Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/huUEZ_XmGpGyzbVMyLMohv0hHgc.roa
File:                     huUEZ_XmGpGyzbVMyLMohv0hHgc.roa (raw, json)
Hash identifier:          /gL1VnivQOaVZO41KNZWzSN35ipJpTx/suf3VVhNxss=
Subject key identifier:   86:E5:04:67:F5:E6:1A:91:B2:CD:B5:4C:C8:B3:28:86:FD:21:1E:07
Certificate issuer:       /CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
Certificate serial:       018CC56E7E45A4AD6AFEF4BD227D31DAB69E
Authority key identifier: 17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/huUEZ_XmGpGyzbVMyLMohv0hHgc.roa
Signing time:             Mon 01 Jan 2024 14:30:02 +0000
ROA not before:           Mon 01 Jan 2024 14:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211588
IP address blocks:        217.119.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:7e:45:a4:ad:6a:fe:f4:bd:22:7d:31:da:b6:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17b5042fc20d9bab1676e09af7ff1ba5bfadae75
        Validity
            Not Before: Jan  1 14:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86e50467f5e61a91b2cdb54cc8b32886fd211e07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b2:17:02:09:9f:40:01:a8:3e:2b:c5:63:ab:
                    56:83:09:11:b6:e1:7b:83:d4:9b:77:4a:d2:bd:87:
                    4d:0b:f6:10:07:56:cc:43:46:26:cd:17:53:75:89:
                    3d:9f:24:a4:a6:f5:c4:59:99:59:0f:09:ad:03:2b:
                    ed:63:de:cd:a2:d3:8a:c0:08:6d:6f:c1:cb:9f:99:
                    54:16:d2:2a:53:c9:7f:27:d9:48:e7:95:0a:30:1a:
                    28:dc:a1:b8:cb:d3:86:13:e3:44:4d:2d:74:61:0e:
                    b7:41:cc:d3:0b:03:74:01:ff:80:0c:ad:21:e8:af:
                    c3:ea:6a:5a:e7:87:34:d3:90:00:98:5a:4b:06:9c:
                    2e:6f:36:8c:9f:bb:0a:51:c2:31:bc:0d:fc:fb:e3:
                    dc:85:cd:d7:69:d1:79:c0:e5:4f:68:54:77:ef:a5:
                    05:56:56:23:cf:0c:3f:6a:b6:90:3d:f9:7c:0f:a1:
                    98:39:84:3f:f3:d8:49:ef:20:eb:d4:f8:89:81:dd:
                    f6:ef:03:93:f9:45:7b:77:a2:36:95:34:00:02:58:
                    bc:90:09:ef:3b:7c:b6:7a:84:34:28:a8:98:0f:c5:
                    72:c6:fc:08:c2:f2:c3:4a:75:84:25:bc:9d:39:75:
                    6d:63:5b:dc:0f:88:41:cf:74:a0:f9:8a:ba:3a:87:
                    5a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E5:04:67:F5:E6:1A:91:B2:CD:B5:4C:C8:B3:28:86:FD:21:1E:07
            X509v3 Authority Key Identifier:
                keyid:17:B5:04:2F:C2:0D:9B:AB:16:76:E0:9A:F7:FF:1B:A5:BF:AD:AE:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F7UEL8INm6sWduCa9_8bpb-trnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/huUEZ_XmGpGyzbVMyLMohv0hHgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/65e543-7e7a-4aab-ac74-bc6794e95e5a/1/F7UEL8INm6sWduCa9_8bpb-trnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.119.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:58:13:bc:ab:27:c2:6d:47:76:16:76:cb:00:28:95:6b:04:
         9e:dc:60:b5:02:6f:06:50:d0:3e:15:e2:5e:7d:5c:70:10:aa:
         02:f7:95:f8:05:86:e6:82:85:59:8f:67:19:ea:22:99:d4:5b:
         d0:0b:c5:54:a0:8a:95:df:2a:d8:93:de:67:d8:16:d7:f0:0c:
         c2:40:4b:81:4a:ae:3b:82:69:ef:0c:91:ca:09:3d:b0:60:33:
         7a:08:f3:42:d7:ca:d3:6e:07:47:11:ea:6d:a2:67:ec:80:f5:
         19:94:9f:46:42:72:1b:25:eb:92:3c:8b:e2:c1:26:bd:c7:e3:
         56:0d:bb:c2:90:6b:67:d0:15:af:e6:bf:92:0d:d4:15:60:27:
         e9:52:96:87:18:66:14:c0:30:40:4a:b7:f7:49:5d:04:ba:6c:
         a3:77:01:f2:c4:44:09:79:6c:5e:4f:31:e8:60:43:75:73:23:
         5a:5b:4d:90:d4:4f:f3:be:1d:9f:91:e9:80:b0:3d:0f:b5:68:
         d4:bf:97:a2:de:4c:86:db:1d:7d:31:88:9b:eb:e0:e9:0d:56:
         3c:c6:23:fe:25:1b:32:95:be:4b:44:a6:83:6f:13:82:22:bf:
         ca:26:9b:91:86:c6:c2:56:5a:14:a0:af:d0:58:b9:e6:90:14:
         6d:09:c5:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbn5FpK1q/vS9In0x2raeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3YjUwNDJmYzIwZDliYWIxNjc2ZTA5YWY3ZmYxYmE1YmZh
ZGFlNzUwHhcNMjQwMTAxMTQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmU1MDQ2N2Y1ZTYxYTkxYjJjZGI1NGNjOGIzMjg4NmZkMjExZTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7IXAgmfQAGoPivFY6tWgwkRtuF7
g9Sbd0rSvYdNC/YQB1bMQ0YmzRdTdYk9nySkpvXEWZlZDwmtAyvtY97NotOKwAht
b8HLn5lUFtIqU8l/J9lI55UKMBoo3KG4y9OGE+NETS10YQ63QczTCwN0Af+ADK0h
6K/D6mpa54c005AAmFpLBpwubzaMn7sKUcIxvA38++Pchc3XadF5wOVPaFR376UF
VlYjzww/araQPfl8D6GYOYQ/89hJ7yDr1PiJgd327wOT+UV7d6I2lTQAAli8kAnv
O3y2eoQ0KKiYD8VyxvwIwvLDSnWEJbydOXVtY1vcD4hBz3Sg+Yq6OodaqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIblBGf15hqRss21TMizKIb9IR4HMB8GA1UdIwQY
MBaAFBe1BC/CDZurFnbgmvf/G6W/ra51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQt
YmM2Nzk0ZTk1ZTVhLzEvaHVVRVpfWG1HcEd5emJWTXlMTW9odjBoSGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS82NWU1NDMtN2U3YS00YWFiLWFjNzQtYmM2Nzk0ZTk1ZTVh
LzEvRjdVRUw4SU5tNnNXZHVDYTlfOGJwYi10cm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XePMA0G
CSqGSIb3DQEBCwUAA4IBAQCsWBO8qyfCbUd2FnbLACiVawSe3GC1Am8GUNA+FeJe
fVxwEKoC95X4BYbmgoVZj2cZ6iKZ1FvQC8VUoIqV3yrYk95n2BbX8AzCQEuBSq47
gmnvDJHKCT2wYDN6CPNC18rTbgdHEeptomfsgPUZlJ9GQnIbJeuSPIviwSa9x+NW
DbvCkGtn0BWv5r+SDdQVYCfpUpaHGGYUwDBASrf3SV0EumyjdwHyxEQJeWxeTzHo
YEN1cyNaW02Q1E/zvh2fkemAsD0PtWjUv5ei3kyG2x19MYib6+DpDVY8xiP+JRsy
lb5LRKaDbxOCIr/KJpuRhsbCVloUoK/QWLnmkBRtCcUt
-----END CERTIFICATE-----