Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/dd08f7-b6f4-4b42-81d7-23ab59798421/1/hABOeqqat5JLiTMCVLGrTqt41hc.roa
File:                     hABOeqqat5JLiTMCVLGrTqt41hc.roa (raw, json)
Hash identifier:          psG6evJtrdIOpvmhbqBt52h/nCmCObZ0lFSbIEsgPxM=
Subject key identifier:   84:00:4E:7A:AA:9A:B7:92:4B:89:33:02:54:B1:AB:4E:AB:78:D6:17
Certificate issuer:       /CN=d8a994d846cb6696e889c1cc32285e0b23afc777
Certificate serial:       018CC8010A5F220A0458EF4581C05D350391
Authority key identifier: D8:A9:94:D8:46:CB:66:96:E8:89:C1:CC:32:28:5E:0B:23:AF:C7:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2KmU2EbLZpboicHMMiheCyOvx3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/dd08f7-b6f4-4b42-81d7-23ab59798421/1/hABOeqqat5JLiTMCVLGrTqt41hc.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202707
IP address blocks:        185.156.157.0/24 maxlen: 24
                          185.156.158.0/24 maxlen: 24
                          185.156.159.0/24 maxlen: 24
                          185.156.156.0/22 maxlen: 24
                          185.156.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/dd08f7-b6f4-4b42-81d7-23ab59798421/1/2KmU2EbLZpboicHMMiheCyOvx3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/dd08f7-b6f4-4b42-81d7-23ab59798421/1/2KmU2EbLZpboicHMMiheCyOvx3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2KmU2EbLZpboicHMMiheCyOvx3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0a:5f:22:0a:04:58:ef:45:81:c0:5d:35:03:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8a994d846cb6696e889c1cc32285e0b23afc777
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84004e7aaa9ab7924b89330254b1ab4eab78d617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:24:85:47:e2:89:3a:d2:6e:3b:e4:0e:86:
                    ca:98:d9:df:33:0a:8f:b3:29:5d:d1:ba:f8:34:4d:
                    1e:f6:2c:72:9b:4b:29:d7:ec:22:fa:e1:1d:ac:f4:
                    e7:62:4c:c9:25:0b:06:9f:ef:66:0d:b2:e2:ec:da:
                    37:40:0f:23:f9:c9:5b:a3:ae:3a:98:16:71:48:de:
                    4f:1a:a3:bd:81:04:09:21:20:41:a5:a4:14:1f:9a:
                    cd:b2:3b:13:ae:77:76:c6:10:2d:a7:c5:e3:69:ef:
                    00:a7:f1:c7:66:cc:c1:b3:38:56:cf:20:6f:12:88:
                    15:ed:67:35:cb:11:0e:a4:3b:55:8f:64:c0:6f:9e:
                    18:1f:9e:9f:56:be:45:dd:d3:2e:96:0a:2c:7e:9a:
                    24:bd:2b:40:5b:fd:72:45:4b:53:be:2b:d0:6c:ba:
                    e8:61:69:db:05:be:1c:fc:29:c1:70:28:2c:69:84:
                    83:60:4b:e6:3b:1e:b2:68:e7:d9:fb:ca:92:65:1e:
                    25:0b:03:ae:9c:6b:e9:0f:07:ef:7e:56:25:30:11:
                    87:6c:1e:30:f5:6c:f7:43:ba:d3:de:72:1d:ad:74:
                    17:d1:f5:2a:3e:fa:da:f7:cf:8f:d6:00:b4:48:57:
                    9a:f2:66:d1:90:a1:a0:56:29:a4:a9:39:92:d9:ba:
                    fe:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:00:4E:7A:AA:9A:B7:92:4B:89:33:02:54:B1:AB:4E:AB:78:D6:17
            X509v3 Authority Key Identifier:
                keyid:D8:A9:94:D8:46:CB:66:96:E8:89:C1:CC:32:28:5E:0B:23:AF:C7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2KmU2EbLZpboicHMMiheCyOvx3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/dd08f7-b6f4-4b42-81d7-23ab59798421/1/hABOeqqat5JLiTMCVLGrTqt41hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/dd08f7-b6f4-4b42-81d7-23ab59798421/1/2KmU2EbLZpboicHMMiheCyOvx3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e7:9e:da:fd:51:bb:7b:08:12:a5:ee:df:60:25:29:ee:62:52:
         20:cb:7f:28:52:a8:b1:aa:14:bd:57:6d:42:40:7c:eb:14:75:
         d1:aa:df:e4:e1:78:fe:f1:89:14:56:4b:5d:5f:bd:69:76:d4:
         94:cb:97:80:24:f4:7e:6e:d1:a9:54:99:e2:fa:14:f3:ee:43:
         c0:f4:21:87:73:4d:4b:c6:76:44:f5:22:1c:fc:60:6d:4b:b4:
         b9:10:cf:94:b4:79:db:3b:af:c7:f7:97:aa:30:af:93:4f:0e:
         eb:86:0f:67:63:47:28:65:93:4d:37:ef:86:10:38:b4:05:c9:
         6e:eb:5a:98:64:65:57:b7:f7:73:75:18:37:08:57:6e:fe:fa:
         ce:7d:30:2a:e4:36:38:74:9e:ef:69:4f:3e:fb:c8:bc:65:ba:
         33:76:b9:69:6e:74:c1:87:5e:20:10:e6:83:15:8e:42:ba:48:
         1e:f8:34:dd:61:66:1b:37:62:39:5d:48:1e:50:44:db:85:60:
         41:0c:9f:b6:33:93:d3:07:85:18:f9:d5:26:65:ce:35:6d:97:
         ed:2c:e2:61:ae:15:56:26:94:2c:46:6a:80:93:1a:5a:59:6a:
         05:b0:36:64:7c:73:52:a7:f6:77:9b:3a:b5:f0:c9:2d:86:f5:
         b3:03:c7:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQpfIgoEWO9FgcBdNQORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YTk5NGQ4NDZjYjY2OTZlODg5YzFjYzMyMjg1ZTBiMjNh
ZmM3NzcwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDAwNGU3YWFhOWFiNzkyNGI4OTMzMDI1NGIxYWI0ZWFiNzhkNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAUkhUfiiTrSbjvkDobKmNnfMwqP
syld0br4NE0e9ixym0sp1+wi+uEdrPTnYkzJJQsGn+9mDbLi7No3QA8j+clbo646
mBZxSN5PGqO9gQQJISBBpaQUH5rNsjsTrnd2xhAtp8Xjae8Ap/HHZszBszhWzyBv
EogV7Wc1yxEOpDtVj2TAb54YH56fVr5F3dMulgosfpokvStAW/1yRUtTvivQbLro
YWnbBb4c/CnBcCgsaYSDYEvmOx6yaOfZ+8qSZR4lCwOunGvpDwfvflYlMBGHbB4w
9Wz3Q7rT3nIdrXQX0fUqPvra98+P1gC0SFea8mbRkKGgVimkqTmS2br+VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQATnqqmreSS4kzAlSxq06reNYXMB8GA1UdIwQY
MBaAFNiplNhGy2aW6InBzDIoXgsjr8d3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkttVTJFYkxacGJvaWNITU1paGVDeU92eDNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9kZDA4ZjctYjZmNC00YjQyLTgxZDct
MjNhYjU5Nzk4NDIxLzEvaEFCT2VxcWF0NUpMaVRNQ1ZMR3JUcXQ0MWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9kZDA4ZjctYjZmNC00YjQyLTgxZDctMjNhYjU5Nzk4NDIx
LzEvMkttVTJFYkxacGJvaWNITU1paGVDeU92eDNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZycMA0G
CSqGSIb3DQEBCwUAA4IBAQDnntr9Ubt7CBKl7t9gJSnuYlIgy38oUqixqhS9V21C
QHzrFHXRqt/k4Xj+8YkUVktdX71pdtSUy5eAJPR+btGpVJni+hTz7kPA9CGHc01L
xnZE9SIc/GBtS7S5EM+UtHnbO6/H95eqMK+TTw7rhg9nY0coZZNNN++GEDi0Bclu
61qYZGVXt/dzdRg3CFdu/vrOfTAq5DY4dJ7vaU8++8i8ZbozdrlpbnTBh14gEOaD
FY5Cukge+DTdYWYbN2I5XUgeUETbhWBBDJ+2M5PTB4UY+dUmZc41bZftLOJhrhVW
JpQsRmqAkxpaWWoFsDZkfHNSp/Z3mzq18MkthvWzA8eo
-----END CERTIFICATE-----