Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/hMyKaVG-TDf4FMWcIfThoDbV7Rw.roa
File:                     hMyKaVG-TDf4FMWcIfThoDbV7Rw.roa (raw, json)
Hash identifier:          xyEeJn2lT6OmIJAZXKatBQjULuoZUolndcxWlHZBuJg=
Subject key identifier:   84:CC:8A:69:51:BE:4C:37:F8:14:C5:9C:21:F4:E1:A0:36:D5:ED:1C
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       018EF8515EF8CD5FA50F2E894197F4C461CD
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/hMyKaVG-TDf4FMWcIfThoDbV7Rw.roa
Signing time:             Fri 19 Apr 2024 21:44:26 +0000
ROA not before:           Fri 19 Apr 2024 21:44:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14315
IP address blocks:        193.43.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f8:51:5e:f8:cd:5f:a5:0f:2e:89:41:97:f4:c4:61:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Apr 19 21:44:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84cc8a6951be4c37f814c59c21f4e1a036d5ed1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b8:68:1f:99:84:6c:0e:bd:49:77:e8:bb:58:
                    01:7a:84:fc:67:6b:e0:3e:41:92:b6:a7:72:15:36:
                    7d:13:ef:23:2c:69:0a:46:b3:ab:a9:b6:c3:cb:05:
                    d8:05:19:62:6e:4e:21:9f:04:c6:b3:da:10:20:a1:
                    19:38:0f:6c:5e:ee:75:03:92:d6:ae:64:d9:c8:9c:
                    1b:46:91:c5:09:73:bb:9f:67:74:c5:04:5c:10:48:
                    9c:9a:05:d2:86:9f:e3:46:7a:81:66:5e:b8:c6:42:
                    77:33:b2:a1:37:91:9c:cc:d1:70:41:e0:36:9a:6e:
                    64:7b:0b:94:5f:af:18:4d:c5:2a:1e:41:b0:60:f5:
                    ca:97:29:85:3a:af:2a:db:14:42:cd:d5:f9:19:42:
                    dc:00:97:24:37:30:3e:1a:10:4a:15:56:09:94:e0:
                    41:00:3d:49:ab:da:a3:ae:6f:86:73:17:52:8a:cc:
                    37:06:11:e0:41:b1:bb:be:61:97:7f:1b:2b:92:26:
                    e3:50:97:37:93:8f:17:57:dc:d1:7a:4e:90:7c:97:
                    87:07:c4:12:e3:d8:5e:b9:70:de:9e:a6:ee:46:f2:
                    6f:31:ea:45:69:0c:e8:45:c5:f1:f3:b5:b7:cd:2d:
                    4c:52:36:c5:76:23:7b:e4:bc:ca:f9:9f:04:8a:a0:
                    c5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CC:8A:69:51:BE:4C:37:F8:14:C5:9C:21:F4:E1:A0:36:D5:ED:1C
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/hMyKaVG-TDf4FMWcIfThoDbV7Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:fe:8b:2d:a6:7e:ba:2e:d8:b8:1e:26:86:ea:f8:76:cc:04:
         a1:d4:5d:d2:92:75:13:ff:5c:0e:a5:76:a9:a0:9f:50:cc:c0:
         03:9d:52:25:04:2c:06:a2:85:f2:c6:b5:bb:5e:01:c4:56:cd:
         02:43:aa:1d:67:7b:cc:09:24:87:6b:67:7f:74:76:f0:d5:ad:
         13:b1:07:7c:a4:e0:b6:53:e6:ba:0b:24:93:b9:cd:35:ae:37:
         09:ed:c3:03:bc:d7:68:43:c4:66:34:57:9a:30:f9:9f:59:ac:
         db:45:b0:ff:0a:32:9e:8a:19:25:ab:77:52:b2:a6:34:b0:6a:
         89:99:4b:fa:0d:2c:ad:f4:ca:98:54:b0:a2:6c:4d:65:93:1f:
         15:35:d9:d2:01:f5:23:3f:ee:a6:ac:2c:1a:66:46:16:3c:64:
         86:af:1b:9a:1e:d1:a3:af:ce:b9:51:db:9b:90:dc:56:ac:9b:
         a4:71:f6:29:8b:a2:7f:18:13:05:b3:8f:63:a6:62:0c:b7:98:
         d1:0a:eb:cf:0d:85:e7:52:92:ab:51:63:01:61:26:46:86:86:
         6b:e3:23:a3:21:ba:10:10:cd:61:fa:bf:9f:30:e8:6e:b2:5f:
         77:e5:30:9e:11:14:5c:58:b0:ac:69:6b:e4:84:8e:0c:1f:e9:
         17:4b:ad:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY74UV74zV+lDy6JQZf0xGHNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjQwNDE5MjE0NDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGNjOGE2OTUxYmU0YzM3ZjgxNGM1OWMyMWY0ZTFhMDM2ZDVlZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrhoH5mEbA69SXfou1gBeoT8Z2vg
PkGStqdyFTZ9E+8jLGkKRrOrqbbDywXYBRlibk4hnwTGs9oQIKEZOA9sXu51A5LW
rmTZyJwbRpHFCXO7n2d0xQRcEEicmgXShp/jRnqBZl64xkJ3M7KhN5GczNFwQeA2
mm5kewuUX68YTcUqHkGwYPXKlymFOq8q2xRCzdX5GULcAJckNzA+GhBKFVYJlOBB
AD1Jq9qjrm+GcxdSisw3BhHgQbG7vmGXfxsrkibjUJc3k48XV9zRek6QfJeHB8QS
49heuXDenqbuRvJvMepFaQzoRcXx87W3zS1MUjbFdiN75LzK+Z8EiqDFdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITMimlRvkw3+BTFnCH04aA21e0cMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvaE15S2FWRy1URGY0Rk1XY0lmVGhvRGJWN1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSuKMA0G
CSqGSIb3DQEBCwUAA4IBAQAd/ostpn66Lti4HiaG6vh2zASh1F3SknUT/1wOpXap
oJ9QzMADnVIlBCwGooXyxrW7XgHEVs0CQ6odZ3vMCSSHa2d/dHbw1a0TsQd8pOC2
U+a6CySTuc01rjcJ7cMDvNdoQ8RmNFeaMPmfWazbRbD/CjKeihklq3dSsqY0sGqJ
mUv6DSyt9MqYVLCibE1lkx8VNdnSAfUjP+6mrCwaZkYWPGSGrxuaHtGjr865Udub
kNxWrJukcfYpi6J/GBMFs49jpmIMt5jRCuvPDYXnUpKrUWMBYSZGhoZr4yOjIboQ
EM1h+r+fMOhusl935TCeERRcWLCsaWvkhI4MH+kXS60t
-----END CERTIFICATE-----