Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/HSF7pY3557mPnbE3ewSoCLAPoAg.roa
File:                     HSF7pY3557mPnbE3ewSoCLAPoAg.roa (raw, json)
Hash identifier:          gIQfdh0iNQqKvmVZAtgu3FJQDbrNSggMG63FMaheLc8=
Subject key identifier:   1D:21:7B:A5:8D:F9:E7:B9:8F:9D:B1:37:7B:04:A8:08:B0:0F:A0:08
Certificate issuer:       /CN=9256ebf66b80f08135858d144ced6f785834f5f4
Certificate serial:       018CC9BC56DE659BC39F7BAC5E21AD34A5BE
Authority key identifier: 92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/HSF7pY3557mPnbE3ewSoCLAPoAg.roa
Signing time:             Tue 02 Jan 2024 10:33:32 +0000
ROA not before:           Tue 02 Jan 2024 10:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44926
IP address blocks:        185.168.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:56:de:65:9b:c3:9f:7b:ac:5e:21:ad:34:a5:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256ebf66b80f08135858d144ced6f785834f5f4
        Validity
            Not Before: Jan  2 10:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d217ba58df9e7b98f9db1377b04a808b00fa008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5c:3a:da:5a:e2:e5:b6:24:94:d6:27:c6:78:
                    2d:1e:fe:2c:eb:4b:36:46:fa:a7:00:b6:e0:5f:ee:
                    b2:2e:1d:9c:e0:2c:8f:f3:29:64:b2:21:41:7f:cd:
                    0a:04:84:63:40:24:c7:08:9c:8b:5c:92:80:d6:99:
                    cf:3d:9f:31:38:bf:ba:11:fe:4f:aa:44:8c:52:45:
                    09:a2:ca:cf:f0:05:49:c3:06:f7:11:94:12:77:62:
                    8a:2a:72:4f:14:6d:83:93:39:54:14:c0:d8:ac:93:
                    d0:68:57:ef:48:f9:ee:c2:e7:5f:98:e0:8d:52:18:
                    07:de:fa:89:e4:c8:d4:15:d4:bd:20:b1:07:bb:a1:
                    bf:f6:25:b0:7b:23:e5:b2:6b:3e:fa:35:cc:fc:57:
                    9d:1d:7f:88:44:a0:45:44:98:f9:5a:6c:9d:c4:d3:
                    09:16:55:9e:7b:80:5e:bf:c0:e5:a4:d6:d9:1f:ba:
                    6c:9e:5c:e2:d9:3a:41:5f:74:74:c3:7b:d2:c5:af:
                    58:bc:8d:6d:60:fb:05:dd:12:f4:d9:0e:a4:38:57:
                    25:8b:db:c3:ba:6a:95:09:37:be:f6:d6:55:0f:ba:
                    f1:ec:c7:d3:7e:a4:2f:59:4c:54:c1:ee:98:e0:cf:
                    9a:38:8e:69:e6:cf:f4:c7:8a:49:b3:85:14:d5:8b:
                    2b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:21:7B:A5:8D:F9:E7:B9:8F:9D:B1:37:7B:04:A8:08:B0:0F:A0:08
            X509v3 Authority Key Identifier:
                keyid:92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/HSF7pY3557mPnbE3ewSoCLAPoAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:04:64:dc:71:ce:6a:e4:88:e3:56:eb:d3:0c:ae:05:61:03:
         5b:a9:6d:d9:46:d5:14:b7:a0:f6:87:1d:48:62:30:e4:78:66:
         73:b7:08:34:c0:1c:2e:b6:d8:6a:0a:98:fa:a7:bf:13:6f:bb:
         8b:46:ec:b9:40:2b:ca:14:88:fd:da:36:e2:18:9e:72:8c:9c:
         a5:1d:e6:91:7d:12:68:87:1f:73:69:92:bb:f6:e5:e3:b8:da:
         e7:2c:7d:7b:0c:2d:b8:69:d5:35:bd:88:51:2e:65:75:e3:0b:
         39:44:cd:be:cb:6d:62:21:42:76:87:2d:03:22:da:54:17:89:
         14:4a:a7:48:64:12:87:06:87:c3:25:c1:16:0f:43:de:f7:97:
         91:38:90:07:32:ca:a6:38:12:c4:3e:b2:27:9b:53:57:fb:da:
         65:ff:54:ef:fc:c9:7f:71:d7:78:f2:52:c3:79:3f:8c:cd:d3:
         41:c1:ff:13:11:21:6a:4b:dd:d2:d5:d9:9e:ea:36:04:3e:88:
         88:c9:04:ff:3f:bd:ba:ae:8e:53:7a:2e:12:c0:d2:db:7e:d2:
         06:94:be:f3:0d:44:c9:e5:c0:aa:31:ea:b7:ef:1e:6b:03:7e:
         48:64:41:7e:1d:eb:b5:db:d0:0f:73:12:bb:ab:22:72:dc:49:
         28:29:96:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFbeZZvDn3usXiGtNKW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTZlYmY2NmI4MGYwODEzNTg1OGQxNDRjZWQ2Zjc4NTgz
NGY1ZjQwHhcNMjQwMTAyMTAzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDIxN2JhNThkZjllN2I5OGY5ZGIxMzc3YjA0YTgwOGIwMGZhMDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1w62lri5bYklNYnxngtHv4s60s2
RvqnALbgX+6yLh2c4CyP8ylksiFBf80KBIRjQCTHCJyLXJKA1pnPPZ8xOL+6Ef5P
qkSMUkUJosrP8AVJwwb3EZQSd2KKKnJPFG2DkzlUFMDYrJPQaFfvSPnuwudfmOCN
UhgH3vqJ5MjUFdS9ILEHu6G/9iWweyPlsms++jXM/FedHX+IRKBFRJj5WmydxNMJ
FlWee4Bev8DlpNbZH7psnlzi2TpBX3R0w3vSxa9YvI1tYPsF3RL02Q6kOFcli9vD
umqVCTe+9tZVD7rx7MfTfqQvWUxUwe6Y4M+aOI5p5s/0x4pJs4UU1Ysr0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB0he6WN+ee5j52xN3sEqAiwD6AIMB8GA1UdIwQY
MBaAFJJW6/ZrgPCBNYWNFEztb3hYNPX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2Ut
NWRhOGQ2NzdkODQ3LzEvSFNGN3BZMzU1N21QbmJFM2V3U29DTEFQb0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2UtNWRhOGQ2NzdkODQ3
LzEva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaihMA0G
CSqGSIb3DQEBCwUAA4IBAQBJBGTccc5q5IjjVuvTDK4FYQNbqW3ZRtUUt6D2hx1I
YjDkeGZztwg0wBwutthqCpj6p78Tb7uLRuy5QCvKFIj92jbiGJ5yjJylHeaRfRJo
hx9zaZK79uXjuNrnLH17DC24adU1vYhRLmV14ws5RM2+y21iIUJ2hy0DItpUF4kU
SqdIZBKHBofDJcEWD0Pe95eROJAHMsqmOBLEPrInm1NX+9pl/1Tv/Ml/cdd48lLD
eT+MzdNBwf8TESFqS93S1dme6jYEPoiIyQT/P726ro5Tei4SwNLbftIGlL7zDUTJ
5cCqMeq37x5rA35IZEF+Heu129APcxK7qyJy3EkoKZYC
-----END CERTIFICATE-----