Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/286086-6787-49b0-a4e0-09d447a45656/1/CrHdYOOAtBBYNy65kLRlVfwRRJ0.roa
File:                     CrHdYOOAtBBYNy65kLRlVfwRRJ0.roa (raw, json)
Hash identifier:          KHuntttauyezNK7JBSSyU/0IyOPcGTzztNHsuxXu2mY=
Subject key identifier:   0A:B1:DD:60:E3:80:B4:10:58:37:2E:B9:90:B4:65:55:FC:11:44:9D
Certificate issuer:       /CN=b73973bc4f57cfefede1ec96160bce6cea42b179
Certificate serial:       018CC5DC1C9F6FC2DB48CFFD32069B8FE152
Authority key identifier: B7:39:73:BC:4F:57:CF:EF:ED:E1:EC:96:16:0B:CE:6C:EA:42:B1:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tzlzvE9Xz-_t4eyWFgvObOpCsXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/286086-6787-49b0-a4e0-09d447a45656/1/CrHdYOOAtBBYNy65kLRlVfwRRJ0.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24904
IP address blocks:        194.110.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/286086-6787-49b0-a4e0-09d447a45656/1/tzlzvE9Xz-_t4eyWFgvObOpCsXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/286086-6787-49b0-a4e0-09d447a45656/1/tzlzvE9Xz-_t4eyWFgvObOpCsXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tzlzvE9Xz-_t4eyWFgvObOpCsXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1c:9f:6f:c2:db:48:cf:fd:32:06:9b:8f:e1:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b73973bc4f57cfefede1ec96160bce6cea42b179
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ab1dd60e380b41058372eb990b46555fc11449d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:74:03:e0:52:9b:45:96:b8:e6:3b:3f:73:ad:
                    51:f6:cd:f9:5e:f3:10:d1:4f:d4:32:cf:39:b0:44:
                    98:80:cf:c3:41:84:67:82:00:ce:8d:40:69:70:45:
                    a6:18:a3:b3:f7:e8:3c:c3:38:dd:7f:81:a8:2e:ce:
                    7e:ec:ca:8b:b4:b0:82:0a:43:1b:9d:c4:37:b7:bf:
                    53:d2:d1:59:52:55:e2:49:7e:a0:7c:41:97:29:f8:
                    17:d0:46:31:6c:eb:49:78:39:34:99:b5:c6:b8:78:
                    99:03:91:75:09:d4:6e:8d:64:1e:96:ef:49:0e:18:
                    f4:93:8f:9b:90:e4:ae:a4:1e:0e:45:7e:12:b2:de:
                    8d:35:dd:30:bc:ef:f7:39:a7:a3:45:71:99:5b:42:
                    5c:1f:e5:06:55:54:cf:96:be:a9:23:a4:e3:19:24:
                    04:a7:b1:2b:78:01:db:d7:0c:13:d5:3a:2e:fb:b9:
                    d7:9e:1b:6b:32:40:95:64:b2:4e:25:86:74:50:0d:
                    2b:46:2c:3b:e5:50:ec:c4:d6:40:df:24:e5:1e:8f:
                    03:5b:c6:a6:a5:ed:de:04:d2:28:b6:7c:96:8f:b9:
                    50:5f:93:58:66:6f:89:58:ae:e5:14:3f:54:ee:01:
                    cd:09:4c:53:f7:6a:29:45:e0:8a:58:a6:c7:31:eb:
                    2e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B1:DD:60:E3:80:B4:10:58:37:2E:B9:90:B4:65:55:FC:11:44:9D
            X509v3 Authority Key Identifier:
                keyid:B7:39:73:BC:4F:57:CF:EF:ED:E1:EC:96:16:0B:CE:6C:EA:42:B1:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tzlzvE9Xz-_t4eyWFgvObOpCsXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/286086-6787-49b0-a4e0-09d447a45656/1/CrHdYOOAtBBYNy65kLRlVfwRRJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/286086-6787-49b0-a4e0-09d447a45656/1/tzlzvE9Xz-_t4eyWFgvObOpCsXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:be:02:58:9c:3f:2f:99:6c:ba:2a:f2:01:bb:87:7b:b6:c0:
         05:b6:6a:a8:80:c8:83:de:49:73:ea:09:fe:e0:80:ce:ab:4d:
         7f:f4:87:a3:42:a9:74:e5:b0:3b:26:bf:26:9e:c0:5e:10:12:
         14:15:04:e9:bb:a2:b3:6d:95:fa:a4:e0:31:fd:8a:a0:6d:21:
         df:96:ef:51:59:5b:51:a2:4b:bf:79:72:ca:62:d6:5a:3f:41:
         f7:cb:c5:d0:43:8a:fb:26:44:d9:4b:03:ff:3e:dc:c8:70:e7:
         2e:8c:31:0b:d2:f0:83:c4:f2:a2:1b:ac:88:24:d2:0c:a0:41:
         7f:13:4c:35:a2:79:ba:d2:0e:52:72:4f:80:6f:ab:de:07:af:
         b9:56:9d:0e:f1:bb:9c:f0:0e:df:31:c7:c7:48:a6:13:57:0f:
         0e:a3:c6:1c:da:3c:ff:a3:4a:1b:56:bd:8b:56:81:2d:3b:32:
         ef:f1:3f:cf:5f:8e:54:f7:a5:60:90:e3:3e:e0:cf:f9:3a:ab:
         0d:89:af:ca:81:82:01:af:4f:6a:49:b2:d4:bb:5b:bd:a9:d6:
         15:4f:26:d9:3e:33:bb:45:72:b9:86:ba:11:64:3d:83:e1:c0:
         6b:90:c4:86:fe:7f:4c:0a:ae:ac:99:05:67:3c:4d:22:27:46:
         2d:a3:69:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Byfb8LbSM/9Mgabj+FSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mzk3M2JjNGY1N2NmZWZlZGUxZWM5NjE2MGJjZTZjZWE0
MmIxNzkwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWIxZGQ2MGUzODBiNDEwNTgzNzJlYjk5MGI0NjU1NWZjMTE0NDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXQD4FKbRZa45js/c61R9s35XvMQ
0U/UMs85sESYgM/DQYRnggDOjUBpcEWmGKOz9+g8wzjdf4GoLs5+7MqLtLCCCkMb
ncQ3t79T0tFZUlXiSX6gfEGXKfgX0EYxbOtJeDk0mbXGuHiZA5F1CdRujWQelu9J
Dhj0k4+bkOSupB4ORX4Sst6NNd0wvO/3OaejRXGZW0JcH+UGVVTPlr6pI6TjGSQE
p7EreAHb1wwT1Tou+7nXnhtrMkCVZLJOJYZ0UA0rRiw75VDsxNZA3yTlHo8DW8am
pe3eBNIotnyWj7lQX5NYZm+JWK7lFD9U7gHNCUxT92opReCKWKbHMesuawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqx3WDjgLQQWDcuuZC0ZVX8EUSdMB8GA1UdIwQY
MBaAFLc5c7xPV8/v7eHslhYLzmzqQrF5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHpsenZFOVh6LV90NGV5V0Zndk9iT3BDc1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yODYwODYtNjc4Ny00OWIwLWE0ZTAt
MDlkNDQ3YTQ1NjU2LzEvQ3JIZFlPT0F0QkJZTnk2NWtMUmxWZndSUkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yODYwODYtNjc4Ny00OWIwLWE0ZTAtMDlkNDQ3YTQ1NjU2
LzEvdHpsenZFOVh6LV90NGV5V0Zndk9iT3BDc1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwm54MA0G
CSqGSIb3DQEBCwUAA4IBAQAGvgJYnD8vmWy6KvIBu4d7tsAFtmqogMiD3klz6gn+
4IDOq01/9IejQql05bA7Jr8mnsBeEBIUFQTpu6KzbZX6pOAx/YqgbSHflu9RWVtR
oku/eXLKYtZaP0H3y8XQQ4r7JkTZSwP/PtzIcOcujDEL0vCDxPKiG6yIJNIMoEF/
E0w1onm60g5Sck+Ab6veB6+5Vp0O8buc8A7fMcfHSKYTVw8Oo8Yc2jz/o0obVr2L
VoEtOzLv8T/PX45U96VgkOM+4M/5OqsNia/KgYIBr09qSbLUu1u9qdYVTybZPjO7
RXK5hroRZD2D4cBrkMSG/n9MCq6smQVnPE0iJ0Yto2ne
-----END CERTIFICATE-----