Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/HHTmcX-4WtVvIYhXsxwAfb8GglE.roa
File:                     HHTmcX-4WtVvIYhXsxwAfb8GglE.roa (raw, json)
Hash identifier:          JAjJHEHNrSXtK5lYElZOEmzIp43wPREM5p3qo+nAGkc=
Subject key identifier:   1C:74:E6:71:7F:B8:5A:D5:6F:21:88:57:B3:1C:00:7D:BF:06:82:51
Certificate issuer:       /CN=5d6f2e49a31e8df9c5aa08aaf240b5c832b9cb93
Certificate serial:       018CC9BB3052633E9E213B2ED0DA82E6A863
Authority key identifier: 5D:6F:2E:49:A3:1E:8D:F9:C5:AA:08:AA:F2:40:B5:C8:32:B9:CB:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XW8uSaMejfnFqgiq8kC1yDK5y5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/HHTmcX-4WtVvIYhXsxwAfb8GglE.roa
Signing time:             Tue 02 Jan 2024 10:32:17 +0000
ROA not before:           Tue 02 Jan 2024 10:32:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47264
IP address blocks:        80.247.95.0/24 maxlen: 24
                          185.95.48.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/XW8uSaMejfnFqgiq8kC1yDK5y5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/XW8uSaMejfnFqgiq8kC1yDK5y5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XW8uSaMejfnFqgiq8kC1yDK5y5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:30:52:63:3e:9e:21:3b:2e:d0:da:82:e6:a8:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d6f2e49a31e8df9c5aa08aaf240b5c832b9cb93
        Validity
            Not Before: Jan  2 10:32:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c74e6717fb85ad56f218857b31c007dbf068251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:63:89:b8:cf:dd:cd:a6:1e:c0:15:fd:73:00:
                    18:a8:9f:05:17:b6:dc:fa:99:ee:7c:7e:e0:f9:69:
                    ff:f9:28:29:5a:aa:0a:0b:85:17:cf:7a:05:bb:d1:
                    22:9b:89:87:49:0d:15:f3:07:18:c6:59:a0:f5:c9:
                    61:3f:36:16:8f:2e:27:8d:25:e9:47:08:86:7a:2d:
                    8a:dd:95:82:51:f8:f8:6b:ae:fd:b4:22:a7:18:81:
                    0d:4d:18:5a:03:a6:f9:a3:6e:6c:cc:7e:6f:51:dc:
                    58:e2:62:14:3a:88:2c:b2:c7:2f:e9:eb:6f:ab:e4:
                    d4:13:84:5b:f2:95:f8:a2:0d:bd:c2:fd:d8:6e:d5:
                    e7:2d:03:37:d8:ac:ac:2d:26:04:a6:bf:f0:ae:18:
                    36:49:9d:19:41:70:f6:0b:02:14:81:d3:8d:fc:b6:
                    14:d2:b1:cc:e0:bd:dd:34:5e:bb:f6:ba:cb:77:08:
                    75:3c:d6:83:b0:bf:8b:e2:d6:c3:6c:8c:6c:d6:a3:
                    1e:d2:96:de:49:d8:c9:b2:6b:ea:dd:e3:e3:d9:75:
                    b6:01:73:b8:71:e1:ff:ce:4d:90:fc:a1:24:ee:71:
                    85:dd:b0:3c:d5:96:ca:19:62:43:cc:15:80:b4:41:
                    1b:9f:bb:6c:09:37:79:09:b9:cc:a2:5e:9d:81:cc:
                    b3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:74:E6:71:7F:B8:5A:D5:6F:21:88:57:B3:1C:00:7D:BF:06:82:51
            X509v3 Authority Key Identifier:
                keyid:5D:6F:2E:49:A3:1E:8D:F9:C5:AA:08:AA:F2:40:B5:C8:32:B9:CB:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XW8uSaMejfnFqgiq8kC1yDK5y5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/HHTmcX-4WtVvIYhXsxwAfb8GglE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5521f7-2f71-4bf9-a148-2e9de252d1f6/1/XW8uSaMejfnFqgiq8kC1yDK5y5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.247.95.0/24
                  185.95.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:8b:5a:66:fd:b2:17:51:19:12:c2:5c:5b:c9:a7:e6:aa:d5:
         a7:81:e2:c0:1c:55:24:5d:cd:b6:de:2c:eb:4f:5c:6c:32:5e:
         99:3f:33:ba:0a:25:de:ec:b1:2a:0e:af:e1:fa:85:ae:03:86:
         94:59:c4:6a:49:4e:89:44:d5:35:fe:ab:fd:1f:0a:12:34:a1:
         54:12:0a:8f:36:f1:4e:33:e4:95:82:2d:c6:1d:35:d0:68:8d:
         56:93:90:d7:14:45:0d:ae:7a:ba:30:6b:6e:55:41:de:30:78:
         3b:7c:9d:50:a6:00:81:b0:66:bd:76:3c:63:09:75:f9:99:2d:
         d3:9d:c0:f1:22:b7:7e:ed:80:a5:e2:08:22:ef:97:c7:ad:17:
         2e:9d:25:5d:06:ae:84:40:1b:5a:9e:74:68:07:e3:aa:ec:7c:
         2a:22:6e:28:af:76:54:6a:4b:f0:97:ae:ac:92:a9:22:ae:8f:
         24:01:23:18:0c:20:82:68:e8:75:d2:6f:61:cf:05:77:89:f2:
         b2:d8:a9:e7:70:2a:ee:f2:1a:a5:d6:c2:64:d2:af:3d:ed:ea:
         78:93:66:67:0d:ee:8f:27:5a:86:d2:8b:e2:80:3d:89:b0:96:
         42:93:12:9a:3d:2f:4e:5c:5c:8c:6d:d1:a2:1f:21:b8:bf:bb:
         be:09:9d:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJuzBSYz6eITsu0NqC5qhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNmYyZTQ5YTMxZThkZjljNWFhMDhhYWYyNDBiNWM4MzJi
OWNiOTMwHhcNMjQwMTAyMTAzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzc0ZTY3MTdmYjg1YWQ1NmYyMTg4NTdiMzFjMDA3ZGJmMDY4MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mOJuM/dzaYewBX9cwAYqJ8FF7bc
+pnufH7g+Wn/+SgpWqoKC4UXz3oFu9Eim4mHSQ0V8wcYxlmg9clhPzYWjy4njSXp
RwiGei2K3ZWCUfj4a679tCKnGIENTRhaA6b5o25szH5vUdxY4mIUOogssscv6etv
q+TUE4Rb8pX4og29wv3YbtXnLQM32KysLSYEpr/wrhg2SZ0ZQXD2CwIUgdON/LYU
0rHM4L3dNF679rrLdwh1PNaDsL+L4tbDbIxs1qMe0pbeSdjJsmvq3ePj2XW2AXO4
ceH/zk2Q/KEk7nGF3bA81ZbKGWJDzBWAtEEbn7tsCTd5CbnMol6dgcyzeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBx05nF/uFrVbyGIV7McAH2/BoJRMB8GA1UdIwQY
MBaAFF1vLkmjHo35xaoIqvJAtcgyucuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFc4dVNhTWVqZm5GcWdpcThrQzF5REs1eTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81NTIxZjctMmY3MS00YmY5LWExNDgt
MmU5ZGUyNTJkMWY2LzEvSEhUbWNYLTRXdFZ2SVloWHN4d0FmYjhHZ2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81NTIxZjctMmY3MS00YmY5LWExNDgtMmU5ZGUyNTJkMWY2
LzEvWFc4dVNhTWVqZm5GcWdpcThrQzF5REs1eTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPdfAwQC
uV8wMA0GCSqGSIb3DQEBCwUAA4IBAQCKi1pm/bIXURkSwlxbyafmqtWngeLAHFUk
Xc223izrT1xsMl6ZPzO6CiXe7LEqDq/h+oWuA4aUWcRqSU6JRNU1/qv9HwoSNKFU
EgqPNvFOM+SVgi3GHTXQaI1Wk5DXFEUNrnq6MGtuVUHeMHg7fJ1QpgCBsGa9djxj
CXX5mS3TncDxIrd+7YCl4ggi75fHrRcunSVdBq6EQBtannRoB+Oq7HwqIm4or3ZU
akvwl66skqkiro8kASMYDCCCaOh10m9hzwV3ifKy2KnncCru8hql1sJk0q897ep4
k2ZnDe6PJ1qG0ovigD2JsJZCkxKaPS9OXFyMbdGiHyG4v7u+CZ3A
-----END CERTIFICATE-----