Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/25e17b-824e-4e7d-b3e8-27b87bfbee7b/1/hbOKd48_O5kgb12UFtw5mwyxIrA.roa
File:                     hbOKd48_O5kgb12UFtw5mwyxIrA.roa (raw, json)
Hash identifier:          bcVbtkwyZd7Esqow1XPv6GvgWcfmItLEmjilfJJmgfA=
Subject key identifier:   85:B3:8A:77:8F:3F:3B:99:20:6F:5D:94:16:DC:39:9B:0C:B1:22:B0
Certificate issuer:       /CN=3432ba1c6d0b02befe68cc94ae9d2de3107a6046
Certificate serial:       018CC9B9C8E69FC399C04E40501F35E3D02E
Authority key identifier: 34:32:BA:1C:6D:0B:02:BE:FE:68:CC:94:AE:9D:2D:E3:10:7A:60:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDK6HG0LAr7-aMyUrp0t4xB6YEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/25e17b-824e-4e7d-b3e8-27b87bfbee7b/1/hbOKd48_O5kgb12UFtw5mwyxIrA.roa
Signing time:             Tue 02 Jan 2024 10:30:45 +0000
ROA not before:           Tue 02 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2119
IP address blocks:        193.218.207.0/28 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/25e17b-824e-4e7d-b3e8-27b87bfbee7b/1/NDK6HG0LAr7-aMyUrp0t4xB6YEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/25e17b-824e-4e7d-b3e8-27b87bfbee7b/1/NDK6HG0LAr7-aMyUrp0t4xB6YEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NDK6HG0LAr7-aMyUrp0t4xB6YEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b9:c8:e6:9f:c3:99:c0:4e:40:50:1f:35:e3:d0:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3432ba1c6d0b02befe68cc94ae9d2de3107a6046
        Validity
            Not Before: Jan  2 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85b38a778f3f3b99206f5d9416dc399b0cb122b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:18:22:6e:55:cb:0b:e0:7f:21:dc:36:af:8f:
                    13:52:36:68:2b:db:4a:bf:59:92:32:20:7a:45:76:
                    08:14:b1:07:d0:0d:c7:e1:b9:11:60:4c:49:cb:f3:
                    6f:1a:58:93:be:8f:3d:6a:c6:1d:e6:e1:8b:ee:60:
                    8d:cf:99:be:60:5a:72:f3:44:34:ac:c9:e9:27:5a:
                    a0:e4:87:1a:ef:09:34:94:ad:54:f2:e4:25:1e:cf:
                    6a:e6:00:29:28:37:b3:fb:00:e3:4f:65:ef:84:d6:
                    bf:58:f8:32:37:31:f7:18:0c:18:95:17:9c:b1:ef:
                    ce:5d:38:6c:14:72:b2:58:df:8a:5d:2e:68:b9:6d:
                    f9:54:ed:b0:83:96:f7:75:35:41:cc:fb:f7:d5:bb:
                    b1:f9:76:77:bb:44:48:86:9c:9d:25:09:f4:0f:7e:
                    db:60:97:be:92:5e:32:0a:da:7e:c1:15:7c:01:ba:
                    f4:bd:a4:88:a8:d6:c5:71:f1:fb:ac:4b:85:18:1f:
                    e2:a5:cc:07:f7:db:d7:2b:26:37:8a:6f:59:48:0e:
                    22:62:49:a2:ea:c2:d4:ae:4e:e0:d6:bf:41:56:76:
                    6d:4e:73:88:c1:79:93:c9:6d:fc:46:1e:78:50:22:
                    49:b8:ae:a6:01:52:8b:57:8e:0f:93:c0:5e:05:b3:
                    64:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B3:8A:77:8F:3F:3B:99:20:6F:5D:94:16:DC:39:9B:0C:B1:22:B0
            X509v3 Authority Key Identifier:
                keyid:34:32:BA:1C:6D:0B:02:BE:FE:68:CC:94:AE:9D:2D:E3:10:7A:60:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDK6HG0LAr7-aMyUrp0t4xB6YEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/25e17b-824e-4e7d-b3e8-27b87bfbee7b/1/hbOKd48_O5kgb12UFtw5mwyxIrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/25e17b-824e-4e7d-b3e8-27b87bfbee7b/1/NDK6HG0LAr7-aMyUrp0t4xB6YEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.207.0/28

    Signature Algorithm: sha256WithRSAEncryption
         44:9a:06:83:32:38:3d:d2:82:7f:3e:92:e8:46:d0:e5:b2:ad:
         a3:bd:1a:37:1f:b0:5e:af:06:43:9e:92:39:e6:f0:8e:fc:b2:
         53:2c:c7:9a:66:67:c2:ed:05:e6:1b:54:31:eb:a2:f7:dd:dc:
         5f:ce:4e:81:46:2f:d4:0c:03:ad:4b:1b:a6:3f:de:f7:a7:a1:
         93:72:25:7b:ea:79:a1:35:64:a5:14:b5:e8:8d:35:e9:13:dd:
         3f:74:93:46:5c:8f:a2:89:e8:0b:c8:a5:3b:27:c1:6e:97:22:
         7f:df:0b:c4:a5:fc:5d:43:e5:a3:e8:a4:6f:7b:a0:38:23:de:
         db:92:23:97:40:de:4d:fc:54:96:4f:8e:17:06:59:55:59:5a:
         d9:21:f7:c9:bd:a4:e9:3f:5c:93:d1:40:75:40:18:24:21:3b:
         7f:0d:2a:ae:0b:d4:ee:eb:45:3f:f7:e7:82:b5:e6:6c:f4:28:
         86:e5:e3:ba:43:3b:ea:52:ef:7d:70:49:ed:af:cc:f5:3d:ba:
         dc:73:a9:54:14:e9:e6:00:a8:97:b9:00:ef:db:0b:42:04:03:
         9a:d1:fb:21:ae:2f:85:81:e4:c1:ca:a0:24:d4:7c:bd:75:42:
         21:5f:71:9d:0d:51:62:d2:4e:32:6a:62:1c:d2:d2:b8:18:c6:
         3c:19:23:d2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJucjmn8OZwE5AUB8149AuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzJiYTFjNmQwYjAyYmVmZTY4Y2M5NGFlOWQyZGUzMTA3
YTYwNDYwHhcNMjQwMTAyMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWIzOGE3NzhmM2YzYjk5MjA2ZjVkOTQxNmRjMzk5YjBjYjEyMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRgiblXLC+B/Idw2r48TUjZoK9tK
v1mSMiB6RXYIFLEH0A3H4bkRYExJy/NvGliTvo89asYd5uGL7mCNz5m+YFpy80Q0
rMnpJ1qg5Ica7wk0lK1U8uQlHs9q5gApKDez+wDjT2XvhNa/WPgyNzH3GAwYlRec
se/OXThsFHKyWN+KXS5ouW35VO2wg5b3dTVBzPv31bux+XZ3u0RIhpydJQn0D37b
YJe+kl4yCtp+wRV8Abr0vaSIqNbFcfH7rEuFGB/ipcwH99vXKyY3im9ZSA4iYkmi
6sLUrk7g1r9BVnZtTnOIwXmTyW38Rh54UCJJuK6mAVKLV44Pk8BeBbNk+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIWzinePPzuZIG9dlBbcOZsMsSKwMB8GA1UdIwQY
MBaAFDQyuhxtCwK+/mjMlK6dLeMQemBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRLNkhHMExBcjctYU15VXJwMHQ0eEI2WUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8yNWUxN2ItODI0ZS00ZTdkLWIzZTgt
MjdiODdiZmJlZTdiLzEvaGJPS2Q0OF9PNWtnYjEyVUZ0dzVtd3l4SXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8yNWUxN2ItODI0ZS00ZTdkLWIzZTgtMjdiODdiZmJlZTdi
LzEvTkRLNkhHMExBcjctYU15VXJwMHQ0eEI2WUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUEwdrPADAN
BgkqhkiG9w0BAQsFAAOCAQEARJoGgzI4PdKCfz6S6EbQ5bKto70aNx+wXq8GQ56S
OebwjvyyUyzHmmZnwu0F5htUMeui993cX85OgUYv1AwDrUsbpj/e96ehk3Ile+p5
oTVkpRS16I016RPdP3STRlyPoonoC8ilOyfBbpcif98LxKX8XUPlo+ikb3ugOCPe
25Ijl0DeTfxUlk+OFwZZVVla2SH3yb2k6T9ck9FAdUAYJCE7fw0qrgvU7utFP/fn
grXmbPQohuXjukM76lLvfXBJ7a/M9T263HOpVBTp5gCol7kA79sLQgQDmtH7Ia4v
hYHkwcqgJNR8vXVCIV9xnQ1RYtJOMmpiHNLSuBjGPBkj0g==
-----END CERTIFICATE-----