Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/hDt-Q2ltgXfIO8Hr9k440_12t3g.roa
File:                     hDt-Q2ltgXfIO8Hr9k440_12t3g.roa (raw, json)
Hash identifier:          piWIuslqUAmsVrupi6JZ8/z++6T0cA3y0tOy0LqI4wQ=
Subject key identifier:   84:3B:7E:43:69:6D:81:77:C8:3B:C1:EB:F6:4E:38:D3:FD:76:B7:78
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018FE0E88C43EEA6368FC411821A39B993C6
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/hDt-Q2ltgXfIO8Hr9k440_12t3g.roa
Signing time:             Tue 04 Jun 2024 01:41:27 +0000
ROA not before:           Tue 04 Jun 2024 01:41:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214857
IP address blocks:        185.215.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e0:e8:8c:43:ee:a6:36:8f:c4:11:82:1a:39:b9:93:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jun  4 01:41:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=843b7e43696d8177c83bc1ebf64e38d3fd76b778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c0:57:cc:47:54:a1:6a:71:d4:52:f4:65:d5:
                    8c:35:eb:be:5a:15:4c:1a:0e:ec:4b:7f:d1:48:9d:
                    cd:b2:ec:f7:d8:5c:25:25:ec:43:a2:4d:47:ef:fa:
                    38:82:6a:f3:dd:9d:ce:19:74:f0:7c:d3:e4:cd:8c:
                    a2:ea:fe:d3:20:79:e9:8f:46:9f:d7:85:83:95:b5:
                    a9:cd:95:09:1e:60:0d:17:8e:9d:07:35:f7:68:45:
                    0b:b0:db:07:a2:31:3e:39:43:41:cd:e4:0d:c4:b0:
                    f4:a5:ac:3c:93:4a:a3:3f:e9:c3:70:36:86:3f:d0:
                    42:92:f3:83:b1:ed:c2:f9:3b:a1:06:72:9c:6c:52:
                    69:43:f3:3f:b2:e9:3c:ed:4a:db:c2:43:7d:d2:57:
                    13:94:c6:44:b3:9b:83:f1:3b:94:e0:eb:01:02:a3:
                    f8:d7:59:96:93:7a:df:0f:3b:31:8d:d5:6d:ef:a9:
                    ed:22:51:ae:13:1c:76:48:8e:b9:8e:4d:3f:7a:3a:
                    92:ef:a7:a8:ce:ec:a3:5e:81:b4:ce:a7:61:a2:4a:
                    af:5c:46:57:ba:bb:e5:dc:e6:c9:f2:5a:d3:ad:9f:
                    06:30:ed:c8:f2:1e:5f:e1:2e:b2:14:68:59:c8:cb:
                    44:15:f7:1c:f1:90:a5:9c:5f:80:30:f0:b8:0a:1d:
                    7c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3B:7E:43:69:6D:81:77:C8:3B:C1:EB:F6:4E:38:D3:FD:76:B7:78
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/hDt-Q2ltgXfIO8Hr9k440_12t3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.215.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:12:a4:63:2c:01:e0:8c:cb:10:a2:5d:cd:ca:15:2f:a6:32:
         37:ce:63:b2:33:04:00:78:27:de:79:f4:bf:29:40:cf:70:bb:
         87:46:42:b7:53:61:62:8f:de:e2:f2:1b:18:47:0e:1f:f4:c5:
         ea:38:7f:c1:45:27:46:3f:63:a9:d3:a1:f6:52:00:f2:cb:f5:
         f3:f4:eb:ed:ef:16:d8:32:ce:06:1e:a0:48:54:36:8a:43:47:
         c5:fa:7a:36:bb:82:dd:d1:f1:fa:53:47:ec:9c:50:0f:10:44:
         d8:32:02:f1:6f:ed:3d:a6:6a:d8:34:63:58:6f:70:70:6c:24:
         7a:97:de:2d:6f:b9:45:b5:d4:ba:20:1e:13:22:2e:90:ec:4c:
         da:68:37:9e:8a:4f:31:41:83:74:a2:12:f5:0d:32:f4:ca:df:
         9b:0e:e0:57:4e:f5:49:e6:a7:16:91:dc:14:5b:a8:37:08:a2:
         fb:e4:41:b2:f8:ee:ea:5d:1c:59:8b:ac:a1:c9:eb:f1:da:19:
         75:12:28:69:e9:35:d6:b9:43:3b:21:2e:8a:c2:50:29:1b:49:
         df:3d:b3:c7:ef:2e:28:e6:ba:6a:bc:5e:3d:42:2a:a3:3a:a5:
         81:36:87:99:5f:77:7f:f7:da:09:ed:c1:07:29:b5:7b:72:51:
         e7:05:4a:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/g6IxD7qY2j8QRgho5uZPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwNjA0MDE0MTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDNiN2U0MzY5NmQ4MTc3YzgzYmMxZWJmNjRlMzhkM2ZkNzZiNzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMBXzEdUoWpx1FL0ZdWMNeu+WhVM
Gg7sS3/RSJ3Nsuz32FwlJexDok1H7/o4gmrz3Z3OGXTwfNPkzYyi6v7TIHnpj0af
14WDlbWpzZUJHmANF46dBzX3aEULsNsHojE+OUNBzeQNxLD0paw8k0qjP+nDcDaG
P9BCkvODse3C+TuhBnKcbFJpQ/M/suk87UrbwkN90lcTlMZEs5uD8TuU4OsBAqP4
11mWk3rfDzsxjdVt76ntIlGuExx2SI65jk0/ejqS76eozuyjXoG0zqdhokqvXEZX
urvl3ObJ8lrTrZ8GMO3I8h5f4S6yFGhZyMtEFfcc8ZClnF+AMPC4Ch18VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQ7fkNpbYF3yDvB6/ZOONP9drd4MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvaER0LVEybHRnWGZJTzhIcjlrNDQwXzEydDNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudflMA0G
CSqGSIb3DQEBCwUAA4IBAQAaEqRjLAHgjMsQol3NyhUvpjI3zmOyMwQAeCfeefS/
KUDPcLuHRkK3U2Fij97i8hsYRw4f9MXqOH/BRSdGP2Op06H2UgDyy/Xz9Ovt7xbY
Ms4GHqBIVDaKQ0fF+no2u4Ld0fH6U0fsnFAPEETYMgLxb+09pmrYNGNYb3BwbCR6
l94tb7lFtdS6IB4TIi6Q7EzaaDeeik8xQYN0ohL1DTL0yt+bDuBXTvVJ5qcWkdwU
W6g3CKL75EGy+O7qXRxZi6yhyevx2hl1Eihp6TXWuUM7IS6KwlApG0nfPbPH7y4o
5rpqvF49QiqjOqWBNoeZX3d/99oJ7cEHKbV7clHnBUpk
-----END CERTIFICATE-----