Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/HHZ_kCgz64S-9C-nx55N1QGxmV8.roa
File:                     HHZ_kCgz64S-9C-nx55N1QGxmV8.roa (raw, json)
Hash identifier:          pHisnPc7Wgw8NChLYazuoST08Wvtkx9Z2shSBJW3P5Y=
Subject key identifier:   1C:76:7F:90:28:33:EB:84:BE:F4:2F:A7:C7:9E:4D:D5:01:B1:99:5F
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B6176D19EAEC74DFE604A4A00705F
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/HHZ_kCgz64S-9C-nx55N1QGxmV8.roa
Signing time:             Tue 02 Jan 2024 12:34:49 +0000
ROA not before:           Tue 02 Jan 2024 12:34:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204526
IP address blocks:        194.34.230.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:61:76:d1:9e:ae:c7:4d:fe:60:4a:4a:00:70:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c767f902833eb84bef42fa7c79e4dd501b1995f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c8:02:05:db:f1:ba:22:73:06:3a:25:a2:69:
                    7f:64:2b:66:3d:56:f9:66:38:98:2a:06:bd:49:ce:
                    3b:c8:37:7e:49:fe:12:1d:8c:61:a8:95:38:e4:99:
                    bb:24:eb:74:2d:99:0e:1f:6c:da:bb:37:d1:34:12:
                    92:3e:00:51:a5:91:36:d1:41:63:a7:e8:68:7a:92:
                    4c:98:62:4b:85:c3:fc:21:d5:5c:cd:2f:8d:24:94:
                    b9:45:45:db:af:c5:37:8d:bb:89:c7:be:d9:d9:32:
                    3d:ca:ba:26:e9:f5:0e:13:96:6f:9c:a5:a1:f7:c0:
                    e4:cf:15:3c:f4:1b:40:50:78:4e:07:11:b6:4c:1d:
                    68:50:74:dd:6f:26:60:55:8f:59:58:74:bc:61:65:
                    45:0f:ca:fb:bd:e4:d2:c4:35:a8:ef:7e:7e:a0:17:
                    9c:32:24:43:30:9f:45:14:3d:3a:1c:e6:6e:d3:c0:
                    59:47:b8:92:eb:02:e0:2e:b7:e6:be:c8:05:10:9d:
                    27:93:34:a3:80:16:b4:5c:38:e2:05:36:1e:19:20:
                    af:ed:7e:72:3e:23:fc:b2:66:f6:e1:5c:53:f8:48:
                    d4:bd:ca:72:f0:07:97:91:5c:21:c8:e3:27:3a:e2:
                    e3:89:02:15:45:61:f1:13:ec:dc:b5:26:78:24:77:
                    a4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:76:7F:90:28:33:EB:84:BE:F4:2F:A7:C7:9E:4D:D5:01:B1:99:5F
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/HHZ_kCgz64S-9C-nx55N1QGxmV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:22:f1:c7:71:ae:62:bd:e9:75:d0:af:c0:e9:39:2b:af:e0:
         c5:38:c6:33:54:39:31:31:9b:cc:4e:71:df:6f:e3:45:77:9e:
         6f:f5:c6:13:b0:87:67:8d:53:73:6d:93:7e:10:5a:9e:a1:a4:
         a9:df:85:10:bb:9d:f6:50:d8:ba:5f:4e:a6:da:fd:c7:36:8b:
         61:38:40:30:c1:42:12:fd:04:39:28:05:b8:ed:19:8d:e4:7c:
         fd:b2:c0:5c:27:b9:dd:f0:d1:c0:bb:10:97:62:2a:2e:c8:72:
         56:14:14:0e:cf:f6:83:6b:d0:cd:3d:a1:c8:79:5f:e4:08:3c:
         dd:13:70:d1:d1:70:df:c6:10:c4:8b:8f:1a:04:64:c9:53:63:
         e9:89:9b:85:31:ad:45:bd:64:2a:c9:1e:3b:e2:30:75:92:a9:
         9e:ae:3e:2c:7a:4c:19:4e:57:cc:ec:95:e3:91:1b:7c:7c:9e:
         3b:c0:77:7e:cc:28:32:1d:ca:62:dd:97:13:fb:2f:34:b0:a6:
         36:ba:bb:f4:44:bc:86:51:58:23:00:67:36:b3:b5:f5:b5:72:
         3d:20:e8:a0:cc:32:20:7c:82:80:53:51:9b:c6:d5:b2:4b:10:
         f5:56:93:57:c1:72:a6:20:f2:a2:7d:8f:cd:b1:ad:09:92:b0:
         00:66:d4:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2F20Z6ux03+YEpKAHBfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzc2N2Y5MDI4MzNlYjg0YmVmNDJmYTdjNzllNGRkNTAxYjE5OTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8gCBdvxuiJzBjoloml/ZCtmPVb5
ZjiYKga9Sc47yDd+Sf4SHYxhqJU45Jm7JOt0LZkOH2zauzfRNBKSPgBRpZE20UFj
p+hoepJMmGJLhcP8IdVczS+NJJS5RUXbr8U3jbuJx77Z2TI9yrom6fUOE5ZvnKWh
98DkzxU89BtAUHhOBxG2TB1oUHTdbyZgVY9ZWHS8YWVFD8r7veTSxDWo735+oBec
MiRDMJ9FFD06HOZu08BZR7iS6wLgLrfmvsgFEJ0nkzSjgBa0XDjiBTYeGSCv7X5y
PiP8smb24VxT+EjUvcpy8AeXkVwhyOMnOuLjiQIVRWHxE+zctSZ4JHekQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBx2f5AoM+uEvvQvp8eeTdUBsZlfMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvSEhaX2tDZ3o2NFMtOUMtbng1NU4xUUd4bVY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiLmMA0G
CSqGSIb3DQEBCwUAA4IBAQBDIvHHca5ivel10K/A6Tkrr+DFOMYzVDkxMZvMTnHf
b+NFd55v9cYTsIdnjVNzbZN+EFqeoaSp34UQu532UNi6X06m2v3HNothOEAwwUIS
/QQ5KAW47RmN5Hz9ssBcJ7nd8NHAuxCXYiouyHJWFBQOz/aDa9DNPaHIeV/kCDzd
E3DR0XDfxhDEi48aBGTJU2PpiZuFMa1FvWQqyR474jB1kqmerj4sekwZTlfM7JXj
kRt8fJ47wHd+zCgyHcpi3ZcT+y80sKY2urv0RLyGUVgjAGc2s7X1tXI9IOigzDIg
fIKAU1GbxtWySxD1VpNXwXKmIPKifY/Nsa0JkrAAZtS2
-----END CERTIFICATE-----