Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/htcwSWw3lA8rMwKw3x8s0s40ozE.roa
File:                     htcwSWw3lA8rMwKw3x8s0s40ozE.roa (raw, json)
Hash identifier:          oszUKro6D3z51gB0Bnzxv+aLpIt3VRXunJ+WnFjx9u0=
Subject key identifier:   86:D7:30:49:6C:37:94:0F:2B:33:02:B0:DF:1F:2C:D2:CE:34:A3:31
Certificate issuer:       /CN=e47521e7b6b38abfb88bf71e9bc5a02b2eccd3b3
Certificate serial:       018CC6B859E2CB8F3C6802DD68A201B86440
Authority key identifier: E4:75:21:E7:B6:B3:8A:BF:B8:8B:F7:1E:9B:C5:A0:2B:2E:CC:D3:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/htcwSWw3lA8rMwKw3x8s0s40ozE.roa
Signing time:             Mon 01 Jan 2024 20:30:19 +0000
ROA not before:           Mon 01 Jan 2024 20:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204082
IP address blocks:        185.109.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/5HUh57azir-4i_cem8WgKy7M07M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/5HUh57azir-4i_cem8WgKy7M07M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:02:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:59:e2:cb:8f:3c:68:02:dd:68:a2:01:b8:64:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e47521e7b6b38abfb88bf71e9bc5a02b2eccd3b3
        Validity
            Not Before: Jan  1 20:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86d730496c37940f2b3302b0df1f2cd2ce34a331
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:69:51:3d:d2:23:3d:93:64:ad:9d:f0:00:08:
                    37:7d:ec:47:c4:ae:e3:e3:39:2e:fb:7e:c7:03:28:
                    3d:af:68:27:3a:36:57:e8:75:e3:a8:74:85:2a:6f:
                    ef:94:7f:86:30:16:16:92:64:81:c5:12:29:2d:25:
                    b3:c7:f0:fa:91:ba:08:b0:d0:a4:b2:64:f7:03:00:
                    55:25:62:5d:c0:4f:69:ec:c3:aa:55:44:a8:62:5d:
                    a1:c5:8d:0e:42:4d:5b:c1:d6:4d:04:0a:53:2f:52:
                    f6:80:28:4c:8f:03:ed:75:be:44:d8:87:35:8b:c5:
                    0a:bd:2a:8e:b3:82:13:21:c8:3f:55:de:fa:21:0a:
                    a8:56:c3:81:2b:4b:42:20:91:76:ed:27:56:7c:01:
                    b8:38:9c:25:36:c8:1c:e6:1b:33:b0:4a:b8:03:b0:
                    a5:a8:f7:fb:97:37:20:df:44:e3:10:a5:7b:88:33:
                    4b:cf:8a:e2:af:49:1d:da:33:76:eb:30:17:1e:b3:
                    a5:1a:35:8d:a0:11:3f:e1:26:b3:48:0a:ef:7e:1c:
                    10:90:3d:e5:b0:b9:4e:35:de:38:d7:d2:bf:67:8e:
                    b0:96:96:e7:dc:dd:6a:49:15:d9:11:5b:30:82:04:
                    d3:78:10:d8:36:c1:06:0f:f0:82:b4:a2:11:ff:f9:
                    3c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D7:30:49:6C:37:94:0F:2B:33:02:B0:DF:1F:2C:D2:CE:34:A3:31
            X509v3 Authority Key Identifier:
                keyid:E4:75:21:E7:B6:B3:8A:BF:B8:8B:F7:1E:9B:C5:A0:2B:2E:CC:D3:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5HUh57azir-4i_cem8WgKy7M07M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/htcwSWw3lA8rMwKw3x8s0s40ozE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/19136e-429f-43ad-94ef-8361a8303522/1/5HUh57azir-4i_cem8WgKy7M07M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:7e:5c:a5:0b:0e:e6:6e:3e:16:c0:e3:c9:3f:b2:0c:65:07:
         0d:7c:21:ca:49:e8:3e:a2:b7:c8:96:c6:58:c8:cb:fc:df:b4:
         43:0d:a0:8c:3c:43:70:8f:10:03:03:17:5c:05:6e:10:05:7a:
         3f:2f:e3:95:d4:f9:fa:e1:c4:01:74:4f:9b:c9:b1:c1:fb:8e:
         67:f0:69:91:90:59:c6:0a:cf:36:1b:6c:78:10:4b:b9:fb:91:
         98:0f:47:33:83:1f:36:61:fa:f0:92:4d:e9:30:74:b0:d1:81:
         51:c0:d5:4f:ba:7c:61:d4:61:89:ff:a0:e4:2d:45:25:1b:43:
         13:6d:e1:6b:16:3d:cc:65:e7:a1:ee:cf:90:5b:82:c4:18:b9:
         df:c2:56:03:6b:31:ce:c0:5d:fb:7f:2b:ed:2a:ff:d4:70:e2:
         ab:e2:86:4b:70:b1:33:f3:fc:c2:53:bb:db:a4:b3:ef:1c:05:
         a7:d6:58:8c:0b:de:9a:fa:18:8b:89:63:2c:86:ad:29:38:3f:
         9a:87:57:0b:3f:61:40:5f:51:a5:13:c4:a3:6f:ee:0e:ff:80:
         19:0a:36:f5:9d:cf:05:71:8f:c8:90:3c:4a:79:4a:3a:7f:37:
         f9:76:7f:04:0d:ae:55:6f:29:41:89:62:83:f6:fb:39:d8:31:
         97:fb:a6:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuFniy488aALdaKIBuGRAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NzUyMWU3YjZiMzhhYmZiODhiZjcxZTliYzVhMDJiMmVj
Y2QzYjMwHhcNMjQwMTAxMjAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQ3MzA0OTZjMzc5NDBmMmIzMzAyYjBkZjFmMmNkMmNlMzRhMzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomlRPdIjPZNkrZ3wAAg3fexHxK7j
4zku+37HAyg9r2gnOjZX6HXjqHSFKm/vlH+GMBYWkmSBxRIpLSWzx/D6kboIsNCk
smT3AwBVJWJdwE9p7MOqVUSoYl2hxY0OQk1bwdZNBApTL1L2gChMjwPtdb5E2Ic1
i8UKvSqOs4ITIcg/Vd76IQqoVsOBK0tCIJF27SdWfAG4OJwlNsgc5hszsEq4A7Cl
qPf7lzcg30TjEKV7iDNLz4rir0kd2jN26zAXHrOlGjWNoBE/4SazSArvfhwQkD3l
sLlONd4419K/Z46wlpbn3N1qSRXZEVswggTTeBDYNsEGD/CCtKIR//k89QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIbXMElsN5QPKzMCsN8fLNLONKMxMB8GA1UdIwQY
MBaAFOR1Iee2s4q/uIv3HpvFoCsuzNOzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUhVaDU3YXppci00aV9jZW04V2dLeTdNMDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8xOTEzNmUtNDI5Zi00M2FkLTk0ZWYt
ODM2MWE4MzAzNTIyLzEvaHRjd1NXdzNsQThyTXdLdzN4OHMwczQwb3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8xOTEzNmUtNDI5Zi00M2FkLTk0ZWYtODM2MWE4MzAzNTIy
LzEvNUhVaDU3YXppci00aV9jZW04V2dLeTdNMDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW3zMA0G
CSqGSIb3DQEBCwUAA4IBAQC2flylCw7mbj4WwOPJP7IMZQcNfCHKSeg+orfIlsZY
yMv837RDDaCMPENwjxADAxdcBW4QBXo/L+OV1Pn64cQBdE+bybHB+45n8GmRkFnG
Cs82G2x4EEu5+5GYD0czgx82Yfrwkk3pMHSw0YFRwNVPunxh1GGJ/6DkLUUlG0MT
beFrFj3MZeeh7s+QW4LEGLnfwlYDazHOwF37fyvtKv/UcOKr4oZLcLEz8/zCU7vb
pLPvHAWn1liMC96a+hiLiWMshq0pOD+ah1cLP2FAX1GlE8Sjb+4O/4AZCjb1nc8F
cY/IkDxKeUo6fzf5dn8EDa5VbylBiWKD9vs52DGX+6Yn
-----END CERTIFICATE-----