Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/HZls7QJJxnFm8wqs8jGUmoVw_4c.roa
File:                     HZls7QJJxnFm8wqs8jGUmoVw_4c.roa (raw, json)
Hash identifier:          ozFpjK/j2+PaJK4bhoP5FqzggLZR05/y8PRKbzT4W4Y=
Subject key identifier:   1D:99:6C:ED:02:49:C6:71:66:F3:0A:AC:F2:31:94:9A:85:70:FF:87
Certificate issuer:       /CN=940b9e18eeb094d912deb595dc7aac8661b0d6c7
Certificate serial:       018CC8011676FBE4DADCE15528595369D73B
Authority key identifier: 94:0B:9E:18:EE:B0:94:D9:12:DE:B5:95:DC:7A:AC:86:61:B0:D6:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAueGO6wlNkS3rWV3HqshmGw1sc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/HZls7QJJxnFm8wqs8jGUmoVw_4c.roa
Signing time:             Tue 02 Jan 2024 02:29:23 +0000
ROA not before:           Tue 02 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208735
IP address blocks:        185.121.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/lAueGO6wlNkS3rWV3HqshmGw1sc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/lAueGO6wlNkS3rWV3HqshmGw1sc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lAueGO6wlNkS3rWV3HqshmGw1sc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:16:76:fb:e4:da:dc:e1:55:28:59:53:69:d7:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940b9e18eeb094d912deb595dc7aac8661b0d6c7
        Validity
            Not Before: Jan  2 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d996ced0249c67166f30aacf231949a8570ff87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9c:2a:f2:5f:a6:b3:bd:1c:6a:b5:23:ef:fc:
                    f5:7d:67:6f:1e:f8:12:fc:f0:be:a7:42:e1:f7:a8:
                    23:8e:a9:b7:ab:2e:f5:6f:5b:d8:8a:fc:ec:1e:e5:
                    ec:28:01:f4:bf:f9:b9:f2:cc:29:83:e3:27:5e:3e:
                    a7:0d:ae:52:fa:32:cc:bc:27:1d:c7:31:e1:35:55:
                    ee:82:c9:9a:e1:63:0f:04:b9:bb:f1:f6:7a:36:f2:
                    50:fa:3e:de:00:2c:e3:34:87:73:e0:36:11:85:c1:
                    56:20:4a:42:56:ae:4b:e4:84:87:77:ca:81:d3:3e:
                    9d:8c:80:91:50:d4:48:b9:78:75:8d:17:87:70:a0:
                    af:4a:17:68:27:13:12:99:20:35:ef:9e:05:68:3f:
                    16:ad:1d:34:07:d6:c1:19:43:49:29:e7:f7:0e:64:
                    92:e8:a4:10:a2:c4:6c:97:f4:fc:b5:9f:ea:62:eb:
                    23:3f:fd:52:e1:dd:f6:91:47:0b:17:34:da:18:6f:
                    ef:42:3b:a8:33:da:52:1b:a9:47:ba:05:b3:15:4b:
                    73:a5:84:38:1c:bf:d6:5e:e1:1e:1c:b7:c9:95:ef:
                    17:5e:5f:58:35:e4:7f:f5:46:13:05:96:78:ae:18:
                    35:ea:f9:09:45:ba:f0:56:76:c1:70:4c:b4:95:e7:
                    b3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:99:6C:ED:02:49:C6:71:66:F3:0A:AC:F2:31:94:9A:85:70:FF:87
            X509v3 Authority Key Identifier:
                keyid:94:0B:9E:18:EE:B0:94:D9:12:DE:B5:95:DC:7A:AC:86:61:B0:D6:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAueGO6wlNkS3rWV3HqshmGw1sc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/HZls7QJJxnFm8wqs8jGUmoVw_4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8a707a-5ced-4c75-ae38-56596beed1c7/1/lAueGO6wlNkS3rWV3HqshmGw1sc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:4d:62:3d:a8:e7:1b:96:01:ea:53:8e:27:ed:21:74:ce:9b:
         9f:c2:49:78:32:1f:1a:4a:7e:4f:1b:3b:bb:0c:99:aa:e3:23:
         64:5a:43:b4:89:bf:4b:57:55:61:53:7e:02:3b:f1:b0:d4:b4:
         f5:28:8c:77:bf:b9:eb:d7:6f:d6:c6:8d:ea:d7:9b:cf:06:2a:
         c0:69:3e:ee:2a:32:32:e4:57:56:c9:db:8b:2d:7a:1c:89:15:
         6a:31:3a:9d:38:48:79:94:76:a6:58:74:8c:40:82:14:5b:ea:
         4f:ba:d9:5d:eb:78:a7:89:82:c7:e7:b7:36:75:f1:7d:70:ee:
         81:b8:f1:d2:33:8c:0d:13:66:c7:bd:7e:58:37:90:71:07:42:
         53:6b:2c:39:64:54:76:60:27:61:53:50:89:3c:d9:a3:6b:47:
         7d:88:40:21:d5:ed:f3:4e:1f:c9:80:1f:5e:10:d7:85:7b:c1:
         dc:ac:e7:a9:2b:77:bc:15:58:e5:21:f8:bf:4a:59:a3:8d:78:
         7f:2a:20:30:6c:4c:0d:bc:12:6e:10:3b:b4:cd:04:4c:2a:0b:
         b5:e5:5a:15:ac:fa:50:0a:c4:c2:98:12:ed:bc:13:f3:49:b1:
         42:9f:40:13:b5:04:d1:b1:54:44:94:3c:6b:b3:35:54:a0:27:
         fb:a5:62:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARZ2++Ta3OFVKFlTadc7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGI5ZTE4ZWViMDk0ZDkxMmRlYjU5NWRjN2FhYzg2NjFi
MGQ2YzcwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk5NmNlZDAyNDljNjcxNjZmMzBhYWNmMjMxOTQ5YTg1NzBmZjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpwq8l+ms70carUj7/z1fWdvHvgS
/PC+p0Lh96gjjqm3qy71b1vYivzsHuXsKAH0v/m58swpg+MnXj6nDa5S+jLMvCcd
xzHhNVXugsma4WMPBLm78fZ6NvJQ+j7eACzjNIdz4DYRhcFWIEpCVq5L5ISHd8qB
0z6djICRUNRIuXh1jReHcKCvShdoJxMSmSA1754FaD8WrR00B9bBGUNJKef3DmSS
6KQQosRsl/T8tZ/qYusjP/1S4d32kUcLFzTaGG/vQjuoM9pSG6lHugWzFUtzpYQ4
HL/WXuEeHLfJle8XXl9YNeR/9UYTBZZ4rhg16vkJRbrwVnbBcEy0leezDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2ZbO0CScZxZvMKrPIxlJqFcP+HMB8GA1UdIwQY
MBaAFJQLnhjusJTZEt61ldx6rIZhsNbHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEF1ZUdPNndsTmtTM3JXVjNIcXNobUd3MXNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84YTcwN2EtNWNlZC00Yzc1LWFlMzgt
NTY1OTZiZWVkMWM3LzEvSFpsczdRSkp4bkZtOHdxczhqR1Vtb1Z3XzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84YTcwN2EtNWNlZC00Yzc1LWFlMzgtNTY1OTZiZWVkMWM3
LzEvbEF1ZUdPNndsTmtTM3JXVjNIcXNobUd3MXNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXloMA0G
CSqGSIb3DQEBCwUAA4IBAQBYTWI9qOcblgHqU44n7SF0zpufwkl4Mh8aSn5PGzu7
DJmq4yNkWkO0ib9LV1VhU34CO/Gw1LT1KIx3v7nr12/Wxo3q15vPBirAaT7uKjIy
5FdWyduLLXociRVqMTqdOEh5lHamWHSMQIIUW+pPutld63iniYLH57c2dfF9cO6B
uPHSM4wNE2bHvX5YN5BxB0JTayw5ZFR2YCdhU1CJPNmja0d9iEAh1e3zTh/JgB9e
ENeFe8HcrOepK3e8FVjlIfi/SlmjjXh/KiAwbEwNvBJuEDu0zQRMKgu15VoVrPpQ
CsTCmBLtvBPzSbFCn0ATtQTRsVRElDxrszVUoCf7pWKb
-----END CERTIFICATE-----