Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/HMD5b9WnzuPHD5baQXGlltJ3NgM.roa
File:                     HMD5b9WnzuPHD5baQXGlltJ3NgM.roa (raw, json)
Hash identifier:          DoWkGSlgoF+2QQGiu9aL1HgtX9tHoq2FnZy8zdRyGwc=
Subject key identifier:   1C:C0:F9:6F:D5:A7:CE:E3:C7:0F:96:DA:41:71:A5:96:D2:77:36:03
Certificate issuer:       /CN=7c722f85b31e765d8f77b692b5d2a84c111d805d
Certificate serial:       018CCA2A82232B28EE7D7AED4B80C4D9ADAC
Authority key identifier: 7C:72:2F:85:B3:1E:76:5D:8F:77:B6:92:B5:D2:A8:4C:11:1D:80:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/HMD5b9WnzuPHD5baQXGlltJ3NgM.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57167
IP address blocks:        84.246.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:82:23:2b:28:ee:7d:7a:ed:4b:80:c4:d9:ad:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c722f85b31e765d8f77b692b5d2a84c111d805d
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cc0f96fd5a7cee3c70f96da4171a596d2773603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d9:9a:e7:4a:74:3b:5c:1e:fc:51:19:31:2f:
                    bf:9a:5c:5b:7b:b7:6a:f8:28:f9:69:e6:2a:d9:a5:
                    80:72:48:16:e6:16:96:a6:b5:0a:e2:5a:fd:f6:2d:
                    b6:03:45:a4:d5:7a:80:85:b8:2f:38:cd:e3:ab:e6:
                    2b:54:91:1c:d3:db:f5:ae:73:84:c4:c9:d2:47:52:
                    83:68:49:b9:26:65:bb:2e:cf:1e:fd:37:1a:81:b6:
                    25:b3:7f:23:da:a9:a0:9a:0d:56:81:a1:69:63:77:
                    bc:66:02:1b:26:5c:52:82:c4:8b:05:73:e7:e5:b1:
                    9a:63:93:1e:0c:d4:d4:2c:73:bd:3a:57:ae:93:b5:
                    22:8e:2a:34:77:60:6a:3e:43:3b:91:96:1c:5a:af:
                    0f:ba:0f:a7:0a:ad:c1:38:d5:68:47:95:26:85:b0:
                    ca:70:5a:bd:b8:d4:c6:8b:62:6f:ae:54:40:93:0a:
                    79:7f:ec:f5:50:51:49:15:fc:ff:fc:03:4c:31:bd:
                    75:05:69:c6:bd:2e:98:a1:3b:8a:b6:0c:ba:aa:32:
                    74:7c:8c:89:11:14:b1:ac:9d:47:63:f9:94:4c:ad:
                    ad:3c:53:e0:ff:f1:56:2a:80:fa:cd:4d:4c:21:39:
                    c5:93:be:ea:67:e9:0a:e8:3d:ac:8a:16:ee:31:18:
                    62:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:C0:F9:6F:D5:A7:CE:E3:C7:0F:96:DA:41:71:A5:96:D2:77:36:03
            X509v3 Authority Key Identifier:
                keyid:7C:72:2F:85:B3:1E:76:5D:8F:77:B6:92:B5:D2:A8:4C:11:1D:80:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fHIvhbMedl2Pd7aStdKoTBEdgF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/HMD5b9WnzuPHD5baQXGlltJ3NgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/566246-ca2a-411b-aaf2-c682184d704d/1/fHIvhbMedl2Pd7aStdKoTBEdgF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.246.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:b5:3f:d5:e8:c4:88:65:5a:ef:06:24:3b:57:60:72:78:ca:
         6a:36:fd:52:39:6b:8b:a9:e3:d0:08:69:e0:70:e1:e8:46:e4:
         48:64:7b:13:98:15:5c:e0:f9:1b:c4:8d:2b:af:c4:42:45:0c:
         fb:4b:2f:ef:98:74:6e:4d:91:09:ed:52:10:c6:79:d7:47:a9:
         ee:b1:5c:78:37:a3:0c:15:fa:a9:f5:b4:ae:c5:68:1e:29:5d:
         12:39:4e:9a:82:ac:1a:73:54:50:91:24:f5:be:2d:da:80:72:
         1c:28:8f:54:09:91:d2:5d:9d:85:ca:ad:72:d6:5c:6e:0b:0a:
         d2:22:43:b0:30:44:6d:43:f0:78:5e:66:39:e5:88:0a:91:d9:
         ec:a8:46:73:16:b0:9b:27:ec:67:8b:0d:72:c0:38:26:b1:6e:
         e2:3c:07:99:d7:97:58:63:9e:f5:76:64:8e:e0:86:38:59:1c:
         5b:12:ae:eb:b5:02:3b:c7:50:86:86:ee:1a:3b:4c:e2:3f:81:
         50:49:59:0d:41:d2:d0:ad:7a:73:0b:79:b7:d8:cd:5d:48:64:
         70:94:25:15:ce:43:da:a9:d8:9a:00:74:b9:24:5e:03:ee:ce:
         65:9d:39:4c:9a:d8:f5:97:3b:62:fb:26:57:af:b2:dd:b2:3d:
         84:39:18:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoIjKyjufXrtS4DE2a2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNzIyZjg1YjMxZTc2NWQ4Zjc3YjY5MmI1ZDJhODRjMTEx
ZDgwNWQwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2MwZjk2ZmQ1YTdjZWUzYzcwZjk2ZGE0MTcxYTU5NmQyNzczNjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttma50p0O1we/FEZMS+/mlxbe7dq
+Cj5aeYq2aWAckgW5haWprUK4lr99i22A0Wk1XqAhbgvOM3jq+YrVJEc09v1rnOE
xMnSR1KDaEm5JmW7Ls8e/TcagbYls38j2qmgmg1WgaFpY3e8ZgIbJlxSgsSLBXPn
5bGaY5MeDNTULHO9Oleuk7Uijio0d2BqPkM7kZYcWq8Pug+nCq3BONVoR5UmhbDK
cFq9uNTGi2JvrlRAkwp5f+z1UFFJFfz//ANMMb11BWnGvS6YoTuKtgy6qjJ0fIyJ
ERSxrJ1HY/mUTK2tPFPg//FWKoD6zU1MITnFk77qZ+kK6D2sihbuMRhiawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBzA+W/Vp87jxw+W2kFxpZbSdzYDMB8GA1UdIwQY
MBaAFHxyL4WzHnZdj3e2krXSqEwRHYBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkhJdmhiTWVkbDJQZDdhU3RkS29UQkVkZ0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi81NjYyNDYtY2EyYS00MTFiLWFhZjIt
YzY4MjE4NGQ3MDRkLzEvSE1ENWI5V256dVBIRDViYVFYR2xsdEozTmdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi81NjYyNDYtY2EyYS00MTFiLWFhZjItYzY4MjE4NGQ3MDRk
LzEvZkhJdmhiTWVkbDJQZDdhU3RkS29UQkVkZ0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPZQMA0G
CSqGSIb3DQEBCwUAA4IBAQBktT/V6MSIZVrvBiQ7V2ByeMpqNv1SOWuLqePQCGng
cOHoRuRIZHsTmBVc4PkbxI0rr8RCRQz7Sy/vmHRuTZEJ7VIQxnnXR6nusVx4N6MM
Ffqp9bSuxWgeKV0SOU6agqwac1RQkST1vi3agHIcKI9UCZHSXZ2Fyq1y1lxuCwrS
IkOwMERtQ/B4XmY55YgKkdnsqEZzFrCbJ+xniw1ywDgmsW7iPAeZ15dYY571dmSO
4IY4WRxbEq7rtQI7x1CGhu4aO0ziP4FQSVkNQdLQrXpzC3m32M1dSGRwlCUVzkPa
qdiaAHS5JF4D7s5lnTlMmtj1lzti+yZXr7Ldsj2EORj/
-----END CERTIFICATE-----