Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/HKIMe6ASgaGYI2I37LeqHC_eTaA.roa
File:                     HKIMe6ASgaGYI2I37LeqHC_eTaA.roa (raw, json)
Hash identifier:          IOSyYCJQrXRdDQMZCzdT36XPyZ0m9Z6wT4Y4VZGr0Ng=
Subject key identifier:   1C:A2:0C:7B:A0:12:81:A1:98:23:62:37:EC:B7:AA:1C:2F:DE:4D:A0
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       018CC86F8FC183BC8526D25CCB3D40550E74
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/HKIMe6ASgaGYI2I37LeqHC_eTaA.roa
Signing time:             Tue 02 Jan 2024 04:30:03 +0000
ROA not before:           Tue 02 Jan 2024 04:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41376
IP address blocks:        87.246.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:8f:c1:83:bc:85:26:d2:5c:cb:3d:40:55:0e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Jan  2 04:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ca20c7ba01281a198236237ecb7aa1c2fde4da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:86:2c:34:51:e3:f8:e1:2b:64:12:1a:8c:5a:
                    6f:fa:95:c2:b0:df:d0:19:a4:4b:0a:d3:c7:a8:39:
                    c1:b4:58:30:0e:fd:0c:5a:24:f0:ab:4e:ff:19:3d:
                    9c:b6:59:7f:c3:23:4b:bd:bb:cc:1b:9b:7e:f8:e1:
                    e1:b9:50:e9:3f:ca:d9:95:12:60:83:3c:fe:dc:2e:
                    f6:aa:38:e1:de:43:e8:1c:4f:67:49:75:61:17:2c:
                    3a:ba:ed:81:8e:53:03:9d:e3:cb:12:ff:2c:7a:33:
                    12:54:a4:97:04:5c:27:fb:44:d8:ba:ef:65:e7:85:
                    4e:ba:4b:4e:10:0b:42:d1:8a:7a:44:2a:4e:9d:8d:
                    23:bd:b3:88:db:d2:d0:07:f6:5d:ff:0b:53:32:09:
                    79:98:bd:df:b2:9a:9e:b0:45:42:ea:e8:8c:e1:b8:
                    cb:2e:dc:b9:de:64:c0:43:4a:b3:76:7c:2e:d5:42:
                    80:fa:5b:d1:a2:90:ca:0f:39:a7:38:98:f7:be:86:
                    d0:6c:c1:d0:6a:3f:dd:ea:12:9e:19:47:87:8b:3b:
                    ce:e2:0a:5e:16:23:f1:95:ee:9a:74:89:de:ad:2d:
                    39:a1:ac:59:94:0c:01:c1:f7:95:58:1f:ee:5d:60:
                    09:8d:41:34:c0:22:35:fb:f8:b7:6e:10:b8:4f:2d:
                    8a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A2:0C:7B:A0:12:81:A1:98:23:62:37:EC:B7:AA:1C:2F:DE:4D:A0
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/HKIMe6ASgaGYI2I37LeqHC_eTaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:41:f0:3b:57:70:22:c6:23:7f:ad:8a:22:51:14:35:00:fa:
         05:a3:94:ef:64:17:5a:7f:53:7e:23:b8:0c:f7:01:f9:4c:4c:
         0f:7b:58:1e:64:d0:54:fa:7d:b5:78:b7:11:5c:a9:b2:7f:21:
         93:a4:7b:ff:67:d8:2f:7b:7b:90:93:05:f3:cd:84:5a:7a:7c:
         0f:f2:9d:da:fa:3e:c9:3e:ed:47:50:fb:04:0f:be:04:5d:51:
         ef:3a:85:05:89:72:d4:8e:3a:92:04:e6:b2:80:ff:dd:e3:38:
         2c:1f:f7:48:f3:a2:98:1f:04:a2:0d:6c:19:1f:52:38:a0:54:
         6a:4a:3d:2e:e6:7c:9d:c2:85:2b:45:3e:cc:de:1b:c7:bd:6a:
         c0:df:7c:15:14:75:e6:6d:a2:5a:41:eb:99:c3:82:92:5b:e3:
         74:ba:43:ad:db:d8:0e:e0:22:00:11:9e:25:8e:cc:5b:96:28:
         19:30:1f:61:4f:c1:3c:a9:08:81:6d:0c:a1:95:02:a3:76:b9:
         ae:f7:0a:28:35:e3:78:b8:d7:56:58:e9:bd:15:a7:98:ae:e9:
         00:f4:e0:d2:31:02:3f:1c:71:26:b1:87:05:12:db:21:6c:eb:
         0a:20:34:09:e3:f4:9e:d5:67:0e:37:ab:37:a0:0f:3b:4c:94:
         ee:70:42:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4/Bg7yFJtJcyz1AVQ50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQwMTAyMDQzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2EyMGM3YmEwMTI4MWExOTgyMzYyMzdlY2I3YWExYzJmZGU0ZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4YsNFHj+OErZBIajFpv+pXCsN/Q
GaRLCtPHqDnBtFgwDv0MWiTwq07/GT2ctll/wyNLvbvMG5t++OHhuVDpP8rZlRJg
gzz+3C72qjjh3kPoHE9nSXVhFyw6uu2BjlMDnePLEv8sejMSVKSXBFwn+0TYuu9l
54VOuktOEAtC0Yp6RCpOnY0jvbOI29LQB/Zd/wtTMgl5mL3fspqesEVC6uiM4bjL
Lty53mTAQ0qzdnwu1UKA+lvRopDKDzmnOJj3vobQbMHQaj/d6hKeGUeHizvO4gpe
FiPxle6adInerS05oaxZlAwBwfeVWB/uXWAJjUE0wCI1+/i3bhC4Ty2KOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFByiDHugEoGhmCNiN+y3qhwv3k2gMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvSEtJTWU2QVNnYUdZSTJJMzdMZXFIQ19lVGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/ahMA0G
CSqGSIb3DQEBCwUAA4IBAQBNQfA7V3AixiN/rYoiURQ1APoFo5TvZBdaf1N+I7gM
9wH5TEwPe1geZNBU+n21eLcRXKmyfyGTpHv/Z9gve3uQkwXzzYRaenwP8p3a+j7J
Pu1HUPsED74EXVHvOoUFiXLUjjqSBOaygP/d4zgsH/dI86KYHwSiDWwZH1I4oFRq
Sj0u5nydwoUrRT7M3hvHvWrA33wVFHXmbaJaQeuZw4KSW+N0ukOt29gO4CIAEZ4l
jsxbligZMB9hT8E8qQiBbQyhlQKjdrmu9wooNeN4uNdWWOm9FaeYrukA9ODSMQI/
HHEmsYcFEtshbOsKIDQJ4/Se1WcON6s3oA87TJTucEJK
-----END CERTIFICATE-----