Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/HbcuwjRkNKfsrHURrluavafgONY.roa
File:                     HbcuwjRkNKfsrHURrluavafgONY.roa (raw, json)
Hash identifier:          Y+X/GqIrGiCeHbWnsVkRX7GdRdCQMUsC5BZLG8ltgEQ=
Subject key identifier:   1D:B7:2E:C2:34:64:34:A7:EC:AC:75:11:AE:5B:9A:BD:A7:E0:38:D6
Certificate issuer:       /CN=13eb7b7df835b113abb3f626f6203fee97b1992c
Certificate serial:       018EB3D65D90F05AADBDA604F731D447849A
Authority key identifier: 13:EB:7B:7D:F8:35:B1:13:AB:B3:F6:26:F6:20:3F:EE:97:B1:99:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-t7ffg1sROrs_Ym9iA_7pexmSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/HbcuwjRkNKfsrHURrluavafgONY.roa
Signing time:             Sat 06 Apr 2024 14:35:54 +0000
ROA not before:           Sat 06 Apr 2024 14:35:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211234
IP address blocks:        193.46.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/E-t7ffg1sROrs_Ym9iA_7pexmSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/E-t7ffg1sROrs_Ym9iA_7pexmSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-t7ffg1sROrs_Ym9iA_7pexmSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b3:d6:5d:90:f0:5a:ad:bd:a6:04:f7:31:d4:47:84:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13eb7b7df835b113abb3f626f6203fee97b1992c
        Validity
            Not Before: Apr  6 14:35:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1db72ec2346434a7ecac7511ae5b9abda7e038d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b0:59:03:ef:53:52:8d:87:b5:d3:a5:4a:6c:
                    29:eb:ab:11:d0:65:4d:e8:d9:dc:c2:36:a0:3e:ce:
                    d4:5a:40:27:fc:5d:fe:3d:85:f9:7d:3a:e5:3c:f5:
                    f9:b3:b5:d2:28:d4:f9:c2:88:86:56:d0:e1:a8:24:
                    bf:bf:3e:00:aa:ff:52:db:92:1a:c3:3d:1b:9f:41:
                    6b:c2:11:b9:ff:ae:45:45:98:90:5b:ed:83:ae:8c:
                    21:1f:46:5a:68:e0:b6:2f:29:44:bc:ae:a7:87:d9:
                    7f:d6:f8:67:5a:11:2c:67:2b:5c:7b:94:02:e0:9c:
                    b1:b8:26:ba:ce:4f:95:39:5e:d9:dc:3c:64:64:aa:
                    c4:20:24:5e:1d:4a:9e:78:6c:3c:43:50:c2:36:6c:
                    62:eb:af:17:d0:10:eb:90:cb:dd:72:04:4d:98:cb:
                    e7:86:fd:2f:e2:3d:21:a5:05:4a:c2:28:57:38:e7:
                    07:8c:34:14:96:13:b2:41:ca:9b:7e:6f:b2:d9:09:
                    58:fc:70:86:e2:8f:20:ee:d6:ae:42:b8:17:61:60:
                    62:e5:93:0d:67:0f:d1:3a:62:46:5b:6b:a6:1c:45:
                    5b:50:68:81:4c:6f:79:0a:6f:9b:1f:70:ed:ed:9c:
                    a3:5e:75:aa:d2:ca:bf:17:2b:82:94:3f:42:e5:e5:
                    c3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:B7:2E:C2:34:64:34:A7:EC:AC:75:11:AE:5B:9A:BD:A7:E0:38:D6
            X509v3 Authority Key Identifier:
                keyid:13:EB:7B:7D:F8:35:B1:13:AB:B3:F6:26:F6:20:3F:EE:97:B1:99:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-t7ffg1sROrs_Ym9iA_7pexmSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/HbcuwjRkNKfsrHURrluavafgONY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/E-t7ffg1sROrs_Ym9iA_7pexmSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:c0:c5:23:49:31:94:4f:d5:ef:2f:23:16:02:86:49:0c:36:
         43:a6:89:0e:70:94:2a:36:e9:e5:b1:a0:fd:18:67:5d:b7:f9:
         d2:b1:11:85:eb:b0:8b:1d:c3:0a:3d:86:0e:66:8a:a5:03:d2:
         c9:f5:99:12:c0:98:dc:40:50:df:89:86:9b:c0:9f:2e:35:80:
         ef:a6:d7:70:57:5c:f9:39:3e:62:e7:e1:53:ed:25:86:48:2e:
         6e:9e:a4:f3:11:68:fa:db:d7:8e:0e:75:47:98:b4:6e:04:00:
         43:d5:59:78:20:d4:f3:19:c6:37:b4:bb:f7:16:d4:9f:14:82:
         e1:39:4a:bf:b7:c4:67:f1:85:f5:67:2d:27:f5:8f:ac:a3:ea:
         d8:21:ed:b5:72:cd:73:3e:8f:ed:1e:6f:e3:79:4f:3b:1d:10:
         a5:38:db:c3:58:93:60:0c:84:b4:2d:2b:54:cd:1a:f9:39:32:
         d2:67:ac:a9:dd:84:91:47:9d:f6:a8:21:a1:34:41:bc:9a:62:
         e1:48:30:db:9d:c3:39:36:fa:21:97:24:e6:10:51:c2:f9:3a:
         8c:21:05:8e:ba:40:5c:8f:16:80:d1:6b:1f:ea:0f:82:60:10:
         46:f1:7b:02:c4:06:54:80:ff:df:97:10:1a:04:bf:d7:22:8a:
         4a:3a:2e:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6z1l2Q8FqtvaYE9zHUR4SaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWI3YjdkZjgzNWIxMTNhYmIzZjYyNmY2MjAzZmVlOTdi
MTk5MmMwHhcNMjQwNDA2MTQzNTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI3MmVjMjM0NjQzNGE3ZWNhYzc1MTFhZTViOWFiZGE3ZTAzOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLBZA+9TUo2HtdOlSmwp66sR0GVN
6NncwjagPs7UWkAn/F3+PYX5fTrlPPX5s7XSKNT5woiGVtDhqCS/vz4Aqv9S25Ia
wz0bn0FrwhG5/65FRZiQW+2DrowhH0ZaaOC2LylEvK6nh9l/1vhnWhEsZytce5QC
4JyxuCa6zk+VOV7Z3DxkZKrEICReHUqeeGw8Q1DCNmxi668X0BDrkMvdcgRNmMvn
hv0v4j0hpQVKwihXOOcHjDQUlhOyQcqbfm+y2QlY/HCG4o8g7tauQrgXYWBi5ZMN
Zw/ROmJGW2umHEVbUGiBTG95Cm+bH3Dt7ZyjXnWq0sq/FyuClD9C5eXD/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB23LsI0ZDSn7Kx1Ea5bmr2n4DjWMB8GA1UdIwQY
MBaAFBPre334NbETq7P2JvYgP+6XsZksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS10N2ZmZzFzUk9yc19ZbTlpQV83cGV4bVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82NjFkNGUtY2Q2YS00NzdmLTkxOWMt
ODFjNzE2ZjViY2EyLzEvSGJjdXdqUmtOS2ZzckhVUnJsdWF2YWZnT05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82NjFkNGUtY2Q2YS00NzdmLTkxOWMtODFjNzE2ZjViY2Ey
LzEvRS10N2ZmZzFzUk9yc19ZbTlpQV83cGV4bVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS7NMA0G
CSqGSIb3DQEBCwUAA4IBAQATwMUjSTGUT9XvLyMWAoZJDDZDpokOcJQqNunlsaD9
GGddt/nSsRGF67CLHcMKPYYOZoqlA9LJ9ZkSwJjcQFDfiYabwJ8uNYDvptdwV1z5
OT5i5+FT7SWGSC5unqTzEWj629eODnVHmLRuBABD1Vl4INTzGcY3tLv3FtSfFILh
OUq/t8Rn8YX1Zy0n9Y+so+rYIe21cs1zPo/tHm/jeU87HRClONvDWJNgDIS0LStU
zRr5OTLSZ6yp3YSRR532qCGhNEG8mmLhSDDbncM5NvohlyTmEFHC+TqMIQWOukBc
jxaA0Wsf6g+CYBBG8XsCxAZUgP/flxAaBL/XIopKOi6x
-----END CERTIFICATE-----