Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HnculImD0WOBBpXfc7M6LSDg_Ps.roa
File:                     HnculImD0WOBBpXfc7M6LSDg_Ps.roa (raw, json)
Hash identifier:          iiKJSigwE1vXX9xEh+2/0UOC8M7wpYF/Lc2IKSvRtnA=
Subject key identifier:   1E:77:2E:94:89:83:D1:63:81:06:95:DF:73:B3:3A:2D:20:E0:FC:FB
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50130D2679FFB8B2AC9298C12F8B7C6
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HnculImD0WOBBpXfc7M6LSDg_Ps.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     268624
IP address blocks:        203.159.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:30:d2:67:9f:fb:8b:2a:c9:29:8c:12:f8:b7:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e772e948983d163810695df73b33a2d20e0fcfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ae:52:a3:57:ef:c1:70:c3:b9:35:4f:4a:19:
                    84:3a:5c:84:6f:2f:9a:4a:88:97:6a:1b:80:57:3d:
                    41:d7:d5:d2:9f:fc:02:39:56:fc:ea:f1:e5:98:f2:
                    dc:88:7d:d9:6a:38:3c:54:7c:92:b0:f7:1d:5a:19:
                    2e:d6:72:7a:ea:5a:9b:f8:af:28:3b:e5:d0:92:22:
                    4b:4b:5a:42:e4:92:88:4c:55:35:b8:4d:5d:c4:7f:
                    04:6f:ee:b2:41:e9:86:5b:d3:f6:d5:d5:1b:b1:a2:
                    1d:78:ba:78:ba:c6:28:8a:d9:71:8c:84:9f:18:e8:
                    26:e5:42:0f:fe:ee:41:fe:60:07:10:02:dc:f3:c7:
                    86:56:71:bc:76:5a:5d:1e:c6:96:97:cd:eb:7f:ef:
                    a7:91:fd:1f:47:e7:79:0c:45:1c:d0:28:4f:3b:12:
                    59:1e:c3:4d:6b:83:b4:6a:8b:e8:eb:39:da:18:4f:
                    09:48:88:19:63:0b:4d:30:b3:e6:23:aa:4b:12:df:
                    fe:83:e6:59:6d:af:42:03:22:0a:cb:c2:cc:bb:af:
                    ea:32:64:66:6c:1b:94:e4:23:58:43:bf:a8:bf:f8:
                    01:0c:e0:c2:1c:7a:69:aa:8b:b6:be:76:33:15:b7:
                    ad:2c:8c:e3:f0:45:a4:c0:a5:61:38:4e:90:a4:cf:
                    d5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:77:2E:94:89:83:D1:63:81:06:95:DF:73:B3:3A:2D:20:E0:FC:FB
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/HnculImD0WOBBpXfc7M6LSDg_Ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.159.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:0e:d3:75:15:b0:43:3a:bf:81:f6:bc:05:a2:b4:37:f8:6e:
         85:d6:bb:05:99:36:0f:d3:65:96:93:fc:fc:42:97:5a:bb:f1:
         61:c6:e9:f0:62:4c:66:b9:46:52:e9:bf:65:cd:ff:f5:7c:1c:
         8e:20:b3:e2:ab:48:aa:0f:6b:69:5b:d8:f9:50:93:cb:f3:3e:
         2a:5f:fd:01:fa:14:d8:55:77:b9:cf:db:c5:49:5d:9c:4e:b8:
         44:53:4b:37:60:c4:22:6e:fd:ad:3c:a6:bc:d6:00:af:13:9a:
         23:88:23:7b:f3:52:48:cd:4c:e3:77:79:c9:97:ac:3f:3a:93:
         f6:b5:c2:52:ad:af:3f:9b:7b:09:7b:35:81:98:82:76:09:28:
         7b:fc:e5:52:ab:68:07:f8:9b:35:3f:76:78:a9:94:4a:de:14:
         3e:3a:0d:bb:a9:1e:5f:26:8b:c7:b4:76:6d:2b:bd:d7:4a:8f:
         d5:08:c2:f9:4b:49:56:2e:58:26:ae:32:e1:a1:69:ec:80:54:
         49:49:2f:17:b6:93:ca:ac:78:c5:1e:bb:43:ac:41:f0:19:aa:
         f8:1a:b5:97:10:29:d4:14:7b:ef:22:27:dc:93:a9:fb:22:60:
         29:53:4a:6c:c9:77:6e:34:35:01:a2:83:bc:bf:e1:68:b8:4a:
         76:40:13:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATDSZ5/7iyrJKYwS+LfGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc3MmU5NDg5ODNkMTYzODEwNjk1ZGY3M2IzM2EyZDIwZTBmY2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1K5So1fvwXDDuTVPShmEOlyEby+a
SoiXahuAVz1B19XSn/wCOVb86vHlmPLciH3Zajg8VHySsPcdWhku1nJ66lqb+K8o
O+XQkiJLS1pC5JKITFU1uE1dxH8Eb+6yQemGW9P21dUbsaIdeLp4usYoitlxjISf
GOgm5UIP/u5B/mAHEALc88eGVnG8dlpdHsaWl83rf++nkf0fR+d5DEUc0ChPOxJZ
HsNNa4O0aovo6znaGE8JSIgZYwtNMLPmI6pLEt/+g+ZZba9CAyIKy8LMu6/qMmRm
bBuU5CNYQ7+ov/gBDODCHHppqou2vnYzFbetLIzj8EWkwKVhOE6QpM/VNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB53LpSJg9FjgQaV33OzOi0g4Pz7MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSG5jdWxJbUQwV09CQnBYZmM3TTZMU0RnX1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy59QMA0G
CSqGSIb3DQEBCwUAA4IBAQCYDtN1FbBDOr+B9rwForQ3+G6F1rsFmTYP02WWk/z8
Qpdau/FhxunwYkxmuUZS6b9lzf/1fByOILPiq0iqD2tpW9j5UJPL8z4qX/0B+hTY
VXe5z9vFSV2cTrhEU0s3YMQibv2tPKa81gCvE5ojiCN781JIzUzjd3nJl6w/OpP2
tcJSra8/m3sJezWBmIJ2CSh7/OVSq2gH+Js1P3Z4qZRK3hQ+Og27qR5fJovHtHZt
K73XSo/VCML5S0lWLlgmrjLhoWnsgFRJSS8XtpPKrHjFHrtDrEHwGar4GrWXECnU
FHvvIifck6n7ImApU0psyXduNDUBooO8v+FouEp2QBMn
-----END CERTIFICATE-----