Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/HSMZpQ1ORVrMjR0r3tbc5JVVvdI.roa
File:                     HSMZpQ1ORVrMjR0r3tbc5JVVvdI.roa (raw, json)
Hash identifier:          2oXZjGchLniSYyVhkEOu6HWvjJNrinf7wtCmxWn/JNY=
Subject key identifier:   1D:23:19:A5:0D:4E:45:5A:CC:8D:1D:2B:DE:D6:DC:E4:95:55:BD:D2
Certificate issuer:       /CN=935c42857e302feb14017301e43c39fe45e7f629
Certificate serial:       018CC64B2CBCA8927C0CCF08E9C8EBD84B58
Authority key identifier: 93:5C:42:85:7E:30:2F:EB:14:01:73:01:E4:3C:39:FE:45:E7:F6:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/HSMZpQ1ORVrMjR0r3tbc5JVVvdI.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34766
IP address blocks:        185.214.24.0/22 maxlen: 22
                          2a0b:9440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/k1xChX4wL-sUAXMB5Dw5_kXn9ik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/k1xChX4wL-sUAXMB5Dw5_kXn9ik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2c:bc:a8:92:7c:0c:cf:08:e9:c8:eb:d8:4b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=935c42857e302feb14017301e43c39fe45e7f629
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d2319a50d4e455acc8d1d2bded6dce49555bdd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:55:f5:b5:e7:b4:e3:7e:63:e5:ae:14:6f:74:
                    75:07:23:9a:c0:59:63:0c:56:bc:47:bd:cc:fa:c7:
                    5c:32:4f:36:fd:33:4b:c7:e9:4e:66:70:66:dd:0f:
                    af:37:d5:91:d1:7e:3a:db:3d:01:f3:40:4a:ef:a1:
                    e8:ee:9b:6a:d7:85:37:7e:6c:d1:c3:96:3c:79:05:
                    0b:bb:8d:cb:c2:68:af:30:57:e6:3b:54:bb:83:e7:
                    af:74:cc:2f:f2:d1:6e:2f:8c:ca:73:8b:9c:8c:15:
                    fa:17:0a:c3:88:42:cd:2b:bd:f1:97:2c:c8:94:f7:
                    2f:81:e9:9a:e6:ce:67:85:90:94:99:21:e3:83:8d:
                    9c:0d:59:2f:75:8b:24:81:39:ef:a4:90:eb:a3:2a:
                    87:0a:6b:9d:2f:90:c0:ea:97:36:ff:ae:a9:a9:ed:
                    73:1b:3f:fd:a9:36:31:2e:57:3a:34:69:99:11:49:
                    04:3d:9d:18:27:c3:1b:d9:7f:89:46:0a:37:ba:e5:
                    6f:09:5d:fb:f7:44:bd:c6:b3:db:2b:00:0a:fd:fc:
                    50:2d:f3:94:c4:39:fa:53:18:99:c8:fa:f0:e8:d2:
                    4e:17:bb:71:3e:0c:ea:cd:b1:5d:4c:05:71:5d:70:
                    db:29:7d:7d:5e:f4:cd:79:c2:f3:c2:fd:c2:a7:c5:
                    92:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:23:19:A5:0D:4E:45:5A:CC:8D:1D:2B:DE:D6:DC:E4:95:55:BD:D2
            X509v3 Authority Key Identifier:
                keyid:93:5C:42:85:7E:30:2F:EB:14:01:73:01:E4:3C:39:FE:45:E7:F6:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/HSMZpQ1ORVrMjR0r3tbc5JVVvdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/k1xChX4wL-sUAXMB5Dw5_kXn9ik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.24.0/22
                IPv6:
                  2a0b:9440::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:b3:5f:86:8b:da:76:4e:fa:d7:13:f6:5c:87:a8:93:fe:07:
         7d:70:aa:33:1d:fc:9f:cc:9e:52:f0:12:02:dc:60:9c:c1:18:
         18:b2:36:e2:b2:b2:bb:fc:bb:9d:23:92:fd:1f:c2:57:ec:ab:
         3f:35:0a:f6:5f:64:d5:87:98:ac:18:48:6c:c8:b3:77:7e:0c:
         b8:65:76:d7:25:57:a7:78:6f:c5:43:ca:5d:93:f0:d0:7e:84:
         56:91:f2:55:3e:80:8e:13:6c:e7:90:6c:ce:13:bc:e9:ef:67:
         73:d1:df:11:0f:89:cc:a7:ad:66:d5:3f:f4:7f:09:04:a8:fe:
         4b:24:01:2a:2c:0b:60:88:bf:5b:74:99:2c:91:03:46:81:48:
         8a:aa:ca:57:d2:dc:06:21:c0:ae:43:45:45:9a:d2:27:7e:eb:
         6e:33:f9:f3:2a:10:b7:76:b7:6e:45:36:b9:5d:0b:5f:73:2c:
         3c:42:62:7b:88:e6:87:d8:23:21:41:cf:4c:7d:7a:ae:87:60:
         30:84:50:35:49:d7:00:bb:c4:32:03:b3:8c:a8:87:d9:01:00:
         1e:21:e5:e3:23:d5:73:5a:d9:13:76:2a:a8:5e:99:a0:39:24:
         6d:b1:42:fc:08:6e:5e:ec:f1:3b:44:b9:d5:c2:9e:fa:49:28:
         16:e8:14:ab
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSyy8qJJ8DM8I6cjr2EtYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNWM0Mjg1N2UzMDJmZWIxNDAxNzMwMWU0M2MzOWZlNDVl
N2Y2MjkwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDIzMTlhNTBkNGU0NTVhY2M4ZDFkMmJkZWQ2ZGNlNDk1NTViZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVX1tee0435j5a4Ub3R1ByOawFlj
DFa8R73M+sdcMk82/TNLx+lOZnBm3Q+vN9WR0X462z0B80BK76Ho7ptq14U3fmzR
w5Y8eQULu43LwmivMFfmO1S7g+evdMwv8tFuL4zKc4ucjBX6FwrDiELNK73xlyzI
lPcvgema5s5nhZCUmSHjg42cDVkvdYskgTnvpJDroyqHCmudL5DA6pc2/66pqe1z
Gz/9qTYxLlc6NGmZEUkEPZ0YJ8Mb2X+JRgo3uuVvCV3790S9xrPbKwAK/fxQLfOU
xDn6UxiZyPrw6NJOF7txPgzqzbFdTAVxXXDbKX19XvTNecLzwv3Cp8WSawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB0jGaUNTkVazI0dK97W3OSVVb3SMB8GA1UdIwQY
MBaAFJNcQoV+MC/rFAFzAeQ8Of5F5/YpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazF4Q2hYNHdMLXNVQVhNQjVEdzVfa1huOWlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81NWU1MjktYjgzOS00NDRmLTg3MmQt
MWJmZDEwYTg4NDVhLzEvSFNNWnBRMU9SVnJNalIwcjN0YmM1SlZWdmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81NWU1MjktYjgzOS00NDRmLTg3MmQtMWJmZDEwYTg4NDVh
LzEvazF4Q2hYNHdMLXNVQVhNQjVEdzVfa1huOWlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudYYMA0E
AgACMAcDBQMqC5RAMA0GCSqGSIb3DQEBCwUAA4IBAQAKs1+Gi9p2TvrXE/Zch6iT
/gd9cKozHfyfzJ5S8BIC3GCcwRgYsjbisrK7/LudI5L9H8JX7Ks/NQr2X2TVh5is
GEhsyLN3fgy4ZXbXJVeneG/FQ8pdk/DQfoRWkfJVPoCOE2znkGzOE7zp72dz0d8R
D4nMp61m1T/0fwkEqP5LJAEqLAtgiL9bdJkskQNGgUiKqspX0twGIcCuQ0VFmtIn
futuM/nzKhC3drduRTa5XQtfcyw8QmJ7iOaH2CMhQc9MfXquh2AwhFA1SdcAu8Qy
A7OMqIfZAQAeIeXjI9VzWtkTdiqoXpmgOSRtsUL8CG5e7PE7RLnVwp76SSgW6BSr
-----END CERTIFICATE-----