Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/HXB1LDm5zZgSMqaKb90Jy7tlX0I.roa
File:                     HXB1LDm5zZgSMqaKb90Jy7tlX0I.roa (raw, json)
Hash identifier:          Uxx2smW4IaJLMvXo86ENK4ZfxEo76T9stAo4MC3YFho=
Subject key identifier:   1D:70:75:2C:39:B9:CD:98:12:32:A6:8A:6F:DD:09:CB:BB:65:5F:42
Certificate issuer:       /CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
Certificate serial:       018CC794F9B0A2042BDA02708842D511A44C
Authority key identifier: 36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/HXB1LDm5zZgSMqaKb90Jy7tlX0I.roa
Signing time:             Tue 02 Jan 2024 00:31:18 +0000
ROA not before:           Tue 02 Jan 2024 00:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198812
IP address blocks:        91.239.147.0/24 maxlen: 24
                          2001:67c:1240::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f9:b0:a2:04:2b:da:02:70:88:42:d5:11:a4:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=361adf57c8dcb7bfd34e9aecd83e36342ec3a3c9
        Validity
            Not Before: Jan  2 00:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d70752c39b9cd981232a68a6fdd09cbbb655f42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bf:3a:9b:04:fa:3b:04:39:07:96:f4:e5:b8:
                    b5:0b:d0:44:29:fb:54:7a:f4:97:61:ef:bd:10:c9:
                    7b:06:9e:27:a6:49:f5:f5:cb:d4:c7:55:59:ff:f7:
                    64:1f:91:e1:41:12:4e:22:44:d8:99:79:51:47:43:
                    64:ac:d0:10:f3:ef:7a:ed:9e:65:9d:1a:cf:cb:cb:
                    a2:44:4e:66:f6:f9:93:6d:1e:c4:b1:41:94:85:32:
                    d2:b8:1a:fc:03:cf:fd:e1:2b:9e:55:70:b6:ae:c7:
                    7d:5d:88:a6:55:52:40:b8:44:63:ab:75:3f:35:63:
                    c1:1a:0a:e0:42:96:6b:15:f1:f7:1e:99:54:a5:51:
                    f1:d0:15:80:a7:79:0d:80:74:d1:08:33:3d:4d:db:
                    c1:e6:2b:b6:18:32:ca:83:30:48:08:62:6e:7d:83:
                    1a:07:0e:cd:f5:7c:5e:d3:4d:d8:a7:d1:9b:24:d6:
                    37:eb:69:50:1e:ef:26:1d:52:b1:e6:f7:dc:80:c1:
                    5b:4b:b8:44:6c:1d:d0:ab:49:1e:87:b5:6e:36:df:
                    21:6a:8d:ae:05:57:ca:4a:11:65:5b:82:56:78:33:
                    80:94:c1:00:44:9f:01:e3:4c:e1:b1:06:87:55:69:
                    41:a6:1f:cd:fc:fc:18:17:d3:4f:bf:2c:c7:cd:ba:
                    77:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:70:75:2C:39:B9:CD:98:12:32:A6:8A:6F:DD:09:CB:BB:65:5F:42
            X509v3 Authority Key Identifier:
                keyid:36:1A:DF:57:C8:DC:B7:BF:D3:4E:9A:EC:D8:3E:36:34:2E:C3:A3:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhrfV8jct7_TTprs2D42NC7Do8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/HXB1LDm5zZgSMqaKb90Jy7tlX0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/e0f8c6-aadc-4c31-b92b-1a18738b4741/1/NhrfV8jct7_TTprs2D42NC7Do8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.147.0/24
                IPv6:
                  2001:67c:1240::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:56:3a:b3:65:b9:67:71:2b:07:c4:42:c8:59:4a:00:64:d7:
         c3:b0:ab:57:7a:63:b4:79:2d:9c:88:ec:1f:f2:24:9a:56:e2:
         da:e1:5c:f0:ad:c1:87:f3:bf:8e:21:83:77:2d:0d:ae:cc:dd:
         0e:3e:51:18:11:09:4c:3e:3b:84:d4:af:bf:c1:84:7d:8d:56:
         36:d3:60:02:90:85:e0:31:98:02:f1:71:be:a0:e3:de:13:4f:
         6e:9b:97:5a:63:df:cc:7b:a0:62:2c:1b:14:50:a8:14:4c:77:
         9b:23:b6:bc:bd:5c:3e:b4:26:47:f5:b9:01:d6:18:c9:fe:1e:
         cf:fe:41:fa:1d:55:f1:fd:f0:a9:ab:2b:76:6e:51:3f:cd:ad:
         10:44:45:36:a6:da:88:4e:f8:3c:b2:03:5f:19:10:3b:93:2a:
         ab:ad:dc:09:65:c9:81:fa:6e:e4:20:04:a2:59:43:4b:5a:18:
         3a:7c:a7:43:24:ab:c6:21:b3:28:ec:4b:45:ab:32:8b:89:be:
         42:13:e0:bf:d3:85:9c:b2:5b:6d:73:fd:af:45:b3:ad:77:88:
         e7:69:38:20:36:30:ae:0a:60:6e:3e:0c:11:34:c2:56:45:f8:
         aa:e6:68:68:48:93:db:fc:ac:db:f4:4e:bd:ad:fe:13:eb:7f:
         09:e6:64:8f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlPmwogQr2gJwiELVEaRMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MWFkZjU3YzhkY2I3YmZkMzRlOWFlY2Q4M2UzNjM0MmVj
M2EzYzkwHhcNMjQwMTAyMDAzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDcwNzUyYzM5YjljZDk4MTIzMmE2OGE2ZmRkMDljYmJiNjU1ZjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApb86mwT6OwQ5B5b05bi1C9BEKftU
evSXYe+9EMl7Bp4npkn19cvUx1VZ//dkH5HhQRJOIkTYmXlRR0NkrNAQ8+967Z5l
nRrPy8uiRE5m9vmTbR7EsUGUhTLSuBr8A8/94SueVXC2rsd9XYimVVJAuERjq3U/
NWPBGgrgQpZrFfH3HplUpVHx0BWAp3kNgHTRCDM9TdvB5iu2GDLKgzBICGJufYMa
Bw7N9Xxe003Yp9GbJNY362lQHu8mHVKx5vfcgMFbS7hEbB3Qq0keh7VuNt8hao2u
BVfKShFlW4JWeDOAlMEARJ8B40zhsQaHVWlBph/N/PwYF9NPvyzHzbp3kwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB1wdSw5uc2YEjKmim/dCcu7ZV9CMB8GA1UdIwQY
MBaAFDYa31fI3Le/006a7Ng+NjQuw6PJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmIt
MWExODczOGI0NzQxLzEvSFhCMUxEbTV6WmdTTXFhS2I5MEp5N3RsWDBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9lMGY4YzYtYWFkYy00YzMxLWI5MmItMWExODczOGI0NzQx
LzEvTmhyZlY4amN0N19UVHByczJENDJOQzdEbzhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW++TMA8E
AgACMAkDBwAgAQZ8EkAwDQYJKoZIhvcNAQELBQADggEBACJWOrNluWdxKwfEQshZ
SgBk18Owq1d6Y7R5LZyI7B/yJJpW4trhXPCtwYfzv44hg3ctDa7M3Q4+URgRCUw+
O4TUr7/BhH2NVjbTYAKQheAxmALxcb6g494TT26bl1pj38x7oGIsGxRQqBRMd5sj
try9XD60Jkf1uQHWGMn+Hs/+QfodVfH98KmrK3ZuUT/NrRBERTam2ohO+DyyA18Z
EDuTKqut3AllyYH6buQgBKJZQ0taGDp8p0Mkq8YhsyjsS0WrMouJvkIT4L/ThZyy
W21z/a9Fs613iOdpOCA2MK4KYG4+DBE0wlZF+KrmaGhIk9v8rNv0Tr2t/hPrfwnm
ZI8=
-----END CERTIFICATE-----