Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/h-E0XY0Ki4CvPU_mLss1a8bDmtA.roa
File:                     h-E0XY0Ki4CvPU_mLss1a8bDmtA.roa (raw, json)
Hash identifier:          LySxYCjlu3prbIjBafc45S2PIsqlwcaWW7ja1ck0HKo=
Subject key identifier:   87:E1:34:5D:8D:0A:8B:80:AF:3D:4F:E6:2E:CB:35:6B:C6:C3:9A:D0
Certificate issuer:       /CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
Certificate serial:       018F803C35442BCE93C8159E317C1E04455D
Authority key identifier: DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/h-E0XY0Ki4CvPU_mLss1a8bDmtA.roa
Signing time:             Thu 16 May 2024 07:09:40 +0000
ROA not before:           Thu 16 May 2024 07:09:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215273
IP address blocks:        85.194.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:3c:35:44:2b:ce:93:c8:15:9e:31:7c:1e:04:45:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
        Validity
            Not Before: May 16 07:09:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87e1345d8d0a8b80af3d4fe62ecb356bc6c39ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e3:72:7e:4b:7d:6c:5d:16:cb:d9:5b:e3:86:
                    9c:24:ec:c8:58:d5:df:51:44:30:d3:71:47:44:11:
                    84:ce:f1:33:c7:8e:68:ac:df:1c:4b:fa:3c:75:df:
                    c2:65:94:2b:cd:9f:00:74:40:08:ed:da:da:e3:d2:
                    bc:c2:80:08:e9:41:65:3d:e3:52:ec:c9:df:19:c2:
                    c4:3f:d3:1c:2f:62:3b:c2:3d:ae:21:8a:79:56:95:
                    9b:9e:38:08:c9:6b:c3:08:d9:80:c3:b3:fc:31:59:
                    44:4c:89:47:9c:08:9b:74:a5:d9:2d:09:9f:a1:97:
                    9c:dc:6d:22:0a:e3:44:d2:07:d6:50:81:cc:0f:be:
                    60:90:fc:57:e9:88:ad:1d:43:f8:f5:c5:7f:ae:2b:
                    5b:c9:fe:0d:9d:00:03:1f:a9:42:95:6f:7b:fc:7a:
                    ea:f7:55:4f:bc:cf:a5:30:3b:3a:43:5b:d7:22:a8:
                    9e:e8:ef:94:06:85:79:a5:c2:7b:91:22:1b:df:7f:
                    97:bf:69:0e:0c:c9:24:0e:f3:fe:62:40:6d:00:c3:
                    c0:00:74:33:86:ad:94:d5:e8:33:af:49:38:18:c0:
                    22:93:d8:b8:71:e6:bf:7d:64:70:06:b7:d1:dd:60:
                    f1:7f:70:95:5a:22:3d:8e:c4:25:09:c9:7a:81:9c:
                    45:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E1:34:5D:8D:0A:8B:80:AF:3D:4F:E6:2E:CB:35:6B:C6:C3:9A:D0
            X509v3 Authority Key Identifier:
                keyid:DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/h-E0XY0Ki4CvPU_mLss1a8bDmtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.194.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:48:a7:a0:ad:fa:67:59:e7:34:a6:14:7f:1e:60:f4:49:a8:
         7b:bc:97:6f:89:98:b9:59:41:6a:6a:e5:52:bc:6d:64:ca:29:
         50:ce:46:34:9b:11:87:17:be:ee:5b:d0:39:ec:96:96:ae:38:
         04:0c:d2:05:ae:da:9e:2e:f0:f5:b5:8b:f1:33:d3:15:5c:ed:
         88:0d:3f:77:17:37:49:95:9f:70:e7:8e:d4:60:12:5e:17:d3:
         2e:d4:00:99:4a:47:fb:b4:1c:f9:26:f3:a4:86:d5:a1:31:11:
         cb:ad:32:a3:20:b2:f1:ae:56:81:1f:3d:ec:62:af:88:6b:58:
         a0:8c:e8:93:ee:ed:a1:42:6e:a1:ca:6a:e1:ce:6a:99:05:87:
         0e:d6:18:3c:19:41:7c:a3:15:66:4a:09:51:66:8a:bb:77:6d:
         6e:bf:35:8b:76:66:a6:5e:fa:d5:d5:e9:77:81:e1:29:76:b8:
         77:61:ff:1b:9c:4b:9d:53:8e:0f:55:90:7b:c1:8e:72:2d:79:
         a8:f1:2b:22:f2:82:d0:f7:06:c5:72:5c:af:bd:fb:15:ac:b4:
         80:ac:f7:a4:4b:79:e8:16:c9:7b:7d:7a:ce:1c:16:81:59:92:
         0b:8d:16:fc:3b:b4:9d:aa:a4:01:9e:52:50:70:5e:33:de:d1:
         44:f9:66:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+APDVEK86TyBWeMXweBEVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMGIzM2NkZGI3OTliN2JjZjVkM2RjZTAwNGZkYmE4YzNl
ODY0ZmYwHhcNMjQwNTE2MDcwOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2UxMzQ1ZDhkMGE4YjgwYWYzZDRmZTYyZWNiMzU2YmM2YzM5YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsONyfkt9bF0Wy9lb44acJOzIWNXf
UUQw03FHRBGEzvEzx45orN8cS/o8dd/CZZQrzZ8AdEAI7dra49K8woAI6UFlPeNS
7MnfGcLEP9McL2I7wj2uIYp5VpWbnjgIyWvDCNmAw7P8MVlETIlHnAibdKXZLQmf
oZec3G0iCuNE0gfWUIHMD75gkPxX6YitHUP49cV/ritbyf4NnQADH6lClW97/Hrq
91VPvM+lMDs6Q1vXIqie6O+UBoV5pcJ7kSIb33+Xv2kODMkkDvP+YkBtAMPAAHQz
hq2U1egzr0k4GMAik9i4cea/fWRwBrfR3WDxf3CVWiI9jsQlCcl6gZxF1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfhNF2NCouArz1P5i7LNWvGw5rQMB8GA1UdIwQY
MBaAFNoLM83beZt7z109zgBP26jD6GT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQt
NzczM2JkODg4ZTI4LzEvaC1FMFhZMEtpNEN2UFVfbUxzczFhOGJEbXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQtNzczM2JkODg4ZTI4
LzEvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcKJMA0G
CSqGSIb3DQEBCwUAA4IBAQBkSKegrfpnWec0phR/HmD0Sah7vJdviZi5WUFqauVS
vG1kyilQzkY0mxGHF77uW9A57JaWrjgEDNIFrtqeLvD1tYvxM9MVXO2IDT93FzdJ
lZ9w547UYBJeF9Mu1ACZSkf7tBz5JvOkhtWhMRHLrTKjILLxrlaBHz3sYq+Ia1ig
jOiT7u2hQm6hymrhzmqZBYcO1hg8GUF8oxVmSglRZoq7d21uvzWLdmamXvrV1el3
geEpdrh3Yf8bnEudU44PVZB7wY5yLXmo8Ssi8oLQ9wbFclyvvfsVrLSArPekS3no
Fsl7fXrOHBaBWZILjRb8O7SdqqQBnlJQcF4z3tFE+WZc
-----END CERTIFICATE-----