Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/HUcTbUESIFKjLsiqPF2oTRw_8q0.roa
File:                     HUcTbUESIFKjLsiqPF2oTRw_8q0.roa (raw, json)
Hash identifier:          FCENVfY7eBLUJyiDxBM9X1m2IcJPcmQozsxhPGovtQk=
Subject key identifier:   1D:47:13:6D:41:12:20:52:A3:2E:C8:AA:3C:5D:A8:4D:1C:3F:F2:AD
Certificate issuer:       /CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
Certificate serial:       018CC56EF59FAF3F4848B9AE265E4E4B1F44
Authority key identifier: 3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/HUcTbUESIFKjLsiqPF2oTRw_8q0.roa
Signing time:             Mon 01 Jan 2024 14:30:32 +0000
ROA not before:           Mon 01 Jan 2024 14:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39320
IP address blocks:        195.250.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f5:9f:af:3f:48:48:b9:ae:26:5e:4e:4b:1f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fda29a48c257758c8e518ee5c8b03ccda0247c9
        Validity
            Not Before: Jan  1 14:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d47136d41122052a32ec8aa3c5da84d1c3ff2ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:72:89:6f:7c:b1:47:28:79:ca:26:e9:06:88:
                    3f:84:cb:66:ef:2b:ed:00:64:7b:92:42:c8:3d:e9:
                    23:9d:17:fd:99:df:0b:45:f1:d3:46:55:34:f2:88:
                    36:3c:d5:ae:80:8e:8a:a7:2f:84:c9:dc:42:4d:e5:
                    dd:eb:2e:a7:41:cc:f3:df:67:b1:9d:78:84:73:b1:
                    56:06:f8:df:db:23:44:0f:42:e7:34:fc:19:1a:7e:
                    d4:93:03:5d:3c:94:db:f3:66:ed:63:a4:ca:b7:44:
                    7a:b8:4f:62:8c:1f:53:08:78:ed:e9:49:69:70:41:
                    ed:1e:d5:a3:18:09:aa:c8:79:a2:20:ad:45:49:81:
                    7e:70:b9:14:13:39:c8:63:30:b9:aa:54:59:5f:2c:
                    49:2d:87:33:b3:71:66:83:32:21:cc:34:e0:a4:60:
                    00:86:5d:a1:fb:7d:48:5d:86:ac:10:84:0d:19:e5:
                    6d:0f:6c:1a:f1:bd:13:c9:09:a4:ee:67:5e:ee:40:
                    1b:b8:a5:02:9e:16:76:0a:87:f7:28:62:85:4c:a6:
                    ff:fb:ef:b6:f8:93:0d:ce:23:12:99:11:6b:09:82:
                    09:ed:91:64:cc:3c:b3:13:ac:e7:29:de:e9:5a:ce:
                    b8:16:98:1b:9a:eb:50:14:2a:54:bd:27:34:48:c2:
                    79:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:47:13:6D:41:12:20:52:A3:2E:C8:AA:3C:5D:A8:4D:1C:3F:F2:AD
            X509v3 Authority Key Identifier:
                keyid:3F:DA:29:A4:8C:25:77:58:C8:E5:18:EE:5C:8B:03:CC:DA:02:47:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9oppIwld1jI5RjuXIsDzNoCR8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/HUcTbUESIFKjLsiqPF2oTRw_8q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/c1c063-9e49-4353-b8bd-9374f21e6488/1/P9oppIwld1jI5RjuXIsDzNoCR8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:26:65:5e:da:4a:91:68:17:70:8b:83:c8:ac:fa:17:e1:83:
         b7:06:51:1d:bc:31:55:e1:4b:9f:ba:a0:aa:92:64:c5:ef:dd:
         cc:c7:9a:5c:c8:a8:f1:4c:09:72:3d:28:2e:92:20:fa:74:2c:
         d5:32:53:5b:86:0b:33:57:fe:2d:9f:c3:5b:b9:f4:17:40:01:
         2c:15:b3:64:9f:56:74:ea:07:9d:5b:94:76:72:27:14:08:21:
         98:34:ca:27:4f:77:91:41:f2:9f:d7:95:25:55:cc:cc:9e:7c:
         ee:38:e2:c5:ad:fb:1e:b9:bf:b0:c9:25:66:f3:66:1d:e8:ad:
         b5:13:76:1a:d0:53:7b:a5:d6:8b:6b:9a:6c:80:73:96:77:fa:
         25:a4:84:37:42:7e:87:51:95:ba:7f:90:20:92:b0:a8:3c:e4:
         56:c0:5e:aa:77:c9:8f:92:df:69:9e:8c:a5:3b:b9:b7:f3:bf:
         45:0d:75:10:5e:27:8a:b4:a8:39:70:4c:38:5e:c5:cd:56:15:
         a4:98:31:75:cc:dd:ae:df:0d:27:f7:84:a2:ec:ad:f4:89:55:
         93:6d:ca:9d:84:44:ab:77:f7:33:50:4c:36:4b:07:87:ae:dd:
         44:f4:d1:f9:c1:1f:e4:5f:9f:21:7f:98:7b:a4:cd:c1:78:37:
         0d:20:ed:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvWfrz9ISLmuJl5OSx9EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZGEyOWE0OGMyNTc3NThjOGU1MThlZTVjOGIwM2NjZGEw
MjQ3YzkwHhcNMjQwMTAxMTQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDQ3MTM2ZDQxMTIyMDUyYTMyZWM4YWEzYzVkYTg0ZDFjM2ZmMmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnKJb3yxRyh5yibpBog/hMtm7yvt
AGR7kkLIPekjnRf9md8LRfHTRlU08og2PNWugI6Kpy+EydxCTeXd6y6nQczz32ex
nXiEc7FWBvjf2yNED0LnNPwZGn7UkwNdPJTb82btY6TKt0R6uE9ijB9TCHjt6Ulp
cEHtHtWjGAmqyHmiIK1FSYF+cLkUEznIYzC5qlRZXyxJLYczs3FmgzIhzDTgpGAA
hl2h+31IXYasEIQNGeVtD2wa8b0TyQmk7mde7kAbuKUCnhZ2Cof3KGKFTKb/+++2
+JMNziMSmRFrCYIJ7ZFkzDyzE6znKd7pWs64FpgbmutQFCpUvSc0SMJ59QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB1HE21BEiBSoy7IqjxdqE0cP/KtMB8GA1UdIwQY
MBaAFD/aKaSMJXdYyOUY7lyLA8zaAkfJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQt
OTM3NGYyMWU2NDg4LzEvSFVjVGJVRVNJRktqTHNpcVBGMm9UUndfOHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9jMWMwNjMtOWU0OS00MzUzLWI4YmQtOTM3NGYyMWU2NDg4
LzEvUDlvcHBJd2xkMWpJNVJqdVhJc0R6Tm9DUjhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/o6MA0G
CSqGSIb3DQEBCwUAA4IBAQCfJmVe2kqRaBdwi4PIrPoX4YO3BlEdvDFV4UufuqCq
kmTF793Mx5pcyKjxTAlyPSgukiD6dCzVMlNbhgszV/4tn8NbufQXQAEsFbNkn1Z0
6gedW5R2cicUCCGYNMonT3eRQfKf15UlVczMnnzuOOLFrfseub+wySVm82Yd6K21
E3Ya0FN7pdaLa5psgHOWd/olpIQ3Qn6HUZW6f5AgkrCoPORWwF6qd8mPkt9pnoyl
O7m3879FDXUQXieKtKg5cEw4XsXNVhWkmDF1zN2u3w0n94Si7K30iVWTbcqdhESr
d/czUEw2SweHrt1E9NH5wR/kX58hf5h7pM3BeDcNIO2Z
-----END CERTIFICATE-----