Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/HfGnb3HmFO6bqVF-XD3PPQCd7Zw.roa
File:                     HfGnb3HmFO6bqVF-XD3PPQCd7Zw.roa (raw, json)
Hash identifier:          dHmobUPOinqUbhQ3MN57Jfphg6zkbWpY+u8HHYHfoEM=
Subject key identifier:   1D:F1:A7:6F:71:E6:14:EE:9B:A9:51:7E:5C:3D:CF:3D:00:9D:ED:9C
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018CC2DB663085E340EF6E62AE8DD325A7E7
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/HfGnb3HmFO6bqVF-XD3PPQCd7Zw.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57529
IP address blocks:        213.109.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:66:30:85:e3:40:ef:6e:62:ae:8d:d3:25:a7:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1df1a76f71e614ee9ba9517e5c3dcf3d009ded9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:43:82:4f:28:65:09:db:03:e6:cc:d9:96:00:
                    8f:d1:ad:b5:1e:64:5e:eb:1e:54:09:4b:46:e7:1c:
                    8c:62:5b:9b:e8:92:07:b3:88:44:0f:ce:07:24:52:
                    93:c8:06:94:17:09:04:bc:d2:82:26:fc:51:85:59:
                    ac:41:80:e3:c2:aa:3b:64:bf:94:1b:6d:0d:27:27:
                    c2:98:84:f0:a4:37:e0:d6:10:9c:ff:6e:fa:36:ab:
                    42:dd:70:24:85:a5:8e:26:ba:35:33:f7:99:87:78:
                    16:96:fb:69:02:97:63:32:ea:8a:55:49:53:13:76:
                    9e:df:19:21:3e:7f:53:82:ce:e3:f9:99:ed:54:db:
                    2f:05:fc:a5:a5:e9:59:c4:80:03:f8:e8:8c:1a:c1:
                    ef:55:8d:67:df:bf:ea:70:83:14:90:9f:d3:27:3f:
                    da:4b:5a:f8:69:79:32:f5:c0:a3:d1:32:bb:d8:a7:
                    04:1b:02:04:5b:89:d5:29:eb:a4:4d:12:a2:f3:50:
                    04:8e:7e:59:cd:3e:a3:fd:69:eb:1a:6e:70:8d:a5:
                    11:ab:5e:89:14:a3:12:61:9c:2d:03:fe:d0:16:88:
                    54:e4:4c:66:08:b9:4c:fe:59:84:82:c7:e8:1a:b5:
                    21:6d:11:ab:6c:f6:9c:33:f9:2f:cb:ac:05:00:e8:
                    1b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F1:A7:6F:71:E6:14:EE:9B:A9:51:7E:5C:3D:CF:3D:00:9D:ED:9C
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/HfGnb3HmFO6bqVF-XD3PPQCd7Zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.109.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:29:44:30:25:08:d4:e0:5f:b0:85:2d:ea:8e:ea:31:ba:a6:
         4d:b2:e1:7b:29:42:f1:1b:bd:9c:a5:bd:de:b6:a0:46:ad:9c:
         7e:65:64:6a:bc:94:41:12:80:a0:85:73:3b:4e:ae:0b:8a:c2:
         00:9f:e7:f2:16:62:45:56:ca:93:4f:91:40:bf:8b:b2:ad:8a:
         ce:84:05:0c:ec:e0:f9:87:90:20:48:8e:ce:57:57:73:5f:17:
         97:f8:a9:e0:f4:16:2c:44:5c:71:37:8e:57:d8:8c:03:2d:cc:
         d5:d0:e8:30:57:db:16:7d:08:86:02:30:cc:98:bb:21:e0:52:
         1c:23:3d:8c:cd:b7:a5:1f:e8:aa:e7:a4:52:6b:e3:8b:66:6c:
         43:19:fc:0a:6f:71:c3:2f:bb:49:16:7f:42:d7:6b:36:87:73:
         3b:56:3a:5a:6e:b5:f1:c1:f6:11:14:5b:df:f6:60:61:80:44:
         01:fa:22:0c:5e:c3:70:96:88:5e:db:cc:39:9a:cd:f8:10:4b:
         15:ab:a3:25:f8:5c:2a:14:27:61:e1:a3:6c:90:ee:ae:7c:5c:
         34:99:ca:e9:c6:7b:88:33:b3:57:5c:d1:4f:dd:06:a5:ed:3d:
         f7:c8:da:ae:6c:e7:10:99:42:2d:06:b9:ee:5e:9e:7b:7b:49:
         18:da:84:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22YwheNA725iro3TJafnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGYxYTc2ZjcxZTYxNGVlOWJhOTUxN2U1YzNkY2YzZDAwOWRlZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUOCTyhlCdsD5szZlgCP0a21HmRe
6x5UCUtG5xyMYlub6JIHs4hED84HJFKTyAaUFwkEvNKCJvxRhVmsQYDjwqo7ZL+U
G20NJyfCmITwpDfg1hCc/276NqtC3XAkhaWOJro1M/eZh3gWlvtpApdjMuqKVUlT
E3ae3xkhPn9Tgs7j+ZntVNsvBfylpelZxIAD+OiMGsHvVY1n37/qcIMUkJ/TJz/a
S1r4aXky9cCj0TK72KcEGwIEW4nVKeukTRKi81AEjn5ZzT6j/WnrGm5wjaURq16J
FKMSYZwtA/7QFohU5ExmCLlM/lmEgsfoGrUhbRGrbPacM/kvy6wFAOgbzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3xp29x5hTum6lRflw9zz0Ane2cMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvSGZHbmIzSG1GTzZicVZGLVhEM1BQUUNkN1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1W1kMA0G
CSqGSIb3DQEBCwUAA4IBAQCTKUQwJQjU4F+whS3qjuoxuqZNsuF7KULxG72cpb3e
tqBGrZx+ZWRqvJRBEoCghXM7Tq4LisIAn+fyFmJFVsqTT5FAv4uyrYrOhAUM7OD5
h5AgSI7OV1dzXxeX+Kng9BYsRFxxN45X2IwDLczV0OgwV9sWfQiGAjDMmLsh4FIc
Iz2MzbelH+iq56RSa+OLZmxDGfwKb3HDL7tJFn9C12s2h3M7VjpabrXxwfYRFFvf
9mBhgEQB+iIMXsNwlohe28w5ms34EEsVq6Ml+FwqFCdh4aNskO6ufFw0mcrpxnuI
M7NXXNFP3Qal7T33yNqubOcQmUItBrnuXp57e0kY2oR7
-----END CERTIFICATE-----