:c1:
         b2:36:12:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKm3UdCyytZhRzOwzXN38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjkxMmExZWFiMThlYjcyOTc0NWU4OTc4MTM4YjI1YzQ0
MDc3NjEwHhcNMjQwMTAyMTIzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmJhZmVkOWY5YjdlZmM4ZGZjMDlkZDI4MjEwZTVhMzcyMDNlMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MeWfgvzZXzw7HY5zjeOWY5R3cig
fRwsJpjbAZ35y8hoHJvZ20d4INjZHhMkROFatvXWRBwS9W5jCO5Ae1Pb79vxLfEV
aaqeWkkJgFkQRdqShpwnUzPToiepFq/l8Z/uxkzEyoiallvCdNAvNJ0mS+2u2Rul
FYN8Buu8UKAnRnTC9FHI48bkOq48XD16CXfSvT/yD544c59KZS7cxZOLpq54wj4x
UIMkCgbgVkFzyiLUKE5jgoT8J1XAFCblwCrL6D/SlTxmvWsWv2bTUp4fgW0j2JCd
WADOKBR3GyJhjzc3o6xxlJ3QKAjJSHJfjvinkOEGtyJe/rRi7ez0BGg7qwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIa6/tn5t+/I38Cd0oIQ5aNyA+NFMB8GA1UdIwQY
MBaAFDi5EqHqsY63KXReiXgTiyXEQHdhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xrU29lcXhqcmNwZEY2SmVCT0xKY1JBZDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8zZmFlOTYtNGFhZS00NTQ0LWJlZjIt
YzFkNTIxMTY2YmVjLzEvaHJyLTJmbTM3OGpmd0ozU2doRGxvM0lENDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8zZmFlOTYtNGFhZS00NTQ0LWJlZjItYzFkNTIxMTY2YmVj
LzEvT0xrU29lcXhqcmNwZEY2SmVCT0xKY1JBZDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgg8MA8E
AgACMAkDBwAgAQZ4AWwwDQYJKoZIhvcNAQELBQADggEBAMjkD17uLtkhH7G2Zs+3
wqfYbOjcnYIGxDzCrZ9Rx0wYuoMpBF9FmOw36yMr0ruXEyhNF2kuhzK95oloBEEe
3sBK/oGNgfJ/PLRxURtCFK5RZS04LieKDWvRxo0fSXx8jvwbWOTOuR0RqX5gCMf5
Tg55E6pnHrqPrQSdmwlQTOPdNThEZyNjE5vQz8EGDuaOiRLQ7Kq0jFnLS+NThZik
by9UXYhILH238XJN5BUDeffn4M14c2VsN+lNm0sFyvdZQ8EBeUADYSPYg+p+MUr/
W1BE8/u7l/0KtcGACOiQa3f9s56/v54k7Gwf0scuGpj3rhUjTAtwL1YW9O9QwbI2
EqA=
-----END CERTIFICATE-----