Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/HozWkOEz2cw860ZPCwFqB_n2az8.roa
File:                     HozWkOEz2cw860ZPCwFqB_n2az8.roa (raw, json)
Hash identifier:          eNmhcFmFq9ZAW7Ufg4aI/WWdHWjNzFWkScNTYq8IBqg=
Subject key identifier:   1E:8C:D6:90:E1:33:D9:CC:3C:EB:46:4F:0B:01:6A:07:F9:F6:6B:3F
Certificate issuer:       /CN=bda3d0bb422b0bca706716c20f7ad58dd2765471
Certificate serial:       018CC64AE28653214FA180B78D381891197C
Authority key identifier: BD:A3:D0:BB:42:2B:0B:CA:70:67:16:C2:0F:7A:D5:8D:D2:76:54:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/HozWkOEz2cw860ZPCwFqB_n2az8.roa
Signing time:             Mon 01 Jan 2024 18:30:45 +0000
ROA not before:           Mon 01 Jan 2024 18:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61415
IP address blocks:        185.7.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:e2:86:53:21:4f:a1:80:b7:8d:38:18:91:19:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda3d0bb422b0bca706716c20f7ad58dd2765471
        Validity
            Not Before: Jan  1 18:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e8cd690e133d9cc3ceb464f0b016a07f9f66b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:67:35:b1:dc:97:33:df:a5:27:4a:5c:8c:51:
                    2a:00:63:a0:11:45:f2:c3:31:14:1d:28:a3:59:20:
                    9b:4f:03:86:42:db:ba:f7:78:f6:da:ee:44:29:9f:
                    5d:09:4f:ba:33:34:ec:eb:6e:6f:6e:c2:de:57:fc:
                    23:44:ec:0c:1e:a3:ce:58:d4:f4:0f:ee:a5:17:ba:
                    7e:80:0c:5f:64:50:ab:b8:ce:a5:6a:6f:22:a7:62:
                    b5:1f:05:33:e8:08:7d:86:4f:00:03:a6:04:36:23:
                    92:d1:0a:f6:e5:5e:f6:cd:b9:87:74:45:a5:8b:3c:
                    05:25:04:70:1e:23:41:45:63:3c:6c:f9:2d:68:76:
                    eb:c9:36:31:d8:72:b5:28:f5:9e:e1:33:65:07:db:
                    79:06:5f:63:0d:8b:5d:92:8e:dd:a7:6b:3e:56:8e:
                    f7:7a:5c:0f:dc:df:1e:52:a4:ac:96:1e:92:06:9d:
                    0d:65:3e:e2:51:cf:0d:ee:0b:4a:d7:6b:89:5c:96:
                    7f:b9:d8:49:a6:98:01:3a:71:a0:fc:c6:7d:a0:a4:
                    5e:dc:43:97:62:7d:b0:f4:34:50:2a:a6:ec:c6:ca:
                    40:66:d5:af:64:51:de:ef:d0:a5:74:7b:70:74:d4:
                    dd:17:14:1a:51:c0:7e:7e:94:36:14:38:ed:00:d8:
                    f3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:8C:D6:90:E1:33:D9:CC:3C:EB:46:4F:0B:01:6A:07:F9:F6:6B:3F
            X509v3 Authority Key Identifier:
                keyid:BD:A3:D0:BB:42:2B:0B:CA:70:67:16:C2:0F:7A:D5:8D:D2:76:54:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/HozWkOEz2cw860ZPCwFqB_n2az8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f8a46e-bdfd-4df6-8261-f23283601764/1/vaPQu0IrC8pwZxbCD3rVjdJ2VHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:6e:c1:5a:1f:9b:20:24:8a:89:cf:ba:b0:bc:a3:2d:38:69:
         d3:fa:bd:04:76:dc:20:d5:55:ed:d3:45:b7:9b:0f:c1:b2:95:
         05:26:45:78:30:43:00:9a:8f:c1:08:4e:40:15:2a:1a:7c:7d:
         6f:d6:3c:be:52:64:bb:2c:57:cf:3f:8a:4f:ef:b7:11:2a:09:
         4d:be:ba:e4:e4:b3:e3:b3:ba:d2:57:46:1a:f1:db:ad:3c:9f:
         24:23:24:ca:40:8a:28:74:85:1c:26:b4:8b:b2:c7:6c:6f:84:
         29:f4:3c:66:93:8b:00:ae:a2:be:dc:cb:a0:f4:ac:77:42:72:
         90:b9:b8:f1:d6:37:16:06:43:38:37:0c:e8:71:c8:a7:45:37:
         a9:fa:67:6d:12:a7:83:ec:3b:26:8c:4c:0d:71:be:0d:2f:df:
         c9:4a:30:2b:a7:24:58:9a:7d:32:83:5a:75:4f:f9:c9:e9:8d:
         d8:c2:d2:18:cb:57:bd:9b:12:14:60:fb:31:16:e4:00:8d:6c:
         ac:57:39:c3:09:ba:23:2d:6b:4d:d8:92:7b:88:86:38:56:e4:
         83:78:10:0c:73:49:83:fe:d9:32:a9:56:e9:be:2f:14:2d:7a:
         f9:a6:31:8f:08:72:9b:c0:bd:ae:3b:a1:2d:43:31:e8:3c:10:
         24:02:9e:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSuKGUyFPoYC3jTgYkRl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTNkMGJiNDIyYjBiY2E3MDY3MTZjMjBmN2FkNThkZDI3
NjU0NzEwHhcNMjQwMTAxMTgzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZThjZDY5MGUxMzNkOWNjM2NlYjQ2NGYwYjAxNmEwN2Y5ZjY2YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmc1sdyXM9+lJ0pcjFEqAGOgEUXy
wzEUHSijWSCbTwOGQtu693j22u5EKZ9dCU+6MzTs625vbsLeV/wjROwMHqPOWNT0
D+6lF7p+gAxfZFCruM6lam8ip2K1HwUz6Ah9hk8AA6YENiOS0Qr25V72zbmHdEWl
izwFJQRwHiNBRWM8bPktaHbryTYx2HK1KPWe4TNlB9t5Bl9jDYtdko7dp2s+Vo73
elwP3N8eUqSslh6SBp0NZT7iUc8N7gtK12uJXJZ/udhJppgBOnGg/MZ9oKRe3EOX
Yn2w9DRQKqbsxspAZtWvZFHe79CldHtwdNTdFxQaUcB+fpQ2FDjtANjzdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6M1pDhM9nMPOtGTwsBagf59ms/MB8GA1UdIwQY
MBaAFL2j0LtCKwvKcGcWwg961Y3SdlRxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFQUXUwSXJDOHB3WnhiQ0QzclZqZEoyVkhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mOGE0NmUtYmRmZC00ZGY2LTgyNjEt
ZjIzMjgzNjAxNzY0LzEvSG96V2tPRXoyY3c4NjBaUEN3RnFCX24yYXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mOGE0NmUtYmRmZC00ZGY2LTgyNjEtZjIzMjgzNjAxNzY0
LzEvdmFQUXUwSXJDOHB3WnhiQ0QzclZqZEoyVkhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQc4MA0G
CSqGSIb3DQEBCwUAA4IBAQBXbsFaH5sgJIqJz7qwvKMtOGnT+r0Edtwg1VXt00W3
mw/BspUFJkV4MEMAmo/BCE5AFSoafH1v1jy+UmS7LFfPP4pP77cRKglNvrrk5LPj
s7rSV0Ya8dutPJ8kIyTKQIoodIUcJrSLssdsb4Qp9Dxmk4sArqK+3Mug9Kx3QnKQ
ubjx1jcWBkM4NwzoccinRTep+mdtEqeD7DsmjEwNcb4NL9/JSjArpyRYmn0yg1p1
T/nJ6Y3YwtIYy1e9mxIUYPsxFuQAjWysVznDCbojLWtN2JJ7iIY4VuSDeBAMc0mD
/tkyqVbpvi8ULXr5pjGPCHKbwL2uO6EtQzHoPBAkAp7Q
-----END CERTIFICATE-----