Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/05f7c5-b21b-435e-8ebc-82a68118c752/1/HhghOSE3srGt1qy8oparLoODe0s.roa
File:                     HhghOSE3srGt1qy8oparLoODe0s.roa (raw, json)
Hash identifier:          hzPHBkxrwQ2wEzXa5xUrjuxiiPLRKtyS+NIMbJu6hM4=
Subject key identifier:   1E:18:21:39:21:37:B2:B1:AD:D6:AC:BC:A2:96:AB:2E:83:83:7B:4B
Certificate issuer:       /CN=f700bb591c02778819aea1f5b8f644167b3d7c2e
Certificate serial:       018CC425443989FA9B49C154282D412A0686
Authority key identifier: F7:00:BB:59:1C:02:77:88:19:AE:A1:F5:B8:F6:44:16:7B:3D:7C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9wC7WRwCd4gZrqH1uPZEFns9fC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/05f7c5-b21b-435e-8ebc-82a68118c752/1/HhghOSE3srGt1qy8oparLoODe0s.roa
Signing time:             Mon 01 Jan 2024 08:30:25 +0000
ROA not before:           Mon 01 Jan 2024 08:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209031
IP address blocks:        45.9.240.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/05f7c5-b21b-435e-8ebc-82a68118c752/1/9wC7WRwCd4gZrqH1uPZEFns9fC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/05f7c5-b21b-435e-8ebc-82a68118c752/1/9wC7WRwCd4gZrqH1uPZEFns9fC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9wC7WRwCd4gZrqH1uPZEFns9fC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 04:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:44:39:89:fa:9b:49:c1:54:28:2d:41:2a:06:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f700bb591c02778819aea1f5b8f644167b3d7c2e
        Validity
            Not Before: Jan  1 08:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e1821392137b2b1add6acbca296ab2e83837b4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0a:3c:85:d3:73:dd:07:71:f5:5c:07:19:93:
                    a8:fd:af:83:57:a7:e1:f1:b5:86:90:e1:9d:2d:5c:
                    39:24:77:49:60:a4:f4:8e:31:fc:df:86:5f:a4:a4:
                    e5:dc:19:7f:8f:10:68:dc:aa:c9:20:0a:87:33:ff:
                    96:67:d3:55:aa:e9:18:83:08:9c:9a:b0:78:d8:52:
                    ce:f6:10:50:24:0c:66:06:3e:cf:a3:6e:66:31:37:
                    42:1b:a7:53:f0:a0:24:1b:56:7d:52:c9:98:48:bb:
                    cd:04:42:6f:e9:e0:69:c0:8c:41:51:4c:2f:ae:78:
                    bd:cb:d8:51:4a:4e:e1:89:99:9b:b4:a9:6b:7f:35:
                    f5:fe:e9:39:ee:9d:ae:53:49:64:c3:d3:b1:21:6f:
                    f6:a7:b4:00:4b:2d:65:82:bf:fc:fa:77:e1:a1:08:
                    d7:36:fb:9a:95:1a:ba:33:b6:c6:59:bd:18:af:86:
                    3a:b7:21:c1:0c:8d:2b:f6:0a:c0:5c:2f:73:69:8e:
                    e4:4d:a3:60:d8:99:ea:fe:38:1e:b8:7e:bb:a8:03:
                    e1:2c:a9:42:74:e4:e6:16:94:a4:61:8e:cc:71:33:
                    96:e0:52:47:9b:0e:ae:26:27:ea:48:9f:d7:7e:c1:
                    bb:3e:81:4c:87:db:05:36:fa:f4:91:95:ba:6e:0a:
                    95:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:18:21:39:21:37:B2:B1:AD:D6:AC:BC:A2:96:AB:2E:83:83:7B:4B
            X509v3 Authority Key Identifier:
                keyid:F7:00:BB:59:1C:02:77:88:19:AE:A1:F5:B8:F6:44:16:7B:3D:7C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9wC7WRwCd4gZrqH1uPZEFns9fC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/05f7c5-b21b-435e-8ebc-82a68118c752/1/HhghOSE3srGt1qy8oparLoODe0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/05f7c5-b21b-435e-8ebc-82a68118c752/1/9wC7WRwCd4gZrqH1uPZEFns9fC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:44:5d:72:1d:8a:db:9e:ed:6b:b4:d0:57:04:dd:88:c9:79:
         10:15:a2:2a:a0:34:dc:85:d4:93:1d:cc:47:a6:29:05:0b:72:
         45:e2:e7:59:1c:bc:ed:89:93:c5:99:2d:e9:7f:04:c6:b5:d4:
         f5:d5:e7:aa:65:1a:4e:67:ad:48:67:b1:2e:45:2f:45:ae:42:
         49:40:7e:5e:6b:e2:f0:84:94:29:bd:1e:10:9e:fa:87:44:53:
         37:fd:25:ca:27:e2:ba:5c:f6:14:e1:ea:1c:e4:c1:62:2b:14:
         b5:54:18:a8:bb:10:98:20:48:b9:65:4d:e9:4b:d9:82:5e:7d:
         67:1a:5f:38:8f:dc:78:8f:01:56:7a:43:de:28:5f:eb:18:02:
         97:47:17:df:51:a1:31:ae:37:97:8a:e3:2c:6c:37:61:b7:0b:
         81:0e:4d:74:9f:19:4a:17:81:5c:26:e8:f3:9a:cd:e1:18:7c:
         3a:d3:4f:ad:c3:32:f2:d6:4c:8c:4b:d6:a7:cc:e1:b9:c7:d7:
         5d:af:16:0e:e5:ad:7d:6f:74:2e:99:a5:73:61:d2:3c:18:16:
         48:61:05:73:c7:e0:5a:4f:87:bf:ad:e8:db:ea:fd:d0:7c:09:
         fd:7b:32:51:59:00:44:d9:1e:fa:16:4b:4a:e6:f1:41:83:3b:
         a9:c3:f5:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUQ5ifqbScFUKC1BKgaGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MDBiYjU5MWMwMjc3ODgxOWFlYTFmNWI4ZjY0NDE2N2Iz
ZDdjMmUwHhcNMjQwMTAxMDgzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTE4MjEzOTIxMzdiMmIxYWRkNmFjYmNhMjk2YWIyZTgzODM3YjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wo8hdNz3Qdx9VwHGZOo/a+DV6fh
8bWGkOGdLVw5JHdJYKT0jjH834ZfpKTl3Bl/jxBo3KrJIAqHM/+WZ9NVqukYgwic
mrB42FLO9hBQJAxmBj7Po25mMTdCG6dT8KAkG1Z9UsmYSLvNBEJv6eBpwIxBUUwv
rni9y9hRSk7hiZmbtKlrfzX1/uk57p2uU0lkw9OxIW/2p7QASy1lgr/8+nfhoQjX
NvualRq6M7bGWb0Yr4Y6tyHBDI0r9grAXC9zaY7kTaNg2Jnq/jgeuH67qAPhLKlC
dOTmFpSkYY7McTOW4FJHmw6uJifqSJ/XfsG7PoFMh9sFNvr0kZW6bgqVQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4YITkhN7KxrdasvKKWqy6Dg3tLMB8GA1UdIwQY
MBaAFPcAu1kcAneIGa6h9bj2RBZ7PXwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXdDN1dSd0NkNGdacnFIMXVQWkVGbnM5ZkM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8wNWY3YzUtYjIxYi00MzVlLThlYmMt
ODJhNjgxMThjNzUyLzEvSGhnaE9TRTNzckd0MXF5OG9wYXJMb09EZTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8wNWY3YzUtYjIxYi00MzVlLThlYmMtODJhNjgxMThjNzUy
LzEvOXdDN1dSd0NkNGdacnFIMXVQWkVGbnM5ZkM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQnwMA0G
CSqGSIb3DQEBCwUAA4IBAQAmRF1yHYrbnu1rtNBXBN2IyXkQFaIqoDTchdSTHcxH
pikFC3JF4udZHLztiZPFmS3pfwTGtdT11eeqZRpOZ61IZ7EuRS9FrkJJQH5ea+Lw
hJQpvR4QnvqHRFM3/SXKJ+K6XPYU4eoc5MFiKxS1VBiouxCYIEi5ZU3pS9mCXn1n
Gl84j9x4jwFWekPeKF/rGAKXRxffUaExrjeXiuMsbDdhtwuBDk10nxlKF4FcJujz
ms3hGHw600+twzLy1kyMS9anzOG5x9ddrxYO5a19b3QumaVzYdI8GBZIYQVzx+Ba
T4e/rejb6v3QfAn9ezJRWQBE2R76FktK5vFBgzupw/Xy
-----END CERTIFICATE-----