Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HCGOvR2IFIulqK7x_RgHm2WmwEQ.roa
File:                     HCGOvR2IFIulqK7x_RgHm2WmwEQ.roa (raw, json)
Hash identifier:          tzWBjKbSCsLvCvpRTVNPlcXjkVfyR5TXbLfCjtVdQbI=
Subject key identifier:   1C:21:8E:BD:1D:88:14:8B:A5:A8:AE:F1:FD:18:07:9B:65:A6:C0:44
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC727696BAC6E2FF77A35B23E8768AD45
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HCGOvR2IFIulqK7x_RgHm2WmwEQ.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198591
IP address blocks:        78.133.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:69:6b:ac:6e:2f:f7:7a:35:b2:3e:87:68:ad:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c218ebd1d88148ba5a8aef1fd18079b65a6c044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:56:78:6e:22:0f:43:34:1c:0b:67:73:85:6b:
                    2e:42:05:99:4e:ff:44:b5:3c:52:35:2b:bc:30:fb:
                    90:27:88:56:15:bf:26:76:b3:e0:ec:fc:73:a4:d7:
                    ba:f1:4a:9a:b3:25:54:90:41:ab:89:0b:e6:d9:87:
                    0d:1a:17:8c:f9:a9:df:89:62:54:2c:4e:3e:4b:7a:
                    04:ce:8a:0b:4e:a4:4b:ed:13:ba:15:e4:fa:f3:e7:
                    4c:34:11:c8:51:9f:2d:b1:ba:84:13:de:57:5a:38:
                    03:cc:43:31:91:b8:5a:5a:36:52:0a:2f:91:6d:45:
                    e3:37:e4:8c:5a:38:a4:0d:10:ce:ff:1a:90:b9:27:
                    b7:a5:79:15:c6:91:35:51:be:dd:2f:66:2c:cb:e7:
                    b9:cd:f2:2c:96:63:ee:a2:fb:ed:e3:bb:57:91:37:
                    5c:2b:b2:72:06:7f:87:cf:52:1c:e9:2c:72:79:96:
                    9c:2f:cc:8b:0b:17:19:c4:29:f5:a7:ac:6b:0d:ea:
                    4d:40:70:9c:30:13:dc:d5:d2:12:c2:12:7b:80:e6:
                    ca:d6:f5:0e:cc:43:3f:87:83:53:a4:dd:37:b2:e0:
                    10:0d:ef:fa:53:ad:c2:7b:53:53:ee:22:32:73:89:
                    a4:2c:fa:08:89:ee:b1:16:fd:51:29:03:a8:b0:19:
                    15:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:21:8E:BD:1D:88:14:8B:A5:A8:AE:F1:FD:18:07:9B:65:A6:C0:44
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/HCGOvR2IFIulqK7x_RgHm2WmwEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.133.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:e3:fb:46:5e:87:2c:52:9b:3f:d5:f6:0e:bb:b2:79:55:25:
         95:2e:04:6c:81:4c:5e:16:1b:e2:5c:ff:75:37:73:25:96:d3:
         f3:7d:24:02:03:f9:11:81:aa:a8:99:5d:ba:43:4e:26:97:d9:
         b1:e9:c3:9c:54:6c:21:ab:32:ac:8b:83:33:42:a8:e5:cf:cd:
         bf:f4:82:14:0f:da:aa:f2:36:61:4d:f9:1c:7b:8a:95:95:d0:
         5b:0d:ed:1e:8a:cc:4c:e1:20:ec:2d:62:c4:66:41:9b:5b:76:
         33:5c:2f:d7:ae:0e:7c:c2:49:e4:27:e7:4c:c6:95:a9:e5:21:
         71:e3:57:0a:d6:05:38:d8:cf:19:cc:13:1a:9c:69:bc:eb:b8:
         99:6e:a5:9d:96:83:f1:ef:fb:a8:82:a5:40:69:d7:6b:a2:14:
         59:b5:65:06:2a:68:80:19:d5:f6:38:6d:4c:12:8b:b6:17:a5:
         45:55:cf:60:58:11:51:01:5e:95:64:b9:2b:8f:ef:1c:23:76:
         f6:67:ee:70:86:77:05:6a:8a:bc:42:87:29:07:dc:3a:0b:1b:
         2d:c3:d1:93:fe:f3:54:2b:83:1f:90:32:6f:fd:76:1a:66:a9:
         9e:78:05:d2:7b:6f:d9:55:16:02:63:de:42:c8:49:0a:94:d2:
         37:9f:d1:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2lrrG4v93o1sj6HaK1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIxOGViZDFkODgxNDhiYTVhOGFlZjFmZDE4MDc5YjY1YTZjMDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVZ4biIPQzQcC2dzhWsuQgWZTv9E
tTxSNSu8MPuQJ4hWFb8mdrPg7PxzpNe68UqasyVUkEGriQvm2YcNGheM+anfiWJU
LE4+S3oEzooLTqRL7RO6FeT68+dMNBHIUZ8tsbqEE95XWjgDzEMxkbhaWjZSCi+R
bUXjN+SMWjikDRDO/xqQuSe3pXkVxpE1Ub7dL2Ysy+e5zfIslmPuovvt47tXkTdc
K7JyBn+Hz1Ic6SxyeZacL8yLCxcZxCn1p6xrDepNQHCcMBPc1dISwhJ7gObK1vUO
zEM/h4NTpN03suAQDe/6U63Ce1NT7iIyc4mkLPoIie6xFv1RKQOosBkV5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwhjr0diBSLpaiu8f0YB5tlpsBEMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvSENHT3ZSMklGSXVscUs3eF9SZ0htMldtd0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToX2MA0G
CSqGSIb3DQEBCwUAA4IBAQAc4/tGXocsUps/1fYOu7J5VSWVLgRsgUxeFhviXP91
N3MlltPzfSQCA/kRgaqomV26Q04ml9mx6cOcVGwhqzKsi4MzQqjlz82/9IIUD9qq
8jZhTfkce4qVldBbDe0eisxM4SDsLWLEZkGbW3YzXC/Xrg58wknkJ+dMxpWp5SFx
41cK1gU42M8ZzBManGm867iZbqWdloPx7/uogqVAaddrohRZtWUGKmiAGdX2OG1M
Eou2F6VFVc9gWBFRAV6VZLkrj+8cI3b2Z+5whncFaoq8QocpB9w6Cxstw9GT/vNU
K4MfkDJv/XYaZqmeeAXSe2/ZVRYCY95CyEkKlNI3n9FU
-----END CERTIFICATE-----