Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/4923e9-4764-411c-8596-9f4429f3381e/1/HcoFNIlZ6uBUW19-ug2tvUEK7qA.roa
File:                     HcoFNIlZ6uBUW19-ug2tvUEK7qA.roa (raw, json)
Hash identifier:          DRXtWUcE5+q578i4hR1mN5bHB6TnUUkBdm47fq/SCPg=
Subject key identifier:   1D:CA:05:34:89:59:EA:E0:54:5B:5F:7E:BA:0D:AD:BD:41:0A:EE:A0
Certificate issuer:       /CN=39ce4c0abe2785d46a5571852170370423b5c59a
Certificate serial:       018CC94D1628F60429400C30071715CFCF0B
Authority key identifier: 39:CE:4C:0A:BE:27:85:D4:6A:55:71:85:21:70:37:04:23:B5:C5:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oc5MCr4nhdRqVXGFIXA3BCO1xZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/4923e9-4764-411c-8596-9f4429f3381e/1/HcoFNIlZ6uBUW19-ug2tvUEK7qA.roa
Signing time:             Tue 02 Jan 2024 08:32:01 +0000
ROA not before:           Tue 02 Jan 2024 08:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206276
IP address blocks:        91.103.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/4923e9-4764-411c-8596-9f4429f3381e/1/Oc5MCr4nhdRqVXGFIXA3BCO1xZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/4923e9-4764-411c-8596-9f4429f3381e/1/Oc5MCr4nhdRqVXGFIXA3BCO1xZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oc5MCr4nhdRqVXGFIXA3BCO1xZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:16:28:f6:04:29:40:0c:30:07:17:15:cf:cf:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39ce4c0abe2785d46a5571852170370423b5c59a
        Validity
            Not Before: Jan  2 08:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dca05348959eae0545b5f7eba0dadbd410aeea0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c8:0a:ec:92:f2:8d:55:e9:f9:65:23:46:1f:
                    e8:21:66:13:5b:7e:ae:06:4d:ef:a4:e0:da:55:d2:
                    88:c0:18:3b:a3:a6:1e:df:d2:5d:d9:5c:7e:dd:93:
                    93:5d:c9:0d:6e:22:44:e5:17:42:46:ef:c6:90:23:
                    eb:d9:19:90:ce:dc:59:3e:44:00:81:f8:fb:71:53:
                    51:5f:cd:0e:f1:09:02:20:dc:5d:f8:a0:61:6f:ba:
                    15:1e:5d:cc:a9:77:33:b5:ff:c7:1b:f2:30:d5:5f:
                    13:c0:4e:80:83:c2:56:3a:07:03:a2:73:8c:5c:6b:
                    b1:be:34:da:c2:68:91:68:10:72:eb:0a:0c:46:6d:
                    11:f8:68:ff:45:63:2b:55:d0:24:04:ee:a6:06:f7:
                    5d:52:75:8c:82:cc:57:d0:02:94:91:cd:39:9e:60:
                    5a:b1:29:1d:8e:e8:b7:2f:e6:c0:35:15:cd:a0:eb:
                    a7:86:22:51:01:d3:95:10:ee:36:06:6b:e1:3f:06:
                    ff:50:a5:b1:ef:d1:20:89:ed:13:de:f5:70:01:99:
                    9b:09:34:f0:d4:58:30:fc:67:c5:62:72:ae:96:50:
                    26:07:d4:58:ca:d6:1c:e2:70:55:e9:20:c6:e0:93:
                    66:22:a7:f5:d6:c4:d3:a8:b5:fc:bf:d7:37:a8:f6:
                    4f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:CA:05:34:89:59:EA:E0:54:5B:5F:7E:BA:0D:AD:BD:41:0A:EE:A0
            X509v3 Authority Key Identifier:
                keyid:39:CE:4C:0A:BE:27:85:D4:6A:55:71:85:21:70:37:04:23:B5:C5:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oc5MCr4nhdRqVXGFIXA3BCO1xZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/4923e9-4764-411c-8596-9f4429f3381e/1/HcoFNIlZ6uBUW19-ug2tvUEK7qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/4923e9-4764-411c-8596-9f4429f3381e/1/Oc5MCr4nhdRqVXGFIXA3BCO1xZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:5c:cd:86:6f:06:50:e7:0e:7e:f5:92:13:b1:99:8c:14:63:
         f6:cf:20:39:19:b6:69:b2:50:0f:f7:e7:b2:fe:8a:8f:da:44:
         c4:4e:72:4d:f9:01:f3:32:f4:d9:5c:d3:cf:75:6c:76:96:00:
         eb:e4:dd:10:dd:ca:4a:cc:6c:cc:dc:2b:cb:30:53:e2:a9:09:
         73:7e:c8:ef:58:6e:79:76:33:48:47:87:da:c9:ee:ab:21:fd:
         db:2b:d2:5a:8e:c5:b9:05:49:06:3f:86:37:a7:8a:11:fb:7f:
         15:26:19:9a:8d:14:84:ba:8a:b9:0d:66:6a:34:a6:b7:6f:68:
         ae:e1:36:b5:f3:4a:cc:1d:e7:3a:2f:76:8c:08:a0:be:b0:8d:
         72:63:6b:0d:88:85:bc:54:fc:7a:5a:56:09:36:16:8d:05:ec:
         9b:4e:aa:d3:45:82:7c:df:f7:f9:d9:a4:6e:89:24:b4:b3:84:
         f3:a2:95:c2:11:ed:46:94:56:28:0a:37:f9:16:56:0d:23:24:
         b8:e9:41:bf:9d:d7:e7:af:f5:a8:08:36:b2:4a:a2:88:37:1b:
         41:c5:59:ee:4b:0c:53:5d:0c:3c:fc:67:06:97:2a:5e:43:75:
         20:25:bf:43:a6:19:66:81:d6:69:21:95:fd:3b:1d:c7:07:40:
         04:ec:cd:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTRYo9gQpQAwwBxcVz88LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Y2U0YzBhYmUyNzg1ZDQ2YTU1NzE4NTIxNzAzNzA0MjNi
NWM1OWEwHhcNMjQwMTAyMDgzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGNhMDUzNDg5NTllYWUwNTQ1YjVmN2ViYTBkYWRiZDQxMGFlZWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8gK7JLyjVXp+WUjRh/oIWYTW36u
Bk3vpODaVdKIwBg7o6Ye39Jd2Vx+3ZOTXckNbiJE5RdCRu/GkCPr2RmQztxZPkQA
gfj7cVNRX80O8QkCINxd+KBhb7oVHl3MqXcztf/HG/Iw1V8TwE6Ag8JWOgcDonOM
XGuxvjTawmiRaBBy6woMRm0R+Gj/RWMrVdAkBO6mBvddUnWMgsxX0AKUkc05nmBa
sSkdjui3L+bANRXNoOunhiJRAdOVEO42BmvhPwb/UKWx79Egie0T3vVwAZmbCTTw
1Fgw/GfFYnKullAmB9RYytYc4nBV6SDG4JNmIqf11sTTqLX8v9c3qPZPuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3KBTSJWergVFtffroNrb1BCu6gMB8GA1UdIwQY
MBaAFDnOTAq+J4XUalVxhSFwNwQjtcWaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2M1TUNyNG5oZFJxVlhHRklYQTNCQ08xeFpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC80OTIzZTktNDc2NC00MTFjLTg1OTYt
OWY0NDI5ZjMzODFlLzEvSGNvRk5JbFo2dUJVVzE5LXVnMnR2VUVLN3FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC80OTIzZTktNDc2NC00MTFjLTg1OTYtOWY0NDI5ZjMzODFl
LzEvT2M1TUNyNG5oZFJxVlhHRklYQTNCQ08xeFpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2eXMA0G
CSqGSIb3DQEBCwUAA4IBAQCQXM2GbwZQ5w5+9ZITsZmMFGP2zyA5GbZpslAP9+ey
/oqP2kTETnJN+QHzMvTZXNPPdWx2lgDr5N0Q3cpKzGzM3CvLMFPiqQlzfsjvWG55
djNIR4faye6rIf3bK9JajsW5BUkGP4Y3p4oR+38VJhmajRSEuoq5DWZqNKa3b2iu
4Ta180rMHec6L3aMCKC+sI1yY2sNiIW8VPx6WlYJNhaNBeybTqrTRYJ83/f52aRu
iSS0s4TzopXCEe1GlFYoCjf5FlYNIyS46UG/ndfnr/WoCDaySqKINxtBxVnuSwxT
XQw8/GcGlypeQ3UgJb9DphlmgdZpIZX9Ox3HB0AE7M0P
-----END CERTIFICATE-----