Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/hbRSajZqXcqh9vtqSGd4mGXriQQ.roa
File:                     hbRSajZqXcqh9vtqSGd4mGXriQQ.roa (raw, json)
Hash identifier:          qCkFA4pZ4RRH26gVG/cyBm4oPh3KyHDlvgpjaVNPrAo=
Subject key identifier:   85:B4:52:6A:36:6A:5D:CA:A1:F6:FB:6A:48:67:78:98:65:EB:89:04
Certificate issuer:       /CN=03d602b9e1da2b568df544bda50e415799bbb1e2
Certificate serial:       018CC424ACE1D395DDC80882DA2418A8AF90
Authority key identifier: 03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/hbRSajZqXcqh9vtqSGd4mGXriQQ.roa
Signing time:             Mon 01 Jan 2024 08:29:47 +0000
ROA not before:           Mon 01 Jan 2024 08:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201112
IP address blocks:        194.110.4.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ac:e1:d3:95:dd:c8:08:82:da:24:18:a8:af:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03d602b9e1da2b568df544bda50e415799bbb1e2
        Validity
            Not Before: Jan  1 08:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85b4526a366a5dcaa1f6fb6a4867789865eb8904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:66:b6:67:9e:c6:63:8b:1f:d8:e7:28:71:97:
                    9a:4b:26:95:9a:b4:43:62:dd:b0:72:f7:64:6b:51:
                    43:d3:f0:4d:3c:62:34:47:82:fa:07:20:6d:b8:44:
                    9a:49:42:ba:a1:20:14:c8:25:92:a8:c9:81:3d:ae:
                    de:c5:58:54:4b:7b:a1:7a:4d:a4:73:80:8a:06:1b:
                    0b:a9:56:47:18:96:ab:49:f0:66:97:ba:48:05:87:
                    25:f8:2c:b7:8f:0c:97:dc:80:2b:ff:ff:f9:a1:be:
                    a7:44:57:ec:ef:eb:b0:12:69:d2:aa:c5:d9:95:31:
                    1b:8a:96:1e:ea:d6:37:9c:e3:a7:58:1e:e9:c8:fb:
                    b6:9b:f9:9a:43:41:42:2e:c1:6d:45:23:59:08:f5:
                    75:20:a0:93:50:3a:4d:03:ea:f5:13:79:1f:18:f0:
                    3d:86:ee:c5:a0:04:0a:88:10:a0:d9:e1:88:e4:d6:
                    91:3d:e6:ef:fe:57:14:0f:68:b0:43:7b:28:0d:00:
                    34:71:99:79:5b:e4:bc:e9:c5:00:6f:03:d9:8f:f9:
                    11:58:86:d5:44:3f:12:ae:3d:67:ef:da:c3:37:33:
                    bf:85:09:3f:9e:19:ab:01:01:85:74:e4:1d:76:86:
                    09:dc:26:05:dc:20:4e:8d:3c:12:fd:fd:3f:46:ac:
                    ec:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B4:52:6A:36:6A:5D:CA:A1:F6:FB:6A:48:67:78:98:65:EB:89:04
            X509v3 Authority Key Identifier:
                keyid:03:D6:02:B9:E1:DA:2B:56:8D:F5:44:BD:A5:0E:41:57:99:BB:B1:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A9YCueHaK1aN9US9pQ5BV5m7seI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/hbRSajZqXcqh9vtqSGd4mGXriQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/92fbd9-b9ee-42fc-aac1-fb97ddd54891/1/A9YCueHaK1aN9US9pQ5BV5m7seI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:fe:59:a4:c2:1d:ea:b9:9c:ec:6b:2d:fd:ff:33:a7:71:1d:
         57:ef:84:d4:78:5d:da:1f:f5:c7:cd:2a:22:6e:44:64:17:69:
         8c:08:1c:83:ae:42:c6:2e:51:5d:67:a4:2a:25:2a:5a:c7:c3:
         73:5e:8f:01:fc:a9:45:89:60:61:97:c8:b3:96:fb:ec:ab:b7:
         bd:23:0f:ee:5f:f5:55:48:dd:4f:be:78:31:55:9c:4f:49:21:
         c0:8a:fa:b1:f1:4a:70:80:1f:26:87:64:b1:54:00:48:ce:85:
         b6:92:82:a2:91:8f:50:22:be:66:10:f2:15:24:68:f5:1e:74:
         16:3a:af:84:1b:28:93:4f:62:ec:c7:1b:61:e2:45:79:88:e3:
         a5:29:18:ad:86:98:69:eb:6f:2c:06:74:04:d1:17:cc:37:e7:
         07:fd:0a:c9:10:9f:10:f6:33:68:c0:36:12:1a:80:7e:7d:b2:
         f0:f8:bd:28:bd:50:cc:27:b6:df:48:4a:28:74:eb:e8:6c:79:
         8f:73:cb:7f:07:42:ae:d0:df:aa:0a:f8:57:af:b1:dd:e0:4f:
         30:6f:35:c1:84:75:87:44:8f:a0:78:5e:95:a0:ad:8f:e9:0f:
         4f:bf:8f:da:e4:11:fe:e4:1b:3a:d8:20:4f:cc:d2:04:9e:33:
         6a:0b:31:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKzh05XdyAiC2iQYqK+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZDYwMmI5ZTFkYTJiNTY4ZGY1NDRiZGE1MGU0MTU3OTli
YmIxZTIwHhcNMjQwMTAxMDgyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI0NTI2YTM2NmE1ZGNhYTFmNmZiNmE0ODY3Nzg5ODY1ZWI4OTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGa2Z57GY4sf2OcocZeaSyaVmrRD
Yt2wcvdka1FD0/BNPGI0R4L6ByBtuESaSUK6oSAUyCWSqMmBPa7exVhUS3uhek2k
c4CKBhsLqVZHGJarSfBml7pIBYcl+Cy3jwyX3IAr///5ob6nRFfs7+uwEmnSqsXZ
lTEbipYe6tY3nOOnWB7pyPu2m/maQ0FCLsFtRSNZCPV1IKCTUDpNA+r1E3kfGPA9
hu7FoAQKiBCg2eGI5NaRPebv/lcUD2iwQ3soDQA0cZl5W+S86cUAbwPZj/kRWIbV
RD8Srj1n79rDNzO/hQk/nhmrAQGFdOQddoYJ3CYF3CBOjTwS/f0/Rqzs7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW0Umo2al3Kofb7akhneJhl64kEMB8GA1UdIwQY
MBaAFAPWArnh2itWjfVEvaUOQVeZu7HiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEt
ZmI5N2RkZDU0ODkxLzEvaGJSU2FqWnFYY3FoOXZ0cVNHZDRtR1hyaVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85MmZiZDktYjllZS00MmZjLWFhYzEtZmI5N2RkZDU0ODkx
LzEvQTlZQ3VlSGFLMWFOOVVTOXBRNUJWNW03c2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwm4EMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ/lmkwh3quZzsay39/zOncR1X74TUeF3aH/XHzSoi
bkRkF2mMCByDrkLGLlFdZ6QqJSpax8NzXo8B/KlFiWBhl8izlvvsq7e9Iw/uX/VV
SN1PvngxVZxPSSHAivqx8UpwgB8mh2SxVABIzoW2koKikY9QIr5mEPIVJGj1HnQW
Oq+EGyiTT2Lsxxth4kV5iOOlKRithphp628sBnQE0RfMN+cH/QrJEJ8Q9jNowDYS
GoB+fbLw+L0ovVDMJ7bfSEoodOvobHmPc8t/B0Ku0N+qCvhXr7Hd4E8wbzXBhHWH
RI+geF6VoK2P6Q9Pv4/a5BH+5Bs62CBPzNIEnjNqCzGY
-----END CERTIFICATE-----