Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/hbXwf9wNoFv8xGRSX2sgDFM19h4.roa
File:                     hbXwf9wNoFv8xGRSX2sgDFM19h4.roa (raw, json)
Hash identifier:          jyNu6uWNCmnMr4yAFoYR6ItA8qzLp8ZLELjkXagoKo8=
Subject key identifier:   85:B5:F0:7F:DC:0D:A0:5B:FC:C4:64:52:5F:6B:20:0C:53:35:F6:1E
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       018CC94D0B1BA433CB2E5185A084556F7F84
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/hbXwf9wNoFv8xGRSX2sgDFM19h4.roa
Signing time:             Tue 02 Jan 2024 08:31:58 +0000
ROA not before:           Tue 02 Jan 2024 08:31:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204693
IP address blocks:        2a0a:280:2500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:0b:1b:a4:33:cb:2e:51:85:a0:84:55:6f:7f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 08:31:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85b5f07fdc0da05bfcc464525f6b200c5335f61e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a6:89:fe:4c:71:00:82:95:5a:70:94:4d:28:
                    f2:31:d3:1b:c3:f0:bc:d3:88:57:33:e5:8f:fc:37:
                    b9:69:30:e4:91:c5:9f:de:04:ca:b6:f2:c6:8c:9f:
                    07:1c:e6:93:66:a5:d3:e3:39:c3:e4:b8:fa:6b:28:
                    81:e2:82:9c:de:ff:d5:39:ca:92:55:12:91:5d:a5:
                    0e:94:40:ef:40:88:cc:2c:45:9f:c4:38:0e:45:f7:
                    8f:56:6c:7e:e5:11:2d:8a:2c:b9:77:f4:d5:36:03:
                    7b:27:8a:32:e0:58:6a:41:f8:40:c1:04:c2:d9:af:
                    fe:c5:31:6d:eb:9a:40:b1:58:9d:d7:4f:44:5c:b3:
                    3e:1b:18:c7:ad:5b:46:cd:1d:0c:97:d9:e5:d0:c8:
                    11:bc:c7:f3:f6:f7:46:68:9f:90:02:9c:67:9d:2a:
                    30:b0:d0:b5:15:4d:4a:ea:9c:99:7e:ae:85:57:b8:
                    d2:ca:02:fa:c3:81:63:60:9c:30:e2:91:67:cf:af:
                    58:15:d8:84:f9:bb:4d:95:fd:9a:96:83:eb:04:32:
                    25:2d:75:ba:d2:5c:6f:c0:33:c7:18:74:a1:14:8b:
                    ae:8d:ce:09:b5:a3:43:71:9f:92:89:f1:96:d1:da:
                    f9:19:96:17:64:b2:5b:06:f9:0e:10:82:98:d7:de:
                    5d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:B5:F0:7F:DC:0D:A0:5B:FC:C4:64:52:5F:6B:20:0C:53:35:F6:1E
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/hbXwf9wNoFv8xGRSX2sgDFM19h4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:2500::/40

    Signature Algorithm: sha256WithRSAEncryption
         a5:07:2d:34:2d:b3:20:f4:9e:20:82:56:6f:e2:ff:6a:e9:19:
         35:a8:1c:86:36:7a:3c:8e:2a:51:ce:d2:fd:6e:df:c0:85:cf:
         18:50:2c:20:5b:3a:a2:16:b0:6f:48:4e:11:0b:7e:99:52:96:
         00:13:b9:f9:77:5f:06:46:93:23:43:ce:29:06:06:3f:56:70:
         ac:9e:99:d0:74:5f:b6:6d:40:a8:cf:84:a4:cc:23:12:cb:c3:
         99:5e:61:4e:71:77:47:e4:e7:b2:92:cd:4f:be:3c:1f:72:37:
         a1:f9:03:5d:29:e2:32:83:7c:95:67:52:26:a3:25:e5:8d:e0:
         cf:19:24:1f:af:10:97:d3:b1:30:5f:d2:72:df:52:56:ee:89:
         e6:1f:ef:1a:76:4e:36:61:be:92:bb:eb:30:9b:64:0a:26:77:
         8e:f6:f9:0c:24:ed:c1:f4:1f:5d:43:eb:1c:ed:8e:36:fd:cd:
         13:58:e0:67:99:be:cd:cc:1d:8a:3b:fd:2a:9c:3b:10:f6:5d:
         fb:de:cc:a6:5a:87:8f:0b:93:56:a7:9e:18:f3:a4:51:87:79:
         a5:b2:71:92:ea:8f:19:61:ec:fd:7c:08:7b:fe:e2:e9:b7:89:
         40:29:0e:1a:e2:ca:6e:f8:5d:c1:c3:f0:38:15:3a:96:d5:20:
         e5:cc:c5:3d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTQsbpDPLLlGFoIRVb3+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjQwMTAyMDgzMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWI1ZjA3ZmRjMGRhMDViZmNjNDY0NTI1ZjZiMjAwYzUzMzVmNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqaJ/kxxAIKVWnCUTSjyMdMbw/C8
04hXM+WP/De5aTDkkcWf3gTKtvLGjJ8HHOaTZqXT4znD5Lj6ayiB4oKc3v/VOcqS
VRKRXaUOlEDvQIjMLEWfxDgORfePVmx+5REtiiy5d/TVNgN7J4oy4FhqQfhAwQTC
2a/+xTFt65pAsVid109EXLM+GxjHrVtGzR0Ml9nl0MgRvMfz9vdGaJ+QApxnnSow
sNC1FU1K6pyZfq6FV7jSygL6w4FjYJww4pFnz69YFdiE+btNlf2aloPrBDIlLXW6
0lxvwDPHGHShFIuujc4JtaNDcZ+SifGW0dr5GZYXZLJbBvkOEIKY195duwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIW18H/cDaBb/MRkUl9rIAxTNfYeMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvaGJYd2Y5d05vRnY4eEdSU1gyc2dERk0xOWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgCUw
DQYJKoZIhvcNAQELBQADggEBAKUHLTQtsyD0niCCVm/i/2rpGTWoHIY2ejyOKlHO
0v1u38CFzxhQLCBbOqIWsG9IThELfplSlgATufl3XwZGkyNDzikGBj9WcKyemdB0
X7ZtQKjPhKTMIxLLw5leYU5xd0fk57KSzU++PB9yN6H5A10p4jKDfJVnUiajJeWN
4M8ZJB+vEJfTsTBf0nLfUlbuieYf7xp2TjZhvpK76zCbZAomd472+Qwk7cH0H11D
6xztjjb9zRNY4GeZvs3MHYo7/SqcOxD2XfvezKZah48Lk1annhjzpFGHeaWycZLq
jxlh7P18CHv+4um3iUApDhriym74XcHD8DgVOpbVIOXMxT0=
-----END CERTIFICATE-----