Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/HYTbDHkt6Le3SKESdA48Rm_0wHw.roa
File:                     HYTbDHkt6Le3SKESdA48Rm_0wHw.roa (raw, json)
Hash identifier:          gLil+yVJhbfQ905jjf4ex99yuHxU50/vZyNn3+lKFYk=
Subject key identifier:   1D:84:DB:0C:79:2D:E8:B7:B7:48:A1:12:74:0E:3C:46:6F:F4:C0:7C
Certificate issuer:       /CN=bab232c1d72dc1cabbda16c870ec941d458a9fdc
Certificate serial:       019011437EBCF79232F47D17E065E6A86AC3
Authority key identifier: BA:B2:32:C1:D7:2D:C1:CA:BB:DA:16:C8:70:EC:94:1D:45:8A:9F:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/HYTbDHkt6Le3SKESdA48Rm_0wHw.roa
Signing time:             Thu 13 Jun 2024 11:02:34 +0000
ROA not before:           Thu 13 Jun 2024 11:02:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.214.81.0/24 maxlen: 24
                          185.214.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:43:7e:bc:f7:92:32:f4:7d:17:e0:65:e6:a8:6a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bab232c1d72dc1cabbda16c870ec941d458a9fdc
        Validity
            Not Before: Jun 13 11:02:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d84db0c792de8b7b748a112740e3c466ff4c07c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a5:22:f2:52:4a:ef:95:0a:91:8b:68:da:b2:
                    ae:b4:89:19:12:71:13:53:53:6a:60:2e:f7:4f:cc:
                    45:71:a2:63:68:7c:0c:b7:8f:bc:9f:44:c6:71:16:
                    7a:8a:9c:cb:3a:36:46:b0:d5:ea:7f:3b:02:cc:67:
                    a9:55:23:b9:96:e2:32:80:57:9b:ec:7a:9a:69:b5:
                    b7:95:d0:b0:d5:74:3a:41:e0:d2:cb:f5:10:de:b6:
                    66:7d:dc:9c:83:98:59:fa:94:b6:ed:c1:4e:f8:d9:
                    4d:89:83:22:59:5b:bf:c8:eb:ca:d3:b3:b4:79:ab:
                    a8:e3:e0:4c:45:e7:a2:a3:0d:aa:1c:30:f5:b4:de:
                    33:cb:15:6f:2e:93:b5:83:0b:61:4c:a2:47:43:05:
                    d5:a2:00:e8:20:15:a7:d4:30:76:40:02:37:a0:ea:
                    55:01:62:44:d1:2e:da:cf:38:41:4a:52:27:fc:33:
                    44:7c:d9:aa:52:78:95:97:5f:2c:5a:44:50:e0:67:
                    0e:70:9f:55:3c:ea:a7:f0:1b:6f:ec:4a:1a:46:a5:
                    46:ea:0d:f0:f0:97:b1:10:11:42:c7:71:bd:ce:16:
                    bc:ce:25:91:91:6a:88:38:74:95:d6:bc:b8:0a:57:
                    b9:f6:aa:8e:fb:5d:c0:8d:54:22:62:a8:1b:d7:4d:
                    c6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:84:DB:0C:79:2D:E8:B7:B7:48:A1:12:74:0E:3C:46:6F:F4:C0:7C
            X509v3 Authority Key Identifier:
                keyid:BA:B2:32:C1:D7:2D:C1:CA:BB:DA:16:C8:70:EC:94:1D:45:8A:9F:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/urIywdctwcq72hbIcOyUHUWKn9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/HYTbDHkt6Le3SKESdA48Rm_0wHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/795774-fb9e-413f-9f70-7d3efb4a6a7f/1/urIywdctwcq72hbIcOyUHUWKn9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.81.0/24
                  185.214.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:e7:55:a6:4d:8c:6b:a7:80:e6:ff:01:51:1c:7b:ae:91:1d:
         36:0e:7a:27:dc:c1:6e:4f:1b:4d:1b:7f:87:84:48:68:25:95:
         ba:ee:1b:10:64:2b:fc:aa:ec:d4:0e:ba:68:29:94:64:c8:27:
         bf:86:14:8d:76:c3:41:2f:a9:5e:a2:0d:31:71:68:78:25:88:
         26:3f:b1:df:c3:c6:7b:a2:60:1c:ea:9c:ed:ff:b4:05:08:71:
         05:a2:60:2a:04:b4:69:c9:38:ec:47:dc:80:69:7c:b0:8b:20:
         62:62:c9:29:b4:38:6f:1a:e9:3e:ab:52:67:4f:9c:a2:23:e6:
         29:4b:e5:88:98:8a:98:74:88:59:30:f1:47:c9:c3:72:26:bb:
         8b:88:6e:4d:9f:ef:e9:92:91:7d:be:9c:41:e4:d6:72:fe:b7:
         fa:95:fa:ec:9c:23:98:56:47:af:84:2f:ef:31:79:f3:9a:f2:
         b1:9e:28:29:e8:4f:7f:5f:20:5a:fd:2e:32:a0:13:c9:1a:c5:
         0c:1b:b9:32:c1:12:bb:0e:82:bf:7a:b6:87:40:4b:d3:42:3f:
         27:95:a4:14:76:01:7d:47:61:a3:dd:78:b8:01:7d:78:26:04:
         a2:4e:81:e6:4b:f0:ba:01:13:cc:92:dc:80:40:3b:07:67:bb:
         a3:a7:d8:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZARQ36895Iy9H0X4GXmqGrDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYjIzMmMxZDcyZGMxY2FiYmRhMTZjODcwZWM5NDFkNDU4
YTlmZGMwHhcNMjQwNjEzMTEwMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDg0ZGIwYzc5MmRlOGI3Yjc0OGExMTI3NDBlM2M0NjZmZjRjMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6Ui8lJK75UKkYto2rKutIkZEnET
U1NqYC73T8xFcaJjaHwMt4+8n0TGcRZ6ipzLOjZGsNXqfzsCzGepVSO5luIygFeb
7HqaabW3ldCw1XQ6QeDSy/UQ3rZmfdycg5hZ+pS27cFO+NlNiYMiWVu/yOvK07O0
eauo4+BMReeiow2qHDD1tN4zyxVvLpO1gwthTKJHQwXVogDoIBWn1DB2QAI3oOpV
AWJE0S7azzhBSlIn/DNEfNmqUniVl18sWkRQ4GcOcJ9VPOqn8Btv7EoaRqVG6g3w
8JexEBFCx3G9zha8ziWRkWqIOHSV1ry4Cle59qqO+13AjVQiYqgb103GOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB2E2wx5Lei3t0ihEnQOPEZv9MB8MB8GA1UdIwQY
MBaAFLqyMsHXLcHKu9oWyHDslB1Fip/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXJJeXdkY3R3Y3E3MmhiSWNPeVVIVVdLbjl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83OTU3NzQtZmI5ZS00MTNmLTlmNzAt
N2QzZWZiNGE2YTdmLzEvSFlUYkRIa3Q2TGUzU0tFU2RBNDhSbV8wd0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83OTU3NzQtZmI5ZS00MTNmLTlmNzAtN2QzZWZiNGE2YTdm
LzEvdXJJeXdkY3R3Y3E3MmhiSWNPeVVIVVdLbjl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudZRAwQA
udZTMA0GCSqGSIb3DQEBCwUAA4IBAQCW51WmTYxrp4Dm/wFRHHuukR02Dnon3MFu
TxtNG3+HhEhoJZW67hsQZCv8quzUDrpoKZRkyCe/hhSNdsNBL6leog0xcWh4JYgm
P7Hfw8Z7omAc6pzt/7QFCHEFomAqBLRpyTjsR9yAaXywiyBiYskptDhvGuk+q1Jn
T5yiI+YpS+WImIqYdIhZMPFHycNyJruLiG5Nn+/pkpF9vpxB5NZy/rf6lfrsnCOY
VkevhC/vMXnzmvKxnigp6E9/XyBa/S4yoBPJGsUMG7kywRK7DoK/eraHQEvTQj8n
laQUdgF9R2Gj3Xi4AX14JgSiToHmS/C6ARPMktyAQDsHZ7ujp9iM
-----END CERTIFICATE-----