Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/0LNGdjYasgqntHEIQIzvfE8wQIY.roa
File:                     0LNGdjYasgqntHEIQIzvfE8wQIY.roa (raw, json)
Hash identifier:          hbzCEQ2yJBk21LmFBof9ud0/qkiT9CgODNeApIjQax4=
Subject key identifier:   D0:B3:46:76:36:1A:B2:0A:A7:B4:71:08:40:8C:EF:7C:4F:30:40:86
Certificate issuer:       /CN=407c7083460e1a4c72c4bc4276313d3a85944a87
Certificate serial:       018CC6B79452560B46B4E0341B13E0ED7CEA
Authority key identifier: 40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/0LNGdjYasgqntHEIQIzvfE8wQIY.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199811
IP address blocks:        185.210.64.0/22 maxlen: 22
                          2a0b:55c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:94:52:56:0b:46:b4:e0:34:1b:13:e0:ed:7c:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407c7083460e1a4c72c4bc4276313d3a85944a87
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d0b34676361ab20aa7b47108408cef7c4f304086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:13:6f:4b:3e:76:70:f4:8d:39:f1:97:15:75:
                    90:f2:46:42:da:3c:e1:25:3e:b9:df:7c:7f:36:c7:
                    33:6b:af:ca:c3:b2:e0:df:26:e8:41:93:af:6d:c9:
                    e0:3e:ac:f1:ac:94:51:25:94:88:a0:56:51:f0:b3:
                    13:96:ee:ea:64:94:36:ab:df:d0:45:b0:ed:8f:8f:
                    d4:a7:07:e9:02:8f:52:f2:e5:1d:1d:8b:a5:76:80:
                    9a:96:63:b1:9f:de:a0:36:ab:42:9d:58:ad:af:89:
                    46:a4:fc:62:a2:14:8d:a3:af:a7:36:0c:41:9f:ea:
                    ae:a2:16:98:7b:7a:90:e9:1c:a7:e5:9b:08:6d:ec:
                    70:4d:14:36:b5:c3:f7:54:ea:80:8f:02:56:c3:33:
                    5a:19:59:33:29:47:e1:6e:fc:1f:ee:a8:7b:52:18:
                    ed:b8:09:4a:1a:b1:2a:6e:5a:fd:bd:f8:6d:b7:f5:
                    14:57:1a:6f:52:77:50:95:99:75:41:8f:ab:83:f4:
                    05:50:c2:14:93:52:0f:b8:cd:05:94:4e:22:1e:fd:
                    7d:66:39:b8:34:3e:4a:20:48:3e:d7:c5:c9:38:46:
                    17:3f:10:40:cc:41:f4:6c:ea:db:dc:a4:09:ef:c7:
                    33:47:45:b3:ff:3c:a8:91:97:d6:63:e3:33:6e:e9:
                    6e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:B3:46:76:36:1A:B2:0A:A7:B4:71:08:40:8C:EF:7C:4F:30:40:86
            X509v3 Authority Key Identifier:
                keyid:40:7C:70:83:46:0E:1A:4C:72:C4:BC:42:76:31:3D:3A:85:94:4A:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHxwg0YOGkxyxLxCdjE9OoWUSoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/0LNGdjYasgqntHEIQIzvfE8wQIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8a7569-ed74-4a92-8627-985ed15c9aeb/1/QHxwg0YOGkxyxLxCdjE9OoWUSoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.64.0/22
                IPv6:
                  2a0b:55c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:50:f6:be:34:bc:38:c9:e0:6c:a3:3d:0f:8c:a9:d9:c3:44:
         9d:f8:75:9f:84:68:83:35:db:fa:64:b3:fa:52:97:b7:2b:27:
         87:d7:fa:25:c8:81:b8:ef:b3:2a:15:ed:f1:67:80:8d:40:8a:
         e9:45:35:9e:de:98:24:10:1d:f6:e5:44:10:5f:83:8f:d6:e7:
         82:84:8b:21:5f:7c:3b:3e:23:92:43:85:85:00:2a:77:26:03:
         ab:18:f1:18:88:8b:3d:4d:18:22:b6:9f:43:ee:fd:b9:f0:24:
         dc:05:27:d3:a4:5d:60:b4:40:67:eb:5c:0b:2d:86:5d:83:8c:
         ea:ff:0f:e9:ee:d9:45:86:92:9e:a4:86:3b:dc:5b:61:92:a9:
         9d:11:ab:a6:d5:1f:1c:70:32:5a:04:94:a2:73:68:e6:ef:12:
         34:c5:70:71:ab:44:9a:f3:8d:bf:2b:87:cf:8f:5b:50:a6:80:
         cc:18:44:5b:1d:d6:6c:7b:3b:be:bb:7f:17:33:6a:65:45:7a:
         e0:81:41:c1:c3:24:cd:7c:6d:78:de:40:98:d1:bc:b2:9a:ee:
         4d:34:6f:69:f1:a6:4c:09:01:7f:f7:f2:e9:9c:f6:92:ae:52:
         78:c4:70:fc:a8:b6:5b:5b:00:f7:cf:17:b8:9e:48:05:d7:4e:
         d4:56:de:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt5RSVgtGtOA0GxPg7XzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2M3MDgzNDYwZTFhNGM3MmM0YmM0Mjc2MzEzZDNhODU5
NDRhODcwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGIzNDY3NjM2MWFiMjBhYTdiNDcxMDg0MDhjZWY3YzRmMzA0MDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRNvSz52cPSNOfGXFXWQ8kZC2jzh
JT6533x/Nscza6/Kw7Lg3yboQZOvbcngPqzxrJRRJZSIoFZR8LMTlu7qZJQ2q9/Q
RbDtj4/UpwfpAo9S8uUdHYuldoCalmOxn96gNqtCnVitr4lGpPxiohSNo6+nNgxB
n+quohaYe3qQ6Ryn5ZsIbexwTRQ2tcP3VOqAjwJWwzNaGVkzKUfhbvwf7qh7Uhjt
uAlKGrEqblr9vfhtt/UUVxpvUndQlZl1QY+rg/QFUMIUk1IPuM0FlE4iHv19Zjm4
ND5KIEg+18XJOEYXPxBAzEH0bOrb3KQJ78czR0Wz/zyokZfWY+Mzbulu2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNCzRnY2GrIKp7RxCECM73xPMECGMB8GA1UdIwQY
MBaAFEB8cINGDhpMcsS8QnYxPTqFlEqHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2Mjct
OTg1ZWQxNWM5YWViLzEvMExOR2RqWWFzZ3FudEhFSVFJenZmRTh3UUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84YTc1NjktZWQ3NC00YTkyLTg2MjctOTg1ZWQxNWM5YWVi
LzEvUUh4d2cwWU9Ha3h5eEx4Q2RqRTlPb1dVU29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudJAMA0E
AgACMAcDBQMqC1XAMA0GCSqGSIb3DQEBCwUAA4IBAQAiUPa+NLw4yeBsoz0PjKnZ
w0Sd+HWfhGiDNdv6ZLP6Upe3KyeH1/olyIG477MqFe3xZ4CNQIrpRTWe3pgkEB32
5UQQX4OP1ueChIshX3w7PiOSQ4WFACp3JgOrGPEYiIs9TRgitp9D7v258CTcBSfT
pF1gtEBn61wLLYZdg4zq/w/p7tlFhpKepIY73FthkqmdEaum1R8ccDJaBJSic2jm
7xI0xXBxq0Sa842/K4fPj1tQpoDMGERbHdZsezu+u38XM2plRXrggUHBwyTNfG14
3kCY0byymu5NNG9p8aZMCQF/9/LpnPaSrlJ4xHD8qLZbWwD3zxe4nkgF107UVt7/
-----END CERTIFICATE-----