Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/hYQ5Af5d91S_vu2hLfWPZokf1ds.roa
File:                     hYQ5Af5d91S_vu2hLfWPZokf1ds.roa (raw, json)
Hash identifier:          b+J2iWbiq5H0kTA4RnCVkz8UkglYOscwMixBlHnjvIw=
Subject key identifier:   85:84:39:01:FE:5D:F7:54:BF:BE:ED:A1:2D:F5:8F:66:89:1F:D5:DB
Certificate issuer:       /CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
Certificate serial:       0194266B4DD0CC695D74A25A16DFF4E1C98F
Authority key identifier: A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/hYQ5Af5d91S_vu2hLfWPZokf1ds.roa
Signing time:             Thu 02 Jan 2025 09:49:13 +0000
ROA not before:           Thu 02 Jan 2025 09:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57091
IP address blocks:        185.185.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4d:d0:cc:69:5d:74:a2:5a:16:df:f4:e1:c9:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8d52cc870606a3f3f32c0fff97cf6931fa65ca3
        Validity
            Not Before: Jan  2 09:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85843901fe5df754bfbeeda12df58f66891fd5db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6d:d3:9b:5b:93:2e:f5:89:4a:61:00:25:4b:
                    41:88:07:b2:36:91:f4:71:e3:da:42:85:af:05:ab:
                    69:ad:ed:f2:18:66:85:a7:d3:f4:d1:67:40:0d:f6:
                    73:fe:80:36:b0:0e:51:77:65:00:83:a0:09:0c:2d:
                    48:6a:e1:3e:bd:ca:7f:13:03:71:08:b9:c4:d0:34:
                    50:f1:d1:4a:f4:7e:bd:c0:7b:64:c4:ab:a3:38:3d:
                    ab:f1:e5:42:bd:23:31:d2:49:28:5a:2b:26:1f:52:
                    fa:6e:f1:3a:5c:6e:00:88:82:4b:f3:89:77:f4:bc:
                    40:f3:b8:6a:17:f0:dd:23:b1:2f:89:70:fb:91:fd:
                    b9:7f:be:00:d7:4f:d8:39:4a:1d:a9:e4:7a:2e:27:
                    55:aa:46:41:fc:67:b5:b6:ac:5b:a4:9c:cf:bb:d4:
                    f5:63:84:20:49:d5:5b:49:30:02:5d:be:17:44:1f:
                    70:a9:2c:a4:50:d1:c8:5d:06:17:0b:a0:ae:ba:f2:
                    0d:ee:b9:b9:82:0e:a1:56:25:21:10:08:78:22:d7:
                    ee:a7:2e:1d:c3:88:b2:66:4a:49:79:af:a3:d5:19:
                    00:73:69:a3:98:34:e8:bd:c8:b2:53:c5:51:ee:81:
                    41:03:90:fb:fd:4d:cb:05:70:2c:d8:70:19:50:a0:
                    72:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:84:39:01:FE:5D:F7:54:BF:BE:ED:A1:2D:F5:8F:66:89:1F:D5:DB
            X509v3 Authority Key Identifier:
                keyid:A8:D5:2C:C8:70:60:6A:3F:3F:32:C0:FF:F9:7C:F6:93:1F:A6:5C:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/hYQ5Af5d91S_vu2hLfWPZokf1ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/fe131d-aa10-4c6b-8128-f55bc8af1506/1/qNUsyHBgaj8_MsD_-Xz2kx-mXKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:de:d0:16:1e:fa:ad:9a:29:86:6f:df:06:e5:01:4b:85:60:
         de:86:5e:d0:bc:d0:14:bc:8c:81:af:93:7e:eb:95:04:e8:ef:
         f2:f4:82:7e:96:70:4b:bd:f0:c8:00:0e:0c:69:5b:ed:06:7d:
         45:fb:ea:97:1e:d5:6d:24:65:ae:28:56:d3:97:28:cc:a6:80:
         59:e1:09:d2:d3:94:05:d9:0a:90:6c:e5:3e:a5:c9:d6:cc:8c:
         8e:53:84:fb:36:b7:b8:bf:a3:3a:74:9e:d0:c1:54:f2:00:f3:
         45:2d:e5:24:14:45:be:b2:c4:ae:a1:d6:a4:cc:21:1b:d6:6d:
         d7:06:4c:cf:dd:8d:d3:2e:ac:c7:b1:f1:3a:29:08:0a:be:5e:
         c5:8e:dd:50:31:31:53:79:48:c6:bd:42:0d:ed:ac:db:52:4b:
         fb:7b:7f:f1:26:e4:26:b9:5b:a3:12:b3:81:98:c2:6e:22:8c:
         b6:78:7e:75:90:dc:d4:6d:76:90:93:fd:71:ad:55:76:4a:4b:
         97:fc:ed:b7:74:c8:9f:91:ee:1b:d3:32:26:83:5c:83:34:b8:
         94:52:74:73:82:bd:fb:40:bc:59:61:40:e2:69:9b:ec:ec:b5:
         d1:bb:73:9d:06:9a:1c:11:25:88:78:2c:85:be:c5:bb:a4:8b:
         c6:43:1b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma03QzGlddKJaFt/04cmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZDUyY2M4NzA2MDZhM2YzZjMyYzBmZmY5N2NmNjkzMWZh
NjVjYTMwHhcNMjUwMTAyMDk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTg0MzkwMWZlNWRmNzU0YmZiZWVkYTEyZGY1OGY2Njg5MWZkNWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo23Tm1uTLvWJSmEAJUtBiAeyNpH0
cePaQoWvBatpre3yGGaFp9P00WdADfZz/oA2sA5Rd2UAg6AJDC1IauE+vcp/EwNx
CLnE0DRQ8dFK9H69wHtkxKujOD2r8eVCvSMx0kkoWismH1L6bvE6XG4AiIJL84l3
9LxA87hqF/DdI7EviXD7kf25f74A10/YOUodqeR6LidVqkZB/Ge1tqxbpJzPu9T1
Y4QgSdVbSTACXb4XRB9wqSykUNHIXQYXC6CuuvIN7rm5gg6hViUhEAh4Itfupy4d
w4iyZkpJea+j1RkAc2mjmDTovciyU8VR7oFBA5D7/U3LBXAs2HAZUKByHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWEOQH+XfdUv77toS31j2aJH9XbMB8GA1UdIwQY
MBaAFKjVLMhwYGo/PzLA//l89pMfplyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgt
ZjU1YmM4YWYxNTA2LzEvaFlRNUFmNWQ5MVNfdnUyaExmV1Bab2tmMWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9mZTEzMWQtYWExMC00YzZiLTgxMjgtZjU1YmM4YWYxNTA2
LzEvcU5Vc3lIQmdhajhfTXNEXy1YejJreC1tWEtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubl4MA0G
CSqGSIb3DQEBCwUAA4IBAQCx3tAWHvqtmimGb98G5QFLhWDehl7QvNAUvIyBr5N+
65UE6O/y9IJ+lnBLvfDIAA4MaVvtBn1F++qXHtVtJGWuKFbTlyjMpoBZ4QnS05QF
2QqQbOU+pcnWzIyOU4T7Nre4v6M6dJ7QwVTyAPNFLeUkFEW+ssSuodakzCEb1m3X
BkzP3Y3TLqzHsfE6KQgKvl7Fjt1QMTFTeUjGvUIN7azbUkv7e3/xJuQmuVujErOB
mMJuIoy2eH51kNzUbXaQk/1xrVV2SkuX/O23dMifke4b0zImg1yDNLiUUnRzgr37
QLxZYUDiaZvs7LXRu3OdBpocESWIeCyFvsW7pIvGQxsp
-----END CERTIFICATE-----