Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/HnwpkZA1kyMAdtSjz5Y2wzN7hpI.roa
File:                     HnwpkZA1kyMAdtSjz5Y2wzN7hpI.roa (raw, json)
Hash identifier:          BwhmHdqgenItpezNQ3J+iO2xUU9x6XDChzCvlgm3H1M=
Subject key identifier:   1E:7C:29:91:90:35:93:23:00:76:D4:A3:CF:96:36:C3:33:7B:86:92
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       018CC86F0606DA492949D7FAC1E39F9E0D2A
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/HnwpkZA1kyMAdtSjz5Y2wzN7hpI.roa
Signing time:             Tue 02 Jan 2024 04:29:28 +0000
ROA not before:           Tue 02 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        91.188.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:06:06:da:49:29:49:d7:fa:c1:e3:9f:9e:0d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e7c2991903593230076d4a3cf9636c3337b8692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:68:3a:1b:16:13:56:7e:c5:62:ea:b6:6d:43:
                    da:99:cd:bf:bd:91:1c:c4:42:44:5d:62:3d:1c:9c:
                    b1:40:c7:ab:a1:e1:0b:bc:7f:4c:f2:2d:0d:db:0b:
                    c1:37:20:b8:30:91:d6:72:59:3b:4f:71:3f:95:3f:
                    2a:67:9e:36:e4:80:e8:43:6b:53:88:f2:48:a3:9e:
                    c5:9c:6d:f0:5a:f3:85:75:b7:2e:03:e2:e0:94:d7:
                    b6:f5:76:c1:a2:a0:e0:ef:67:21:ca:a1:c1:4e:9d:
                    54:23:a1:41:ce:54:2d:5a:3f:b3:f1:c3:cd:1c:fb:
                    08:69:f3:b1:b7:4c:06:51:d2:f9:12:db:28:1a:4b:
                    f6:33:7f:95:a8:d3:11:a0:24:63:4d:44:e3:44:0f:
                    7c:a2:ee:d0:70:71:8b:8f:70:71:46:12:20:fd:34:
                    0e:9d:f5:cb:88:54:ad:ee:75:d0:67:08:dc:fb:eb:
                    cc:ef:d8:71:c4:41:31:42:65:74:c8:70:2a:89:cd:
                    d3:b3:e3:29:f4:d6:3d:f4:16:b8:f0:d6:f7:cb:41:
                    6c:54:7b:a1:2b:c8:f5:00:bf:d2:12:5d:72:cb:20:
                    69:d8:32:61:ac:8d:f3:92:6e:e1:57:b3:f6:74:83:
                    5d:ac:eb:e9:62:4a:97:a8:d3:73:7e:e4:d2:4b:70:
                    ee:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:7C:29:91:90:35:93:23:00:76:D4:A3:CF:96:36:C3:33:7B:86:92
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/HnwpkZA1kyMAdtSjz5Y2wzN7hpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:17:5d:46:2c:44:a9:9b:5f:51:a5:18:65:08:ad:96:7a:3f:
         ab:47:9c:52:7c:87:38:ba:f3:b2:36:3f:77:de:93:c2:f7:26:
         76:f7:45:60:97:5b:ea:5c:85:6c:b3:3f:c2:f5:11:11:e1:26:
         4c:1f:27:63:b5:5e:5c:fd:63:5f:65:26:57:9f:7b:3a:9b:38:
         be:03:b7:20:98:cd:38:61:26:a1:11:55:61:fb:cd:02:b0:5c:
         8c:00:dd:0e:ca:94:6d:45:d9:d0:00:1c:78:44:ad:1f:0c:20:
         0e:30:74:0a:ef:ce:05:f7:0b:bd:6b:3d:59:a4:47:39:4b:ff:
         19:dc:48:30:2b:e0:de:72:e8:8a:81:ae:08:36:56:c9:3f:5e:
         7f:51:90:d6:33:67:07:28:72:44:43:83:84:42:b5:c6:cf:8e:
         c7:46:0a:11:5c:26:1c:a2:a0:03:e5:9a:e5:2c:49:6d:d3:49:
         57:23:b0:7d:5d:4c:c2:c6:63:37:e4:0c:74:68:d4:d3:e4:47:
         df:4d:06:0b:f7:e6:1e:12:86:78:46:68:ef:95:e8:8e:36:b9:
         3c:7b:85:0f:f0:c1:9c:d4:bf:f1:42:90:60:07:ad:19:49:63:
         ed:e9:08:9c:0d:ac:75:2d:30:f6:aa:61:7e:8b:76:3b:fd:e0:
         41:b6:25:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbwYG2kkpSdf6weOfng0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjQwMTAyMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTdjMjk5MTkwMzU5MzIzMDA3NmQ0YTNjZjk2MzZjMzMzN2I4NjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12g6GxYTVn7FYuq2bUPamc2/vZEc
xEJEXWI9HJyxQMeroeELvH9M8i0N2wvBNyC4MJHWclk7T3E/lT8qZ5425IDoQ2tT
iPJIo57FnG3wWvOFdbcuA+LglNe29XbBoqDg72chyqHBTp1UI6FBzlQtWj+z8cPN
HPsIafOxt0wGUdL5EtsoGkv2M3+VqNMRoCRjTUTjRA98ou7QcHGLj3BxRhIg/TQO
nfXLiFSt7nXQZwjc++vM79hxxEExQmV0yHAqic3Ts+Mp9NY99Ba48Nb3y0FsVHuh
K8j1AL/SEl1yyyBp2DJhrI3zkm7hV7P2dINdrOvpYkqXqNNzfuTSS3DuPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB58KZGQNZMjAHbUo8+WNsMze4aSMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvSG53cGtaQTFreU1BZHRTano1WTJ3ek43aHBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7z/MA0G
CSqGSIb3DQEBCwUAA4IBAQCOF11GLESpm19RpRhlCK2Wej+rR5xSfIc4uvOyNj93
3pPC9yZ290Vgl1vqXIVssz/C9RER4SZMHydjtV5c/WNfZSZXn3s6mzi+A7cgmM04
YSahEVVh+80CsFyMAN0OypRtRdnQABx4RK0fDCAOMHQK784F9wu9az1ZpEc5S/8Z
3EgwK+DecuiKga4INlbJP15/UZDWM2cHKHJEQ4OEQrXGz47HRgoRXCYcoqAD5Zrl
LElt00lXI7B9XUzCxmM35Ax0aNTT5EffTQYL9+YeEoZ4RmjvleiONrk8e4UP8MGc
1L/xQpBgB60ZSWPt6QicDax1LTD2qmF+i3Y7/eBBtiWl
-----END CERTIFICATE-----