Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/12bef0-7561-437b-9490-96531d16331b/1/HTXNKA1ttU2ViXz91PYv2aj9ReE.roa
File:                     HTXNKA1ttU2ViXz91PYv2aj9ReE.roa (raw, json)
Hash identifier:          y7iU++jUcerQ8g8rmPl9DO/guPcP7x3y+XlePyJmioM=
Subject key identifier:   1D:35:CD:28:0D:6D:B5:4D:95:89:7C:FD:D4:F6:2F:D9:A8:FD:45:E1
Certificate issuer:       /CN=83d36ecbaf55e464e00b3987da5264b6af2dcf88
Certificate serial:       018CC4250E519E986A45DA85B99469766B36
Authority key identifier: 83:D3:6E:CB:AF:55:E4:64:E0:0B:39:87:DA:52:64:B6:AF:2D:CF:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g9Nuy69V5GTgCzmH2lJktq8tz4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/12bef0-7561-437b-9490-96531d16331b/1/HTXNKA1ttU2ViXz91PYv2aj9ReE.roa
Signing time:             Mon 01 Jan 2024 08:30:11 +0000
ROA not before:           Mon 01 Jan 2024 08:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205065
IP address blocks:        130.193.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/12bef0-7561-437b-9490-96531d16331b/1/g9Nuy69V5GTgCzmH2lJktq8tz4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/12bef0-7561-437b-9490-96531d16331b/1/g9Nuy69V5GTgCzmH2lJktq8tz4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g9Nuy69V5GTgCzmH2lJktq8tz4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0e:51:9e:98:6a:45:da:85:b9:94:69:76:6b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83d36ecbaf55e464e00b3987da5264b6af2dcf88
        Validity
            Not Before: Jan  1 08:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d35cd280d6db54d95897cfdd4f62fd9a8fd45e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:70:8e:41:6c:db:82:5e:ed:4f:4e:dd:58:bb:
                    ca:c7:d7:e3:44:56:a7:5e:c7:9e:62:47:8d:49:f7:
                    ee:b7:72:3c:3b:06:b3:cc:40:3b:19:40:23:04:78:
                    ae:54:03:38:e3:c5:e6:9c:7a:10:2f:6f:35:ff:09:
                    26:6d:ce:42:bf:2e:3e:62:02:a5:59:84:cf:65:eb:
                    23:fb:7e:46:e1:ea:80:a5:26:3f:17:03:b7:0d:4e:
                    9e:3a:6c:ee:76:7d:8c:c0:8d:71:29:f3:bf:80:f1:
                    6d:96:dd:b2:ee:1d:e7:da:0f:31:1a:00:3c:0f:82:
                    0d:9c:14:8f:46:9b:52:25:11:5f:41:bc:2b:55:bc:
                    e3:57:dd:08:d8:1f:c2:e1:b0:a2:fd:02:7d:b7:01:
                    1c:fc:18:9b:48:16:24:ae:c6:35:78:67:98:07:ed:
                    03:b0:5f:b2:e9:b0:e2:d6:32:4e:b2:07:29:67:78:
                    7c:1f:d2:56:f3:fc:6e:0c:d7:1c:87:e8:98:05:1c:
                    8b:93:cd:a9:23:10:2c:44:1b:a3:8f:b6:7f:61:a8:
                    f8:ec:28:f4:dc:a5:45:84:d3:18:b7:df:25:68:80:
                    8c:4e:f0:7f:f6:3d:35:51:8c:31:7e:d8:a9:53:48:
                    6f:4d:2a:aa:6d:1f:18:8c:88:d5:f2:4e:05:6e:98:
                    2c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:35:CD:28:0D:6D:B5:4D:95:89:7C:FD:D4:F6:2F:D9:A8:FD:45:E1
            X509v3 Authority Key Identifier:
                keyid:83:D3:6E:CB:AF:55:E4:64:E0:0B:39:87:DA:52:64:B6:AF:2D:CF:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g9Nuy69V5GTgCzmH2lJktq8tz4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/12bef0-7561-437b-9490-96531d16331b/1/HTXNKA1ttU2ViXz91PYv2aj9ReE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/12bef0-7561-437b-9490-96531d16331b/1/g9Nuy69V5GTgCzmH2lJktq8tz4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:32:f7:37:79:c5:dd:4c:8d:b6:d6:e4:ab:49:fc:ff:aa:a5:
         8a:13:19:7e:c4:5f:96:b4:b6:37:b0:a2:29:6e:49:30:4d:5c:
         71:e9:9e:91:b9:64:b1:e9:42:f4:90:9e:93:78:b9:dd:72:fb:
         73:51:8c:62:2c:c1:c5:84:77:d6:81:79:49:59:f1:f2:df:ee:
         95:4b:15:b2:8b:f0:25:ba:79:ad:9d:c2:8a:09:04:1d:8d:60:
         0a:41:bf:6c:dc:39:fa:5f:ba:b2:1d:5d:ed:f0:4f:8b:f3:02:
         50:55:55:22:c3:cf:28:31:64:8f:1b:25:8a:05:26:ae:9e:94:
         c3:a2:0d:4a:89:ac:96:65:fb:d2:a5:a6:77:be:28:87:b3:f3:
         74:30:30:3a:8f:2f:fa:e7:52:92:8f:53:99:a8:3e:ed:54:f3:
         58:04:fa:81:8e:92:43:ca:2b:ed:cb:96:f0:b4:07:65:41:b7:
         e7:04:54:55:a5:f5:31:47:e6:a0:ba:71:e4:c7:0d:61:36:9a:
         14:74:6f:22:c0:c6:ad:e0:96:44:a1:bb:d2:87:e6:52:e9:b9:
         f1:41:14:a6:82:be:bf:cc:3d:0a:1c:63:02:d9:5a:0a:65:54:
         55:86:bc:d6:0b:d0:74:14:5f:7f:6c:15:69:80:db:e0:23:c3:
         03:63:fc:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQ5RnphqRdqFuZRpdms2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZDM2ZWNiYWY1NWU0NjRlMDBiMzk4N2RhNTI2NGI2YWYy
ZGNmODgwHhcNMjQwMTAxMDgzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDM1Y2QyODBkNmRiNTRkOTU4OTdjZmRkNGY2MmZkOWE4ZmQ0NWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnCOQWzbgl7tT07dWLvKx9fjRFan
XseeYkeNSffut3I8OwazzEA7GUAjBHiuVAM448XmnHoQL281/wkmbc5Cvy4+YgKl
WYTPZesj+35G4eqApSY/FwO3DU6eOmzudn2MwI1xKfO/gPFtlt2y7h3n2g8xGgA8
D4INnBSPRptSJRFfQbwrVbzjV90I2B/C4bCi/QJ9twEc/BibSBYkrsY1eGeYB+0D
sF+y6bDi1jJOsgcpZ3h8H9JW8/xuDNcch+iYBRyLk82pIxAsRBujj7Z/Yaj47Cj0
3KVFhNMYt98laICMTvB/9j01UYwxftipU0hvTSqqbR8YjIjV8k4FbpgsqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB01zSgNbbVNlYl8/dT2L9mo/UXhMB8GA1UdIwQY
MBaAFIPTbsuvVeRk4As5h9pSZLavLc+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzlOdXk2OVY1R1RnQ3ptSDJsSmt0cTh0ejRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xMmJlZjAtNzU2MS00MzdiLTk0OTAt
OTY1MzFkMTYzMzFiLzEvSFRYTktBMXR0VTJWaVh6OTFQWXYyYWo5UmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xMmJlZjAtNzU2MS00MzdiLTk0OTAtOTY1MzFkMTYzMzFi
LzEvZzlOdXk2OVY1R1RnQ3ptSDJsSmt0cTh0ejRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsFMMA0G
CSqGSIb3DQEBCwUAA4IBAQCeMvc3ecXdTI221uSrSfz/qqWKExl+xF+WtLY3sKIp
bkkwTVxx6Z6RuWSx6UL0kJ6TeLndcvtzUYxiLMHFhHfWgXlJWfHy3+6VSxWyi/Al
unmtncKKCQQdjWAKQb9s3Dn6X7qyHV3t8E+L8wJQVVUiw88oMWSPGyWKBSaunpTD
og1KiayWZfvSpaZ3viiHs/N0MDA6jy/651KSj1OZqD7tVPNYBPqBjpJDyivty5bw
tAdlQbfnBFRVpfUxR+agunHkxw1hNpoUdG8iwMat4JZEobvSh+ZS6bnxQRSmgr6/
zD0KHGMC2VoKZVRVhrzWC9B0FF9/bBVpgNvgI8MDY/x6
-----END CERTIFICATE-----