Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/HUM76yTBPvT15zAP1eg5AsfRPHQ.roa
File:                     HUM76yTBPvT15zAP1eg5AsfRPHQ.roa (raw, json)
Hash identifier:          crSGWyZYrnujdKRAK1Vigmsxh7Rj54ZOeMx5mOfBbyE=
Subject key identifier:   1D:43:3B:EB:24:C1:3E:F4:F5:E7:30:0F:D5:E8:39:02:C7:D1:3C:74
Certificate issuer:       /CN=93a229e266b2558899f3547ee63d84ed6594768b
Certificate serial:       018CC2DB4DBE980FEB33CF6790918061F931
Authority key identifier: 93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/HUM76yTBPvT15zAP1eg5AsfRPHQ.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58110
IP address blocks:        45.88.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4d:be:98:0f:eb:33:cf:67:90:91:80:61:f9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a229e266b2558899f3547ee63d84ed6594768b
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d433beb24c13ef4f5e7300fd5e83902c7d13c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a0:3e:76:e5:d5:7f:02:1b:bd:23:69:cf:07:
                    f4:66:09:6b:e8:48:f2:10:44:c4:b2:f6:a3:05:03:
                    9e:59:c3:31:9c:fb:dc:2d:c8:ee:07:3d:f4:40:f4:
                    fc:66:cb:9c:05:75:bf:92:eb:e3:da:24:1f:77:5c:
                    a5:33:e1:a2:20:b2:9e:6b:d1:a6:15:06:c4:c0:b4:
                    0e:f1:a9:3d:b1:27:7e:b8:e3:12:79:74:e0:81:6d:
                    7c:f2:93:cd:cf:1e:1e:c4:ad:28:cd:af:e0:2f:0a:
                    9c:0e:1a:d9:dd:d6:ce:a0:3f:3c:bc:1b:2f:42:e0:
                    85:f7:c9:07:33:7b:ec:a7:15:cc:39:50:9b:eb:86:
                    e1:b6:f1:c3:dd:3b:31:34:54:70:8e:41:2c:d0:4c:
                    ff:94:eb:00:46:b8:c4:9b:ba:3b:cd:f0:b2:2b:7a:
                    12:e7:6a:3b:1a:9b:8a:64:3f:0c:05:7e:b6:ce:dd:
                    9c:dc:3c:c9:e0:1b:da:9a:2e:b0:0a:c7:31:9f:b8:
                    36:08:ad:b0:1c:eb:f6:54:51:fd:ee:1c:9c:4b:92:
                    44:b9:04:37:5f:de:b3:49:58:5c:19:bb:00:a2:89:
                    4e:0a:f7:c3:26:07:d2:72:74:d7:a3:02:59:e3:ae:
                    e7:10:7a:b5:c0:e2:05:9e:09:19:e3:97:e0:90:91:
                    d1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:43:3B:EB:24:C1:3E:F4:F5:E7:30:0F:D5:E8:39:02:C7:D1:3C:74
            X509v3 Authority Key Identifier:
                keyid:93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/HUM76yTBPvT15zAP1eg5AsfRPHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:23:6e:d3:04:b0:e8:5c:82:9f:21:1b:48:fa:53:47:62:63:
         e9:40:f5:d3:1f:d8:0d:9f:18:54:fe:8e:17:9c:cc:4e:4e:ce:
         a2:a7:6d:ed:02:0a:07:1b:15:da:39:f4:25:c9:bc:ae:b7:6d:
         f9:55:f5:63:b8:f5:b7:cd:f5:a2:cf:47:87:a3:09:f6:4d:3d:
         b0:47:23:2a:67:f8:fc:9c:22:dd:61:e9:9e:dd:8f:3d:ef:1c:
         4c:d6:22:25:16:49:4d:c8:e3:8e:04:1e:26:da:25:94:c0:85:
         cd:91:bc:d5:75:3f:77:08:d3:78:57:c8:d4:0a:51:2c:35:a7:
         ae:01:13:96:ab:5f:9e:9b:e9:9b:54:20:43:fb:02:24:9f:46:
         de:cb:f5:0a:c0:61:65:03:1e:b0:dd:31:9b:f5:58:83:ef:e6:
         8b:04:ba:91:4c:3e:a3:a9:56:f4:4e:74:f4:bc:a0:a1:06:a5:
         3a:4a:2f:fb:8d:2e:4f:aa:ed:32:ae:f7:23:c1:ca:96:1b:de:
         d4:4c:7d:ba:ff:5f:f3:91:7f:7e:7b:c4:e4:88:85:87:34:95:
         0b:cc:64:79:94:6b:0f:ca:c6:59:8a:61:7e:af:6b:80:e3:b4:
         66:3b:d2:cf:02:88:a2:c5:eb:41:f9:cc:39:63:f2:bc:b8:d5:
         55:05:ab:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC202+mA/rM89nkJGAYfkxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTIyOWUyNjZiMjU1ODg5OWYzNTQ3ZWU2M2Q4NGVkNjU5
NDc2OGIwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDQzM2JlYjI0YzEzZWY0ZjVlNzMwMGZkNWU4MzkwMmM3ZDEzYzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aA+duXVfwIbvSNpzwf0Zglr6Ejy
EETEsvajBQOeWcMxnPvcLcjuBz30QPT8ZsucBXW/kuvj2iQfd1ylM+GiILKea9Gm
FQbEwLQO8ak9sSd+uOMSeXTggW188pPNzx4exK0oza/gLwqcDhrZ3dbOoD88vBsv
QuCF98kHM3vspxXMOVCb64bhtvHD3TsxNFRwjkEs0Ez/lOsARrjEm7o7zfCyK3oS
52o7GpuKZD8MBX62zt2c3DzJ4Bvami6wCscxn7g2CK2wHOv2VFH97hycS5JEuQQ3
X96zSVhcGbsAoolOCvfDJgfScnTXowJZ467nEHq1wOIFngkZ45fgkJHRkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1DO+skwT709ecwD9XoOQLH0Tx0MB8GA1UdIwQY
MBaAFJOiKeJmslWImfNUfuY9hO1llHaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYt
NGQ3NzdjYWNkOWE0LzEvSFVNNzZ5VEJQdlQxNXpBUDFlZzVBc2ZSUEhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYtNGQ3NzdjYWNkOWE0
LzEvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVjKMA0G
CSqGSIb3DQEBCwUAA4IBAQBqI27TBLDoXIKfIRtI+lNHYmPpQPXTH9gNnxhU/o4X
nMxOTs6ip23tAgoHGxXaOfQlybyut235VfVjuPW3zfWiz0eHown2TT2wRyMqZ/j8
nCLdYeme3Y897xxM1iIlFklNyOOOBB4m2iWUwIXNkbzVdT93CNN4V8jUClEsNaeu
AROWq1+em+mbVCBD+wIkn0bey/UKwGFlAx6w3TGb9ViD7+aLBLqRTD6jqVb0TnT0
vKChBqU6Si/7jS5Pqu0yrvcjwcqWG97UTH26/1/zkX9+e8TkiIWHNJULzGR5lGsP
ysZZimF+r2uA47RmO9LPAoiixetB+cw5Y/K8uNVVBatK
-----END CERTIFICATE-----