Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/fbadff-75d7-4cba-9735-66ec2eaf646f/1/hrf8r5UJmIJ-gpcc-QJ3NNPl6Ik.roa
File:                     hrf8r5UJmIJ-gpcc-QJ3NNPl6Ik.roa (raw, json)
Hash identifier:          HeO4h7QnVdaGx6xIcy/JRsUb7wgneHjAuNSk52+vub8=
Subject key identifier:   86:B7:FC:AF:95:09:98:82:7E:82:97:1C:F9:02:77:34:D3:E5:E8:89
Certificate issuer:       /CN=1cfb6df93375a06c5682c057c0fd2a7306218a54
Certificate serial:       01945FB63575F9DE0939AA08E2E1DAAB0D36
Authority key identifier: 1C:FB:6D:F9:33:75:A0:6C:56:82:C0:57:C0:FD:2A:73:06:21:8A:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HPtt-TN1oGxWgsBXwP0qcwYhilQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/fbadff-75d7-4cba-9735-66ec2eaf646f/1/hrf8r5UJmIJ-gpcc-QJ3NNPl6Ik.roa
Signing time:             Mon 13 Jan 2025 12:49:24 +0000
ROA not before:           Mon 13 Jan 2025 12:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62138
IP address blocks:        185.45.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/fbadff-75d7-4cba-9735-66ec2eaf646f/1/HPtt-TN1oGxWgsBXwP0qcwYhilQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/fbadff-75d7-4cba-9735-66ec2eaf646f/1/HPtt-TN1oGxWgsBXwP0qcwYhilQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HPtt-TN1oGxWgsBXwP0qcwYhilQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:b6:35:75:f9:de:09:39:aa:08:e2:e1:da:ab:0d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cfb6df93375a06c5682c057c0fd2a7306218a54
        Validity
            Not Before: Jan 13 12:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86b7fcaf950998827e82971cf9027734d3e5e889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:72:c1:a0:b0:c8:d4:e8:c6:94:d1:8c:eb:84:
                    8f:82:fe:56:15:c7:a3:8d:f5:69:74:8c:af:8a:df:
                    bd:d5:3b:ce:f8:8d:ff:cf:f3:7c:c7:22:49:6d:37:
                    53:88:8e:96:5a:b5:d8:27:59:de:f4:e0:68:df:83:
                    c4:dc:7a:3c:40:a1:bb:90:ed:79:5a:94:d9:80:89:
                    31:7f:34:48:98:ff:4a:2f:08:a3:c3:5e:d6:54:db:
                    f0:75:50:a0:b3:b3:a9:e4:48:02:76:55:82:09:37:
                    f2:08:a8:22:68:1a:a2:84:cb:11:d0:70:f9:36:fb:
                    43:00:87:01:18:e4:63:f2:c6:e8:f7:6f:43:7e:2f:
                    23:3e:45:2d:68:bf:87:12:e5:5d:0e:54:37:d2:07:
                    7c:c1:11:0b:de:6c:2b:79:09:49:e6:00:ba:2f:57:
                    1b:32:f5:e5:06:17:50:54:79:5b:d3:87:f7:0d:20:
                    24:84:96:0a:09:72:cb:af:eb:eb:42:d5:cc:8b:b9:
                    be:f2:32:33:b7:55:98:d0:3d:f9:52:aa:0f:ea:53:
                    ce:ac:d5:6c:3e:98:c4:35:21:c3:4e:06:91:f2:c0:
                    64:67:62:0f:aa:2d:db:51:ef:bf:30:85:40:ad:20:
                    a4:cb:31:ae:54:6a:66:14:44:6d:6f:61:09:4d:b4:
                    37:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B7:FC:AF:95:09:98:82:7E:82:97:1C:F9:02:77:34:D3:E5:E8:89
            X509v3 Authority Key Identifier:
                keyid:1C:FB:6D:F9:33:75:A0:6C:56:82:C0:57:C0:FD:2A:73:06:21:8A:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HPtt-TN1oGxWgsBXwP0qcwYhilQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/fbadff-75d7-4cba-9735-66ec2eaf646f/1/hrf8r5UJmIJ-gpcc-QJ3NNPl6Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/fbadff-75d7-4cba-9735-66ec2eaf646f/1/HPtt-TN1oGxWgsBXwP0qcwYhilQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:2b:31:a9:36:4f:be:cc:10:92:95:22:07:0c:77:e5:29:ca:
         08:87:94:01:fd:9a:e8:d9:38:cb:7b:0b:5f:e0:d3:0a:38:80:
         8f:c8:2a:19:ec:14:aa:d1:95:28:73:d3:12:8b:76:1f:2c:13:
         b8:76:be:2c:a6:59:b5:2b:82:40:9f:57:ab:9d:aa:47:b1:c8:
         c8:13:3f:8d:47:e6:6a:6d:3c:57:b6:17:37:bc:16:a8:ed:e3:
         36:a7:21:ef:35:22:ae:d5:95:11:ec:6d:24:0f:e7:86:a6:e8:
         d9:ed:7e:b2:cb:23:a4:df:0a:0d:a0:08:24:a7:77:58:c8:0a:
         94:85:d6:ce:fb:81:62:3d:12:5e:84:3e:92:41:56:6e:9b:38:
         d4:aa:ef:d2:a5:ca:ee:a8:f7:91:0c:1c:b7:d0:4d:fa:23:d8:
         e6:11:8f:4f:c0:37:9e:de:b5:4c:45:8a:9e:de:5c:2b:e4:3b:
         33:82:76:a2:73:6f:ae:e1:a0:53:55:4a:36:3a:eb:cc:34:92:
         95:e7:56:db:36:02:70:0a:8d:ea:48:31:27:c4:c0:89:cf:bb:
         1c:74:cd:52:1e:07:91:dc:62:ad:47:6f:d0:91:e1:48:73:d6:
         b9:51:4c:5b:79:35:6e:63:f7:84:c0:b1:ce:c4:c1:29:0c:0f:
         74:af:5a:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRftjV1+d4JOaoI4uHaqw02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZmI2ZGY5MzM3NWEwNmM1NjgyYzA1N2MwZmQyYTczMDYy
MThhNTQwHhcNMjUwMTEzMTI0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmI3ZmNhZjk1MDk5ODgyN2U4Mjk3MWNmOTAyNzczNGQzZTVlODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynLBoLDI1OjGlNGM64SPgv5WFcej
jfVpdIyvit+91TvO+I3/z/N8xyJJbTdTiI6WWrXYJ1ne9OBo34PE3Ho8QKG7kO15
WpTZgIkxfzRImP9KLwijw17WVNvwdVCgs7Op5EgCdlWCCTfyCKgiaBqihMsR0HD5
NvtDAIcBGORj8sbo929Dfi8jPkUtaL+HEuVdDlQ30gd8wREL3mwreQlJ5gC6L1cb
MvXlBhdQVHlb04f3DSAkhJYKCXLLr+vrQtXMi7m+8jIzt1WY0D35UqoP6lPOrNVs
PpjENSHDTgaR8sBkZ2IPqi3bUe+/MIVArSCkyzGuVGpmFERtb2EJTbQ3/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIa3/K+VCZiCfoKXHPkCdzTT5eiJMB8GA1UdIwQY
MBaAFBz7bfkzdaBsVoLAV8D9KnMGIYpUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFB0dC1UTjFvR3hXZ3NCWHdQMHFjd1loaWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mYmFkZmYtNzVkNy00Y2JhLTk3MzUt
NjZlYzJlYWY2NDZmLzEvaHJmOHI1VUptSUotZ3BjYy1RSjNOTlBsNklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mYmFkZmYtNzVkNy00Y2JhLTk3MzUtNjZlYzJlYWY2NDZm
LzEvSFB0dC1UTjFvR3hXZ3NCWHdQMHFjd1loaWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS0UMA0G
CSqGSIb3DQEBCwUAA4IBAQA4KzGpNk++zBCSlSIHDHflKcoIh5QB/Zro2TjLewtf
4NMKOICPyCoZ7BSq0ZUoc9MSi3YfLBO4dr4splm1K4JAn1ernapHscjIEz+NR+Zq
bTxXthc3vBao7eM2pyHvNSKu1ZUR7G0kD+eGpujZ7X6yyyOk3woNoAgkp3dYyAqU
hdbO+4FiPRJehD6SQVZumzjUqu/SpcruqPeRDBy30E36I9jmEY9PwDee3rVMRYqe
3lwr5Dszgnaic2+u4aBTVUo2OuvMNJKV51bbNgJwCo3qSDEnxMCJz7scdM1SHgeR
3GKtR2/QkeFIc9a5UUxbeTVuY/eEwLHOxMEpDA90r1ru
-----END CERTIFICATE-----