Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/hzcXHQ03PlSz8rAqm1NPgNrfaa4.roa
File:                     hzcXHQ03PlSz8rAqm1NPgNrfaa4.roa (raw, json)
Hash identifier:          MwSMA/0ZHMgp3C9wv4D/DWlz6nCRe2q0OIUjgr5mb34=
Subject key identifier:   87:37:17:1D:0D:37:3E:54:B3:F2:B0:2A:9B:53:4F:80:DA:DF:69:AE
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB65DF25EFF03B3B42E8008137B13B
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/hzcXHQ03PlSz8rAqm1NPgNrfaa4.roa
Signing time:             Mon 01 Jan 2024 02:30:07 +0000
ROA not before:           Mon 01 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61223
IP address blocks:        89.23.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:65:df:25:ef:f0:3b:3b:42:e8:00:81:37:b1:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8737171d0d373e54b3f2b02a9b534f80dadf69ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a5:c7:16:99:05:55:54:18:0f:b1:78:e4:59:
                    22:85:24:cc:4a:a1:00:25:1b:0e:6f:6b:18:72:a4:
                    ea:03:cc:02:c1:e0:6f:69:ad:89:18:fe:5b:4c:0e:
                    16:50:42:e1:3e:68:64:3b:fc:c6:50:dc:10:5e:bb:
                    dd:9d:ff:32:2b:0f:1e:2f:3b:b0:7f:48:23:2e:2a:
                    68:b3:20:07:5e:94:44:66:b4:3d:c4:22:81:a2:fa:
                    ac:54:53:30:5b:c7:4b:38:75:de:4f:80:4d:5b:3f:
                    6f:95:91:b0:9c:96:38:6e:1b:a1:bc:9c:bf:f9:52:
                    35:e6:fa:b9:92:aa:88:f3:84:45:a9:4d:be:1a:ca:
                    ee:9f:97:95:85:33:8d:20:1a:3d:43:aa:70:52:f7:
                    29:78:55:76:a5:33:44:be:4e:4c:d9:e2:f0:e0:31:
                    d8:a1:a6:1c:0f:86:ed:e4:19:ab:7c:e7:87:61:a4:
                    31:5d:94:a7:0f:22:ec:41:86:32:1e:35:11:9a:5a:
                    b1:ba:0a:f8:69:06:cb:d3:3e:82:be:f6:63:63:a2:
                    df:30:8b:72:cc:0e:17:1d:7b:32:13:bb:36:f0:4f:
                    b3:d6:7e:56:f9:68:99:ca:00:3a:bd:4c:e8:3f:bd:
                    a4:75:7f:fa:01:40:2b:2f:62:ad:87:09:82:37:dd:
                    f1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:37:17:1D:0D:37:3E:54:B3:F2:B0:2A:9B:53:4F:80:DA:DF:69:AE
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/hzcXHQ03PlSz8rAqm1NPgNrfaa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:cf:1e:bc:bf:85:b5:1d:4f:04:db:c4:b5:77:31:5f:c0:b0:
         92:c9:1d:f9:66:3e:10:27:37:8d:d2:f9:50:a3:01:4f:04:18:
         c4:ca:8f:21:a2:6d:fd:db:28:f4:48:9d:dd:f0:fd:d4:0a:f0:
         7f:14:f0:d1:d5:0b:91:d4:f3:9b:b7:92:7d:1a:dc:f9:32:96:
         9d:aa:a6:7e:20:f0:8d:fe:91:47:5d:d0:c3:8d:60:55:85:dc:
         4d:34:e0:bd:a0:2b:29:d8:dd:12:ed:05:45:93:9b:72:49:01:
         a8:17:11:06:de:c6:0d:d5:fc:35:30:a6:28:9b:88:69:53:6d:
         74:eb:79:e5:19:82:3e:81:97:1e:34:32:69:a1:e0:9a:53:a4:
         1f:53:a4:59:8d:86:79:2a:41:87:b5:44:b9:5e:97:50:4b:f4:
         3f:cc:16:bb:28:34:1d:93:e8:ac:59:96:6c:11:23:d5:5b:d8:
         c8:e9:9b:f4:b7:9f:e3:0a:c8:7a:6e:b6:5a:51:ce:08:14:9b:
         93:f3:e5:44:90:63:b8:4c:58:bb:c8:6f:7d:52:37:83:15:8c:
         bb:91:f0:0b:de:c5:6e:19:a1:cc:e0:cf:f3:73:c7:f8:db:9c:
         b7:2b:0d:11:55:68:e8:9b:ef:6f:3a:1a:b6:28:4e:e5:f0:a2:
         cb:ff:e0:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22XfJe/wOztC6ACBN7E7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzM3MTcxZDBkMzczZTU0YjNmMmIwMmE5YjUzNGY4MGRhZGY2OWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKXHFpkFVVQYD7F45FkihSTMSqEA
JRsOb2sYcqTqA8wCweBvaa2JGP5bTA4WUELhPmhkO/zGUNwQXrvdnf8yKw8eLzuw
f0gjLiposyAHXpREZrQ9xCKBovqsVFMwW8dLOHXeT4BNWz9vlZGwnJY4bhuhvJy/
+VI15vq5kqqI84RFqU2+Gsrun5eVhTONIBo9Q6pwUvcpeFV2pTNEvk5M2eLw4DHY
oaYcD4bt5BmrfOeHYaQxXZSnDyLsQYYyHjURmlqxugr4aQbL0z6CvvZjY6LfMIty
zA4XHXsyE7s28E+z1n5W+WiZygA6vUzoP72kdX/6AUArL2KthwmCN93xowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIc3Fx0NNz5Us/KwKptTT4Da32muMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvaHpjWEhRMDNQbFN6OHJBcW0xTlBnTnJmYWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdoMA0G
CSqGSIb3DQEBCwUAA4IBAQBrzx68v4W1HU8E28S1dzFfwLCSyR35Zj4QJzeN0vlQ
owFPBBjEyo8hom392yj0SJ3d8P3UCvB/FPDR1QuR1PObt5J9Gtz5MpadqqZ+IPCN
/pFHXdDDjWBVhdxNNOC9oCsp2N0S7QVFk5tySQGoFxEG3sYN1fw1MKYom4hpU210
63nlGYI+gZceNDJpoeCaU6QfU6RZjYZ5KkGHtUS5XpdQS/Q/zBa7KDQdk+isWZZs
ESPVW9jI6Zv0t5/jCsh6brZaUc4IFJuT8+VEkGO4TFi7yG99UjeDFYy7kfAL3sVu
GaHM4M/zc8f425y3Kw0RVWjom+9vOhq2KE7l8KLL/+Bu
-----END CERTIFICATE-----