Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/6d85ea-f74a-464b-b4a2-22c08dcbf572/1/hqrXFE_WdAZpvbU8DtXtbD1vN4Q.roa
File:                     hqrXFE_WdAZpvbU8DtXtbD1vN4Q.roa (raw, json)
Hash identifier:          1oIjRglF8UuA7mWKw+/ftzqlofB5I24FV9QLBikPDcQ=
Subject key identifier:   86:AA:D7:14:4F:D6:74:06:69:BD:B5:3C:0E:D5:ED:6C:3D:6F:37:84
Certificate issuer:       /CN=a5d4a5a5d14c8a3b8cb94d1cb46c0d6e2a1c4847
Certificate serial:       018CC80109550589E7B29E1592782F9A8555
Authority key identifier: A5:D4:A5:A5:D1:4C:8A:3B:8C:B9:4D:1C:B4:6C:0D:6E:2A:1C:48:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pdSlpdFMijuMuU0ctGwNbiocSEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/6d85ea-f74a-464b-b4a2-22c08dcbf572/1/hqrXFE_WdAZpvbU8DtXtbD1vN4Q.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205889
IP address blocks:        185.185.172.0/24 maxlen: 24
                          185.185.174.0/24 maxlen: 24
                          185.185.175.0/24 maxlen: 24
                          185.185.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/6d85ea-f74a-464b-b4a2-22c08dcbf572/1/pdSlpdFMijuMuU0ctGwNbiocSEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/6d85ea-f74a-464b-b4a2-22c08dcbf572/1/pdSlpdFMijuMuU0ctGwNbiocSEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pdSlpdFMijuMuU0ctGwNbiocSEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:09:55:05:89:e7:b2:9e:15:92:78:2f:9a:85:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5d4a5a5d14c8a3b8cb94d1cb46c0d6e2a1c4847
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86aad7144fd6740669bdb53c0ed5ed6c3d6f3784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:b3:06:b7:61:cf:0d:1d:2f:3a:77:48:af:8c:
                    1d:97:e7:17:e0:1e:6e:85:9b:df:35:bf:ce:7d:3b:
                    72:da:99:54:29:02:61:f7:e8:9b:c2:ba:fa:c4:cc:
                    88:88:60:c4:4e:f7:8a:54:1c:bb:a3:1b:a6:50:34:
                    f3:0a:e7:68:4c:7e:46:e4:8c:72:ef:c4:23:53:43:
                    2f:38:dc:8a:f2:97:24:55:fc:12:8e:8e:34:8e:64:
                    ad:d4:cd:cd:a0:9b:5e:10:bb:75:ca:f9:2e:12:6d:
                    fa:bd:e8:31:32:14:c7:fb:cb:d0:98:4e:08:6e:70:
                    1c:a6:2a:26:7b:fc:e4:11:6e:b7:41:5b:fc:56:fd:
                    e6:1d:a3:b4:1e:b1:db:95:c6:98:52:b2:d9:64:b2:
                    a2:d3:c3:53:30:32:dc:e0:c4:c3:5c:9f:f9:49:b0:
                    b0:f6:23:c8:42:16:6d:9f:45:7c:2f:00:c4:63:a5:
                    36:36:64:be:4d:74:67:a6:26:c2:dd:fb:fd:38:1a:
                    eb:7c:7c:51:09:16:7e:21:27:96:87:3f:39:fd:a3:
                    dc:de:d3:31:21:f6:c8:1a:93:d4:2f:07:a4:bc:75:
                    40:c6:b7:98:32:b6:a0:81:f8:02:1c:3a:1e:df:f4:
                    a2:4f:67:50:5a:8a:b8:d5:b9:7a:e7:78:a9:53:88:
                    1f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:AA:D7:14:4F:D6:74:06:69:BD:B5:3C:0E:D5:ED:6C:3D:6F:37:84
            X509v3 Authority Key Identifier:
                keyid:A5:D4:A5:A5:D1:4C:8A:3B:8C:B9:4D:1C:B4:6C:0D:6E:2A:1C:48:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pdSlpdFMijuMuU0ctGwNbiocSEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/6d85ea-f74a-464b-b4a2-22c08dcbf572/1/hqrXFE_WdAZpvbU8DtXtbD1vN4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/6d85ea-f74a-464b-b4a2-22c08dcbf572/1/pdSlpdFMijuMuU0ctGwNbiocSEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.185.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:68:1a:ec:e3:0b:9c:ef:f8:c9:46:4c:cf:28:90:e8:96:66:
         f9:43:67:9f:50:de:b5:cf:c9:4b:a7:47:dc:9e:c3:b2:cb:39:
         23:68:05:ae:40:ff:36:2e:5d:58:75:b8:23:b6:d8:aa:b0:87:
         68:c3:af:6b:4c:3f:40:8f:91:a0:36:08:35:46:62:8d:48:80:
         5e:eb:d7:ba:d4:f0:ac:5b:e0:ff:de:ad:cd:3d:de:aa:26:e9:
         90:bc:46:db:92:37:c3:3c:28:b2:b2:e5:e4:62:d9:80:64:1f:
         b3:0b:7b:b8:90:46:44:a6:29:34:7c:49:9c:65:54:e6:8a:bb:
         49:7c:44:2b:8f:73:86:97:8f:5a:b8:ed:d6:0c:73:1c:16:fc:
         dc:80:bd:cb:39:32:6d:c7:a3:55:94:aa:3e:74:b8:e9:9d:86:
         4f:58:5a:41:73:6f:7e:26:e3:07:2d:05:a3:bf:cd:2a:01:37:
         45:15:6a:07:19:63:86:60:45:ba:27:e1:46:c1:4d:1c:e8:63:
         d0:14:7d:e1:51:97:0f:5d:40:8a:99:7e:ec:d6:c7:1d:10:af:
         2f:f2:7d:37:7b:50:26:8d:2c:d6:2d:dd:9b:11:1f:1f:26:08:
         48:28:46:79:2b:9a:15:a2:78:4b:ac:c5:44:12:8c:dc:18:cd:
         eb:fc:5e:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQlVBYnnsp4VkngvmoVVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ZDRhNWE1ZDE0YzhhM2I4Y2I5NGQxY2I0NmMwZDZlMmEx
YzQ4NDcwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmFhZDcxNDRmZDY3NDA2NjliZGI1M2MwZWQ1ZWQ2YzNkNmYzNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgbMGt2HPDR0vOndIr4wdl+cX4B5u
hZvfNb/OfTty2plUKQJh9+ibwrr6xMyIiGDETveKVBy7oxumUDTzCudoTH5G5Ixy
78QjU0MvONyK8pckVfwSjo40jmSt1M3NoJteELt1yvkuEm36vegxMhTH+8vQmE4I
bnAcpiome/zkEW63QVv8Vv3mHaO0HrHblcaYUrLZZLKi08NTMDLc4MTDXJ/5SbCw
9iPIQhZtn0V8LwDEY6U2NmS+TXRnpibC3fv9OBrrfHxRCRZ+ISeWhz85/aPc3tMx
IfbIGpPULwekvHVAxreYMraggfgCHDoe3/SiT2dQWoq41bl653ipU4gfOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaq1xRP1nQGab21PA7V7Ww9bzeEMB8GA1UdIwQY
MBaAFKXUpaXRTIo7jLlNHLRsDW4qHEhHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGRTbHBkRk1panVNdVUwY3RHd05iaW9jU0VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82ZDg1ZWEtZjc0YS00NjRiLWI0YTIt
MjJjMDhkY2JmNTcyLzEvaHFyWEZFX1dkQVpwdmJVOER0WHRiRDF2TjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82ZDg1ZWEtZjc0YS00NjRiLWI0YTItMjJjMDhkY2JmNTcy
LzEvcGRTbHBkRk1panVNdVUwY3RHd05iaW9jU0VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubmsMA0G
CSqGSIb3DQEBCwUAA4IBAQCwaBrs4wuc7/jJRkzPKJDolmb5Q2efUN61z8lLp0fc
nsOyyzkjaAWuQP82Ll1YdbgjttiqsIdow69rTD9Aj5GgNgg1RmKNSIBe69e61PCs
W+D/3q3NPd6qJumQvEbbkjfDPCiysuXkYtmAZB+zC3u4kEZEpik0fEmcZVTmirtJ
fEQrj3OGl49auO3WDHMcFvzcgL3LOTJtx6NVlKo+dLjpnYZPWFpBc29+JuMHLQWj
v80qATdFFWoHGWOGYEW6J+FGwU0c6GPQFH3hUZcPXUCKmX7s1scdEK8v8n03e1Am
jSzWLd2bER8fJghIKEZ5K5oVonhLrMVEEozcGM3r/F77
-----END CERTIFICATE-----