Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/fed131-f9d7-41b2-b8bc-082b1f7f0db2/1/hxP3wyAA_sDG7pvfBbl7EUDMSFA.roa
File:                     hxP3wyAA_sDG7pvfBbl7EUDMSFA.roa (raw, json)
Hash identifier:          aWnwkQ8XzsmI+C6HddMghjpIUFGjrRFfvlH7hrl9j/Q=
Subject key identifier:   87:13:F7:C3:20:00:FE:C0:C6:EE:9B:DF:05:B9:7B:11:40:CC:48:50
Certificate issuer:       /CN=121a37282dd992d88658160559e048392798c84b
Certificate serial:       0190EA4DB654AF98908BBB0119DE541860AF
Authority key identifier: 12:1A:37:28:2D:D9:92:D8:86:58:16:05:59:E0:48:39:27:98:C8:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eho3KC3ZktiGWBYFWeBIOSeYyEs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/fed131-f9d7-41b2-b8bc-082b1f7f0db2/1/hxP3wyAA_sDG7pvfBbl7EUDMSFA.roa
Signing time:             Thu 25 Jul 2024 14:31:19 +0000
ROA not before:           Thu 25 Jul 2024 14:31:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56786
IP address blocks:        185.229.16.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/fed131-f9d7-41b2-b8bc-082b1f7f0db2/1/Eho3KC3ZktiGWBYFWeBIOSeYyEs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/fed131-f9d7-41b2-b8bc-082b1f7f0db2/1/Eho3KC3ZktiGWBYFWeBIOSeYyEs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eho3KC3ZktiGWBYFWeBIOSeYyEs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ea:4d:b6:54:af:98:90:8b:bb:01:19:de:54:18:60:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=121a37282dd992d88658160559e048392798c84b
        Validity
            Not Before: Jul 25 14:31:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8713f7c32000fec0c6ee9bdf05b97b1140cc4850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:33:c2:53:ba:36:92:a3:24:87:4a:b0:ad:98:
                    c7:40:0a:08:81:32:f2:e4:64:31:90:06:ca:a7:99:
                    34:1b:e6:2a:02:8d:8d:6e:0e:bf:b4:d5:56:93:04:
                    cd:6b:88:6b:b6:c7:e8:09:16:ad:45:e0:15:88:6b:
                    ae:98:bd:d1:87:65:91:41:af:12:12:f9:5a:e1:94:
                    00:ea:28:5d:2a:79:3a:1a:25:41:94:05:1c:b0:33:
                    84:a5:7f:4c:82:54:74:74:52:a1:98:16:90:42:71:
                    ea:d7:a9:c3:e4:2d:db:36:52:97:1d:6b:49:8e:0a:
                    60:c8:b0:5c:fa:7b:ad:8e:fb:d9:50:17:b6:a7:9e:
                    46:45:ba:72:7d:c3:c7:c3:2f:82:9b:e3:a5:98:39:
                    c2:79:a0:28:c3:69:fb:6a:4f:b7:be:51:bb:b9:c6:
                    57:71:fd:51:d9:b0:3d:ef:77:54:6a:84:d8:ac:f9:
                    30:22:55:fb:be:4f:00:25:4b:45:e7:e5:f1:8c:05:
                    13:27:22:df:f5:5e:f7:d2:fe:e4:f5:53:33:d3:bd:
                    63:e1:97:c8:98:7b:6b:16:a2:a7:51:52:82:95:1f:
                    67:b4:a0:9f:4f:53:8f:02:8a:75:69:62:a8:51:d5:
                    78:84:67:ba:46:32:f9:d9:63:bf:42:b6:03:1c:02:
                    0e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:13:F7:C3:20:00:FE:C0:C6:EE:9B:DF:05:B9:7B:11:40:CC:48:50
            X509v3 Authority Key Identifier:
                keyid:12:1A:37:28:2D:D9:92:D8:86:58:16:05:59:E0:48:39:27:98:C8:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eho3KC3ZktiGWBYFWeBIOSeYyEs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/fed131-f9d7-41b2-b8bc-082b1f7f0db2/1/hxP3wyAA_sDG7pvfBbl7EUDMSFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/fed131-f9d7-41b2-b8bc-082b1f7f0db2/1/Eho3KC3ZktiGWBYFWeBIOSeYyEs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.229.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:cc:4a:10:b6:2d:1d:1a:b3:31:c1:24:5d:4a:2c:5e:5b:30:
         1a:f2:a5:ed:ee:f1:d7:fe:bd:8b:3f:f3:90:2b:bd:bb:8c:8e:
         1e:c2:43:1d:4e:a2:2d:7f:e4:cf:e5:7d:c5:d6:ac:23:78:73:
         cd:4e:a1:ec:6f:80:56:ec:2d:38:c3:ef:7f:b5:c0:8d:e1:b4:
         85:8f:89:87:8b:08:5b:46:30:f1:f4:b4:64:24:37:81:e8:7f:
         ba:f5:a1:fe:81:60:3c:2d:2d:71:49:c4:0e:f8:44:34:0e:ac:
         a6:a2:06:6b:e4:4e:dc:b1:30:ba:8b:73:4e:ff:4a:05:4e:9d:
         d4:30:a7:db:9c:7f:b8:85:bf:dc:cd:db:80:ee:7b:08:be:21:
         1d:2e:1b:65:60:ca:06:e1:23:19:43:65:1f:a2:5a:81:29:11:
         24:cc:e1:88:dc:ab:fa:a4:40:54:5f:64:52:79:c9:ac:1c:6d:
         16:61:24:15:7d:ee:0c:72:b2:37:f8:28:43:b3:b8:9f:af:75:
         9b:92:47:9d:bf:7f:7d:99:90:9a:2c:dd:25:28:2f:65:54:38:
         1f:8b:d4:22:70:e5:0d:72:fe:d6:f6:cd:be:c8:a0:93:11:05:
         37:5d:44:ab:15:db:ee:34:79:f2:bf:6f:c2:db:9d:00:f1:e0:
         73:f0:f0:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDqTbZUr5iQi7sBGd5UGGCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMWEzNzI4MmRkOTkyZDg4NjU4MTYwNTU5ZTA0ODM5Mjc5
OGM4NGIwHhcNMjQwNzI1MTQzMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzEzZjdjMzIwMDBmZWMwYzZlZTliZGYwNWI5N2IxMTQwY2M0ODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjPCU7o2kqMkh0qwrZjHQAoIgTLy
5GQxkAbKp5k0G+YqAo2Nbg6/tNVWkwTNa4hrtsfoCRatReAViGuumL3Rh2WRQa8S
Evla4ZQA6ihdKnk6GiVBlAUcsDOEpX9MglR0dFKhmBaQQnHq16nD5C3bNlKXHWtJ
jgpgyLBc+nutjvvZUBe2p55GRbpyfcPHwy+Cm+OlmDnCeaAow2n7ak+3vlG7ucZX
cf1R2bA973dUaoTYrPkwIlX7vk8AJUtF5+XxjAUTJyLf9V730v7k9VMz071j4ZfI
mHtrFqKnUVKClR9ntKCfT1OPAop1aWKoUdV4hGe6RjL52WO/QrYDHAIO3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcT98MgAP7Axu6b3wW5exFAzEhQMB8GA1UdIwQY
MBaAFBIaNygt2ZLYhlgWBVngSDknmMhLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhvM0tDM1prdGlHV0JZRldlQklPU2VZeUVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mZWQxMzEtZjlkNy00MWIyLWI4YmMt
MDgyYjFmN2YwZGIyLzEvaHhQM3d5QUFfc0RHN3B2ZkJibDdFVURNU0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mZWQxMzEtZjlkNy00MWIyLWI4YmMtMDgyYjFmN2YwZGIy
LzEvRWhvM0tDM1prdGlHV0JZRldlQklPU2VZeUVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueUQMA0G
CSqGSIb3DQEBCwUAA4IBAQBmzEoQti0dGrMxwSRdSixeWzAa8qXt7vHX/r2LP/OQ
K727jI4ewkMdTqItf+TP5X3F1qwjeHPNTqHsb4BW7C04w+9/tcCN4bSFj4mHiwhb
RjDx9LRkJDeB6H+69aH+gWA8LS1xScQO+EQ0DqymogZr5E7csTC6i3NO/0oFTp3U
MKfbnH+4hb/czduA7nsIviEdLhtlYMoG4SMZQ2UfolqBKREkzOGI3Kv6pEBUX2RS
ecmsHG0WYSQVfe4McrI3+ChDs7ifr3Wbkkedv399mZCaLN0lKC9lVDgfi9QicOUN
cv7W9s2+yKCTEQU3XUSrFdvuNHnyv2/C250A8eBz8PCF
-----END CERTIFICATE-----