Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/hQt7MbWrlCbyLRTUqkR73w1UYrY.roa
File:                     hQt7MbWrlCbyLRTUqkR73w1UYrY.roa (raw, json)
Hash identifier:          RsyE+dHZ0sX/pGe6sONCTutRkQpOMfRkxhnpzxfaAXs=
Subject key identifier:   85:0B:7B:31:B5:AB:94:26:F2:2D:14:D4:AA:44:7B:DF:0D:54:62:B6
Certificate issuer:       /CN=c9ed64c93ddfdf2f49b7ea1c23eaad0870249a33
Certificate serial:       018CC86EF7F36574EE99262BACCC2AC0E6F4
Authority key identifier: C9:ED:64:C9:3D:DF:DF:2F:49:B7:EA:1C:23:EA:AD:08:70:24:9A:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/hQt7MbWrlCbyLRTUqkR73w1UYrY.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        213.174.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f7:f3:65:74:ee:99:26:2b:ac:cc:2a:c0:e6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9ed64c93ddfdf2f49b7ea1c23eaad0870249a33
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=850b7b31b5ab9426f22d14d4aa447bdf0d5462b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:69:73:9c:3a:03:1f:9e:31:ee:a9:38:fc:3e:
                    7f:0f:ef:60:09:5a:b6:33:0d:23:c8:49:7a:5b:4b:
                    20:cf:36:c0:81:d3:58:3d:74:eb:9e:8e:5b:09:f2:
                    38:35:2e:d7:00:28:56:2d:ac:41:b7:14:13:07:fe:
                    14:87:be:0b:2e:70:cf:61:51:d2:a8:dd:ad:10:1a:
                    38:d3:07:23:83:b3:24:57:e9:89:08:79:d1:c5:9e:
                    07:58:2b:b6:eb:cf:b7:00:4c:d6:c1:1c:c8:af:14:
                    0c:c0:41:0f:ca:08:de:92:a4:ed:aa:b7:08:5c:1d:
                    55:49:88:04:c5:f1:13:96:da:6e:b4:8a:2f:a1:bf:
                    59:ce:5a:6a:fb:1f:5e:29:fc:9a:49:86:87:c5:a6:
                    5b:81:8b:c3:4b:30:a7:e3:24:4a:e1:59:f8:be:69:
                    fb:ff:59:e3:6e:57:e7:fc:9b:b8:cd:1c:9c:8a:62:
                    57:f5:36:34:20:a3:84:31:c4:ec:c0:b6:cc:a2:42:
                    e6:a0:d1:de:64:27:37:70:c7:d2:cd:d1:30:3a:e5:
                    fc:cb:da:98:56:f9:f5:eb:c2:09:9b:29:45:b7:03:
                    ab:03:b1:8a:a8:c5:df:91:c9:7a:e5:49:e2:52:7c:
                    7c:d2:83:8e:7e:3d:75:52:8b:ce:ab:1d:38:10:b7:
                    48:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:0B:7B:31:B5:AB:94:26:F2:2D:14:D4:AA:44:7B:DF:0D:54:62:B6
            X509v3 Authority Key Identifier:
                keyid:C9:ED:64:C9:3D:DF:DF:2F:49:B7:EA:1C:23:EA:AD:08:70:24:9A:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/hQt7MbWrlCbyLRTUqkR73w1UYrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2a2ab2-3098-4a0f-809c-35ed5b53da05/1/ye1kyT3f3y9Jt-ocI-qtCHAkmjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.174.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f9:e0:66:1b:34:6a:7c:fe:8c:a9:0f:ab:a7:3d:42:ea:16:
         94:14:6d:bf:16:5f:b9:14:79:da:ed:50:1d:57:bf:1a:6d:4a:
         cf:87:69:7c:82:15:02:68:de:80:c7:2f:fd:5d:b2:7b:de:5d:
         96:cf:b4:d3:51:3b:bb:97:99:11:10:fd:90:7e:c4:0b:e5:59:
         5e:69:c1:5b:58:ca:11:47:c5:e8:58:d5:fb:f6:7e:eb:a5:50:
         77:c5:33:98:45:2a:f0:6b:aa:9b:fa:3b:e1:d1:ba:42:48:70:
         17:45:27:ac:66:f6:a7:14:bb:5a:62:c1:4e:4d:79:66:b8:f3:
         fb:55:82:86:ca:45:c2:11:b2:9d:8e:7c:72:4f:c5:5b:2a:52:
         a5:1f:84:bf:be:32:49:54:bb:d4:c5:06:2f:68:49:d3:78:a8:
         76:5f:0b:d5:4c:9f:ca:9f:aa:02:5d:b2:a2:1a:fc:05:4a:bb:
         56:f2:36:87:3e:74:0b:c8:79:d1:d0:bf:d2:75:8d:94:cb:ff:
         7d:8c:56:98:19:17:7f:e2:d1:61:5c:4f:6c:60:11:34:52:14:
         d9:69:28:a9:48:d7:17:10:bc:79:ed:d2:e8:a6:33:d5:99:bd:
         1d:db:13:41:d9:75:2d:5e:4f:e0:45:a8:03:51:83:0f:a3:88:
         62:46:20:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvfzZXTumSYrrMwqwOb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZWQ2NGM5M2RkZmRmMmY0OWI3ZWExYzIzZWFhZDA4NzAy
NDlhMzMwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTBiN2IzMWI1YWI5NDI2ZjIyZDE0ZDRhYTQ0N2JkZjBkNTQ2MmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhWlznDoDH54x7qk4/D5/D+9gCVq2
Mw0jyEl6W0sgzzbAgdNYPXTrno5bCfI4NS7XAChWLaxBtxQTB/4Uh74LLnDPYVHS
qN2tEBo40wcjg7MkV+mJCHnRxZ4HWCu268+3AEzWwRzIrxQMwEEPygjekqTtqrcI
XB1VSYgExfETltputIovob9Zzlpq+x9eKfyaSYaHxaZbgYvDSzCn4yRK4Vn4vmn7
/1njblfn/Ju4zRycimJX9TY0IKOEMcTswLbMokLmoNHeZCc3cMfSzdEwOuX8y9qY
Vvn168IJmylFtwOrA7GKqMXfkcl65UniUnx80oOOfj11UovOqx04ELdISwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIULezG1q5Qm8i0U1KpEe98NVGK2MB8GA1UdIwQY
MBaAFMntZMk9398vSbfqHCPqrQhwJJozMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWUxa3lUM2YzeTlKdC1vY0ktcXRDSEFrbWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8yYTJhYjItMzA5OC00YTBmLTgwOWMt
MzVlZDViNTNkYTA1LzEvaFF0N01iV3JsQ2J5TFJUVXFrUjczdzFVWXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8yYTJhYjItMzA5OC00YTBmLTgwOWMtMzVlZDViNTNkYTA1
LzEveWUxa3lUM2YzeTlKdC1vY0ktcXRDSEFrbWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a5/MA0G
CSqGSIb3DQEBCwUAA4IBAQAK+eBmGzRqfP6MqQ+rpz1C6haUFG2/Fl+5FHna7VAd
V78abUrPh2l8ghUCaN6Axy/9XbJ73l2Wz7TTUTu7l5kREP2QfsQL5VleacFbWMoR
R8XoWNX79n7rpVB3xTOYRSrwa6qb+jvh0bpCSHAXRSesZvanFLtaYsFOTXlmuPP7
VYKGykXCEbKdjnxyT8VbKlKlH4S/vjJJVLvUxQYvaEnTeKh2XwvVTJ/Kn6oCXbKi
GvwFSrtW8jaHPnQLyHnR0L/SdY2Uy/99jFaYGRd/4tFhXE9sYBE0UhTZaSipSNcX
ELx57dLopjPVmb0d2xNB2XUtXk/gRagDUYMPo4hiRiDf
-----END CERTIFICATE-----