Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/h-ft-4t29hmmaMUxW24HeOfbGmk.roa
File:                     h-ft-4t29hmmaMUxW24HeOfbGmk.roa (raw, json)
Hash identifier:          rDp8Ff3AXQQQZSH2kyBleEEZefgAAaAAkXLIevEp32g=
Subject key identifier:   87:E7:ED:FB:8B:76:F6:19:A6:68:C5:31:5B:6E:07:78:E7:DB:1A:69
Certificate issuer:       /CN=77292dc63718eebc704ab002ecb81d3d52d4d1c3
Certificate serial:       018CC726AE3075CBD4D407F34E0F236491D2
Authority key identifier: 77:29:2D:C6:37:18:EE:BC:70:4A:B0:02:EC:B8:1D:3D:52:D4:D1:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/h-ft-4t29hmmaMUxW24HeOfbGmk.roa
Signing time:             Mon 01 Jan 2024 22:30:50 +0000
ROA not before:           Mon 01 Jan 2024 22:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15542
IP address blocks:        193.176.104.0/21 maxlen: 24
                          2001:67c:460::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ae:30:75:cb:d4:d4:07:f3:4e:0f:23:64:91:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77292dc63718eebc704ab002ecb81d3d52d4d1c3
        Validity
            Not Before: Jan  1 22:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87e7edfb8b76f619a668c5315b6e0778e7db1a69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:35:83:7e:a3:3a:14:1f:a7:c2:f1:ee:27:f9:
                    b2:31:2a:b3:9a:3b:30:35:47:b2:8b:e6:24:1b:75:
                    a0:89:46:8a:91:60:18:18:9e:be:52:31:0b:42:93:
                    03:be:68:5b:1e:db:3f:a3:69:4c:ed:3d:86:3f:08:
                    3c:73:d4:f7:bc:4d:89:47:1d:04:48:30:4c:db:0c:
                    b6:f7:9e:6f:f2:c0:35:48:c5:69:10:17:30:04:26:
                    57:41:d4:97:af:17:af:d0:34:db:f6:b6:b5:b2:2e:
                    30:41:12:a0:9b:e0:c7:42:a7:a2:09:34:73:23:33:
                    4f:5f:e7:b1:0a:18:79:71:b6:37:ce:b6:92:07:1b:
                    08:c1:f7:0b:0d:f7:db:71:0b:b7:77:14:85:36:57:
                    31:25:6f:1d:c1:ef:f3:6d:73:b1:70:bf:ca:a2:51:
                    8d:47:9a:55:e8:6b:5f:f4:93:e3:0e:93:34:93:cb:
                    50:30:eb:7b:39:53:b6:39:d4:49:88:e5:17:5c:98:
                    3d:94:69:e3:ad:ac:18:a5:12:a7:03:bf:53:d7:c5:
                    52:d4:5d:c6:e5:da:ca:63:db:71:8d:62:a8:68:e6:
                    80:fe:6e:2c:25:a7:ac:d3:a3:06:0b:3b:4f:90:3b:
                    e1:f5:32:00:37:3e:fb:2f:d6:af:bf:73:3d:df:e3:
                    c6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E7:ED:FB:8B:76:F6:19:A6:68:C5:31:5B:6E:07:78:E7:DB:1A:69
            X509v3 Authority Key Identifier:
                keyid:77:29:2D:C6:37:18:EE:BC:70:4A:B0:02:EC:B8:1D:3D:52:D4:D1:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dyktxjcY7rxwSrAC7LgdPVLU0cM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/h-ft-4t29hmmaMUxW24HeOfbGmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/65764a-dd8e-401b-b731-d9c5d26419b2/1/dyktxjcY7rxwSrAC7LgdPVLU0cM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.104.0/21
                IPv6:
                  2001:67c:460::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:af:ad:85:72:3e:77:ff:63:bc:25:10:e4:8a:52:3a:91:bf:
         d9:de:7f:ba:ec:f7:d3:88:60:56:3e:2a:91:c7:46:2b:65:52:
         ee:7c:44:97:21:79:b9:63:e0:cc:c0:a7:e1:1b:d5:41:cd:22:
         b3:20:44:2a:ce:6d:bd:1c:a5:63:d2:17:82:de:17:e8:a4:88:
         fe:7e:e4:c4:5b:86:66:43:8d:f8:79:0c:38:e3:64:56:24:4d:
         90:1a:c4:3d:4e:73:c0:72:7f:a2:16:8b:49:95:55:14:06:7a:
         9c:ba:9a:1c:64:5c:4a:43:d0:27:75:ee:b3:41:9a:74:6c:8f:
         eb:6c:f6:01:11:13:cf:b7:ae:49:e7:17:8d:9f:86:93:e9:b5:
         9a:0b:d3:3f:a8:ff:85:26:52:19:54:e7:cf:e9:17:3a:6f:a8:
         d6:ce:eb:2d:8d:ed:d6:29:4a:76:32:31:10:a6:86:46:64:6d:
         ae:93:56:b2:0a:86:cc:80:00:11:ab:77:a1:14:b1:a0:86:d2:
         ec:37:4e:fa:66:1c:29:d2:d7:1e:79:6f:82:31:d1:0f:49:d7:
         25:18:02:9c:99:b2:16:fb:87:1f:4d:f6:0a:de:16:9f:93:40:
         44:df:8f:c3:09:58:62:ea:17:43:76:c5:60:23:c0:a0:2e:e0:
         fd:c6:65:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHJq4wdcvU1AfzTg8jZJHSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3MjkyZGM2MzcxOGVlYmM3MDRhYjAwMmVjYjgxZDNkNTJk
NGQxYzMwHhcNMjQwMTAxMjIzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U3ZWRmYjhiNzZmNjE5YTY2OGM1MzE1YjZlMDc3OGU3ZGIxYTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjWDfqM6FB+nwvHuJ/myMSqzmjsw
NUeyi+YkG3WgiUaKkWAYGJ6+UjELQpMDvmhbHts/o2lM7T2GPwg8c9T3vE2JRx0E
SDBM2wy2955v8sA1SMVpEBcwBCZXQdSXrxev0DTb9ra1si4wQRKgm+DHQqeiCTRz
IzNPX+exChh5cbY3zraSBxsIwfcLDffbcQu3dxSFNlcxJW8dwe/zbXOxcL/KolGN
R5pV6Gtf9JPjDpM0k8tQMOt7OVO2OdRJiOUXXJg9lGnjrawYpRKnA79T18VS1F3G
5drKY9txjWKoaOaA/m4sJaes06MGCztPkDvh9TIANz77L9avv3M93+PGxQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIfn7fuLdvYZpmjFMVtuB3jn2xppMB8GA1UdIwQY
MBaAFHcpLcY3GO68cEqwAuy4HT1S1NHDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHlrdHhqY1k3cnh3U3JBQzdMZ2RQVkxVMGNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82NTc2NGEtZGQ4ZS00MDFiLWI3MzEt
ZDljNWQyNjQxOWIyLzEvaC1mdC00dDI5aG1tYU1VeFcyNEhlT2ZiR21rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82NTc2NGEtZGQ4ZS00MDFiLWI3MzEtZDljNWQyNjQxOWIy
LzEvZHlrdHhqY1k3cnh3U3JBQzdMZ2RQVkxVMGNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwbBoMA8E
AgACMAkDBwAgAQZ8BGAwDQYJKoZIhvcNAQELBQADggEBAKOvrYVyPnf/Y7wlEOSK
UjqRv9nef7rs99OIYFY+KpHHRitlUu58RJcheblj4MzAp+Eb1UHNIrMgRCrObb0c
pWPSF4LeF+ikiP5+5MRbhmZDjfh5DDjjZFYkTZAaxD1Oc8Byf6IWi0mVVRQGepy6
mhxkXEpD0Cd17rNBmnRsj+ts9gERE8+3rknnF42fhpPptZoL0z+o/4UmUhlU58/p
FzpvqNbO6y2N7dYpSnYyMRCmhkZkba6TVrIKhsyAABGrd6EUsaCG0uw3TvpmHCnS
1x55b4Ix0Q9J1yUYApyZshb7hx9N9greFp+TQETfj8MJWGLqF0N2xWAjwKAu4P3G
ZQI=
-----END CERTIFICATE-----