Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hqKR_sZAUc0wsuZRevFb2GG_fkE.roa
File:                     hqKR_sZAUc0wsuZRevFb2GG_fkE.roa (raw, json)
Hash identifier:          clyy8ZNQP3lp19oihE1zpfiDAKQ+YWO3WU4MDWLozyg=
Subject key identifier:   86:A2:91:FE:C6:40:51:CD:30:B2:E6:51:7A:F1:5B:D8:61:BF:7E:41
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB231E19B31A4D6DE729D93F38F49D
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hqKR_sZAUc0wsuZRevFb2GG_fkE.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        185.145.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:23:1e:19:b3:1a:4d:6d:e7:29:d9:3f:38:f4:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86a291fec64051cd30b2e6517af15bd861bf7e41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:71:6e:e5:de:a3:01:f3:11:54:61:a8:aa:20:
                    d8:30:12:2d:aa:e0:7e:7c:06:2a:ca:e1:1a:45:0b:
                    d4:75:8b:4a:bb:ff:a7:9c:e1:23:18:78:03:96:66:
                    c4:68:35:94:cf:7f:de:fb:61:8e:4f:8e:6b:29:2a:
                    ad:9b:1f:d4:2a:4b:8a:34:be:47:d9:93:4b:40:47:
                    b0:c2:8b:12:fc:db:fb:46:3f:6f:09:4e:e1:6f:4c:
                    0e:2d:31:3c:d2:bf:2f:d1:5a:69:84:4c:9b:61:aa:
                    7e:5f:d1:19:ff:27:7f:94:77:c3:6a:cc:35:98:ee:
                    f4:69:f1:e3:0f:29:81:8b:93:e4:4a:03:b0:5d:aa:
                    99:23:ec:06:bc:f8:d4:8d:d6:11:51:b3:b5:21:b2:
                    cd:f9:8b:cf:c5:b4:af:27:ea:b9:f3:5c:7b:ec:61:
                    8e:a2:40:08:aa:6c:c5:b0:b8:59:2d:5e:33:cb:15:
                    40:09:53:ce:ae:42:8d:9a:d0:b3:4c:41:f9:36:f9:
                    02:39:50:4a:c5:be:3c:17:65:3e:48:8a:be:5b:ab:
                    38:a9:c7:85:80:fa:82:fe:d8:4b:a4:58:e3:91:b9:
                    ab:71:e0:bb:b7:41:4e:4f:24:62:32:44:ea:73:71:
                    22:ed:d8:8e:eb:ad:ae:8b:48:ee:e3:f2:0b:b6:3e:
                    c6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A2:91:FE:C6:40:51:CD:30:B2:E6:51:7A:F1:5B:D8:61:BF:7E:41
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/hqKR_sZAUc0wsuZRevFb2GG_fkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:0f:4d:c0:35:03:f2:2a:fd:a7:57:f5:d4:e3:d1:32:14:a1:
         68:a8:c2:8b:51:e1:1d:d8:b2:32:7e:c3:09:ab:38:fa:e1:c2:
         01:20:f7:01:aa:f8:f8:18:f4:5d:c9:a7:17:b7:08:84:05:76:
         f9:0f:00:0b:09:e3:26:cf:17:27:b6:47:f5:d2:0a:ac:66:0f:
         7a:2b:f1:a2:88:e0:a6:1c:94:69:05:ed:14:6f:93:99:80:49:
         b5:a7:18:28:e4:85:91:35:f9:c5:f4:d8:14:46:1e:80:e7:25:
         03:8f:cf:ef:73:63:d2:2c:5e:6e:2e:89:0b:58:bd:d9:8c:d4:
         c8:6e:5d:66:60:7b:8d:44:b5:3b:9a:b6:c9:90:ed:06:45:fe:
         e9:95:67:64:74:64:65:8e:cc:ce:05:f3:3e:cf:8a:7b:2a:8e:
         9c:f9:69:64:aa:43:a3:c3:2b:d3:6f:27:92:f6:2b:89:4d:bb:
         0a:27:6d:b5:de:b7:0a:05:00:e3:b6:c8:be:14:58:4b:99:96:
         8f:44:30:64:1c:c7:9f:59:f3:50:dd:a1:6b:2a:ab:52:19:57:
         ba:36:7b:d7:d6:01:f3:c3:01:bb:1b:eb:5b:22:90:d6:32:3f:
         dd:81:ac:ed:e9:16:04:79:91:54:df:90:67:98:bf:c7:44:59:
         b2:e5:86:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2yMeGbMaTW3nKdk/OPSdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmEyOTFmZWM2NDA1MWNkMzBiMmU2NTE3YWYxNWJkODYxYmY3ZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3Fu5d6jAfMRVGGoqiDYMBItquB+
fAYqyuEaRQvUdYtKu/+nnOEjGHgDlmbEaDWUz3/e+2GOT45rKSqtmx/UKkuKNL5H
2ZNLQEewwosS/Nv7Rj9vCU7hb0wOLTE80r8v0VpphEybYap+X9EZ/yd/lHfDasw1
mO70afHjDymBi5PkSgOwXaqZI+wGvPjUjdYRUbO1IbLN+YvPxbSvJ+q581x77GGO
okAIqmzFsLhZLV4zyxVACVPOrkKNmtCzTEH5NvkCOVBKxb48F2U+SIq+W6s4qceF
gPqC/thLpFjjkbmrceC7t0FOTyRiMkTqc3Ei7diO662ui0ju4/ILtj7GQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaikf7GQFHNMLLmUXrxW9hhv35BMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaHFLUl9zWkFVYzB3c3VaUmV2RmIyR0dfZmtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZFQMA0G
CSqGSIb3DQEBCwUAA4IBAQBkD03ANQPyKv2nV/XU49EyFKFoqMKLUeEd2LIyfsMJ
qzj64cIBIPcBqvj4GPRdyacXtwiEBXb5DwALCeMmzxcntkf10gqsZg96K/GiiOCm
HJRpBe0Ub5OZgEm1pxgo5IWRNfnF9NgURh6A5yUDj8/vc2PSLF5uLokLWL3ZjNTI
bl1mYHuNRLU7mrbJkO0GRf7plWdkdGRljszOBfM+z4p7Ko6c+WlkqkOjwyvTbyeS
9iuJTbsKJ2213rcKBQDjtsi+FFhLmZaPRDBkHMefWfNQ3aFrKqtSGVe6NnvX1gHz
wwG7G+tbIpDWMj/dgazt6RYEeZFU35BnmL/HRFmy5YYv
-----END CERTIFICATE-----