Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/52a6de-7232-49b1-91c7-cfdfcd4ee0f2/1/HTRRZNGy_vj4n58lpc4-YXu_iPk.roa
File:                     HTRRZNGy_vj4n58lpc4-YXu_iPk.roa (raw, json)
Hash identifier:          SgzKSSdo04AHLljocxfjekJY2srz4qTqXDAHOHPKSpU=
Subject key identifier:   1D:34:51:64:D1:B2:FE:F8:F8:9F:9F:25:A5:CE:3E:61:7B:BF:88:F9
Certificate issuer:       /CN=408562e2b8961b22e29c762d6c990331ba36666f
Certificate serial:       018CCA2BE8224727F5F36EB643D5A6B76ED4
Authority key identifier: 40:85:62:E2:B8:96:1B:22:E2:9C:76:2D:6C:99:03:31:BA:36:66:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIVi4riWGyLinHYtbJkDMbo2Zm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/52a6de-7232-49b1-91c7-cfdfcd4ee0f2/1/HTRRZNGy_vj4n58lpc4-YXu_iPk.roa
Signing time:             Tue 02 Jan 2024 12:35:24 +0000
ROA not before:           Tue 02 Jan 2024 12:35:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50795
IP address blocks:        185.83.82.0/23 maxlen: 23
                          185.83.80.0/22 maxlen: 22
                          185.83.80.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/52a6de-7232-49b1-91c7-cfdfcd4ee0f2/1/QIVi4riWGyLinHYtbJkDMbo2Zm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/52a6de-7232-49b1-91c7-cfdfcd4ee0f2/1/QIVi4riWGyLinHYtbJkDMbo2Zm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QIVi4riWGyLinHYtbJkDMbo2Zm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:e8:22:47:27:f5:f3:6e:b6:43:d5:a6:b7:6e:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408562e2b8961b22e29c762d6c990331ba36666f
        Validity
            Not Before: Jan  2 12:35:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d345164d1b2fef8f89f9f25a5ce3e617bbf88f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:01:db:b9:df:47:56:e7:d3:62:38:8b:61:18:
                    b7:3d:5c:2d:64:d8:bd:c0:4a:8e:8f:9b:ed:65:63:
                    67:02:ee:e9:b5:8c:8f:54:71:3d:93:4c:22:c8:42:
                    b1:cc:39:f0:81:e1:1a:a5:76:51:a3:f9:e9:c6:30:
                    1e:36:6c:05:76:5e:b7:d3:e6:02:18:87:a0:d4:2b:
                    0b:bb:fc:60:17:48:19:30:70:74:71:a7:9e:2e:23:
                    50:47:46:a4:95:97:bf:26:20:34:a6:1f:f7:10:f5:
                    26:2c:24:55:b4:83:d3:f9:37:36:31:d8:f9:95:67:
                    8c:f9:ae:db:0f:b0:54:50:4e:88:26:1f:0c:48:60:
                    a7:85:dd:c3:15:43:43:41:cb:de:e6:a2:59:2b:0b:
                    46:d7:bb:f6:d7:de:f1:c9:2f:1d:54:39:8e:4b:af:
                    81:7d:59:46:f0:60:25:3c:e5:e7:c0:ca:cf:07:ae:
                    83:88:b5:ba:95:45:e2:a3:13:45:e5:49:35:d5:84:
                    4a:b0:44:48:9a:4a:23:71:50:e2:bc:8e:42:b6:1e:
                    39:50:da:32:86:52:6a:7a:cf:76:a8:95:b2:24:5d:
                    d6:f8:ad:9c:6a:d5:2b:24:70:de:47:ff:13:43:67:
                    0b:97:67:15:48:4d:7e:58:1f:23:85:ba:99:c9:cb:
                    15:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:34:51:64:D1:B2:FE:F8:F8:9F:9F:25:A5:CE:3E:61:7B:BF:88:F9
            X509v3 Authority Key Identifier:
                keyid:40:85:62:E2:B8:96:1B:22:E2:9C:76:2D:6C:99:03:31:BA:36:66:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIVi4riWGyLinHYtbJkDMbo2Zm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/52a6de-7232-49b1-91c7-cfdfcd4ee0f2/1/HTRRZNGy_vj4n58lpc4-YXu_iPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/52a6de-7232-49b1-91c7-cfdfcd4ee0f2/1/QIVi4riWGyLinHYtbJkDMbo2Zm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:dc:f0:5f:96:f6:cd:1d:0e:86:d9:68:a3:45:32:dd:b1:7a:
         b5:e6:89:bf:da:e2:d2:d0:01:c3:7c:63:39:e4:b7:2c:dc:e4:
         7d:94:35:40:76:5b:7d:dc:fa:bc:2f:dc:8b:26:80:ef:96:78:
         d0:d3:4a:0a:46:b8:45:57:23:21:88:19:9f:aa:59:70:ad:79:
         cd:65:41:3f:60:f5:a3:bc:4e:c6:56:73:4d:2d:6f:69:b0:c9:
         0b:2d:00:f7:f0:44:7f:be:fc:4f:7e:88:39:08:a2:a7:9b:1b:
         b1:a0:24:e6:3a:c1:c4:41:ae:a8:a5:0e:1c:76:5d:c5:a7:b0:
         a8:7f:e8:20:55:92:bb:09:de:68:48:66:03:ce:e7:d0:fb:ce:
         a2:bf:84:5c:4e:75:28:d0:c8:fa:6c:10:82:35:3f:a2:c7:6b:
         cc:51:24:69:86:95:01:d5:f8:ab:83:d9:a7:42:aa:19:78:3c:
         e7:29:7e:7e:26:94:1c:01:92:8e:64:89:7d:fc:1f:f3:55:47:
         b9:2b:b2:e9:4e:c8:d6:e0:03:ba:a4:b6:7e:ef:a0:99:b6:b4:
         6a:08:64:64:93:66:76:87:f0:75:c9:5b:87:25:52:f8:cc:0d:
         1c:5c:c0:00:be:e1:d2:75:81:2f:5e:4c:82:c2:11:2b:f9:c2:
         4b:09:7a:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK+giRyf18262Q9Wmt27UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwODU2MmUyYjg5NjFiMjJlMjljNzYyZDZjOTkwMzMxYmEz
NjY2NmYwHhcNMjQwMTAyMTIzNTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDM0NTE2NGQxYjJmZWY4Zjg5ZjlmMjVhNWNlM2U2MTdiYmY4OGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAHbud9HVufTYjiLYRi3PVwtZNi9
wEqOj5vtZWNnAu7ptYyPVHE9k0wiyEKxzDnwgeEapXZRo/npxjAeNmwFdl630+YC
GIeg1CsLu/xgF0gZMHB0caeeLiNQR0aklZe/JiA0ph/3EPUmLCRVtIPT+Tc2Mdj5
lWeM+a7bD7BUUE6IJh8MSGCnhd3DFUNDQcve5qJZKwtG17v2197xyS8dVDmOS6+B
fVlG8GAlPOXnwMrPB66DiLW6lUXioxNF5Uk11YRKsERImkojcVDivI5Cth45UNoy
hlJqes92qJWyJF3W+K2catUrJHDeR/8TQ2cLl2cVSE1+WB8jhbqZycsVzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB00UWTRsv74+J+fJaXOPmF7v4j5MB8GA1UdIwQY
MBaAFECFYuK4lhsi4px2LWyZAzG6NmZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlWaTRyaVdHeUxpbkhZdGJKa0RNYm8yWm04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny81MmE2ZGUtNzIzMi00OWIxLTkxYzct
Y2ZkZmNkNGVlMGYyLzEvSFRSUlpOR3lfdmo0bjU4bHBjNC1ZWHVfaVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny81MmE2ZGUtNzIzMi00OWIxLTkxYzctY2ZkZmNkNGVlMGYy
LzEvUUlWaTRyaVdHeUxpbkhZdGJKa0RNYm8yWm04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVNQMA0G
CSqGSIb3DQEBCwUAA4IBAQA73PBflvbNHQ6G2WijRTLdsXq15om/2uLS0AHDfGM5
5Lcs3OR9lDVAdlt93Pq8L9yLJoDvlnjQ00oKRrhFVyMhiBmfqllwrXnNZUE/YPWj
vE7GVnNNLW9psMkLLQD38ER/vvxPfog5CKKnmxuxoCTmOsHEQa6opQ4cdl3Fp7Co
f+ggVZK7Cd5oSGYDzufQ+86iv4RcTnUo0Mj6bBCCNT+ix2vMUSRphpUB1firg9mn
QqoZeDznKX5+JpQcAZKOZIl9/B/zVUe5K7LpTsjW4AO6pLZ+76CZtrRqCGRkk2Z2
h/B1yVuHJVL4zA0cXMAAvuHSdYEvXkyCwhEr+cJLCXrj
-----END CERTIFICATE-----