Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/0THHlFhvudsWJA3WEX0HVTrJJ94.roa
File:                     0THHlFhvudsWJA3WEX0HVTrJJ94.roa (raw, json)
Hash identifier:          nkKdFOeUVfOn1DZqVKoq0bIZBl3qp8Q1Ceh3aCvm+aY=
Subject key identifier:   D1:31:C7:94:58:6F:B9:DB:16:24:0D:D6:11:7D:07:55:3A:C9:27:DE
Certificate issuer:       /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial:       018CC5DCB184C5717216A93FEE63FFE97885
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/0THHlFhvudsWJA3WEX0HVTrJJ94.roa
Signing time:             Mon 01 Jan 2024 16:30:24 +0000
ROA not before:           Mon 01 Jan 2024 16:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        62.43.252.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 01:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:b1:84:c5:71:72:16:a9:3f:ee:63:ff:e9:78:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
        Validity
            Not Before: Jan  1 16:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d131c794586fb9db16240dd6117d07553ac927de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3a:9f:d6:85:98:cd:de:26:8d:27:7f:91:5b:
                    26:e4:9a:e3:7c:48:42:b7:af:a5:4c:32:82:29:9d:
                    25:48:83:01:8f:24:f0:b8:7c:d5:fa:d9:aa:de:66:
                    a8:42:3c:61:d3:28:e4:80:7e:a9:89:52:d6:b9:14:
                    5d:48:0f:b2:d8:7b:9d:89:2f:84:75:7d:e9:11:15:
                    2f:25:bd:f4:f5:08:8d:2e:39:e3:59:9e:f5:16:c0:
                    34:e2:26:16:9b:7c:18:c2:74:da:c4:c7:b1:69:5f:
                    c1:a5:e3:ac:b2:0e:72:35:3b:c9:fa:14:24:3d:6e:
                    6a:7f:77:5b:4e:b8:84:f6:ad:2c:dd:30:b8:2d:e1:
                    b7:d2:d0:b3:74:18:7c:ff:7b:be:08:43:f0:9b:c9:
                    83:22:f1:ed:e3:7e:d0:bd:51:82:45:16:2a:5a:4f:
                    d5:f8:14:ae:26:5b:5f:3b:d1:8c:d7:ef:5d:2f:b2:
                    f0:3b:0e:34:b9:ba:8d:7c:c0:8e:01:52:85:f6:9c:
                    d2:8f:bd:7e:3d:98:9c:42:5a:fe:db:28:c0:4a:29:
                    66:6f:32:4f:ac:fe:f3:62:9e:bf:ac:7c:8a:57:ee:
                    e0:20:0c:3a:5c:8d:40:f8:b4:d1:ed:6d:d0:e0:b6:
                    48:4f:4c:7d:57:46:c8:91:1c:32:d9:08:de:cd:56:
                    99:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:31:C7:94:58:6F:B9:DB:16:24:0D:D6:11:7D:07:55:3A:C9:27:DE
            X509v3 Authority Key Identifier:
                keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/0THHlFhvudsWJA3WEX0HVTrJJ94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.43.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:87:b3:72:de:7c:da:a4:45:65:49:b4:c1:25:da:56:4f:56:
         3f:a2:44:b0:c6:20:7c:d5:e1:dc:aa:db:b4:c2:06:af:50:90:
         fd:60:57:1a:62:d2:a5:3a:d0:29:70:8e:53:30:f6:6f:79:af:
         fa:55:e1:e7:79:cc:80:03:f6:88:0f:e3:36:a8:d1:f5:d5:77:
         27:30:16:eb:13:a8:7d:b5:0e:78:f2:9f:20:15:45:ab:8c:43:
         ef:eb:69:3b:6e:8c:44:5f:ab:35:2f:a2:7b:29:e3:fa:86:ee:
         52:a3:65:81:05:dd:d5:44:cf:5b:06:9f:eb:95:8c:94:18:1b:
         06:82:13:66:61:f8:37:d7:b3:f0:e1:27:72:57:7e:9b:a2:fe:
         5b:2b:6e:44:25:0c:80:28:e2:10:95:32:a6:5c:f3:b0:6e:f2:
         d3:71:b9:b9:2a:47:9e:b0:42:56:9f:b7:f2:1f:ee:32:65:04:
         49:51:ab:6c:eb:44:8d:61:79:31:a3:78:a8:79:84:27:13:b8:
         05:09:dc:2b:a3:17:d1:ef:83:5b:07:58:18:29:59:8d:cc:40:
         fc:9d:80:16:78:db:9d:75:9f:55:24:f5:c3:10:9a:ba:f2:6e:
         f4:e9:dc:d6:5c:cf:a4:9b:f2:9b:86:a8:ec:7a:8d:74:a5:88:
         aa:09:ca:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3LGExXFyFqk/7mP/6XiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjQwMTAxMTYzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTMxYzc5NDU4NmZiOWRiMTYyNDBkZDYxMTdkMDc1NTNhYzkyN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjqf1oWYzd4mjSd/kVsm5JrjfEhC
t6+lTDKCKZ0lSIMBjyTwuHzV+tmq3maoQjxh0yjkgH6piVLWuRRdSA+y2HudiS+E
dX3pERUvJb309QiNLjnjWZ71FsA04iYWm3wYwnTaxMexaV/BpeOssg5yNTvJ+hQk
PW5qf3dbTriE9q0s3TC4LeG30tCzdBh8/3u+CEPwm8mDIvHt437QvVGCRRYqWk/V
+BSuJltfO9GM1+9dL7LwOw40ubqNfMCOAVKF9pzSj71+PZicQlr+2yjASilmbzJP
rP7zYp6/rHyKV+7gIAw6XI1A+LTR7W3Q4LZIT0x9V0bIkRwy2QjezVaZjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNExx5RYb7nbFiQN1hF9B1U6ySfeMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvMFRISGxGaHZ1ZHNXSkEzV0VYMEhWVHJKSjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPiv8MA0G
CSqGSIb3DQEBCwUAA4IBAQCBh7Ny3nzapEVlSbTBJdpWT1Y/okSwxiB81eHcqtu0
wgavUJD9YFcaYtKlOtApcI5TMPZvea/6VeHnecyAA/aID+M2qNH11XcnMBbrE6h9
tQ548p8gFUWrjEPv62k7boxEX6s1L6J7KeP6hu5So2WBBd3VRM9bBp/rlYyUGBsG
ghNmYfg317Pw4SdyV36bov5bK25EJQyAKOIQlTKmXPOwbvLTcbm5KkeesEJWn7fy
H+4yZQRJUats60SNYXkxo3ioeYQnE7gFCdwroxfR74NbB1gYKVmNzED8nYAWeNud
dZ9VJPXDEJq68m706dzWXM+km/Kbhqjseo10pYiqCcrN
-----END CERTIFICATE-----