Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/hvo5_2FoKUXY_IENyiMS7ul5Hac.roa
File:                     hvo5_2FoKUXY_IENyiMS7ul5Hac.roa (raw, json)
Hash identifier:          5px8H2fkM0rNr0omRDExcTE37/mGlCQUblFEVZ5lrig=
Subject key identifier:   86:FA:39:FF:61:68:29:45:D8:FC:81:0D:CA:23:12:EE:E9:79:1D:A7
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       018F58B26421E7F3BDEF4D8EF4E9E369D3BD
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/hvo5_2FoKUXY_IENyiMS7ul5Hac.roa
Signing time:             Wed 08 May 2024 14:53:56 +0000
ROA not before:           Wed 08 May 2024 14:53:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        185.11.142.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:58:b2:64:21:e7:f3:bd:ef:4d:8e:f4:e9:e3:69:d3:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: May  8 14:53:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86fa39ff61682945d8fc810dca2312eee9791da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c8:9d:7c:c4:b4:11:e7:3d:d1:dd:3e:bf:e9:
                    70:36:34:d1:26:ab:09:82:f2:26:34:4a:f8:ee:57:
                    e7:ef:00:6d:e4:46:ea:57:0d:51:eb:30:47:0e:28:
                    49:c5:24:00:ef:4e:08:f0:70:75:55:93:f1:0c:19:
                    84:cf:bf:cd:78:a1:2f:ee:09:0b:a3:3c:94:04:e5:
                    27:a3:dc:da:3d:e6:4f:b2:06:aa:08:18:a3:aa:4d:
                    76:3f:1a:2d:7c:90:56:6b:6a:9d:f6:af:91:d1:4a:
                    fe:5d:58:87:c6:0a:ae:1f:0a:17:4a:25:47:c9:3c:
                    d2:96:76:c3:1b:fc:c0:d0:08:33:c6:d0:a5:d9:bd:
                    bc:c1:7e:56:8e:33:7a:a3:f6:8d:eb:40:f7:aa:24:
                    a4:0d:fc:e9:85:be:f8:59:8c:83:9d:17:70:77:69:
                    b3:63:d7:3c:55:95:c8:42:22:16:12:73:28:4e:fe:
                    8f:8f:01:7d:2b:9b:be:3a:6b:56:37:32:fc:71:94:
                    4b:88:5a:67:fc:1c:5c:4f:dc:24:ea:dc:fe:01:e9:
                    f3:69:83:03:1f:f1:6f:bb:ef:cf:ba:41:d9:2d:e4:
                    75:ae:e2:29:17:fd:ba:da:fe:34:c9:84:9c:3b:ae:
                    e4:63:91:dc:de:b5:1a:2a:66:1b:07:b2:e3:1d:96:
                    d0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:FA:39:FF:61:68:29:45:D8:FC:81:0D:CA:23:12:EE:E9:79:1D:A7
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/hvo5_2FoKUXY_IENyiMS7ul5Hac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.11.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:ec:bc:35:7b:7e:64:e0:0c:f6:8a:6d:d0:ef:c6:c0:1f:38:
         78:61:9b:a6:b9:45:d8:de:87:f2:30:ad:eb:d2:9f:b1:ff:51:
         25:d9:52:87:5d:87:50:8f:c7:6c:a5:d8:7e:18:53:18:3e:20:
         4f:77:85:bb:d8:c5:94:9d:1f:3c:fa:75:8b:2f:57:08:27:fc:
         14:49:0f:a3:a9:ae:41:e5:5d:2b:c6:90:69:dc:ac:06:55:f8:
         b3:53:bf:cc:c0:27:5c:33:a2:80:fd:13:12:fd:68:53:92:8a:
         89:bd:a1:a1:83:51:9a:fd:e5:87:d9:65:8a:c7:5f:03:98:a7:
         2b:b6:6d:b6:78:e4:34:09:ed:40:18:66:cb:d9:ca:ad:86:26:
         ed:f0:34:3e:b7:ab:66:58:a6:86:37:43:03:aa:85:63:64:a6:
         b8:dc:88:bd:4a:96:42:98:65:7e:28:7e:21:f6:10:71:4a:f8:
         c7:9c:99:e6:bc:52:67:1f:a9:6d:4a:af:c6:0b:04:d1:10:89:
         a8:aa:8b:5e:00:66:71:a8:08:bf:3a:60:ec:37:a6:3c:89:d1:
         57:17:88:31:74:e7:7a:92:a1:65:2c:d2:52:77:64:76:13:8e:
         57:d6:78:7d:92:3d:bd:ae:8d:34:d3:0e:c7:82:62:87:3f:23:
         e4:5b:03:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9YsmQh5/O9702O9OnjadO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjQwNTA4MTQ1MzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmZhMzlmZjYxNjgyOTQ1ZDhmYzgxMGRjYTIzMTJlZWU5NzkxZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMidfMS0Eec90d0+v+lwNjTRJqsJ
gvImNEr47lfn7wBt5EbqVw1R6zBHDihJxSQA704I8HB1VZPxDBmEz7/NeKEv7gkL
ozyUBOUno9zaPeZPsgaqCBijqk12PxotfJBWa2qd9q+R0Ur+XViHxgquHwoXSiVH
yTzSlnbDG/zA0AgzxtCl2b28wX5WjjN6o/aN60D3qiSkDfzphb74WYyDnRdwd2mz
Y9c8VZXIQiIWEnMoTv6PjwF9K5u+OmtWNzL8cZRLiFpn/BxcT9wk6tz+AenzaYMD
H/Fvu+/PukHZLeR1ruIpF/262v40yYScO67kY5Hc3rUaKmYbB7LjHZbQeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb6Of9haClF2PyBDcojEu7peR2nMB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvaHZvNV8yRm9LVVhZX0lFTnlpTVM3dWw1SGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQuOMA0G
CSqGSIb3DQEBCwUAA4IBAQBO7Lw1e35k4Az2im3Q78bAHzh4YZumuUXY3ofyMK3r
0p+x/1El2VKHXYdQj8dspdh+GFMYPiBPd4W72MWUnR88+nWLL1cIJ/wUSQ+jqa5B
5V0rxpBp3KwGVfizU7/MwCdcM6KA/RMS/WhTkoqJvaGhg1Ga/eWH2WWKx18DmKcr
tm22eOQ0Ce1AGGbL2cqthibt8DQ+t6tmWKaGN0MDqoVjZKa43Ii9SpZCmGV+KH4h
9hBxSvjHnJnmvFJnH6ltSq/GCwTREImoqoteAGZxqAi/OmDsN6Y8idFXF4gxdOd6
kqFlLNJSd2R2E45X1nh9kj29ro000w7HgmKHPyPkWwOb
-----END CERTIFICATE-----