Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/HQTVgJ_DeBfCvrXveta2KFpapYs.roa
File:                     HQTVgJ_DeBfCvrXveta2KFpapYs.roa (raw, json)
Hash identifier:          JuQtSzD7JsnVPK1gf/t4r1+Wvr4IH556V+Bh/lsKBh8=
Subject key identifier:   1D:04:D5:80:9F:C3:78:17:C2:BE:B5:EF:7A:D6:B6:28:5A:5A:A5:8B
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       018CC7951A9EAB0AFB4F8F7E5881BA8E7865
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/HQTVgJ_DeBfCvrXveta2KFpapYs.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35608
IP address blocks:        192.144.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1a:9e:ab:0a:fb:4f:8f:7e:58:81:ba:8e:78:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d04d5809fc37817c2beb5ef7ad6b6285a5aa58b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:90:af:5e:13:9e:ca:c5:c4:a1:aa:db:b7:ce:
                    e8:1e:b3:5f:83:10:79:53:b3:53:d1:6e:b2:c6:a4:
                    ba:b2:d8:e1:f6:79:e4:0d:72:4b:2e:30:25:33:e6:
                    67:57:0f:15:5f:65:5f:b3:58:5b:b3:ed:47:44:5f:
                    19:0b:b6:69:90:b9:b1:9d:6f:8e:e4:b9:aa:dc:e6:
                    26:9f:98:2b:5a:98:50:32:35:74:06:ba:5e:aa:1c:
                    6f:9f:21:79:f3:31:65:38:1a:99:a0:ae:1e:3c:2f:
                    16:79:c9:25:54:6f:8c:cb:d6:e8:b1:41:58:cd:8d:
                    83:20:7a:48:a3:69:d1:8f:d4:c5:7d:bf:cf:12:91:
                    fe:05:02:66:08:6c:08:4c:02:34:80:62:fb:f0:fd:
                    69:40:ec:b8:a3:2d:ae:f4:88:72:97:0e:9a:93:81:
                    f8:23:93:eb:d5:67:00:a7:3b:b9:f9:59:95:13:87:
                    fb:77:bf:e0:ab:d3:57:e6:d5:3c:af:2e:2a:4a:1e:
                    42:ce:9b:7a:ee:9b:dd:1b:e0:69:03:bc:3b:7e:df:
                    34:37:8c:f3:5c:ae:d3:b6:5a:9a:32:40:48:0d:95:
                    43:ef:fa:09:8e:c8:9b:89:bf:5f:99:ff:d9:3c:9d:
                    e6:cc:16:25:5e:81:5a:9a:66:7d:f9:b6:bb:44:b0:
                    49:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:04:D5:80:9F:C3:78:17:C2:BE:B5:EF:7A:D6:B6:28:5A:5A:A5:8B
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/HQTVgJ_DeBfCvrXveta2KFpapYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.144.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:f1:c8:3c:d6:9e:b2:a4:42:cd:2a:b5:a9:ba:07:77:f0:ae:
         cb:d3:23:b7:59:d8:12:9d:62:51:1d:dd:4a:ca:16:33:af:54:
         b6:fe:91:ab:48:e7:f1:62:b4:32:44:e3:dc:f8:28:fd:ef:fc:
         ca:3d:47:a7:78:d2:44:34:45:3e:4d:e9:18:5e:72:72:3d:56:
         bd:00:f9:fb:f5:24:b8:05:83:1d:1a:2b:69:ff:c3:b4:65:e3:
         e4:11:3f:69:bf:da:67:03:fb:e3:18:3a:b9:e2:b8:49:35:18:
         ea:72:16:16:36:0a:16:48:81:9f:29:ee:bb:53:93:53:9a:29:
         9a:6c:3b:3b:cb:c7:88:30:87:f2:33:c4:91:e8:cd:13:76:0f:
         2e:51:62:a6:ef:3a:46:db:5e:9e:90:e8:a3:ce:eb:53:9e:f4:
         7b:da:9e:bf:f1:63:94:41:e8:42:be:88:4f:ef:4d:bb:1a:91:
         6b:81:10:e8:f0:a2:3c:b8:d4:cc:da:fc:a6:b6:66:41:d4:cf:
         ff:8b:31:6b:c6:29:dc:62:ac:b6:0b:04:20:9b:41:ec:88:ff:
         1f:c0:9f:36:55:2f:69:ba:4e:eb:94:17:df:1e:0e:f9:40:8e:
         ec:f7:15:0e:ea:b2:21:08:9d:62:88:ce:d2:94:47:b7:61:4e:
         dc:4d:5c:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRqeqwr7T49+WIG6jnhlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDA0ZDU4MDlmYzM3ODE3YzJiZWI1ZWY3YWQ2YjYyODVhNWFhNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJCvXhOeysXEoarbt87oHrNfgxB5
U7NT0W6yxqS6stjh9nnkDXJLLjAlM+ZnVw8VX2Vfs1hbs+1HRF8ZC7ZpkLmxnW+O
5Lmq3OYmn5grWphQMjV0BrpeqhxvnyF58zFlOBqZoK4ePC8WecklVG+My9bosUFY
zY2DIHpIo2nRj9TFfb/PEpH+BQJmCGwITAI0gGL78P1pQOy4oy2u9Ihylw6ak4H4
I5Pr1WcApzu5+VmVE4f7d7/gq9NX5tU8ry4qSh5Czpt67pvdG+BpA7w7ft80N4zz
XK7TtlqaMkBIDZVD7/oJjsibib9fmf/ZPJ3mzBYlXoFammZ9+ba7RLBJJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0E1YCfw3gXwr6173rWtihaWqWLMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvSFFUVmdKX0RlQmZDdnJYdmV0YTJLRnBhcFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJARMA0G
CSqGSIb3DQEBCwUAA4IBAQBq8cg81p6ypELNKrWpugd38K7L0yO3WdgSnWJRHd1K
yhYzr1S2/pGrSOfxYrQyROPc+Cj97/zKPUeneNJENEU+TekYXnJyPVa9APn79SS4
BYMdGitp/8O0ZePkET9pv9pnA/vjGDq54rhJNRjqchYWNgoWSIGfKe67U5NTmima
bDs7y8eIMIfyM8SR6M0Tdg8uUWKm7zpG216ekOijzutTnvR72p6/8WOUQehCvohP
7027GpFrgRDo8KI8uNTM2vymtmZB1M//izFrxincYqy2CwQgm0HsiP8fwJ82VS9p
uk7rlBffHg75QI7s9xUO6rIhCJ1iiM7SlEe3YU7cTVwt
-----END CERTIFICATE-----