Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/10ef17-e107-49da-8190-d99da970ffa2/1/5hA8kd9A9pN3TQ0nkImH2Aq4oi0.roa
File:                     5hA8kd9A9pN3TQ0nkImH2Aq4oi0.roa (raw, json)
Hash identifier:          dihsiU13P/DirodUsfGTs4Gndka9S2LI+thqbvpM1qs=
Subject key identifier:   E6:10:3C:91:DF:40:F6:93:77:4D:0D:27:90:89:87:D8:0A:B8:A2:2D
Certificate issuer:       /CN=d87663c5e14f13746c80f60ba363493d9a4934cc
Certificate serial:       018CC801C5FFDB77B99A21557C757B6CC493
Authority key identifier: D8:76:63:C5:E1:4F:13:74:6C:80:F6:0B:A3:63:49:3D:9A:49:34:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2HZjxeFPE3RsgPYLo2NJPZpJNMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/10ef17-e107-49da-8190-d99da970ffa2/1/5hA8kd9A9pN3TQ0nkImH2Aq4oi0.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50418
IP address blocks:        185.84.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/10ef17-e107-49da-8190-d99da970ffa2/1/2HZjxeFPE3RsgPYLo2NJPZpJNMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/10ef17-e107-49da-8190-d99da970ffa2/1/2HZjxeFPE3RsgPYLo2NJPZpJNMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2HZjxeFPE3RsgPYLo2NJPZpJNMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c5:ff:db:77:b9:9a:21:55:7c:75:7b:6c:c4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d87663c5e14f13746c80f60ba363493d9a4934cc
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6103c91df40f693774d0d27908987d80ab8a22d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ce:01:47:4f:4f:35:36:3b:86:24:b5:3d:94:
                    b9:b1:61:70:a8:b5:c6:bc:a5:c1:c3:82:50:47:11:
                    ab:58:1e:41:e4:73:6c:56:c8:39:65:df:06:40:64:
                    b3:73:55:1b:e9:6c:2a:49:0c:9b:26:67:15:f9:32:
                    6f:74:e8:a9:55:62:83:9c:02:8d:48:a6:41:7f:22:
                    7d:60:3b:33:8b:70:49:e6:a2:fa:6b:d9:9c:23:60:
                    d8:4a:ec:1b:a0:ea:a3:91:8d:94:1c:2f:80:58:a7:
                    39:07:4f:23:e5:f1:92:2a:e0:3d:95:88:bf:f4:0c:
                    f2:89:e0:eb:b5:9c:57:44:15:42:29:16:b5:01:ad:
                    fc:4f:4f:0f:ec:1e:76:32:b1:fd:43:6e:53:cb:a6:
                    8e:cb:67:4e:36:fa:f0:95:63:77:05:4d:93:1a:5b:
                    55:40:4a:46:81:13:8a:b2:f9:72:6c:ec:fd:a2:68:
                    93:ba:40:5c:00:4f:d0:37:f2:e2:34:1b:ed:7c:d9:
                    d8:d1:a6:4b:d4:53:3e:a6:24:e3:6a:0b:3e:04:a6:
                    95:8f:df:90:5c:cf:0d:a7:48:a1:4e:89:97:66:d3:
                    c1:3f:bb:56:6c:18:99:a4:bd:61:8d:30:d6:75:7c:
                    0c:a0:eb:78:d2:ad:29:e4:52:bf:13:fb:51:b7:38:
                    fa:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:10:3C:91:DF:40:F6:93:77:4D:0D:27:90:89:87:D8:0A:B8:A2:2D
            X509v3 Authority Key Identifier:
                keyid:D8:76:63:C5:E1:4F:13:74:6C:80:F6:0B:A3:63:49:3D:9A:49:34:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2HZjxeFPE3RsgPYLo2NJPZpJNMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/10ef17-e107-49da-8190-d99da970ffa2/1/5hA8kd9A9pN3TQ0nkImH2Aq4oi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/10ef17-e107-49da-8190-d99da970ffa2/1/2HZjxeFPE3RsgPYLo2NJPZpJNMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d2:44:9e:bc:ac:fa:dc:71:18:62:ee:4f:62:9f:3e:87:c3:fc:
         a3:d8:e9:a8:52:e5:09:87:63:b6:86:9b:a5:73:a6:08:10:ec:
         78:6f:7c:68:8b:98:ca:6f:6f:4c:ee:5c:79:47:1e:c9:0c:f8:
         d8:91:a6:28:85:4e:f1:2e:f5:50:0c:31:2e:a5:5e:10:2c:c0:
         f4:95:89:03:b4:e8:26:35:56:d9:65:72:b4:de:e4:5c:88:e3:
         b8:6d:17:7d:99:58:24:56:97:02:12:f5:72:72:7c:78:bf:cb:
         b8:c1:53:b5:9b:c4:f3:d5:6e:02:b0:7d:b7:c4:6e:93:7d:89:
         9d:df:94:cf:2f:58:47:83:78:08:7c:2f:86:26:41:7f:64:c6:
         04:d5:88:af:2c:76:80:2c:98:cd:18:fa:e9:51:46:8b:4f:a7:
         cd:d1:4e:f9:20:88:9d:96:2f:53:6d:7b:93:cc:52:2b:65:58:
         cd:16:4d:36:11:89:10:e3:c7:22:7c:d4:60:64:7b:44:1c:05:
         02:a3:f2:f4:1e:07:c6:15:fe:95:44:70:1e:90:b6:f3:e7:5d:
         40:b1:a3:a9:e7:13:cf:df:19:0a:4c:d5:f9:94:4c:ca:b9:30:
         46:dc:13:02:68:51:0e:51:cf:92:e9:85:ea:c2:cd:c0:d4:ec:
         3f:4e:da:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcX/23e5miFVfHV7bMSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NzY2M2M1ZTE0ZjEzNzQ2YzgwZjYwYmEzNjM0OTNkOWE0
OTM0Y2MwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjEwM2M5MWRmNDBmNjkzNzc0ZDBkMjc5MDg5ODdkODBhYjhhMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc4BR09PNTY7hiS1PZS5sWFwqLXG
vKXBw4JQRxGrWB5B5HNsVsg5Zd8GQGSzc1Ub6WwqSQybJmcV+TJvdOipVWKDnAKN
SKZBfyJ9YDszi3BJ5qL6a9mcI2DYSuwboOqjkY2UHC+AWKc5B08j5fGSKuA9lYi/
9AzyieDrtZxXRBVCKRa1Aa38T08P7B52MrH9Q25Ty6aOy2dONvrwlWN3BU2TGltV
QEpGgROKsvlybOz9omiTukBcAE/QN/LiNBvtfNnY0aZL1FM+piTjags+BKaVj9+Q
XM8Np0ihTomXZtPBP7tWbBiZpL1hjTDWdXwMoOt40q0p5FK/E/tRtzj6mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYQPJHfQPaTd00NJ5CJh9gKuKItMB8GA1UdIwQY
MBaAFNh2Y8XhTxN0bID2C6NjST2aSTTMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkhaanhlRlBFM1JzZ1BZTG8yTkpQWnBKTk13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xMGVmMTctZTEwNy00OWRhLTgxOTAt
ZDk5ZGE5NzBmZmEyLzEvNWhBOGtkOUE5cE4zVFEwbmtJbUgyQXE0b2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xMGVmMTctZTEwNy00OWRhLTgxOTAtZDk5ZGE5NzBmZmEy
LzEvMkhaanhlRlBFM1JzZ1BZTG8yTkpQWnBKTk13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVQgMA0G
CSqGSIb3DQEBCwUAA4IBAQDSRJ68rPrccRhi7k9inz6Hw/yj2OmoUuUJh2O2hpul
c6YIEOx4b3xoi5jKb29M7lx5Rx7JDPjYkaYohU7xLvVQDDEupV4QLMD0lYkDtOgm
NVbZZXK03uRciOO4bRd9mVgkVpcCEvVycnx4v8u4wVO1m8Tz1W4CsH23xG6TfYmd
35TPL1hHg3gIfC+GJkF/ZMYE1YivLHaALJjNGPrpUUaLT6fN0U75IIidli9TbXuT
zFIrZVjNFk02EYkQ48cifNRgZHtEHAUCo/L0HgfGFf6VRHAekLbz511AsaOp5xPP
3xkKTNX5lEzKuTBG3BMCaFEOUc+S6YXqws3A1Ow/Ttpu
-----END CERTIFICATE-----