Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f58e8a-6227-4d07-ac59-76ed5cb0e022/1/HFx3BVheY5KAbgT-VYjrWHouShU.roa
File:                     HFx3BVheY5KAbgT-VYjrWHouShU.roa (raw, json)
Hash identifier:          n4HCkiqfqkznmvHPtZFz54SiZvvnACYPjgdL0XdrwQ4=
Subject key identifier:   1C:5C:77:05:58:5E:63:92:80:6E:04:FE:55:88:EB:58:7A:2E:4A:15
Certificate issuer:       /CN=5e231df87bdfe227a7e5e419340370bab301e279
Certificate serial:       018CC5DD1E8FD39ADFEA82F8F7038048EB08
Authority key identifier: 5E:23:1D:F8:7B:DF:E2:27:A7:E5:E4:19:34:03:70:BA:B3:01:E2:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiMd-Hvf4ien5eQZNANwurMB4nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f58e8a-6227-4d07-ac59-76ed5cb0e022/1/HFx3BVheY5KAbgT-VYjrWHouShU.roa
Signing time:             Mon 01 Jan 2024 16:30:52 +0000
ROA not before:           Mon 01 Jan 2024 16:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        5.23.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f58e8a-6227-4d07-ac59-76ed5cb0e022/1/XiMd-Hvf4ien5eQZNANwurMB4nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f58e8a-6227-4d07-ac59-76ed5cb0e022/1/XiMd-Hvf4ien5eQZNANwurMB4nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiMd-Hvf4ien5eQZNANwurMB4nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:1e:8f:d3:9a:df:ea:82:f8:f7:03:80:48:eb:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e231df87bdfe227a7e5e419340370bab301e279
        Validity
            Not Before: Jan  1 16:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c5c7705585e6392806e04fe5588eb587a2e4a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:08:7e:c1:b6:3c:05:18:1e:1e:33:1c:d4:7f:
                    fd:4b:90:c0:ae:bb:19:fb:61:8d:84:cf:de:e1:2b:
                    9e:ed:76:04:0e:23:b5:73:3d:a3:71:d0:90:a0:21:
                    79:6f:58:c1:2f:75:30:61:48:14:f8:05:35:d1:6f:
                    68:89:5e:1b:bc:6e:10:5d:13:91:6d:a0:a8:47:11:
                    df:c0:93:f5:d8:b5:91:24:58:9c:08:8e:86:ee:fd:
                    db:82:5f:0a:17:cf:27:f7:0f:51:88:bd:b1:d4:0c:
                    a2:7f:04:26:d6:a4:2d:1a:5e:a7:82:ce:f1:4d:30:
                    a3:dc:3b:33:f5:3d:88:40:ba:33:0f:26:78:ee:95:
                    43:f5:bf:48:49:24:93:e4:f2:f2:31:18:f5:12:e5:
                    9a:35:6e:fd:55:db:fd:39:ba:75:cb:4b:40:b6:77:
                    1d:b8:c6:55:53:96:65:05:26:d2:1f:66:10:ad:a7:
                    7f:9b:4a:1b:94:7a:13:fe:7b:73:b3:4b:5d:bd:db:
                    7b:a9:9e:1b:73:62:f0:a1:94:bc:2e:0d:f5:b9:ac:
                    f9:10:83:5d:d9:21:d6:47:80:26:8d:7a:d2:ac:8b:
                    5f:db:b9:4c:62:1e:3f:8e:b3:94:5c:51:b1:4f:6a:
                    52:28:a4:d8:90:f3:04:4e:dd:a0:a2:b4:e6:a1:f3:
                    1e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:5C:77:05:58:5E:63:92:80:6E:04:FE:55:88:EB:58:7A:2E:4A:15
            X509v3 Authority Key Identifier:
                keyid:5E:23:1D:F8:7B:DF:E2:27:A7:E5:E4:19:34:03:70:BA:B3:01:E2:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiMd-Hvf4ien5eQZNANwurMB4nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f58e8a-6227-4d07-ac59-76ed5cb0e022/1/HFx3BVheY5KAbgT-VYjrWHouShU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f58e8a-6227-4d07-ac59-76ed5cb0e022/1/XiMd-Hvf4ien5eQZNANwurMB4nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.23.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:af:51:f6:76:7d:b5:e7:88:1b:59:26:23:f7:f0:39:10:b8:
         23:a8:04:62:1b:fd:a5:cf:82:c0:97:38:3d:a0:6c:08:ab:cc:
         8f:5e:d4:1e:d7:75:e0:09:24:3e:ae:c0:df:40:25:ee:96:07:
         cb:30:33:07:66:f9:59:8b:eb:8b:3e:77:0d:52:cf:65:99:69:
         c4:01:fa:2a:b1:ff:04:24:43:aa:f6:3d:0d:cf:31:95:d8:88:
         7f:4e:7f:63:fe:1c:95:ec:35:65:54:7d:e9:89:ca:61:64:2a:
         5f:a9:e6:a7:d0:de:4d:01:02:f9:0e:94:ed:2b:8d:86:83:7b:
         80:b7:5b:a6:9e:16:1d:0e:09:ac:6e:dd:35:39:4b:15:fa:0d:
         1c:b2:cc:ff:28:de:52:d6:bf:ef:89:35:b0:c0:fa:7e:46:9f:
         67:e1:1f:1c:c7:43:8c:69:0d:30:d0:2a:23:c2:bf:f8:9e:76:
         0f:48:b3:ab:47:b1:79:da:63:c4:0e:6c:8a:5e:03:35:cb:1b:
         48:4d:ac:d4:1b:7f:c1:c4:a1:d5:51:1c:d5:36:7d:38:43:cd:
         ef:d0:64:d3:7b:d9:40:04:f6:3e:cd:1c:91:e1:57:95:e4:12:
         2a:d9:4f:50:66:b2:a9:77:bd:de:25:3d:d1:96:86:33:06:3c:
         e1:48:4b:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3R6P05rf6oL49wOASOsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjMxZGY4N2JkZmUyMjdhN2U1ZTQxOTM0MDM3MGJhYjMw
MWUyNzkwHhcNMjQwMTAxMTYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzVjNzcwNTU4NWU2MzkyODA2ZTA0ZmU1NTg4ZWI1ODdhMmU0YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAh+wbY8BRgeHjMc1H/9S5DArrsZ
+2GNhM/e4Sue7XYEDiO1cz2jcdCQoCF5b1jBL3UwYUgU+AU10W9oiV4bvG4QXROR
baCoRxHfwJP12LWRJFicCI6G7v3bgl8KF88n9w9RiL2x1AyifwQm1qQtGl6ngs7x
TTCj3Dsz9T2IQLozDyZ47pVD9b9ISSST5PLyMRj1EuWaNW79Vdv9Obp1y0tAtncd
uMZVU5ZlBSbSH2YQrad/m0oblHoT/ntzs0tdvdt7qZ4bc2LwoZS8Lg31uaz5EINd
2SHWR4AmjXrSrItf27lMYh4/jrOUXFGxT2pSKKTYkPMETt2gorTmofMeLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxcdwVYXmOSgG4E/lWI61h6LkoVMB8GA1UdIwQY
MBaAFF4jHfh73+Inp+XkGTQDcLqzAeJ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlNZC1IdmY0aWVuNWVRWk5BTnd1ck1CNG5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mNThlOGEtNjIyNy00ZDA3LWFjNTkt
NzZlZDVjYjBlMDIyLzEvSEZ4M0JWaGVZNUtBYmdULVZZanJXSG91U2hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mNThlOGEtNjIyNy00ZDA3LWFjNTktNzZlZDVjYjBlMDIy
LzEvWGlNZC1IdmY0aWVuNWVRWk5BTnd1ck1CNG5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABRciMA0G
CSqGSIb3DQEBCwUAA4IBAQASr1H2dn2154gbWSYj9/A5ELgjqARiG/2lz4LAlzg9
oGwIq8yPXtQe13XgCSQ+rsDfQCXulgfLMDMHZvlZi+uLPncNUs9lmWnEAfoqsf8E
JEOq9j0NzzGV2Ih/Tn9j/hyV7DVlVH3picphZCpfqean0N5NAQL5DpTtK42Gg3uA
t1umnhYdDgmsbt01OUsV+g0cssz/KN5S1r/viTWwwPp+Rp9n4R8cx0OMaQ0w0Coj
wr/4nnYPSLOrR7F52mPEDmyKXgM1yxtITazUG3/BxKHVURzVNn04Q83v0GTTe9lA
BPY+zRyR4VeV5BIq2U9QZrKpd73eJT3RloYzBjzhSEtC
-----END CERTIFICATE-----