Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/ba2bad-ed35-45c3-b84e-22bdef99bcea/1/H4ouBEYWLRgHDShrEZqA7Qr0IP8.roa
File:                     H4ouBEYWLRgHDShrEZqA7Qr0IP8.roa (raw, json)
Hash identifier:          7Vq4a6J+4AjNXALiCkOIJMJWZAEERpbOe2LJTLmBHbc=
Subject key identifier:   1F:8A:2E:04:46:16:2D:18:07:0D:28:6B:11:9A:80:ED:0A:F4:20:FF
Certificate issuer:       /CN=db4d52ab09b16d72f4c3e48cc4b49025d083676d
Certificate serial:       018CC2DB1FCBC4DD3DAB04645BB2C579D007
Authority key identifier: DB:4D:52:AB:09:B1:6D:72:F4:C3:E4:8C:C4:B4:90:25:D0:83:67:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/201SqwmxbXL0w-SMxLSQJdCDZ20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/ba2bad-ed35-45c3-b84e-22bdef99bcea/1/H4ouBEYWLRgHDShrEZqA7Qr0IP8.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197185
IP address blocks:        194.213.102.0/23 maxlen: 23
                          194.213.103.0/24 maxlen: 24
                          194.213.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/ba2bad-ed35-45c3-b84e-22bdef99bcea/1/201SqwmxbXL0w-SMxLSQJdCDZ20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/ba2bad-ed35-45c3-b84e-22bdef99bcea/1/201SqwmxbXL0w-SMxLSQJdCDZ20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/201SqwmxbXL0w-SMxLSQJdCDZ20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 22:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1f:cb:c4:dd:3d:ab:04:64:5b:b2:c5:79:d0:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db4d52ab09b16d72f4c3e48cc4b49025d083676d
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f8a2e0446162d18070d286b119a80ed0af420ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:74:a2:48:89:f7:1a:75:09:ee:c1:b3:00:ed:
                    e5:a7:84:cf:d8:52:d1:33:9b:c3:26:dd:cc:33:0c:
                    c2:e2:95:61:75:a5:ef:68:4b:68:1d:06:c9:5b:85:
                    d8:c7:1b:04:c2:19:3c:07:7b:37:f3:f6:95:a2:46:
                    8b:95:46:fb:b8:2d:72:7b:7f:38:46:ef:49:ba:64:
                    e6:12:52:97:de:0c:07:f2:27:46:58:6c:50:51:f4:
                    46:de:f2:e6:a7:38:b8:a2:29:5f:e5:f2:b0:0a:ba:
                    3d:ec:d1:60:c3:7d:3b:17:31:52:e7:0b:4a:f4:bb:
                    cb:6d:c1:da:c9:1f:bd:47:16:b3:d2:cd:51:b2:0d:
                    5b:0e:3c:62:9d:d7:b1:48:88:27:a1:db:25:24:6e:
                    ca:d1:e9:6d:1c:dc:91:55:5c:13:67:78:5a:49:bf:
                    8e:69:23:f5:d9:85:39:3c:9c:7e:d2:7b:c1:51:de:
                    d0:f8:94:d6:5a:43:27:d2:a1:ac:75:91:fc:55:ec:
                    df:28:c1:4d:a5:cc:ea:15:62:f1:cb:48:b8:fa:9b:
                    52:82:cb:cc:b1:a8:43:f9:a7:ee:12:ff:67:02:37:
                    b7:7c:7f:c8:d3:f9:9b:9f:fe:c1:b1:b7:f2:4e:f2:
                    8c:ad:c8:2a:29:81:9b:95:04:d5:fc:9e:85:6c:35:
                    88:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8A:2E:04:46:16:2D:18:07:0D:28:6B:11:9A:80:ED:0A:F4:20:FF
            X509v3 Authority Key Identifier:
                keyid:DB:4D:52:AB:09:B1:6D:72:F4:C3:E4:8C:C4:B4:90:25:D0:83:67:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/201SqwmxbXL0w-SMxLSQJdCDZ20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/ba2bad-ed35-45c3-b84e-22bdef99bcea/1/H4ouBEYWLRgHDShrEZqA7Qr0IP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/ba2bad-ed35-45c3-b84e-22bdef99bcea/1/201SqwmxbXL0w-SMxLSQJdCDZ20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:dc:18:9f:32:54:77:9d:85:1f:c3:22:0a:2e:ae:c1:d3:b9:
         42:a9:92:53:2c:9a:1f:c3:f4:7f:4e:95:4e:9e:f2:dc:e2:fc:
         7e:03:da:80:89:16:17:f2:5d:02:8e:ab:d5:38:e0:fc:38:08:
         e0:86:ff:1b:1d:80:8c:4a:62:be:c4:45:0e:8e:f9:5b:2c:75:
         3f:8f:b3:4e:9c:ff:dc:2f:0d:8e:3c:9c:de:a3:10:cf:f6:1b:
         03:25:cb:f7:52:9c:89:04:d5:1c:4f:e7:ad:65:5d:ad:48:cb:
         e4:93:12:c2:c2:97:87:7f:1c:06:48:b0:5c:40:56:1f:a5:68:
         67:97:4e:df:59:6a:2f:6c:cd:4e:49:e5:f0:85:99:b7:e9:30:
         fd:76:85:75:e6:f2:65:80:78:fa:81:3a:b0:fe:41:59:e9:8b:
         9a:91:9d:0d:7a:24:fe:ad:55:50:ab:96:ea:6b:dd:04:16:58:
         85:37:f4:a2:ef:85:85:17:ff:7d:42:c5:35:47:61:38:99:06:
         02:3a:aa:72:7d:7f:36:11:8e:43:3c:54:ba:e3:c1:50:dc:e9:
         1a:1b:d6:22:62:5d:e5:ae:28:15:84:38:91:e1:8a:25:b7:40:
         5e:0c:07:06:90:bf:1f:4f:40:15:18:1e:7c:bb:f8:03:3f:e7:
         ac:76:85:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2x/LxN09qwRkW7LFedAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiNGQ1MmFiMDliMTZkNzJmNGMzZTQ4Y2M0YjQ5MDI1ZDA4
MzY3NmQwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhhMmUwNDQ2MTYyZDE4MDcwZDI4NmIxMTlhODBlZDBhZjQyMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXSiSIn3GnUJ7sGzAO3lp4TP2FLR
M5vDJt3MMwzC4pVhdaXvaEtoHQbJW4XYxxsEwhk8B3s38/aVokaLlUb7uC1ye384
Ru9JumTmElKX3gwH8idGWGxQUfRG3vLmpzi4oilf5fKwCro97NFgw307FzFS5wtK
9LvLbcHayR+9Rxaz0s1Rsg1bDjxindexSIgnodslJG7K0eltHNyRVVwTZ3haSb+O
aSP12YU5PJx+0nvBUd7Q+JTWWkMn0qGsdZH8VezfKMFNpczqFWLxy0i4+ptSgsvM
sahD+afuEv9nAje3fH/I0/mbn/7BsbfyTvKMrcgqKYGblQTV/J6FbDWIrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+KLgRGFi0YBw0oaxGagO0K9CD/MB8GA1UdIwQY
MBaAFNtNUqsJsW1y9MPkjMS0kCXQg2dtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjAxU3F3bXhiWEwwdy1TTXhMU1FKZENEWjIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iYTJiYWQtZWQzNS00NWMzLWI4NGUt
MjJiZGVmOTliY2VhLzEvSDRvdUJFWVdMUmdIRFNockVacUE3UXIwSVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iYTJiYWQtZWQzNS00NWMzLWI4NGUtMjJiZGVmOTliY2Vh
LzEvMjAxU3F3bXhiWEwwdy1TTXhMU1FKZENEWjIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwtVmMA0G
CSqGSIb3DQEBCwUAA4IBAQAd3BifMlR3nYUfwyIKLq7B07lCqZJTLJofw/R/TpVO
nvLc4vx+A9qAiRYX8l0CjqvVOOD8OAjghv8bHYCMSmK+xEUOjvlbLHU/j7NOnP/c
Lw2OPJzeoxDP9hsDJcv3UpyJBNUcT+etZV2tSMvkkxLCwpeHfxwGSLBcQFYfpWhn
l07fWWovbM1OSeXwhZm36TD9doV15vJlgHj6gTqw/kFZ6YuakZ0NeiT+rVVQq5bq
a90EFliFN/Si74WFF/99QsU1R2E4mQYCOqpyfX82EY5DPFS648FQ3OkaG9YiYl3l
rigVhDiR4Yolt0BeDAcGkL8fT0AVGB58u/gDP+esdoUG
-----END CERTIFICATE-----