Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/hhDoRtO4zAFKuVz0Mt32s4363S4.roa
File:                     hhDoRtO4zAFKuVz0Mt32s4363S4.roa (raw, json)
Hash identifier:          mEkn5c48Mwehwerefc8RzXM/wcmEl9Oyh3MzhXegMm0=
Subject key identifier:   86:10:E8:46:D3:B8:CC:01:4A:B9:5C:F4:32:DD:F6:B3:8D:FA:DD:2E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8028418AFB3A9D523DF8D7D91D8A4FA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/hhDoRtO4zAFKuVz0Mt32s4363S4.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        193.58.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:84:18:af:b3:a9:d5:23:df:8d:7d:91:d8:a4:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8610e846d3b8cc014ab95cf432ddf6b38dfadd2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b2:18:e3:36:02:5b:af:bf:d0:21:d1:99:c0:
                    d2:cf:8a:e2:95:df:78:1a:13:ad:a7:2d:10:4d:72:
                    bb:18:5b:05:f4:54:00:93:2a:f9:7d:c5:d4:47:ab:
                    b0:ac:f0:b4:c5:16:e3:d6:cd:37:33:8d:6e:18:c9:
                    1e:9f:1f:df:35:e7:82:5c:15:a9:c1:28:f5:0b:cd:
                    5c:49:f7:dd:b9:6a:1a:39:8e:4b:21:d1:37:21:31:
                    f1:95:54:0d:11:4d:3f:42:e3:4c:d9:b9:c8:f7:7b:
                    41:8b:ca:21:97:06:8b:9c:a8:ce:fb:51:a5:5e:7f:
                    df:b4:bb:f9:10:56:e1:25:c8:95:18:51:98:bd:32:
                    04:a9:b0:b2:6d:e1:a1:75:54:1f:cc:45:17:7c:9f:
                    4f:a8:6a:07:12:4a:06:f2:13:95:80:53:8e:ff:da:
                    33:36:de:d8:e7:59:25:e9:50:79:a8:c8:9b:22:34:
                    55:c6:f0:ca:45:9c:cf:d7:16:b9:a3:71:a6:14:a3:
                    5f:ab:62:1e:f0:11:d2:71:d7:04:97:7d:a1:6f:2d:
                    fa:6a:5c:40:76:7a:b1:24:e7:76:cd:ca:04:1c:c2:
                    e3:0d:bb:f2:ac:51:02:eb:a9:c8:ac:57:c6:53:5e:
                    9b:5d:23:29:a0:a1:93:d2:01:01:cb:58:0b:17:a3:
                    8b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:10:E8:46:D3:B8:CC:01:4A:B9:5C:F4:32:DD:F6:B3:8D:FA:DD:2E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/hhDoRtO4zAFKuVz0Mt32s4363S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:40:ee:d0:29:0d:96:72:b8:84:59:ff:9c:8e:46:03:98:57:
         0f:51:bb:d1:b1:6b:88:3f:5d:94:62:81:57:8c:a9:ca:bd:d2:
         3e:e6:5c:7c:38:0c:65:f8:68:f0:ae:78:c3:cf:45:dc:1a:fc:
         f2:6a:56:84:10:74:86:97:57:c2:54:38:43:2d:82:3e:22:f0:
         2f:c6:8f:e7:b9:ec:80:f8:9c:61:a5:4b:e5:15:df:53:5f:9f:
         d1:9a:7d:29:d9:bc:58:84:a2:a8:04:1e:cb:ec:14:fc:c2:ae:
         9f:43:26:f6:14:6d:8e:63:65:88:b0:68:63:95:5a:70:0d:f7:
         f4:5b:80:76:e4:e8:d3:42:b1:66:c6:b5:35:b0:0b:f1:a1:b0:
         f8:67:c5:bd:51:40:3f:28:79:b1:f9:41:59:da:44:63:61:ca:
         26:20:55:dd:2d:cf:4e:4e:3d:65:4f:b0:c5:77:4b:b1:f2:c8:
         f3:0e:08:ba:c3:ea:ee:44:53:77:7b:be:d6:80:db:2b:ce:9a:
         b9:db:e0:6c:de:62:72:dd:27:49:9f:c4:15:bb:1f:af:c9:c2:
         f1:33:37:f8:d8:0a:00:a6:cf:5e:62:a9:c4:a7:ce:1f:63:ca:
         a8:80:34:78:74:e4:a1:c5:0f:ed:9d:d6:35:27:bf:7d:4e:c1:
         b4:a4:22:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoQYr7Op1SPfjX2R2KT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjEwZTg0NmQzYjhjYzAxNGFiOTVjZjQzMmRkZjZiMzhkZmFkZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rIY4zYCW6+/0CHRmcDSz4rild94
GhOtpy0QTXK7GFsF9FQAkyr5fcXUR6uwrPC0xRbj1s03M41uGMkenx/fNeeCXBWp
wSj1C81cSffduWoaOY5LIdE3ITHxlVQNEU0/QuNM2bnI93tBi8ohlwaLnKjO+1Gl
Xn/ftLv5EFbhJciVGFGYvTIEqbCybeGhdVQfzEUXfJ9PqGoHEkoG8hOVgFOO/9oz
Nt7Y51kl6VB5qMibIjRVxvDKRZzP1xa5o3GmFKNfq2Ie8BHScdcEl32hby36alxA
dnqxJOd2zcoEHMLjDbvyrFEC66nIrFfGU16bXSMpoKGT0gEBy1gLF6OLBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYQ6EbTuMwBSrlc9DLd9rON+t0uMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvaGhEb1J0TzR6QUZLdVZ6ME10MzJzNDM2M1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTqQMA0G
CSqGSIb3DQEBCwUAA4IBAQCjQO7QKQ2WcriEWf+cjkYDmFcPUbvRsWuIP12UYoFX
jKnKvdI+5lx8OAxl+GjwrnjDz0XcGvzyalaEEHSGl1fCVDhDLYI+IvAvxo/nueyA
+JxhpUvlFd9TX5/Rmn0p2bxYhKKoBB7L7BT8wq6fQyb2FG2OY2WIsGhjlVpwDff0
W4B25OjTQrFmxrU1sAvxobD4Z8W9UUA/KHmx+UFZ2kRjYcomIFXdLc9OTj1lT7DF
d0ux8sjzDgi6w+ruRFN3e77WgNsrzpq52+Bs3mJy3SdJn8QVux+vycLxMzf42AoA
ps9eYqnEp84fY8qogDR4dOShxQ/tndY1J799TsG0pCJ1
-----END CERTIFICATE-----