Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/HzIG6qWDTUar5foyzs1KYzlSmbI.roa
File:                     HzIG6qWDTUar5foyzs1KYzlSmbI.roa (raw, json)
Hash identifier:          6W1AtmBlW8GELla5ek/mHIObYuwmOrMuKyq0QWVE65k=
Subject key identifier:   1F:32:06:EA:A5:83:4D:46:AB:E5:FA:32:CE:CD:4A:63:39:52:99:B2
Certificate issuer:       /CN=e05a2dacf5dd4e9bfa2d2d9b2d3c3f9678745841
Certificate serial:       018CCA29C444E20DA47677BAED3D80FAC07E
Authority key identifier: E0:5A:2D:AC:F5:DD:4E:9B:FA:2D:2D:9B:2D:3C:3F:96:78:74:58:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FotrPXdTpv6LS2bLTw_lnh0WEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/HzIG6qWDTUar5foyzs1KYzlSmbI.roa
Signing time:             Tue 02 Jan 2024 12:33:03 +0000
ROA not before:           Tue 02 Jan 2024 12:33:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60390
IP address blocks:        185.31.180.0/22 maxlen: 23
                          2a00:bf60::/32 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/4FotrPXdTpv6LS2bLTw_lnh0WEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/4FotrPXdTpv6LS2bLTw_lnh0WEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FotrPXdTpv6LS2bLTw_lnh0WEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:c4:44:e2:0d:a4:76:77:ba:ed:3d:80:fa:c0:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e05a2dacf5dd4e9bfa2d2d9b2d3c3f9678745841
        Validity
            Not Before: Jan  2 12:33:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f3206eaa5834d46abe5fa32cecd4a63395299b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:fc:f2:ee:91:09:ee:77:e0:bd:57:c1:cc:cb:
                    dc:16:e3:ea:07:a3:62:92:c3:f5:e5:53:21:7b:9f:
                    8a:e6:ed:f8:bf:7e:35:79:8e:30:9d:17:b5:8c:a3:
                    28:b1:0a:35:36:90:09:62:b5:50:49:b0:af:3c:77:
                    f0:32:bd:43:ed:c5:89:f6:09:8e:b1:f4:0a:89:7b:
                    bb:9a:ea:f9:f9:07:1b:20:85:9b:f3:ef:46:2f:ff:
                    26:34:ad:e3:2d:cb:ac:9d:44:1a:f2:a7:53:36:1c:
                    4e:46:40:9a:8a:30:19:f8:b8:09:8d:17:4a:c6:fc:
                    7f:36:a1:1b:2c:25:93:cd:9b:ca:ec:c0:3c:81:12:
                    d4:b0:3a:99:73:42:0b:78:83:5e:0a:81:69:01:fc:
                    c7:99:5e:4a:ec:f1:62:7c:53:c7:09:a1:01:6b:19:
                    c0:52:52:91:3a:5e:28:1d:b0:52:df:1a:67:9b:a6:
                    91:e3:60:b7:34:c5:84:d3:13:08:b6:3f:c5:0e:e5:
                    0e:56:ed:ed:9d:bb:2c:de:7e:f4:78:1c:7c:97:21:
                    9d:f1:96:4c:05:c4:60:6d:c0:87:bd:05:81:80:32:
                    c5:63:f9:4d:f4:de:6a:20:75:44:19:50:7d:15:89:
                    ea:17:3a:e2:ec:06:7e:76:32:f5:e6:60:5e:c2:ee:
                    c8:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:32:06:EA:A5:83:4D:46:AB:E5:FA:32:CE:CD:4A:63:39:52:99:B2
            X509v3 Authority Key Identifier:
                keyid:E0:5A:2D:AC:F5:DD:4E:9B:FA:2D:2D:9B:2D:3C:3F:96:78:74:58:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FotrPXdTpv6LS2bLTw_lnh0WEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/HzIG6qWDTUar5foyzs1KYzlSmbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/01000b-aa96-4bc6-8cc1-af07a9e87fc0/1/4FotrPXdTpv6LS2bLTw_lnh0WEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.180.0/22
                IPv6:
                  2a00:bf60::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:77:4a:01:03:53:d1:e7:73:7d:45:e3:ee:1f:36:5c:9f:e1:
         48:37:94:0f:84:99:ef:46:51:2b:84:bc:ac:f6:5f:6c:a7:d6:
         a2:c6:01:15:ab:37:6d:c0:16:2e:1d:3b:07:35:fc:06:5c:68:
         13:8a:d3:a4:33:66:5f:54:d1:41:c4:df:cb:e2:b9:3a:31:5d:
         ed:fd:a3:ed:da:ae:33:d2:10:71:a4:d2:3c:1b:a7:fc:88:0a:
         b8:ac:b9:ee:d3:91:05:3f:49:5f:71:be:77:48:97:cd:6f:e6:
         ea:a7:2d:0f:ce:ba:cb:c7:a1:63:7d:64:09:3b:da:8a:c9:f4:
         26:83:bb:0c:ff:48:cd:e4:01:1f:f7:40:db:54:fe:7e:41:6c:
         19:ea:10:b6:b0:ef:85:0b:71:dd:ee:7b:44:76:f9:0a:6b:91:
         e3:fb:51:46:7a:a9:40:f0:94:c3:8f:df:35:76:78:ef:22:d6:
         db:cd:0d:89:79:49:d7:db:c0:b3:88:0a:5d:e9:2f:71:be:14:
         41:4d:e6:05:63:bd:e9:8c:c8:12:f4:7a:1f:7e:d1:40:c2:b2:
         4c:a2:7b:7b:da:f8:71:c2:db:da:62:ac:aa:3f:0f:35:44:69:
         4c:86:9a:bb:73:ba:41:9e:eb:a6:50:49:0d:98:2c:32:d1:0e:
         7b:b7:69:dd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKcRE4g2kdne67T2A+sB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNWEyZGFjZjVkZDRlOWJmYTJkMmQ5YjJkM2MzZjk2Nzg3
NDU4NDEwHhcNMjQwMTAyMTIzMzAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjMyMDZlYWE1ODM0ZDQ2YWJlNWZhMzJjZWNkNGE2MzM5NTI5OWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/zy7pEJ7nfgvVfBzMvcFuPqB6Ni
ksP15VMhe5+K5u34v341eY4wnRe1jKMosQo1NpAJYrVQSbCvPHfwMr1D7cWJ9gmO
sfQKiXu7mur5+QcbIIWb8+9GL/8mNK3jLcusnUQa8qdTNhxORkCaijAZ+LgJjRdK
xvx/NqEbLCWTzZvK7MA8gRLUsDqZc0ILeINeCoFpAfzHmV5K7PFifFPHCaEBaxnA
UlKROl4oHbBS3xpnm6aR42C3NMWE0xMItj/FDuUOVu3tnbss3n70eBx8lyGd8ZZM
BcRgbcCHvQWBgDLFY/lN9N5qIHVEGVB9FYnqFzri7AZ+djL15mBewu7IXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB8yBuqlg01Gq+X6Ms7NSmM5UpmyMB8GA1UdIwQY
MBaAFOBaLaz13U6b+i0tmy08P5Z4dFhBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZvdHJQWGRUcHY2TFMyYkxUd19sbmgwV0VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wMTAwMGItYWE5Ni00YmM2LThjYzEt
YWYwN2E5ZTg3ZmMwLzEvSHpJRzZxV0RUVWFyNWZveXpzMUtZemxTbWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wMTAwMGItYWE5Ni00YmM2LThjYzEtYWYwN2E5ZTg3ZmMw
LzEvNEZvdHJQWGRUcHY2TFMyYkxUd19sbmgwV0VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuR+0MA0E
AgACMAcDBQAqAL9gMA0GCSqGSIb3DQEBCwUAA4IBAQB2d0oBA1PR53N9RePuHzZc
n+FIN5QPhJnvRlErhLys9l9sp9aixgEVqzdtwBYuHTsHNfwGXGgTitOkM2ZfVNFB
xN/L4rk6MV3t/aPt2q4z0hBxpNI8G6f8iAq4rLnu05EFP0lfcb53SJfNb+bqpy0P
zrrLx6FjfWQJO9qKyfQmg7sM/0jN5AEf90DbVP5+QWwZ6hC2sO+FC3Hd7ntEdvkK
a5Hj+1FGeqlA8JTDj981dnjvItbbzQ2JeUnX28CziApd6S9xvhRBTeYFY73pjMgS
9HofftFAwrJMont72vhxwtvaYqyqPw81RGlMhpq7c7pBnuumUEkNmCwy0Q57t2nd
-----END CERTIFICATE-----