Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/hoHTl1m6cmbjZsiIQkoEOHjQ3kM.roa
File:                     hoHTl1m6cmbjZsiIQkoEOHjQ3kM.roa (raw, json)
Hash identifier:          EMgS8dpLj+OgSV8heKzcnSRfQm5feZlAq7WF1eCi/CU=
Subject key identifier:   86:81:D3:97:59:BA:72:66:E3:66:C8:88:42:4A:04:38:78:D0:DE:43
Certificate issuer:       /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial:       018CC86F4C02250CD48C7A61A6821FDD5763
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/hoHTl1m6cmbjZsiIQkoEOHjQ3kM.roa
Signing time:             Tue 02 Jan 2024 04:29:46 +0000
ROA not before:           Tue 02 Jan 2024 04:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61319
IP address blocks:        185.10.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4c:02:25:0c:d4:8c:7a:61:a6:82:1f:dd:57:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
        Validity
            Not Before: Jan  2 04:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8681d39759ba7266e366c888424a043878d0de43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:20:04:65:f8:e6:1e:d8:eb:60:b0:a1:4a:a2:
                    1a:19:c0:a0:14:77:59:89:6d:b1:bd:79:14:7f:b7:
                    22:f2:12:ce:59:ba:fe:5a:24:ba:ae:10:66:52:c4:
                    aa:ea:95:87:a4:3e:4a:87:25:38:ad:9f:bf:e6:73:
                    dd:26:5b:ed:a8:a1:78:dc:7d:90:bd:c0:a3:67:81:
                    cb:81:71:c6:1b:23:26:7e:59:48:17:6f:c2:f8:1f:
                    6d:e8:06:26:b0:a8:db:e3:86:d3:8c:5e:0a:00:32:
                    35:42:16:bc:b4:14:05:f4:bb:e0:1d:6d:91:88:82:
                    32:2e:17:f3:71:3a:e2:6a:5a:93:5a:d1:5f:8d:8d:
                    44:d1:c9:39:74:9b:4d:cb:67:00:75:48:28:7c:70:
                    fb:a7:92:8d:b6:17:52:bd:ee:7a:10:aa:b8:6e:db:
                    d1:c3:6c:09:95:a6:49:fb:3f:e6:6d:aa:8a:d5:0d:
                    db:75:6c:4c:4b:02:5a:6a:9f:8b:cf:f8:11:62:0c:
                    ce:e4:58:18:a1:53:4d:45:f2:ab:b8:cc:8a:b2:56:
                    83:83:0c:95:db:ad:af:31:cd:bd:b7:f9:69:43:de:
                    1a:03:c3:a8:56:ef:63:90:4b:76:16:06:0b:63:ef:
                    86:d8:63:0a:29:16:d1:c9:de:43:80:8f:30:8b:e2:
                    1d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:81:D3:97:59:BA:72:66:E3:66:C8:88:42:4A:04:38:78:D0:DE:43
            X509v3 Authority Key Identifier:
                keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/hoHTl1m6cmbjZsiIQkoEOHjQ3kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:6f:bc:ac:9b:94:6b:c7:b8:2b:c0:29:7e:a7:7e:53:b7:a7:
         6c:8b:8f:73:12:d2:89:8c:c4:f8:f8:07:d3:bf:c0:df:c8:eb:
         f3:1e:e4:cf:5d:97:39:fb:b3:8d:ce:83:e7:70:aa:ac:6f:de:
         79:c9:4d:f3:ee:ab:48:12:9f:b7:17:8c:04:2e:9e:79:7e:21:
         4b:53:24:32:90:76:bc:56:8f:96:3a:05:82:3e:6a:1b:86:28:
         21:2f:88:f3:e9:d9:62:0f:26:ae:09:c9:14:f1:bd:69:e4:2b:
         44:76:18:e0:e2:11:28:b6:53:cc:7f:c9:da:ac:9b:07:b5:55:
         e9:69:3a:7f:f5:c7:3a:0c:46:2f:09:cb:aa:dc:f3:e5:01:09:
         8e:52:28:ec:10:d3:a2:93:fb:c4:c1:6f:5b:d4:51:51:93:70:
         92:32:59:58:11:d8:e3:1c:9a:cb:f6:8e:db:1d:c5:01:1f:13:
         1b:c1:61:7d:86:b7:a3:d5:af:9f:78:b0:ae:fd:77:72:fd:c9:
         02:c8:59:9f:b7:c4:75:f5:a7:41:c6:84:a1:e1:5a:ce:13:39:
         be:73:26:32:76:b1:e0:0d:ca:eb:01:04:cd:28:d1:69:f4:c2:
         14:bd:fb:9d:80:40:3f:96:57:96:39:c3:f4:ca:ca:dc:77:b7:
         cc:0a:05:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0wCJQzUjHphpoIf3VdjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGUxZDlkY2RiMjVjMWU1MzJjNWM5YjY5ZGZhNzU3ZTMw
NjIxMGUwHhcNMjQwMTAyMDQyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjgxZDM5NzU5YmE3MjY2ZTM2NmM4ODg0MjRhMDQzODc4ZDBkZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiAEZfjmHtjrYLChSqIaGcCgFHdZ
iW2xvXkUf7ci8hLOWbr+WiS6rhBmUsSq6pWHpD5KhyU4rZ+/5nPdJlvtqKF43H2Q
vcCjZ4HLgXHGGyMmfllIF2/C+B9t6AYmsKjb44bTjF4KADI1Qha8tBQF9LvgHW2R
iIIyLhfzcTrialqTWtFfjY1E0ck5dJtNy2cAdUgofHD7p5KNthdSve56EKq4btvR
w2wJlaZJ+z/mbaqK1Q3bdWxMSwJaap+Lz/gRYgzO5FgYoVNNRfKruMyKslaDgwyV
262vMc29t/lpQ94aA8OoVu9jkEt2FgYLY++G2GMKKRbRyd5DgI8wi+IdSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaB05dZunJm42bIiEJKBDh40N5DMB8GA1UdIwQY
MBaAFGbeHZ3NslweUyxcm2nfp1fjBiEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYt
NDA0Nzk4NzA5NzZlLzEvaG9IVGwxbTZjbWJqWnNpSVFrb0VPSGpRM2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYtNDA0Nzk4NzA5NzZl
LzEvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQr8MA0G
CSqGSIb3DQEBCwUAA4IBAQCPb7ysm5Rrx7grwCl+p35Tt6dsi49zEtKJjMT4+AfT
v8DfyOvzHuTPXZc5+7ONzoPncKqsb955yU3z7qtIEp+3F4wELp55fiFLUyQykHa8
Vo+WOgWCPmobhighL4jz6dliDyauCckU8b1p5CtEdhjg4hEotlPMf8narJsHtVXp
aTp/9cc6DEYvCcuq3PPlAQmOUijsENOik/vEwW9b1FFRk3CSMllYEdjjHJrL9o7b
HcUBHxMbwWF9hrej1a+feLCu/Xdy/ckCyFmft8R19adBxoSh4VrOEzm+cyYydrHg
DcrrAQTNKNFp9MIUvfudgEA/lleWOcP0ysrcd7fMCgUs
-----END CERTIFICATE-----