Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/9c48a0-d3cd-44b3-9ae6-7dffce1d6e2d/1/NEWheC_VjV8ishvPj4H4kR9WspM.roa
File:                     NEWheC_VjV8ishvPj4H4kR9WspM.roa (raw, json)
Hash identifier:          LuD6dZ0VY6EGicNfZ3sHKeOZ+q0avygX6wVJriy7tAw=
Subject key identifier:   34:45:A1:78:2F:D5:8D:5F:22:B2:1B:CF:8F:81:F8:91:1F:56:B2:93
Certificate issuer:       /CN=1a421ace46c5dd58a29d46cd91fb28fc39c56fee
Certificate serial:       018CC348C7279A849F8FC4758881A851E91A
Authority key identifier: 1A:42:1A:CE:46:C5:DD:58:A2:9D:46:CD:91:FB:28:FC:39:C5:6F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GkIazkbF3ViinUbNkfso_DnFb-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/9c48a0-d3cd-44b3-9ae6-7dffce1d6e2d/1/NEWheC_VjV8ishvPj4H4kR9WspM.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206673
IP address blocks:        185.185.148.0/22 maxlen: 24
                          185.174.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/9c48a0-d3cd-44b3-9ae6-7dffce1d6e2d/1/GkIazkbF3ViinUbNkfso_DnFb-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/9c48a0-d3cd-44b3-9ae6-7dffce1d6e2d/1/GkIazkbF3ViinUbNkfso_DnFb-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GkIazkbF3ViinUbNkfso_DnFb-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c7:27:9a:84:9f:8f:c4:75:88:81:a8:51:e9:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a421ace46c5dd58a29d46cd91fb28fc39c56fee
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3445a1782fd58d5f22b21bcf8f81f8911f56b293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ff:ae:11:e6:62:ca:01:5d:d0:3d:98:0c:37:
                    8c:19:9f:ec:3e:e7:06:60:3f:be:84:17:52:ec:53:
                    54:d0:a1:fc:e2:21:b3:55:3a:ab:da:9a:f2:0e:14:
                    bf:d7:11:a3:50:45:68:fa:63:3d:ca:20:d0:24:7c:
                    e8:bf:4a:37:c3:aa:38:c8:ba:b8:e2:42:ee:b9:24:
                    eb:9f:33:de:30:46:7d:98:59:7c:8a:76:5f:46:c8:
                    5d:b6:27:ab:92:94:49:ac:fb:49:8f:a4:e3:94:e8:
                    f9:e7:bf:2e:0e:a5:6b:7c:9a:2f:7f:8d:90:3f:5a:
                    75:72:a6:b9:8c:fb:25:95:ba:87:8b:fa:fb:61:9d:
                    b4:23:2b:e8:b8:1e:86:f5:08:2c:51:e4:6c:2c:60:
                    fe:7b:82:fc:56:7f:a1:db:28:3d:81:fc:be:36:e5:
                    d7:02:8d:46:d1:c9:68:f8:05:75:4c:a5:c5:e3:22:
                    36:29:3f:37:6b:7f:25:da:d8:1c:32:b1:6f:3f:9d:
                    c5:b6:be:00:1e:26:a2:cc:2a:e4:2d:20:ec:ba:b3:
                    48:ec:30:49:e3:fa:a2:cc:30:fc:ee:df:d4:6b:28:
                    5d:25:fb:3e:1c:bc:f5:0f:d8:91:23:8b:c5:a2:ff:
                    04:7d:01:d5:a4:ef:64:07:e0:6e:08:61:ef:fa:45:
                    5a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:45:A1:78:2F:D5:8D:5F:22:B2:1B:CF:8F:81:F8:91:1F:56:B2:93
            X509v3 Authority Key Identifier:
                keyid:1A:42:1A:CE:46:C5:DD:58:A2:9D:46:CD:91:FB:28:FC:39:C5:6F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GkIazkbF3ViinUbNkfso_DnFb-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9c48a0-d3cd-44b3-9ae6-7dffce1d6e2d/1/NEWheC_VjV8ishvPj4H4kR9WspM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9c48a0-d3cd-44b3-9ae6-7dffce1d6e2d/1/GkIazkbF3ViinUbNkfso_DnFb-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.128.0/22
                  185.185.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8e:4e:b9:f9:85:52:e1:c5:b7:99:0f:53:ac:69:1b:39:0d:3f:
         5c:63:f6:a8:85:d6:db:1c:10:29:27:ee:ec:11:d3:e4:14:1c:
         cb:66:4b:a0:fb:85:ba:54:94:c0:47:fc:79:1c:ac:e0:53:2b:
         08:d1:6d:5b:8b:95:60:ee:df:3a:3f:72:92:01:61:f9:06:23:
         e3:c8:63:02:e6:4b:cf:ab:c6:a8:39:5a:17:ac:c5:56:35:01:
         64:4c:3b:9d:a4:81:e7:0b:67:58:1a:43:07:f6:40:06:df:6e:
         4d:bb:c9:f3:fd:54:72:a7:88:b7:7c:1a:d0:e7:2e:11:ca:63:
         88:7e:c4:83:0f:2b:7f:7a:ba:b3:e8:a7:7c:ab:79:6b:c1:59:
         9f:25:fa:58:0a:96:dd:80:9d:cc:ab:9f:b1:5b:78:62:9b:1b:
         5b:43:ab:dd:e3:ed:75:9c:ad:0f:35:6e:6f:10:48:8d:89:44:
         cb:2b:51:18:dd:63:84:67:9d:e9:0d:22:25:e1:69:dd:fb:80:
         a7:93:fe:43:b9:38:ad:00:35:49:28:6d:1e:a2:0f:60:86:15:
         22:66:36:7c:11:39:9d:57:46:5e:44:91:87:0b:74:b3:9d:2b:
         fc:41:4f:bb:fa:33:86:2b:fe:80:13:ce:7b:37:9b:48:80:60:
         21:99:ba:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSMcnmoSfj8R1iIGoUekaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNDIxYWNlNDZjNWRkNThhMjlkNDZjZDkxZmIyOGZjMzlj
NTZmZWUwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ1YTE3ODJmZDU4ZDVmMjJiMjFiY2Y4ZjgxZjg5MTFmNTZiMjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/+uEeZiygFd0D2YDDeMGZ/sPucG
YD++hBdS7FNU0KH84iGzVTqr2pryDhS/1xGjUEVo+mM9yiDQJHzov0o3w6o4yLq4
4kLuuSTrnzPeMEZ9mFl8inZfRshdtierkpRJrPtJj6TjlOj5578uDqVrfJovf42Q
P1p1cqa5jPsllbqHi/r7YZ20IyvouB6G9QgsUeRsLGD+e4L8Vn+h2yg9gfy+NuXX
Ao1G0clo+AV1TKXF4yI2KT83a38l2tgcMrFvP53Ftr4AHiaizCrkLSDsurNI7DBJ
4/qizDD87t/UayhdJfs+HLz1D9iRI4vFov8EfQHVpO9kB+BuCGHv+kVa1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDRFoXgv1Y1fIrIbz4+B+JEfVrKTMB8GA1UdIwQY
MBaAFBpCGs5Gxd1Yop1GzZH7KPw5xW/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2tJYXprYkYzVmlpblViTmtmc29fRG5GYi00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85YzQ4YTAtZDNjZC00NGIzLTlhZTYt
N2RmZmNlMWQ2ZTJkLzEvTkVXaGVDX1ZqVjhpc2h2UGo0SDRrUjlXc3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85YzQ4YTAtZDNjZC00NGIzLTlhZTYtN2RmZmNlMWQ2ZTJk
LzEvR2tJYXprYkYzVmlpblViTmtmc29fRG5GYi00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCua6AAwQC
ubmUMA0GCSqGSIb3DQEBCwUAA4IBAQCOTrn5hVLhxbeZD1OsaRs5DT9cY/aohdbb
HBApJ+7sEdPkFBzLZkug+4W6VJTAR/x5HKzgUysI0W1bi5Vg7t86P3KSAWH5BiPj
yGMC5kvPq8aoOVoXrMVWNQFkTDudpIHnC2dYGkMH9kAG325Nu8nz/VRyp4i3fBrQ
5y4RymOIfsSDDyt/erqz6Kd8q3lrwVmfJfpYCpbdgJ3Mq5+xW3himxtbQ6vd4+11
nK0PNW5vEEiNiUTLK1EY3WOEZ53pDSIl4Wnd+4Cnk/5DuTitADVJKG0eog9ghhUi
ZjZ8ETmdV0ZeRJGHC3SznSv8QU+7+jOGK/6AE857N5tIgGAhmbrs
-----END CERTIFICATE-----