Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/bhhyHor-RCJ6G5UoB1c0iWU3HNY.roa
File:                     bhhyHor-RCJ6G5UoB1c0iWU3HNY.roa (raw, json)
Hash identifier:          5N00fK3d1v6JRClWIo13OrtGJe94haNvcEXJCLUxYjk=
Subject key identifier:   6E:18:72:1E:8A:FE:44:22:7A:1B:95:28:07:57:34:89:65:37:1C:D6
Certificate issuer:       /CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
Certificate serial:       0190F88DDB4DB7FBCDD5232E61E4877CAB87
Authority key identifier: C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/bhhyHor-RCJ6G5UoB1c0iWU3HNY.roa
Signing time:             Sun 28 Jul 2024 08:56:04 +0000
ROA not before:           Sun 28 Jul 2024 08:56:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214512
IP address blocks:        2a05:4140:200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f8:8d:db:4d:b7:fb:cd:d5:23:2e:61:e4:87:7c:ab:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c74c60adeb0cd5768cf756f562b1b5cc5b9c180a
        Validity
            Not Before: Jul 28 08:56:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e18721e8afe44227a1b95280757348965371cd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:40:92:8a:5d:73:32:27:c8:8c:ba:63:92:40:
                    27:f6:7e:a7:a9:d5:21:21:5e:4a:5b:31:09:dd:60:
                    29:f5:ec:4d:43:65:92:4f:38:2d:92:cd:8f:d6:a0:
                    5e:01:65:3b:48:ad:71:60:f1:1c:83:6e:83:de:c8:
                    29:e4:ec:0e:a1:ec:16:cd:29:f2:0f:98:3d:50:d3:
                    cd:a8:d4:e0:d0:ca:66:c6:7e:35:c3:a6:bb:8e:ab:
                    12:3e:e6:b0:f2:6c:ee:12:ce:9f:33:5e:85:30:72:
                    e7:01:6e:fa:69:f1:da:41:dd:7d:60:73:dd:a3:b8:
                    fb:42:9f:f3:00:c1:71:ea:21:44:d6:96:af:65:7b:
                    89:dd:27:0d:36:2e:89:3f:62:56:61:d8:7d:b8:4f:
                    4e:99:df:af:40:63:f8:3c:f6:4f:00:48:04:63:0a:
                    34:04:c1:b6:a6:ca:7a:c2:2f:52:f6:d4:0a:ed:20:
                    10:e5:e9:91:98:ea:95:e0:f0:0e:91:1f:15:31:a3:
                    d1:6b:ea:47:cc:d2:8f:53:cc:fa:94:41:c5:ea:84:
                    5c:b1:d8:21:eb:9d:06:17:1d:25:a4:02:8c:f6:09:
                    9c:bc:00:6f:d9:26:0b:67:98:ae:31:bc:b0:d9:a6:
                    c7:ce:59:16:e2:ea:80:39:d7:60:b8:26:3b:7c:41:
                    d4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:18:72:1E:8A:FE:44:22:7A:1B:95:28:07:57:34:89:65:37:1C:D6
            X509v3 Authority Key Identifier:
                keyid:C7:4C:60:AD:EB:0C:D5:76:8C:F7:56:F5:62:B1:B5:CC:5B:9C:18:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x0xgresM1XaM91b1YrG1zFucGAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/bhhyHor-RCJ6G5UoB1c0iWU3HNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/adb65c-f6f7-4495-ba23-885e84e7512e/1/x0xgresM1XaM91b1YrG1zFucGAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:4140:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         12:2c:08:f2:40:80:dd:09:16:8f:66:cc:7e:cb:6e:1c:b7:d0:
         a5:14:2a:52:31:48:6c:ff:53:49:90:5c:80:4c:e4:f2:61:de:
         7a:87:dd:aa:be:67:14:fd:96:c0:11:bc:6d:e4:d0:48:3c:15:
         ee:c9:83:51:85:63:93:f1:9b:f7:e8:e3:1e:cc:2f:bf:9c:93:
         32:9e:fb:f1:3b:17:f5:0b:60:f8:28:66:dd:52:d1:11:7f:d9:
         bd:a9:53:f5:3b:33:8e:e2:f0:0d:07:02:58:d9:7b:0f:f5:76:
         4c:37:39:be:39:57:5c:0b:68:66:a2:2b:85:b5:d5:17:b3:9c:
         67:f3:36:0e:a1:1a:4d:d8:e8:bf:10:64:45:19:ef:15:9d:de:
         36:86:dc:15:a7:2e:84:ef:88:b0:e9:c5:9a:67:54:40:c7:40:
         0a:90:95:a2:1d:d1:d9:74:46:88:fd:46:1f:3a:92:5b:3e:f4:
         f7:de:70:4d:c9:a6:6a:16:c2:ec:69:f3:99:0b:9f:39:a9:6e:
         7e:8c:fc:41:87:c1:54:61:06:19:13:53:22:19:c4:e4:2c:08:
         bd:af:c3:46:bf:06:7a:7a:c8:2a:06:4e:44:f4:61:4f:9f:d2:
         ae:fa:33:03:03:dc:6f:26:28:cd:25:dd:6a:b8:b2:2b:24:39:
         c3:88:7a:ba
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZD4jdtNt/vN1SMuYeSHfKuHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NGM2MGFkZWIwY2Q1NzY4Y2Y3NTZmNTYyYjFiNWNjNWI5
YzE4MGEwHhcNMjQwNzI4MDg1NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTE4NzIxZThhZmU0NDIyN2ExYjk1MjgwNzU3MzQ4OTY1MzcxY2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7UCSil1zMifIjLpjkkAn9n6nqdUh
IV5KWzEJ3WAp9exNQ2WSTzgtks2P1qBeAWU7SK1xYPEcg26D3sgp5OwOoewWzSny
D5g9UNPNqNTg0Mpmxn41w6a7jqsSPuaw8mzuEs6fM16FMHLnAW76afHaQd19YHPd
o7j7Qp/zAMFx6iFE1pavZXuJ3ScNNi6JP2JWYdh9uE9Omd+vQGP4PPZPAEgEYwo0
BMG2psp6wi9S9tQK7SAQ5emRmOqV4PAOkR8VMaPRa+pHzNKPU8z6lEHF6oRcsdgh
650GFx0lpAKM9gmcvABv2SYLZ5iuMbyw2abHzlkW4uqAOddguCY7fEHUQQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG4Ych6K/kQiehuVKAdXNIllNxzWMB8GA1UdIwQY
MBaAFMdMYK3rDNV2jPdW9WKxtcxbnBgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMt
ODg1ZTg0ZTc1MTJlLzEvYmhoeUhvci1SQ0o2RzVVb0IxYzBpV1UzSE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZGI2NWMtZjZmNy00NDk1LWJhMjMtODg1ZTg0ZTc1MTJl
LzEveDB4Z3Jlc00xWGFNOTFiMVlyRzF6RnVjR0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgVBQAIw
DQYJKoZIhvcNAQELBQADggEBABIsCPJAgN0JFo9mzH7Lbhy30KUUKlIxSGz/U0mQ
XIBM5PJh3nqH3aq+ZxT9lsARvG3k0Eg8Fe7Jg1GFY5Pxm/fo4x7ML7+ckzKe+/E7
F/ULYPgoZt1S0RF/2b2pU/U7M47i8A0HAljZew/1dkw3Ob45V1wLaGaiK4W11Rez
nGfzNg6hGk3Y6L8QZEUZ7xWd3jaG3BWnLoTviLDpxZpnVEDHQAqQlaId0dl0Roj9
Rh86kls+9PfecE3JpmoWwuxp85kLnzmpbn6M/EGHwVRhBhkTUyIZxOQsCL2vw0a/
Bnp6yCoGTkT0YU+f0q76MwMD3G8mKM0l3Wq4siskOcOIero=
-----END CERTIFICATE-----