Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/73d5ad-a3f2-46cb-8582-215dbc89c2b9/1/hshHaq_K0u3-FIdPWbpRXcy5KHc.roa
File:                     hshHaq_K0u3-FIdPWbpRXcy5KHc.roa (raw, json)
Hash identifier:          FROKks9WSZ3EK/G6hZd1yCT3o3iN0DaWkBkt1nAke/c=
Subject key identifier:   86:C8:47:6A:AF:CA:D2:ED:FE:14:87:4F:59:BA:51:5D:CC:B9:28:77
Certificate issuer:       /CN=5eedd6f53bcb49e4b9b0706dfd074259c9b8a408
Certificate serial:       018CC49235B0FF60628A7C911FCC8A47AAD0
Authority key identifier: 5E:ED:D6:F5:3B:CB:49:E4:B9:B0:70:6D:FD:07:42:59:C9:B8:A4:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu3W9TvLSeS5sHBt_QdCWcm4pAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/73d5ad-a3f2-46cb-8582-215dbc89c2b9/1/hshHaq_K0u3-FIdPWbpRXcy5KHc.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31394
IP address blocks:        185.100.240.0/22 maxlen: 22
                          83.137.40.0/21 maxlen: 21
                          2a00:11d0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/73d5ad-a3f2-46cb-8582-215dbc89c2b9/1/Xu3W9TvLSeS5sHBt_QdCWcm4pAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/73d5ad-a3f2-46cb-8582-215dbc89c2b9/1/Xu3W9TvLSeS5sHBt_QdCWcm4pAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu3W9TvLSeS5sHBt_QdCWcm4pAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 01:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:35:b0:ff:60:62:8a:7c:91:1f:cc:8a:47:aa:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eedd6f53bcb49e4b9b0706dfd074259c9b8a408
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86c8476aafcad2edfe14874f59ba515dccb92877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:be:82:d4:75:5c:7a:29:58:53:4a:61:38:1e:
                    c2:1e:7a:c2:3a:21:71:ce:a8:5e:f2:c2:bb:69:0b:
                    cc:4f:a0:07:6c:f3:a7:ca:dc:04:ab:fc:bb:d3:d8:
                    ce:a9:e3:51:ab:50:37:ae:eb:0d:c4:ad:08:2b:03:
                    80:d3:16:0e:ed:f9:a8:bf:f3:75:95:e0:d2:4c:64:
                    d4:f4:d3:56:0c:a0:12:3c:df:da:24:15:de:e4:53:
                    82:ec:b6:75:c9:a9:e5:86:12:70:e5:23:c8:9b:6c:
                    29:db:de:15:74:34:a2:8c:d4:d5:16:eb:1c:d6:c3:
                    ed:fb:69:0f:3d:bf:a7:10:ae:b1:d3:45:98:ae:02:
                    72:e6:81:08:d2:5e:9a:31:d5:96:74:41:e6:82:e4:
                    d3:e2:65:8c:70:bd:79:c9:c6:30:ed:78:8f:b9:ca:
                    4f:70:ad:9f:48:ef:a5:ec:59:3d:90:00:a3:16:2d:
                    91:89:4a:b0:b9:1d:d7:1a:07:bf:c2:16:b0:94:aa:
                    91:36:50:1f:36:87:0e:4c:0d:4d:70:b3:5f:74:a8:
                    91:91:5f:2a:ba:f6:df:a0:37:dd:42:92:ce:b2:6f:
                    ce:52:5e:b7:c3:7e:d2:5b:9c:b1:18:a4:e3:33:ee:
                    56:5f:dd:08:91:b1:31:26:9c:9d:94:1d:6a:24:fc:
                    99:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:C8:47:6A:AF:CA:D2:ED:FE:14:87:4F:59:BA:51:5D:CC:B9:28:77
            X509v3 Authority Key Identifier:
                keyid:5E:ED:D6:F5:3B:CB:49:E4:B9:B0:70:6D:FD:07:42:59:C9:B8:A4:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu3W9TvLSeS5sHBt_QdCWcm4pAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/73d5ad-a3f2-46cb-8582-215dbc89c2b9/1/hshHaq_K0u3-FIdPWbpRXcy5KHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/73d5ad-a3f2-46cb-8582-215dbc89c2b9/1/Xu3W9TvLSeS5sHBt_QdCWcm4pAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.40.0/21
                  185.100.240.0/22
                IPv6:
                  2a00:11d0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:bf:83:2e:10:df:6a:94:f3:ad:45:4a:fd:6a:34:3f:92:1d:
         7d:8d:ff:91:51:c9:a7:bd:d2:06:76:59:b6:59:c6:2d:a2:97:
         66:8c:4f:c8:72:c1:06:e6:5d:ac:67:7f:4d:7b:6a:10:13:4d:
         29:26:5b:67:9e:7d:0e:00:1c:66:d2:8f:f9:18:ba:f7:db:f1:
         5c:66:81:b0:2e:3c:fa:84:be:2b:9c:62:6c:92:0f:37:4d:49:
         bf:ca:8d:62:d4:c2:96:ed:8a:5d:c1:f7:d3:49:1a:82:35:fe:
         2b:e1:e2:54:db:f2:d0:00:05:a4:27:d9:35:68:0f:e0:84:bd:
         27:28:fb:22:c6:87:f8:7b:f7:ab:83:05:f6:0c:ff:3b:57:4e:
         ba:6a:e0:56:83:d8:6d:8d:9b:59:2b:8d:4f:18:d0:03:60:df:
         fe:cc:99:87:83:19:7d:87:98:23:0e:cd:a9:51:74:bc:e3:2a:
         9a:ce:a9:bc:3c:18:a8:de:00:b6:8e:d6:33:37:9b:c7:a3:5c:
         6a:cc:fa:40:ab:00:0d:8d:04:8a:e2:26:4a:97:29:84:76:2b:
         79:3f:b5:6b:4b:5f:56:c0:84:6a:26:8f:d5:4e:ad:c8:cd:cd:
         7b:87:eb:52:db:a3:35:0b:c0:65:cf:78:1c:a3:6b:9d:b9:13:
         af:6a:12:ee
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkjWw/2BiinyRH8yKR6rQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWRkNmY1M2JjYjQ5ZTRiOWIwNzA2ZGZkMDc0MjU5Yzli
OGE0MDgwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmM4NDc2YWFmY2FkMmVkZmUxNDg3NGY1OWJhNTE1ZGNjYjkyODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgb6C1HVceilYU0phOB7CHnrCOiFx
zqhe8sK7aQvMT6AHbPOnytwEq/y709jOqeNRq1A3rusNxK0IKwOA0xYO7fmov/N1
leDSTGTU9NNWDKASPN/aJBXe5FOC7LZ1yanlhhJw5SPIm2wp294VdDSijNTVFusc
1sPt+2kPPb+nEK6x00WYrgJy5oEI0l6aMdWWdEHmguTT4mWMcL15ycYw7XiPucpP
cK2fSO+l7Fk9kACjFi2RiUqwuR3XGge/whawlKqRNlAfNocOTA1NcLNfdKiRkV8q
uvbfoDfdQpLOsm/OUl63w37SW5yxGKTjM+5WX90IkbExJpydlB1qJPyZnQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIbIR2qvytLt/hSHT1m6UV3MuSh3MB8GA1UdIwQY
MBaAFF7t1vU7y0nkubBwbf0HQlnJuKQIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHUzVzlUdkxTZVM1c0hCdF9RZENXY200cEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83M2Q1YWQtYTNmMi00NmNiLTg1ODIt
MjE1ZGJjODljMmI5LzEvaHNoSGFxX0swdTMtRklkUFdicFJYY3k1S0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83M2Q1YWQtYTNmMi00NmNiLTg1ODItMjE1ZGJjODljMmI5
LzEvWHUzVzlUdkxTZVM1c0hCdF9RZENXY200cEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDU4koAwQC
uWTwMA0EAgACMAcDBQAqABHQMA0GCSqGSIb3DQEBCwUAA4IBAQCsv4MuEN9qlPOt
RUr9ajQ/kh19jf+RUcmnvdIGdlm2WcYtopdmjE/IcsEG5l2sZ39Ne2oQE00pJltn
nn0OABxm0o/5GLr32/FcZoGwLjz6hL4rnGJskg83TUm/yo1i1MKW7YpdwffTSRqC
Nf4r4eJU2/LQAAWkJ9k1aA/ghL0nKPsixof4e/ergwX2DP87V066auBWg9htjZtZ
K41PGNADYN/+zJmHgxl9h5gjDs2pUXS84yqazqm8PBio3gC2jtYzN5vHo1xqzPpA
qwANjQSK4iZKlymEdit5P7VrS19WwIRqJo/VTq3Izc17h+tS26M1C8Blz3gco2ud
uROvahLu
-----END CERTIFICATE-----