Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/hrJM8WOlBR-3InjQpObYV-L9vLY.roa
File:                     hrJM8WOlBR-3InjQpObYV-L9vLY.roa (raw, json)
Hash identifier:          reeF8uW4vl+3sqmfX4zI8hJ5dYa+Cz+mH42xXDOsdk8=
Subject key identifier:   86:B2:4C:F1:63:A5:05:1F:B7:22:78:D0:A4:E6:D8:57:E2:FD:BC:B6
Certificate issuer:       /CN=3e782de1b5d5292edd136d5278258c67b05be22a
Certificate serial:       0191FF1CE2C2EED11804BC768A45642AB69E
Authority key identifier: 3E:78:2D:E1:B5:D5:29:2E:DD:13:6D:52:78:25:8C:67:B0:5B:E2:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pngt4bXVKS7dE21SeCWMZ7Bb4io.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/hrJM8WOlBR-3InjQpObYV-L9vLY.roa
Signing time:             Tue 17 Sep 2024 08:32:48 +0000
ROA not before:           Tue 17 Sep 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62149
IP address blocks:        185.69.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/Pngt4bXVKS7dE21SeCWMZ7Bb4io.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/Pngt4bXVKS7dE21SeCWMZ7Bb4io.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pngt4bXVKS7dE21SeCWMZ7Bb4io.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ff:1c:e2:c2:ee:d1:18:04:bc:76:8a:45:64:2a:b6:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e782de1b5d5292edd136d5278258c67b05be22a
        Validity
            Not Before: Sep 17 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86b24cf163a5051fb72278d0a4e6d857e2fdbcb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:63:f3:5f:df:8b:f8:39:6c:ee:ab:3a:1f:1d:
                    95:fa:f7:cb:b5:69:97:a2:65:5a:1d:11:44:14:8a:
                    e2:92:2a:1e:55:53:94:c2:58:aa:fd:69:c6:ee:6e:
                    f5:ff:18:71:d1:0c:7e:14:c7:38:bd:84:d5:fb:1b:
                    f2:25:5d:0b:fd:45:86:3c:bf:de:5f:04:79:77:7b:
                    88:a7:9f:b1:13:1a:70:cf:2c:f4:7c:c7:d4:d4:b8:
                    fe:ea:2d:7a:a2:75:e9:9f:23:25:d3:28:e7:1f:ee:
                    11:31:b0:e5:d3:d7:a6:0b:b5:7d:9a:ae:7e:fb:29:
                    25:e4:27:ce:cb:c9:85:48:3b:05:ef:4f:66:be:4a:
                    3f:54:d3:e2:b1:9b:52:7b:c5:1e:e4:a1:df:f8:99:
                    00:06:cf:b3:99:90:7a:6c:54:9c:4f:ae:ac:8c:3e:
                    97:bc:42:d8:5e:cd:59:74:7d:dd:5c:46:4c:69:fc:
                    94:25:5d:2a:c4:f7:da:24:a0:e4:13:b0:1a:c5:9e:
                    8e:99:e7:d8:f3:9e:76:44:e3:58:72:80:c0:ba:0a:
                    7f:07:0a:c5:a0:eb:48:ab:25:c0:35:99:32:ac:ce:
                    c5:4a:61:f9:53:77:b5:b5:96:30:ae:63:18:76:44:
                    a2:85:b0:b0:bd:b1:18:eb:57:66:50:eb:6a:9a:7d:
                    5a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B2:4C:F1:63:A5:05:1F:B7:22:78:D0:A4:E6:D8:57:E2:FD:BC:B6
            X509v3 Authority Key Identifier:
                keyid:3E:78:2D:E1:B5:D5:29:2E:DD:13:6D:52:78:25:8C:67:B0:5B:E2:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pngt4bXVKS7dE21SeCWMZ7Bb4io.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/hrJM8WOlBR-3InjQpObYV-L9vLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/d035fb-e860-461d-9728-149e2a3ade76/1/Pngt4bXVKS7dE21SeCWMZ7Bb4io.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:74:d7:2d:3f:6e:d6:e1:4c:c0:5c:55:5f:db:5a:df:3d:f7:
         90:86:e5:7f:97:d2:0a:0c:ac:05:82:ac:65:71:e9:54:6d:1d:
         d3:01:02:7d:19:84:db:8b:46:9f:dc:06:2c:53:11:7a:b2:23:
         e1:3e:d1:1c:97:f3:32:56:7c:61:38:dd:01:28:3e:39:36:ea:
         ed:88:d9:5c:6a:06:93:14:73:01:ed:4b:7f:11:2e:54:d5:c2:
         5c:68:72:7b:24:61:46:29:3f:d1:99:19:52:2e:44:3d:09:9e:
         8d:95:d8:21:e4:c4:18:f5:b6:6b:cd:ad:74:5c:af:8b:d9:45:
         4d:50:b5:a9:96:1f:36:20:16:d6:9d:30:a3:2a:37:c3:ce:c0:
         10:80:96:ed:e3:58:a9:30:68:eb:ee:7b:ee:3a:70:74:08:df:
         ef:39:fe:c9:fc:3b:93:d0:3e:28:48:42:fa:64:03:33:e2:e0:
         5f:8c:21:79:86:1d:96:6c:41:47:80:0e:31:56:c6:ea:2d:f9:
         d7:b3:5c:65:62:b3:0b:d9:36:43:d9:a0:7c:f8:9b:bf:9c:ac:
         49:80:c0:61:ee:b7:13:9f:4f:00:23:99:80:8e:7b:9f:c6:1e:
         16:d8:b2:43:7b:7a:81:31:58:cc:14:1b:3b:e9:ff:3b:6f:ff:
         6d:68:33:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH/HOLC7tEYBLx2ikVkKraeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzgyZGUxYjVkNTI5MmVkZDEzNmQ1Mjc4MjU4YzY3YjA1
YmUyMmEwHhcNMjQwOTE3MDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIyNGNmMTYzYTUwNTFmYjcyMjc4ZDBhNGU2ZDg1N2UyZmRiY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2PzX9+L+Dls7qs6Hx2V+vfLtWmX
omVaHRFEFIrikioeVVOUwliq/WnG7m71/xhx0Qx+FMc4vYTV+xvyJV0L/UWGPL/e
XwR5d3uIp5+xExpwzyz0fMfU1Lj+6i16onXpnyMl0yjnH+4RMbDl09emC7V9mq5+
+ykl5CfOy8mFSDsF709mvko/VNPisZtSe8Ue5KHf+JkABs+zmZB6bFScT66sjD6X
vELYXs1ZdH3dXEZMafyUJV0qxPfaJKDkE7AaxZ6OmefY8552RONYcoDAugp/BwrF
oOtIqyXANZkyrM7FSmH5U3e1tZYwrmMYdkSihbCwvbEY61dmUOtqmn1aZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIayTPFjpQUftyJ40KTm2Ffi/by2MB8GA1UdIwQY
MBaAFD54LeG11Sku3RNtUngljGewW+IqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5ndDRiWFZLUzdkRTIxU2VDV01aN0JiNGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9kMDM1ZmItZTg2MC00NjFkLTk3Mjgt
MTQ5ZTJhM2FkZTc2LzEvaHJKTThXT2xCUi0zSW5qUXBPYllWLUw5dkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9kMDM1ZmItZTg2MC00NjFkLTk3MjgtMTQ5ZTJhM2FkZTc2
LzEvUG5ndDRiWFZLUzdkRTIxU2VDV01aN0JiNGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUXsMA0G
CSqGSIb3DQEBCwUAA4IBAQAudNctP27W4UzAXFVf21rfPfeQhuV/l9IKDKwFgqxl
celUbR3TAQJ9GYTbi0af3AYsUxF6siPhPtEcl/MyVnxhON0BKD45NurtiNlcagaT
FHMB7Ut/ES5U1cJcaHJ7JGFGKT/RmRlSLkQ9CZ6Nldgh5MQY9bZrza10XK+L2UVN
ULWplh82IBbWnTCjKjfDzsAQgJbt41ipMGjr7nvuOnB0CN/vOf7J/DuT0D4oSEL6
ZAMz4uBfjCF5hh2WbEFHgA4xVsbqLfnXs1xlYrML2TZD2aB8+Ju/nKxJgMBh7rcT
n08AI5mAjnufxh4W2LJDe3qBMVjMFBs76f87b/9taDPe
-----END CERTIFICATE-----