Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/hd9PB0kYB6sqhK8rDQow9bRbvgI.roa
File:                     hd9PB0kYB6sqhK8rDQow9bRbvgI.roa (raw, json)
Hash identifier:          2cSId57jJDHM48gVarhYmfN9ze4MaA2ujVYED/yNgoQ=
Subject key identifier:   85:DF:4F:07:49:18:07:AB:2A:84:AF:2B:0D:0A:30:F5:B4:5B:BE:02
Certificate issuer:       /CN=111b09710acdb72086d658e90d8f025fa6a111b1
Certificate serial:       018CC56E62FE9D8F7A464DDE8005DE9D0150
Authority key identifier: 11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/hd9PB0kYB6sqhK8rDQow9bRbvgI.roa
Signing time:             Mon 01 Jan 2024 14:29:55 +0000
ROA not before:           Mon 01 Jan 2024 14:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395743
IP address blocks:        185.101.14.0/24 maxlen: 24
                          185.101.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 11:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:62:fe:9d:8f:7a:46:4d:de:80:05:de:9d:01:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111b09710acdb72086d658e90d8f025fa6a111b1
        Validity
            Not Before: Jan  1 14:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85df4f07491807ab2a84af2b0d0a30f5b45bbe02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:60:d4:65:a0:e5:81:58:65:5c:5d:02:65:95:
                    c4:92:6e:4c:64:87:10:8a:d2:2d:f8:e1:1f:ae:b2:
                    a9:25:a1:b6:ec:b7:e4:0a:85:35:15:fd:7e:20:5b:
                    78:65:c0:a7:f8:67:ab:c3:fd:51:c3:0e:60:3f:be:
                    08:4f:97:78:31:df:28:7e:79:97:b4:4b:cf:43:39:
                    39:1c:06:c9:c1:1e:b9:4a:8c:90:a1:f5:a6:d3:00:
                    ca:47:f8:6b:e8:1a:33:ab:f8:45:54:f1:4f:6a:35:
                    08:b4:c4:00:dc:e3:f9:69:10:97:70:86:5b:1e:c9:
                    c4:77:d7:0a:28:8f:51:4c:d8:21:3d:7a:0e:d1:26:
                    b1:f1:11:39:84:33:68:f3:ce:57:4b:1b:f9:a3:03:
                    57:dc:a8:e0:f4:ad:41:6a:86:b8:80:ac:96:5e:41:
                    f0:8c:27:06:6c:b3:60:e0:c4:1a:9c:70:ad:8c:ea:
                    19:76:41:b9:8f:29:8b:e9:7e:d1:9d:72:70:f9:be:
                    51:44:f4:59:ff:70:1f:3c:12:e8:75:26:cf:e8:94:
                    36:46:71:3e:2a:5b:2b:3c:30:cc:4f:6b:6a:15:93:
                    29:bb:77:2b:20:db:64:81:a0:2f:99:f4:99:1c:e9:
                    2d:63:77:6e:52:5f:30:30:1b:43:92:1b:f3:d0:27:
                    02:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:DF:4F:07:49:18:07:AB:2A:84:AF:2B:0D:0A:30:F5:B4:5B:BE:02
            X509v3 Authority Key Identifier:
                keyid:11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/hd9PB0kYB6sqhK8rDQow9bRbvgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:6c:bb:2c:d2:cc:5c:64:5e:61:2e:6b:2f:90:dd:e7:59:82:
         58:be:73:8b:24:c7:08:68:9b:c6:6e:83:d3:80:1d:61:6c:92:
         36:55:36:90:c1:68:dc:bc:8b:ab:f7:08:d8:81:8e:c4:f6:93:
         a9:05:e0:c9:13:50:4d:98:93:72:fe:59:a9:7c:88:34:f7:f1:
         da:27:8b:4e:c1:0d:e6:06:d4:db:23:e0:26:f3:c5:61:53:a8:
         25:f8:b3:3c:a3:c2:4f:74:cf:3d:cf:db:01:fc:02:cf:c8:f5:
         da:d4:e6:9b:a7:54:40:35:f6:d8:67:c0:8a:b1:ec:4c:6d:fd:
         1e:41:b5:eb:d7:cf:90:79:81:58:f3:14:c5:fc:9a:b2:48:ac:
         0b:1b:7e:3f:c4:cd:64:aa:37:0c:c8:c2:7a:b4:40:9f:3d:0e:
         8c:21:44:53:ee:b7:2b:56:20:bf:60:90:67:4d:9c:8b:59:cc:
         91:30:49:e2:7a:cb:e3:5e:33:dd:de:15:96:88:2f:87:df:83:
         08:4d:c2:e7:06:c7:4a:c5:c8:11:9e:94:17:a3:7f:87:11:54:
         cd:86:24:d8:e3:81:5b:63:85:43:0c:a6:a4:93:bc:fc:e5:e2:
         29:f9:f9:53:d9:04:1f:21:65:99:a5:4f:d6:ae:1a:3b:c4:69:
         23:35:51:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbmL+nY96Rk3egAXenQFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWIwOTcxMGFjZGI3MjA4NmQ2NThlOTBkOGYwMjVmYTZh
MTExYjEwHhcNMjQwMTAxMTQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWRmNGYwNzQ5MTgwN2FiMmE4NGFmMmIwZDBhMzBmNWI0NWJiZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWDUZaDlgVhlXF0CZZXEkm5MZIcQ
itIt+OEfrrKpJaG27LfkCoU1Ff1+IFt4ZcCn+Gerw/1Rww5gP74IT5d4Md8ofnmX
tEvPQzk5HAbJwR65SoyQofWm0wDKR/hr6Bozq/hFVPFPajUItMQA3OP5aRCXcIZb
HsnEd9cKKI9RTNghPXoO0Sax8RE5hDNo885XSxv5owNX3Kjg9K1Baoa4gKyWXkHw
jCcGbLNg4MQanHCtjOoZdkG5jymL6X7RnXJw+b5RRPRZ/3AfPBLodSbP6JQ2RnE+
KlsrPDDMT2tqFZMpu3crINtkgaAvmfSZHOktY3duUl8wMBtDkhvz0CcCZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXfTwdJGAerKoSvKw0KMPW0W74CMB8GA1UdIwQY
MBaAFBEbCXEKzbcghtZY6Q2PAl+moRGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjkt
N2JmMDM1NmE2YmFiLzEvaGQ5UEIwa1lCNnNxaEs4ckRRb3c5YlJidmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjktN2JmMDM1NmE2YmFi
LzEvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUMMA0G
CSqGSIb3DQEBCwUAA4IBAQA7bLss0sxcZF5hLmsvkN3nWYJYvnOLJMcIaJvGboPT
gB1hbJI2VTaQwWjcvIur9wjYgY7E9pOpBeDJE1BNmJNy/lmpfIg09/HaJ4tOwQ3m
BtTbI+Am88VhU6gl+LM8o8JPdM89z9sB/ALPyPXa1Oabp1RANfbYZ8CKsexMbf0e
QbXr18+QeYFY8xTF/JqySKwLG34/xM1kqjcMyMJ6tECfPQ6MIURT7rcrViC/YJBn
TZyLWcyRMEniesvjXjPd3hWWiC+H34MITcLnBsdKxcgRnpQXo3+HEVTNhiTY44Fb
Y4VDDKakk7z85eIp+flT2QQfIWWZpU/Wrho7xGkjNVHF
-----END CERTIFICATE-----