Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/hOBL7wNgpIywtlC4HJKeW_H2geo.roa
File:                     hOBL7wNgpIywtlC4HJKeW_H2geo.roa (raw, json)
Hash identifier:          VUopOBMCwaMVvnJPwvw3ySj/BkCEHcwgHGjq2mT0a0I=
Subject key identifier:   84:E0:4B:EF:03:60:A4:8C:B0:B6:50:B8:1C:92:9E:5B:F1:F6:81:EA
Certificate issuer:       /CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
Certificate serial:       018CC9BCEE458C9EA5A8E1B1A4C278ADA2FD
Authority key identifier: 59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/hOBL7wNgpIywtlC4HJKeW_H2geo.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39312
IP address blocks:        195.90.110.0/23 maxlen: 23
                          2a05:da80:2000::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ee:45:8c:9e:a5:a8:e1:b1:a4:c2:78:ad:a2:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59dd542781851c0bce5a3ea5cc387650ffc8277e
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84e04bef0360a48cb0b650b81c929e5bf1f681ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:14:a5:88:3d:b9:7a:96:23:21:52:e3:76:46:
                    cf:5a:de:32:2c:30:34:0f:16:f4:8c:25:54:d1:29:
                    d9:cd:4f:d6:0a:e3:77:2e:a2:01:e9:27:fb:85:e4:
                    f7:2e:bc:67:fe:f3:14:86:87:9d:4f:bf:ad:d5:9b:
                    18:ba:e6:f0:f1:48:58:9e:25:16:3b:91:4c:f4:8a:
                    a1:65:c7:b8:ac:5f:64:2b:32:c8:69:41:f0:26:53:
                    f8:64:f0:bb:a2:61:1c:16:c8:4f:1c:8b:24:03:c8:
                    eb:f2:7c:b6:3e:56:5e:66:16:f2:1c:fc:db:47:d7:
                    8f:a4:aa:85:d8:6e:5c:c4:43:71:ed:d5:e6:c9:53:
                    10:44:20:55:09:ea:7a:e8:01:b0:1e:60:87:57:46:
                    e0:3f:70:b1:a8:ba:4b:cb:22:bf:06:b4:3f:b3:86:
                    f8:24:03:3d:dc:8c:a7:de:65:9c:80:49:e3:f0:86:
                    b4:c5:5f:03:6b:8d:b5:e1:fd:5e:3f:66:cc:1c:58:
                    04:97:9e:5d:a6:72:d3:f6:05:db:28:b5:b7:a9:e2:
                    0e:1a:0e:91:f5:8c:10:65:a4:bf:3f:dd:f0:c5:ca:
                    9a:b6:1d:b7:15:07:31:dd:4e:80:2b:36:4b:b2:c8:
                    89:d2:63:0e:e3:61:c8:84:9f:db:e4:89:0b:3d:e1:
                    93:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E0:4B:EF:03:60:A4:8C:B0:B6:50:B8:1C:92:9E:5B:F1:F6:81:EA
            X509v3 Authority Key Identifier:
                keyid:59:DD:54:27:81:85:1C:0B:CE:5A:3E:A5:CC:38:76:50:FF:C8:27:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/hOBL7wNgpIywtlC4HJKeW_H2geo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/79c4ba-38e2-4f5a-959f-47e0937989a8/1/Wd1UJ4GFHAvOWj6lzDh2UP_IJ34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.90.110.0/23
                IPv6:
                  2a05:da80:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         b0:50:1e:9d:f4:f5:4a:3c:9c:b0:38:e1:3a:71:c5:a3:d1:28:
         7e:ad:c6:d5:fe:2c:88:88:12:4b:e8:8f:b9:66:46:e9:93:22:
         cf:33:9a:2b:41:c3:c5:44:cb:01:d6:47:29:df:6d:ee:0f:da:
         12:77:6c:b6:81:7e:35:55:b0:ea:67:c7:8d:9a:83:f9:68:0f:
         26:ac:f3:8f:de:53:54:1f:94:cf:43:8d:8f:32:e7:6c:aa:53:
         88:44:24:16:2c:8a:9f:01:2d:87:d2:e6:6c:6d:8a:70:c8:88:
         f3:be:9a:9a:59:58:a7:65:43:be:3d:ea:c2:e2:07:03:31:0e:
         43:fc:d0:43:d2:7a:7b:20:29:1e:e4:a4:91:37:f3:0f:f8:b3:
         82:1d:87:3b:3a:9a:86:55:65:35:b0:05:78:0d:0f:c5:1c:60:
         17:f6:4e:31:f8:00:84:1e:c8:58:32:20:ac:15:6e:55:c1:ce:
         d9:4e:12:18:30:bf:a6:00:76:b6:43:1a:fc:87:e5:3b:40:ea:
         db:41:60:28:46:b0:4f:e4:75:54:f4:15:bd:ab:88:df:7a:b5:
         e8:be:24:80:c4:31:2b:6e:60:82:10:39:e5:c8:05:ee:4b:20:
         7d:f2:02:5c:bc:ab:b8:35:b5:7f:95:11:d2:f7:fd:01:1c:a8:
         3f:2b:58:6d
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzJvO5FjJ6lqOGxpMJ4raL9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZGQ1NDI3ODE4NTFjMGJjZTVhM2VhNWNjMzg3NjUwZmZj
ODI3N2UwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGUwNGJlZjAzNjBhNDhjYjBiNjUwYjgxYzkyOWU1YmYxZjY4MWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxSliD25epYjIVLjdkbPWt4yLDA0
Dxb0jCVU0SnZzU/WCuN3LqIB6Sf7heT3Lrxn/vMUhoedT7+t1ZsYuubw8UhYniUW
O5FM9IqhZce4rF9kKzLIaUHwJlP4ZPC7omEcFshPHIskA8jr8ny2PlZeZhbyHPzb
R9ePpKqF2G5cxENx7dXmyVMQRCBVCep66AGwHmCHV0bgP3CxqLpLyyK/BrQ/s4b4
JAM93Iyn3mWcgEnj8Ia0xV8Da4214f1eP2bMHFgEl55dpnLT9gXbKLW3qeIOGg6R
9YwQZaS/P93wxcqath23FQcx3U6AKzZLssiJ0mMO42HIhJ/b5IkLPeGTswIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFITgS+8DYKSMsLZQuBySnlvx9oHqMB8GA1UdIwQY
MBaAFFndVCeBhRwLzlo+pcw4dlD/yCd+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYt
NDdlMDkzNzk4OWE4LzEvaE9CTDd3TmdwSXl3dGxDNEhKS2VXX0gyZ2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83OWM0YmEtMzhlMi00ZjVhLTk1OWYtNDdlMDkzNzk4OWE4
LzEvV2QxVUo0R0ZIQXZPV2o2bHpEaDJVUF9JSjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBw1puMA4E
AgACMAgDBgAqBdqAIDANBgkqhkiG9w0BAQsFAAOCAQEAsFAenfT1SjycsDjhOnHF
o9Eofq3G1f4siIgSS+iPuWZG6ZMizzOaK0HDxUTLAdZHKd9t7g/aEndstoF+NVWw
6mfHjZqD+WgPJqzzj95TVB+Uz0ONjzLnbKpTiEQkFiyKnwEth9LmbG2KcMiI876a
mllYp2VDvj3qwuIHAzEOQ/zQQ9J6eyApHuSkkTfzD/izgh2HOzqahlVlNbAFeA0P
xRxgF/ZOMfgAhB7IWDIgrBVuVcHO2U4SGDC/pgB2tkMa/IflO0Dq20FgKEawT+R1
VPQVvauI33q16L4kgMQxK25gghA55cgF7ksgffICXLyruDW1f5UR0vf9ARyoPytY
bQ==
-----END CERTIFICATE-----