Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/hZDJcEGRIt-rGImHq0iZbpupt0Y.roa
File:                     hZDJcEGRIt-rGImHq0iZbpupt0Y.roa (raw, json)
Hash identifier:          p4QzMFtS7xdVuUE1djgyOHJwDpTtnL7eCD7a+RBdDPg=
Subject key identifier:   85:90:C9:70:41:91:22:DF:AB:18:89:87:AB:48:99:6E:9B:A9:B7:46
Certificate issuer:       /CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
Certificate serial:       018CC793DB216EFE988474AA370475736242
Authority key identifier: 8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/hZDJcEGRIt-rGImHq0iZbpupt0Y.roa
Signing time:             Tue 02 Jan 2024 00:30:04 +0000
ROA not before:           Tue 02 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64414
IP address blocks:        185.166.112.0/24 maxlen: 24
                          185.166.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:db:21:6e:fe:98:84:74:aa:37:04:75:73:62:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
        Validity
            Not Before: Jan  2 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8590c970419122dfab188987ab48996e9ba9b746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:16:db:60:20:1c:eb:86:bb:34:33:5f:00:0c:
                    ac:45:c7:31:15:f7:18:fa:c8:d5:14:a8:da:ca:3e:
                    60:95:10:f0:0d:37:ea:f9:ee:31:85:c5:bd:b9:54:
                    ed:6b:66:20:e9:80:db:73:8e:e6:11:20:ca:07:41:
                    53:5e:6a:44:40:ad:6c:81:4c:8c:44:7f:32:2b:7c:
                    f7:80:31:1d:4c:c6:19:da:49:55:fc:4c:da:f2:61:
                    b3:d2:20:ee:d9:b4:8b:7a:fa:d8:55:73:cd:d3:cf:
                    8f:20:72:e5:68:05:05:bc:ab:25:91:15:bb:8e:57:
                    77:27:ad:d2:dc:12:6d:7a:22:2f:a1:db:f4:93:ac:
                    30:a3:61:40:89:1e:97:58:88:58:28:8e:b0:d7:5a:
                    22:57:7a:6d:d9:b6:f6:85:f9:e3:8d:c6:6c:b9:02:
                    9a:b7:78:a7:f6:b4:b9:c0:f1:e9:90:08:ef:ef:bb:
                    6e:fb:2d:09:90:e6:06:f3:87:91:da:f5:45:98:32:
                    99:2c:69:0d:d7:3b:29:10:a2:d0:c7:47:87:5c:0a:
                    23:01:7a:50:a4:64:8f:45:d6:15:00:c2:a8:31:df:
                    96:54:a4:8f:5e:ed:41:e0:48:d5:96:af:07:cf:75:
                    bb:b2:a7:96:6f:a0:67:36:55:15:0b:a3:4a:27:19:
                    22:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:90:C9:70:41:91:22:DF:AB:18:89:87:AB:48:99:6E:9B:A9:B7:46
            X509v3 Authority Key Identifier:
                keyid:8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/hZDJcEGRIt-rGImHq0iZbpupt0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.112.0/24
                  185.166.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c7:b8:58:0a:69:cf:bb:52:37:e9:da:dd:78:5b:a1:61:16:
         c4:5d:ad:fc:2a:9c:9f:f7:93:a4:6f:77:8f:d0:c1:4d:6d:4d:
         a9:ab:6d:75:8a:67:bc:01:25:c7:d5:03:d9:cf:0a:6e:05:12:
         f1:97:d8:52:49:a0:21:0e:34:bb:98:d1:2b:b5:14:2c:01:0e:
         93:78:f8:83:d4:f4:c3:9f:cb:85:15:4a:4b:c0:8d:25:91:d8:
         6d:50:37:a1:e3:ff:ef:bf:c2:32:07:d8:f6:0e:59:33:e5:5c:
         f6:b6:ab:2a:c7:95:39:cc:85:ab:df:2b:17:d5:9b:92:a7:82:
         7d:1c:fd:9c:8a:12:75:ef:b3:e5:d4:c8:a2:9e:e1:64:98:b3:
         1b:dc:c5:49:72:42:03:27:3b:ca:0c:aa:26:fd:f8:5e:23:3b:
         97:8e:22:3e:0e:63:68:75:d7:f5:21:dd:4f:bc:91:33:9c:1c:
         ee:c2:a3:da:b4:ed:f2:a8:a4:6b:5e:6f:d8:80:e0:d2:77:78:
         62:b1:c7:16:0d:fb:cb:d3:75:7b:58:25:db:5a:32:37:de:08:
         e3:1b:2c:00:32:15:49:5d:ac:a3:ff:56:00:de:56:49:76:fc:
         09:94:8f:1e:df:96:52:ef:d0:49:62:87:de:d0:3e:07:c6:28:
         9c:b2:a9:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk9shbv6YhHSqNwR1c2JCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjgxOTg5YzNiNmU1OGZkYzk1MzRlZTdlYjNlMjYwZDFk
ODc3NDkwHhcNMjQwMTAyMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTkwYzk3MDQxOTEyMmRmYWIxODg5ODdhYjQ4OTk2ZTliYTliNzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxbbYCAc64a7NDNfAAysRccxFfcY
+sjVFKjayj5glRDwDTfq+e4xhcW9uVTta2Yg6YDbc47mESDKB0FTXmpEQK1sgUyM
RH8yK3z3gDEdTMYZ2klV/Eza8mGz0iDu2bSLevrYVXPN08+PIHLlaAUFvKslkRW7
jld3J63S3BJteiIvodv0k6wwo2FAiR6XWIhYKI6w11oiV3pt2bb2hfnjjcZsuQKa
t3in9rS5wPHpkAjv77tu+y0JkOYG84eR2vVFmDKZLGkN1zspEKLQx0eHXAojAXpQ
pGSPRdYVAMKoMd+WVKSPXu1B4EjVlq8Hz3W7sqeWb6BnNlUVC6NKJxkiDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIWQyXBBkSLfqxiJh6tImW6bqbdGMB8GA1UdIwQY
MBaAFI0oGYnDtuWP3JU07n6z4mDR2HdJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEt
YmNhODBlNDdjNTczLzEvaFpESmNFR1JJdC1yR0ltSHEwaVpicHVwdDBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEtYmNhODBlNDdjNTcz
LzEvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuaZwAwQA
uaZyMA0GCSqGSIb3DQEBCwUAA4IBAQBAx7hYCmnPu1I36drdeFuhYRbEXa38Kpyf
95Okb3eP0MFNbU2pq211ime8ASXH1QPZzwpuBRLxl9hSSaAhDjS7mNErtRQsAQ6T
ePiD1PTDn8uFFUpLwI0lkdhtUDeh4//vv8IyB9j2Dlkz5Vz2tqsqx5U5zIWr3ysX
1ZuSp4J9HP2cihJ177Pl1MiinuFkmLMb3MVJckIDJzvKDKom/fheIzuXjiI+DmNo
ddf1Id1PvJEznBzuwqPatO3yqKRrXm/YgODSd3hisccWDfvL03V7WCXbWjI33gjj
GywAMhVJXayj/1YA3lZJdvwJlI8e35ZS79BJYofe0D4Hxiicsqld
-----END CERTIFICATE-----