Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/o_hJ2HiXuU9WzCOqJNXx_RR71UY.roa
File:                     o_hJ2HiXuU9WzCOqJNXx_RR71UY.roa (raw, json)
Hash identifier:          qPFZm8g8mTBXy/p62YB/ypMK59Zqifa+y8Y3Kg6ZlsE=
Subject key identifier:   A3:F8:49:D8:78:97:B9:4F:56:CC:23:AA:24:D5:F1:FD:14:7B:D5:46
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       018CC5014CEE4FEF70C0A1EBF7D9C7A394DA
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/o_hJ2HiXuU9WzCOqJNXx_RR71UY.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.56.85.0/24 maxlen: 24
                          185.56.84.0/24 maxlen: 24
                          185.56.86.0/24 maxlen: 24
                          185.56.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4c:ee:4f:ef:70:c0:a1:eb:f7:d9:c7:a3:94:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3f849d87897b94f56cc23aa24d5f1fd147bd546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:09:a0:ad:24:af:91:d0:52:f5:73:48:f7:9d:
                    ec:10:54:33:f4:5f:ff:d6:45:f9:72:04:93:20:57:
                    9e:70:1f:0e:99:5a:26:19:1d:65:6a:c7:f6:e6:8f:
                    f1:c7:c6:26:b8:04:7b:63:c0:db:e1:b9:9d:af:6c:
                    aa:ec:50:86:46:e9:fe:42:02:37:e1:69:52:0e:d5:
                    cd:38:de:a1:48:36:2a:53:73:fc:00:8e:25:ce:69:
                    a7:d4:85:7a:f0:bf:b6:a2:ed:a2:bd:1a:13:2c:e1:
                    04:bd:a1:0c:4e:ab:67:eb:2f:70:04:83:06:8f:98:
                    68:11:0c:3f:46:67:c2:bb:e8:9f:fa:ef:15:c9:ca:
                    9a:f2:6b:15:a6:5c:24:7b:f8:10:5b:e7:f3:f4:01:
                    86:7e:8c:4a:1b:8a:49:99:b4:3e:88:ef:c1:8b:e8:
                    58:95:29:7b:4d:27:34:cb:40:56:44:86:da:35:3a:
                    7f:48:6e:40:5c:54:c3:f9:32:78:f3:1c:e1:fe:95:
                    4d:89:c1:f9:0c:64:d3:c0:3f:c5:b6:76:a5:97:8f:
                    5e:a1:05:35:f8:52:5d:04:20:98:11:f9:9b:e3:5e:
                    ad:b7:4d:04:e2:c1:54:aa:a1:27:70:80:71:b0:08:
                    d0:9c:3a:f4:07:7c:5b:3f:c4:f3:e1:cb:a9:6a:f5:
                    91:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F8:49:D8:78:97:B9:4F:56:CC:23:AA:24:D5:F1:FD:14:7B:D5:46
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/o_hJ2HiXuU9WzCOqJNXx_RR71UY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:1f:08:ee:22:36:90:04:04:2c:55:79:52:f1:2a:7a:f9:17:
         f9:0c:5a:92:a0:45:ae:7c:aa:c2:be:d9:fb:e5:ec:ae:44:4d:
         0d:e0:e2:6c:4c:5d:b4:92:8b:e0:c3:be:59:ee:e8:f0:91:c6:
         64:cf:f6:33:e9:42:f2:71:32:58:5d:d8:fd:52:34:74:87:c3:
         f9:36:fb:cd:f2:70:0b:c7:f9:9e:a2:3f:7e:c2:37:78:ae:09:
         32:be:83:21:02:fa:58:8b:c7:0c:2f:b3:20:9c:2f:8f:ef:b6:
         d8:58:4b:51:2d:dc:88:34:90:85:50:48:c4:2e:cc:a5:1c:b3:
         aa:e8:89:e9:7a:9e:a2:9f:c9:54:f1:a1:e6:bd:0e:fa:27:c9:
         72:06:93:68:9d:28:25:a6:98:52:1a:2f:c6:01:7b:71:88:0a:
         7b:dc:c7:a2:cc:12:9e:d0:ba:9f:2a:49:8e:f5:2f:39:0d:2d:
         03:39:34:9f:fc:cc:a1:db:86:83:4e:e5:d9:61:7c:d2:b5:4d:
         85:f7:ab:92:bc:eb:d7:f2:90:b2:71:09:d4:5d:01:0e:8b:60:
         d0:68:b6:d3:20:f9:6d:2c:9c:e5:b2:d7:93:b4:85:19:4d:e4:
         8c:19:73:d1:99:96:c2:77:54:6d:74:4e:62:70:9f:35:8f:22:
         7d:2b:05:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUzuT+9wwKHr99nHo5TaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Y4NDlkODc4OTdiOTRmNTZjYzIzYWEyNGQ1ZjFmZDE0N2JkNTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6AmgrSSvkdBS9XNI953sEFQz9F//
1kX5cgSTIFeecB8OmVomGR1lasf25o/xx8YmuAR7Y8Db4bmdr2yq7FCGRun+QgI3
4WlSDtXNON6hSDYqU3P8AI4lzmmn1IV68L+2ou2ivRoTLOEEvaEMTqtn6y9wBIMG
j5hoEQw/RmfCu+if+u8Vycqa8msVplwke/gQW+fz9AGGfoxKG4pJmbQ+iO/Bi+hY
lSl7TSc0y0BWRIbaNTp/SG5AXFTD+TJ48xzh/pVNicH5DGTTwD/Ftnall49eoQU1
+FJdBCCYEfmb416tt00E4sFUqqEncIBxsAjQnDr0B3xbP8Tz4cupavWRewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKP4Sdh4l7lPVswjqiTV8f0Ue9VGMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvb19oSjJIaVh1VTlXekNPcUpOWHhfUlI3MVVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuThUMA0G
CSqGSIb3DQEBCwUAA4IBAQAPHwjuIjaQBAQsVXlS8Sp6+Rf5DFqSoEWufKrCvtn7
5eyuRE0N4OJsTF20kovgw75Z7ujwkcZkz/Yz6ULycTJYXdj9UjR0h8P5NvvN8nAL
x/meoj9+wjd4rgkyvoMhAvpYi8cML7MgnC+P77bYWEtRLdyINJCFUEjELsylHLOq
6Inpep6in8lU8aHmvQ76J8lyBpNonSglpphSGi/GAXtxiAp73MeizBKe0LqfKkmO
9S85DS0DOTSf/Myh24aDTuXZYXzStU2F96uSvOvX8pCycQnUXQEOi2DQaLbTIPlt
LJzlsteTtIUZTeSMGXPRmZbCd1RtdE5icJ81jyJ9KwWh
-----END CERTIFICATE-----