Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/hpdJaj7vjuTDrvwsRnh2pWCvlUM.roa
File:                     hpdJaj7vjuTDrvwsRnh2pWCvlUM.roa (raw, json)
Hash identifier:          UqCiIGm3lqfZIxlMxJMdZMuIeeF/zyBddNGTAqs0nvo=
Subject key identifier:   86:97:49:6A:3E:EF:8E:E4:C3:AE:FC:2C:46:78:76:A5:60:AF:95:43
Certificate issuer:       /CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
Certificate serial:       018CC94ADEEC039738278346B38673D31DB6
Authority key identifier: 6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/hpdJaj7vjuTDrvwsRnh2pWCvlUM.roa
Signing time:             Tue 02 Jan 2024 08:29:36 +0000
ROA not before:           Tue 02 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212157
IP address blocks:        144.43.240.0/21 maxlen: 24
                          144.43.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:de:ec:03:97:38:27:83:46:b3:86:73:d3:1d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d069e19e12c104004e8b4b75f8a7789b7e11396
        Validity
            Not Before: Jan  2 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8697496a3eef8ee4c3aefc2c467876a560af9543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d9:c2:6b:64:7e:7c:81:45:52:60:e3:3c:64:
                    c3:10:c0:84:c6:2a:3f:8b:13:75:ce:50:ee:c3:9f:
                    52:b0:64:54:88:c3:0b:5c:bf:1a:af:36:2d:fa:95:
                    9b:7b:63:5a:d7:dd:37:2d:4b:a7:a1:51:69:81:ab:
                    c7:00:c2:54:4b:25:bb:85:f4:79:0e:98:62:15:7e:
                    37:dc:45:1c:66:7a:36:63:a6:a8:bc:7c:b6:af:74:
                    cf:87:4b:fc:93:a7:7c:e9:e1:cc:77:5c:f9:14:4b:
                    f1:f4:27:ea:8d:a7:e0:9d:05:c0:03:51:d6:fc:01:
                    d0:c9:04:26:32:bd:1d:50:e9:ec:36:87:60:7f:92:
                    37:97:cd:93:4e:84:e9:98:ed:b7:83:7b:3e:7d:06:
                    1a:61:03:c4:28:d9:b2:94:c7:c4:01:e8:7e:16:82:
                    8f:99:c5:26:b4:be:4e:6b:47:2e:18:78:84:f5:09:
                    86:d3:6c:4c:fd:81:70:4d:7d:5f:8c:98:11:23:3b:
                    25:2f:c6:ce:6a:23:e8:96:61:5e:ef:ee:ce:9e:c3:
                    4b:1f:0c:7f:bc:f3:a6:fa:12:5b:53:60:8c:fd:cc:
                    18:d2:54:3b:bc:45:f2:1a:92:f2:2c:ba:7e:5b:8b:
                    c8:cf:f0:0d:ac:50:ab:cb:1c:a2:9c:4d:2f:a2:83:
                    a4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:97:49:6A:3E:EF:8E:E4:C3:AE:FC:2C:46:78:76:A5:60:AF:95:43
            X509v3 Authority Key Identifier:
                keyid:6D:06:9E:19:E1:2C:10:40:04:E8:B4:B7:5F:8A:77:89:B7:E1:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/hpdJaj7vjuTDrvwsRnh2pWCvlUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/cf64f6-0789-43e3-bd6b-7bff296c6b02/1/bQaeGeEsEEAE6LS3X4p3ibfhE5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.43.240.0/21
                  144.43.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:cd:95:e6:17:b8:99:3b:ca:94:e4:f2:44:ff:c5:4b:8f:f1:
         71:2b:3d:af:f2:dc:84:d8:c4:ff:0f:5d:a7:fb:b3:c4:3e:d2:
         f2:75:6b:39:bb:ac:5a:ba:d2:6a:5e:b4:47:34:d6:88:42:0d:
         6d:7c:34:73:ff:b3:8c:0c:e8:e7:0f:43:1c:ba:31:1c:bf:8b:
         44:66:a9:17:80:2d:2d:03:65:f0:db:cc:ec:12:2c:0c:1a:d2:
         00:a9:32:27:87:ad:bd:e9:0b:62:bb:1c:f2:a2:45:9d:e3:cf:
         35:5d:ed:fc:00:65:1e:8c:43:c4:ee:39:75:6c:ef:88:0a:e2:
         cd:39:13:2b:42:b8:b1:9d:c1:24:4f:08:a7:51:70:13:9c:2b:
         35:8b:a3:06:a8:e4:03:ca:eb:04:e5:0c:90:7a:e9:50:a5:1d:
         e3:15:27:c2:71:c1:f2:f1:4a:a8:40:69:16:ff:de:06:48:3a:
         b5:70:f1:28:9d:80:7b:87:bd:dd:74:c0:88:cd:ea:e8:c9:65:
         d2:f6:b9:60:46:de:ff:a7:da:3b:63:ee:ec:f7:9a:c6:ee:aa:
         34:3b:84:3b:a2:99:a3:4b:2b:5f:ab:94:ac:c9:92:12:77:f8:
         74:96:7f:bc:7b:c7:22:a0:e2:21:fc:77:76:cb:37:52:5b:d8:
         ca:38:b1:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJSt7sA5c4J4NGs4Zz0x22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDY5ZTE5ZTEyYzEwNDAwNGU4YjRiNzVmOGE3Nzg5Yjdl
MTEzOTYwHhcNMjQwMTAyMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk3NDk2YTNlZWY4ZWU0YzNhZWZjMmM0Njc4NzZhNTYwYWY5NTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdnCa2R+fIFFUmDjPGTDEMCExio/
ixN1zlDuw59SsGRUiMMLXL8arzYt+pWbe2Na1903LUunoVFpgavHAMJUSyW7hfR5
DphiFX433EUcZno2Y6aovHy2r3TPh0v8k6d86eHMd1z5FEvx9CfqjafgnQXAA1HW
/AHQyQQmMr0dUOnsNodgf5I3l82TToTpmO23g3s+fQYaYQPEKNmylMfEAeh+FoKP
mcUmtL5Oa0cuGHiE9QmG02xM/YFwTX1fjJgRIzslL8bOaiPolmFe7+7OnsNLHwx/
vPOm+hJbU2CM/cwY0lQ7vEXyGpLyLLp+W4vIz/ANrFCryxyinE0vooOkvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIaXSWo+747kw678LEZ4dqVgr5VDMB8GA1UdIwQY
MBaAFG0GnhnhLBBABOi0t1+Kd4m34ROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmIt
N2JmZjI5NmM2YjAyLzEvaHBkSmFqN3ZqdVREcnZ3c1JuaDJwV0N2bFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9jZjY0ZjYtMDc4OS00M2UzLWJkNmItN2JmZjI5NmM2YjAy
LzEvYlFhZUdlRXNFRUFFNkxTM1g0cDNpYmZoRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDkCvwAwQC
kCv8MA0GCSqGSIb3DQEBCwUAA4IBAQB6zZXmF7iZO8qU5PJE/8VLj/FxKz2v8tyE
2MT/D12n+7PEPtLydWs5u6xautJqXrRHNNaIQg1tfDRz/7OMDOjnD0McujEcv4tE
ZqkXgC0tA2Xw28zsEiwMGtIAqTInh6296QtiuxzyokWd4881Xe38AGUejEPE7jl1
bO+ICuLNORMrQrixncEkTwinUXATnCs1i6MGqOQDyusE5QyQeulQpR3jFSfCccHy
8UqoQGkW/94GSDq1cPEonYB7h73ddMCIzeroyWXS9rlgRt7/p9o7Y+7s95rG7qo0
O4Q7opmjSytfq5SsyZISd/h0ln+8e8cioOIh/Hd2yzdSW9jKOLGl
-----END CERTIFICATE-----