Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/HBfX8IZPrXdxKdAfBod9OVA8CG4.roa
File:                     HBfX8IZPrXdxKdAfBod9OVA8CG4.roa (raw, json)
Hash identifier:          44AVP/G3ttxq8RfSQBQZ3vwsv6qsMHReFqP41F2NZgo=
Subject key identifier:   1C:17:D7:F0:86:4F:AD:77:71:29:D0:1F:06:87:7D:39:50:3C:08:6E
Certificate issuer:       /CN=1904ce28eae682c97acd2d862fee2897c3b096fd
Certificate serial:       018D6C65EFF095B88F785CAD7CF666AF805C
Authority key identifier: 19:04:CE:28:EA:E6:82:C9:7A:CD:2D:86:2F:EE:28:97:C3:B0:96:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/HBfX8IZPrXdxKdAfBod9OVA8CG4.roa
Signing time:             Sat 03 Feb 2024 00:37:16 +0000
ROA not before:           Sat 03 Feb 2024 00:37:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60258
IP address blocks:        185.91.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6c:65:ef:f0:95:b8:8f:78:5c:ad:7c:f6:66:af:80:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1904ce28eae682c97acd2d862fee2897c3b096fd
        Validity
            Not Before: Feb  3 00:37:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c17d7f0864fad777129d01f06877d39503c086e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:bd:8f:2f:86:c0:95:82:a9:4d:57:1f:c3:22:
                    35:4f:a9:1c:a3:0d:03:a1:92:d1:b5:b6:98:a3:f5:
                    78:e7:e8:11:85:aa:d5:12:61:c5:a2:dd:c9:c2:4c:
                    b9:d5:45:a0:c6:7d:38:72:cc:67:e1:f7:ad:3e:e6:
                    37:e1:d1:81:bd:17:55:af:73:24:25:86:91:95:f7:
                    a1:64:6f:1b:c2:21:30:1a:ec:53:c2:4a:5f:18:28:
                    0b:88:40:ef:8a:85:34:78:7c:9d:66:99:c3:ad:65:
                    04:5d:fd:72:53:1c:10:72:97:36:e0:2f:12:c7:98:
                    0c:08:96:48:1b:4a:31:3c:05:1b:6a:59:03:75:c8:
                    9a:69:16:59:a1:5e:98:52:2b:75:1c:96:d0:7f:5f:
                    4e:d7:9f:43:a7:eb:19:f8:2f:38:fa:e8:4b:28:58:
                    0a:ee:6e:ec:1e:17:d2:b3:67:30:22:b7:da:5f:15:
                    35:ed:bd:75:3d:f9:3b:ea:80:04:98:18:a3:99:0a:
                    aa:ee:55:94:a5:d6:c0:15:d1:98:a1:01:69:c0:3e:
                    17:12:7e:46:48:26:02:e5:20:f5:d0:d2:01:4f:36:
                    08:40:0d:75:ae:90:ae:db:7b:99:4b:21:61:4b:2d:
                    9c:14:ee:42:00:9b:15:c1:9a:7a:2a:12:e0:ea:b5:
                    60:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:17:D7:F0:86:4F:AD:77:71:29:D0:1F:06:87:7D:39:50:3C:08:6E
            X509v3 Authority Key Identifier:
                keyid:19:04:CE:28:EA:E6:82:C9:7A:CD:2D:86:2F:EE:28:97:C3:B0:96:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GQTOKOrmgsl6zS2GL-4ol8Owlv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/HBfX8IZPrXdxKdAfBod9OVA8CG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/d048f6-341c-4c64-b3d9-15d5deb228dd/1/GQTOKOrmgsl6zS2GL-4ol8Owlv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:fc:1e:30:41:aa:ba:27:61:b3:29:3a:36:47:ce:e7:dd:da:
         bf:30:c8:14:7e:09:69:73:61:ab:ab:5f:ed:b0:de:8b:3d:34:
         bb:37:a7:a1:5c:88:d2:f7:ed:95:9e:4a:47:e2:b5:70:3b:01:
         04:29:1a:dd:e5:04:6f:35:97:89:19:ea:c4:6e:02:f2:93:80:
         8c:f4:03:00:cf:3e:bf:2e:61:ec:23:ea:6e:51:3e:7c:6d:23:
         6e:26:26:5b:bb:ca:25:01:d7:1a:87:5a:d0:a1:24:8a:7f:cd:
         3f:b5:9b:eb:97:89:3a:6e:61:39:7a:df:eb:c2:54:ac:09:08:
         f5:87:9e:7d:e5:02:96:2e:4e:39:8e:9b:59:b9:29:4f:88:91:
         18:63:05:84:94:aa:a8:ab:33:09:5c:30:d2:d3:c1:01:72:93:
         48:08:60:5b:87:b6:44:07:59:28:d6:de:98:df:61:98:8d:fb:
         fe:ca:4f:6e:9c:15:06:8c:35:17:a4:92:f2:70:24:b6:58:65:
         b6:67:4b:76:23:72:18:67:02:67:44:95:65:3c:4e:50:f0:a1:
         b7:26:4c:19:ed:d1:72:f1:d5:c5:b8:ce:45:5d:c6:f8:c0:9d:
         4f:cb:6d:bb:8f:93:e7:f0:a6:35:63:27:12:88:96:c9:b3:63:
         84:e7:fe:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1sZe/wlbiPeFytfPZmr4BcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MDRjZTI4ZWFlNjgyYzk3YWNkMmQ4NjJmZWUyODk3YzNi
MDk2ZmQwHhcNMjQwMjAzMDAzNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzE3ZDdmMDg2NGZhZDc3NzEyOWQwMWYwNjg3N2QzOTUwM2MwODZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlr2PL4bAlYKpTVcfwyI1T6kcow0D
oZLRtbaYo/V45+gRharVEmHFot3Jwky51UWgxn04csxn4fetPuY34dGBvRdVr3Mk
JYaRlfehZG8bwiEwGuxTwkpfGCgLiEDvioU0eHydZpnDrWUEXf1yUxwQcpc24C8S
x5gMCJZIG0oxPAUbalkDdciaaRZZoV6YUit1HJbQf19O159Dp+sZ+C84+uhLKFgK
7m7sHhfSs2cwIrfaXxU17b11Pfk76oAEmBijmQqq7lWUpdbAFdGYoQFpwD4XEn5G
SCYC5SD10NIBTzYIQA11rpCu23uZSyFhSy2cFO5CAJsVwZp6KhLg6rVg1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwX1/CGT613cSnQHwaHfTlQPAhuMB8GA1UdIwQY
MBaAFBkEzijq5oLJes0thi/uKJfDsJb9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1FUT0tPcm1nc2w2elMyR0wtNG9sOE93bHYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9kMDQ4ZjYtMzQxYy00YzY0LWIzZDkt
MTVkNWRlYjIyOGRkLzEvSEJmWDhJWlByWGR4S2RBZkJvZDlPVkE4Q0c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9kMDQ4ZjYtMzQxYy00YzY0LWIzZDktMTVkNWRlYjIyOGRk
LzEvR1FUT0tPcm1nc2w2elMyR0wtNG9sOE93bHYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVvQMA0G
CSqGSIb3DQEBCwUAA4IBAQA9/B4wQaq6J2GzKTo2R87n3dq/MMgUfglpc2Grq1/t
sN6LPTS7N6ehXIjS9+2VnkpH4rVwOwEEKRrd5QRvNZeJGerEbgLyk4CM9AMAzz6/
LmHsI+puUT58bSNuJiZbu8olAdcah1rQoSSKf80/tZvrl4k6bmE5et/rwlSsCQj1
h5595QKWLk45jptZuSlPiJEYYwWElKqoqzMJXDDS08EBcpNICGBbh7ZEB1ko1t6Y
32GYjfv+yk9unBUGjDUXpJLycCS2WGW2Z0t2I3IYZwJnRJVlPE5Q8KG3JkwZ7dFy
8dXFuM5FXcb4wJ1Py227j5Pn8KY1YycSiJbJs2OE5/7S
-----END CERTIFICATE-----