Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/fHfRNL2AuMB_Ux6P2U9Iynwbj6o.roa
File:                     fHfRNL2AuMB_Ux6P2U9Iynwbj6o.roa (raw, json)
Hash identifier:          pCzJcSu4qZHpf9zmDhWomz3HNc4hzE4anyN9tsHGSKQ=
Subject key identifier:   7C:77:D1:34:BD:80:B8:C0:7F:53:1E:8F:D9:4F:48:CA:7C:1B:8F:AA
Certificate issuer:       /CN=6d146056f0fbbde618bff011c0f22ba74a5832b7
Certificate serial:       018CC7957D7C80F8070ABD3D1EAC1E9D08C6
Authority key identifier: 6D:14:60:56:F0:FB:BD:E6:18:BF:F0:11:C0:F2:2B:A7:4A:58:32:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/fHfRNL2AuMB_Ux6P2U9Iynwbj6o.roa
Signing time:             Tue 02 Jan 2024 00:31:52 +0000
ROA not before:           Tue 02 Jan 2024 00:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48362
IP address blocks:        185.101.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/bRRgVvD7veYYv_ARwPIrp0pYMrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/bRRgVvD7veYYv_ARwPIrp0pYMrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:7d:7c:80:f8:07:0a:bd:3d:1e:ac:1e:9d:08:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d146056f0fbbde618bff011c0f22ba74a5832b7
        Validity
            Not Before: Jan  2 00:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c77d134bd80b8c07f531e8fd94f48ca7c1b8faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:0c:19:92:f9:d9:22:29:5b:5c:65:ef:f0:ad:
                    28:5f:04:31:84:f4:b1:7c:a2:37:7d:07:cd:97:db:
                    d3:21:fd:fd:24:5a:de:ac:a2:d2:3a:ea:f2:19:48:
                    f5:7a:14:6d:12:71:5f:50:94:87:e3:c9:e6:6e:ee:
                    37:dc:8d:6c:c2:0d:da:b5:46:ff:77:26:b5:a1:c8:
                    8f:8b:55:cc:5a:90:18:b0:81:0a:a2:c9:94:fd:20:
                    81:e7:95:f1:b9:0d:73:4b:07:8b:5d:a7:58:1a:d2:
                    28:26:63:de:cf:ad:97:9d:ba:4e:55:65:27:a3:51:
                    93:18:e2:31:48:a3:83:29:8b:04:1a:bb:73:e0:41:
                    04:6f:44:23:59:1d:ec:15:f6:29:76:5b:ee:4b:70:
                    e4:f6:ab:85:36:14:0a:03:ef:a5:fb:18:a0:0a:fe:
                    d9:bb:2b:fb:2b:a4:15:a6:91:55:a2:76:8e:53:57:
                    0b:98:1b:7c:84:3f:68:12:6e:b0:ba:2a:9a:0a:b1:
                    ae:c8:2f:85:10:52:ab:6a:1b:2f:ac:e3:48:51:85:
                    6f:2b:41:11:2b:c6:ad:40:7f:1e:02:83:9b:b9:fe:
                    4d:af:76:c3:7f:f0:92:fc:25:14:32:bd:d7:ba:ee:
                    db:9a:56:a1:61:18:c9:8f:b0:c8:c6:03:ba:5f:b3:
                    34:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:77:D1:34:BD:80:B8:C0:7F:53:1E:8F:D9:4F:48:CA:7C:1B:8F:AA
            X509v3 Authority Key Identifier:
                keyid:6D:14:60:56:F0:FB:BD:E6:18:BF:F0:11:C0:F2:2B:A7:4A:58:32:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bRRgVvD7veYYv_ARwPIrp0pYMrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/fHfRNL2AuMB_Ux6P2U9Iynwbj6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/589db9-e22b-4d64-94b4-8ecf751057ac/1/bRRgVvD7veYYv_ARwPIrp0pYMrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ea:34:ba:a3:82:57:6b:2a:03:ec:96:88:9f:9e:4f:b0:c1:31:
         0e:dc:3a:2f:b5:fb:1f:b8:52:f0:cb:7f:8b:79:17:56:20:69:
         22:84:ef:b9:1c:20:09:ec:4b:72:37:00:e7:a7:72:bc:7c:a5:
         04:85:bf:2c:3a:5b:1f:87:1f:1d:a5:f6:c3:72:07:ee:31:0f:
         37:0b:bc:05:f8:ca:7b:ab:7b:ab:44:41:ba:2c:65:12:72:16:
         30:e1:cc:a6:67:94:25:17:d2:78:f4:57:ee:c0:fc:87:6e:e2:
         22:1e:24:61:cc:8b:f3:12:c3:d8:b7:c6:08:91:a4:6e:bc:cb:
         67:31:b8:42:7a:f3:26:3f:49:ff:47:e2:17:4b:5d:2a:75:6c:
         5b:b8:7d:49:60:87:cb:86:1a:23:09:94:54:28:2e:a7:08:1d:
         94:08:41:e2:3e:80:29:b8:20:c7:c1:8f:ac:3d:f5:b7:bc:12:
         14:eb:7e:c3:44:70:22:8b:75:62:64:00:8f:bc:cc:e4:a4:63:
         f6:d2:9f:c9:b1:00:31:b9:8f:b8:de:0e:ac:f7:f4:e1:97:61:
         21:8b:56:73:41:32:a6:02:8c:cd:2c:8b:da:96:af:6c:b7:e4:
         31:02:92:7b:6d:a0:e7:a6:93:78:5d:e1:9c:ed:81:5b:9a:fb:
         ed:36:ee:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlX18gPgHCr09HqwenQjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMTQ2MDU2ZjBmYmJkZTYxOGJmZjAxMWMwZjIyYmE3NGE1
ODMyYjcwHhcNMjQwMTAyMDAzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzc3ZDEzNGJkODBiOGMwN2Y1MzFlOGZkOTRmNDhjYTdjMWI4ZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAwZkvnZIilbXGXv8K0oXwQxhPSx
fKI3fQfNl9vTIf39JFrerKLSOuryGUj1ehRtEnFfUJSH48nmbu433I1swg3atUb/
dya1ociPi1XMWpAYsIEKosmU/SCB55XxuQ1zSweLXadYGtIoJmPez62XnbpOVWUn
o1GTGOIxSKODKYsEGrtz4EEEb0QjWR3sFfYpdlvuS3Dk9quFNhQKA++l+xigCv7Z
uyv7K6QVppFVonaOU1cLmBt8hD9oEm6wuiqaCrGuyC+FEFKrahsvrONIUYVvK0ER
K8atQH8eAoObuf5Nr3bDf/CS/CUUMr3Xuu7bmlahYRjJj7DIxgO6X7M0KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHx30TS9gLjAf1Mej9lPSMp8G4+qMB8GA1UdIwQY
MBaAFG0UYFbw+73mGL/wEcDyK6dKWDK3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlJSZ1Z2RDd2ZVlZdl9BUndQSXJwMHBZTXJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ODlkYjktZTIyYi00ZDY0LTk0YjQt
OGVjZjc1MTA1N2FjLzEvZkhmUk5MMkF1TUJfVXg2UDJVOUl5bndiajZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ODlkYjktZTIyYi00ZDY0LTk0YjQtOGVjZjc1MTA1N2Fj
LzEvYlJSZ1Z2RDd2ZVlZdl9BUndQSXJwMHBZTXJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUIMA0G
CSqGSIb3DQEBCwUAA4IBAQDqNLqjgldrKgPsloifnk+wwTEO3DovtfsfuFLwy3+L
eRdWIGkihO+5HCAJ7EtyNwDnp3K8fKUEhb8sOlsfhx8dpfbDcgfuMQ83C7wF+Mp7
q3urREG6LGUSchYw4cymZ5QlF9J49FfuwPyHbuIiHiRhzIvzEsPYt8YIkaRuvMtn
MbhCevMmP0n/R+IXS10qdWxbuH1JYIfLhhojCZRUKC6nCB2UCEHiPoApuCDHwY+s
PfW3vBIU637DRHAii3ViZACPvMzkpGP20p/JsQAxuY+43g6s9/Thl2Ehi1ZzQTKm
AozNLIvalq9st+QxApJ7baDnppN4XeGc7YFbmvvtNu4L
-----END CERTIFICATE-----