Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/H5AdAh_vNrNKce_D2i_5Qb3mgTY.roa
File:                     H5AdAh_vNrNKce_D2i_5Qb3mgTY.roa (raw, json)
Hash identifier:          UIN878tf+QYXZnGfkoxoXh/SWB0Qsd/lRZ60epVJojA=
Subject key identifier:   1F:90:1D:02:1F:EF:36:B3:4A:71:EF:C3:DA:2F:F9:41:BD:E6:81:36
Certificate issuer:       /CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
Certificate serial:       018CC2DB460444FE3FD81CD361EA7288779F
Authority key identifier: B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/H5AdAh_vNrNKce_D2i_5Qb3mgTY.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.67.211.0/24 maxlen: 24
                          185.67.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Jun 2024 04:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:04:44:fe:3f:d8:1c:d3:61:ea:72:88:77:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f901d021fef36b34a71efc3da2ff941bde68136
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:37:ff:82:50:95:2a:6e:a7:4c:66:95:b3:ca:
                    9c:14:67:29:87:81:19:3e:ae:0f:da:48:27:4b:07:
                    cc:5e:bf:aa:9c:d3:62:1c:dc:dd:17:b7:51:95:07:
                    fa:8d:cb:1e:89:31:bc:e4:5f:7c:5b:ad:2a:c4:34:
                    20:4c:7b:66:85:8a:1b:a1:0c:bd:3f:da:30:de:3c:
                    11:ef:5c:5b:08:af:be:a4:6d:a4:86:f4:de:e3:7c:
                    c8:1f:a5:84:89:fd:58:1c:75:f8:74:c6:98:88:72:
                    b6:95:4b:c3:b0:af:04:64:8f:81:1f:b7:0a:38:f5:
                    9b:dc:0d:10:cf:02:50:26:a3:2a:c8:ea:76:6d:c4:
                    1f:c3:0e:c6:aa:0d:58:f6:c3:1f:90:e6:c6:4d:27:
                    b2:38:a6:67:aa:10:26:be:80:df:45:9b:cc:1c:a8:
                    ca:03:2f:3d:73:17:75:bf:4e:4f:77:95:a8:5e:56:
                    18:13:7e:93:ba:6a:38:1b:99:97:ec:2b:3f:dc:44:
                    13:bf:a3:42:92:02:14:ec:e8:72:2d:da:ad:48:5e:
                    e9:3b:d5:39:5f:ea:e3:61:2c:82:e8:2d:e0:11:e5:
                    15:80:cc:ea:cf:dd:a3:67:d4:42:33:a8:42:c4:e5:
                    e8:32:09:06:63:95:a1:4d:53:2a:a9:62:6a:b5:4f:
                    7f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:90:1D:02:1F:EF:36:B3:4A:71:EF:C3:DA:2F:F9:41:BD:E6:81:36
            X509v3 Authority Key Identifier:
                keyid:B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/H5AdAh_vNrNKce_D2i_5Qb3mgTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:54:94:2c:b4:eb:ff:b9:1f:1c:52:b6:74:e5:e1:8c:c5:25:
         82:ae:9f:11:c5:ba:2b:a3:8f:15:05:74:ae:8a:86:27:35:7c:
         48:a1:0b:a6:be:1e:f2:d0:8d:aa:df:b2:1f:03:8a:a5:66:25:
         e4:4c:ed:05:52:d2:de:d1:f4:b3:dc:23:19:18:0a:08:f6:6a:
         62:f4:a7:5e:5c:9b:e5:71:65:b9:a6:4d:30:e9:9a:df:3f:3b:
         ec:de:1f:8f:53:fc:e6:74:35:80:89:6e:14:57:0f:99:0a:46:
         8c:5c:ae:8e:2d:0e:6b:5e:02:dd:c8:b4:99:fb:a6:8e:55:35:
         83:73:35:4b:9e:c0:73:16:92:79:f7:b6:a5:76:2b:ea:32:f0:
         07:cc:76:ea:76:f8:74:3e:b1:37:69:d5:80:ef:fc:88:6a:7c:
         22:4c:59:0f:27:33:78:b7:f6:39:ad:87:ce:c7:f1:23:68:aa:
         b2:3f:98:e8:6d:c2:b5:0b:9e:b5:1c:b5:92:1b:ba:92:a7:7e:
         3a:3f:8e:40:a5:a5:6b:a0:ac:26:5d:bd:5a:d1:07:d1:55:6b:
         0b:b1:28:cb:c1:c9:ff:33:66:ae:63:09:91:df:61:72:17:30:
         13:43:35:f6:38:5c:b0:e1:37:ee:52:29:1c:bc:92:30:51:45:
         8a:fb:43:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20YERP4/2BzTYepyiHefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMTY4ZDA2MmEwYzJlNjE2NmE4MjYyYzRkNzI5OGQ3NmRl
ZGQwNGYwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjkwMWQwMjFmZWYzNmIzNGE3MWVmYzNkYTJmZjk0MWJkZTY4MTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzf/glCVKm6nTGaVs8qcFGcph4EZ
Pq4P2kgnSwfMXr+qnNNiHNzdF7dRlQf6jcseiTG85F98W60qxDQgTHtmhYoboQy9
P9ow3jwR71xbCK++pG2khvTe43zIH6WEif1YHHX4dMaYiHK2lUvDsK8EZI+BH7cK
OPWb3A0QzwJQJqMqyOp2bcQfww7Gqg1Y9sMfkObGTSeyOKZnqhAmvoDfRZvMHKjK
Ay89cxd1v05Pd5WoXlYYE36Tumo4G5mX7Cs/3EQTv6NCkgIU7OhyLdqtSF7pO9U5
X+rjYSyC6C3gEeUVgMzqz92jZ9RCM6hCxOXoMgkGY5WhTVMqqWJqtU9/DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+QHQIf7zazSnHvw9ov+UG95oE2MB8GA1UdIwQY
MBaAFLEWjQYqDC5hZqgmLE1ymNdt7dBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMt
OTY1YTM0MTgwMTM2LzEvSDVBZEFoX3ZOck5LY2VfRDJpXzVRYjNtZ1RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMtOTY1YTM0MTgwMTM2
LzEvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUPSMA0G
CSqGSIb3DQEBCwUAA4IBAQBIVJQstOv/uR8cUrZ05eGMxSWCrp8Rxboro48VBXSu
ioYnNXxIoQumvh7y0I2q37IfA4qlZiXkTO0FUtLe0fSz3CMZGAoI9mpi9KdeXJvl
cWW5pk0w6ZrfPzvs3h+PU/zmdDWAiW4UVw+ZCkaMXK6OLQ5rXgLdyLSZ+6aOVTWD
czVLnsBzFpJ597aldivqMvAHzHbqdvh0PrE3adWA7/yIanwiTFkPJzN4t/Y5rYfO
x/EjaKqyP5jobcK1C561HLWSG7qSp346P45ApaVroKwmXb1a0QfRVWsLsSjLwcn/
M2auYwmR32FyFzATQzX2OFyw4TfuUikcvJIwUUWK+0OS
-----END CERTIFICATE-----