Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/rm2iYrhCeZh0WuPfbBczDX0YuKA.roa
File:                     rm2iYrhCeZh0WuPfbBczDX0YuKA.roa (raw, json)
Hash identifier:          V6T5VDPaycAlsUR1J0Rrr7D6z1L3X0nIgrNWlkUsREY=
Subject key identifier:   AE:6D:A2:62:B8:42:79:98:74:5A:E3:DF:6C:17:33:0D:7D:18:B8:A0
Certificate issuer:       /CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
Certificate serial:       018DCA83A04A6577C948B3951296D1ED95BE
Authority key identifier: 87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/rm2iYrhCeZh0WuPfbBczDX0YuKA.roa
Signing time:             Wed 21 Feb 2024 07:14:00 +0000
ROA not before:           Wed 21 Feb 2024 07:14:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199087
IP address blocks:        89.190.0.0/19 maxlen: 19
                          185.151.76.0/22 maxlen: 22
                          2a03:7c00::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ca:83:a0:4a:65:77:c9:48:b3:95:12:96:d1:ed:95:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87f41ae0779e37defc69b2a5b0f7ab8fd40cd3e7
        Validity
            Not Before: Feb 21 07:14:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae6da262b8427998745ae3df6c17330d7d18b8a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:08:0c:7e:b3:0b:56:46:8e:2b:c6:60:98:02:
                    ce:64:3d:dc:24:fd:cd:04:b8:de:67:14:78:1b:26:
                    44:d7:28:9b:f8:ff:34:4a:41:da:6a:a7:d6:4f:80:
                    00:1c:8d:7d:2f:6d:48:eb:47:9a:05:bf:22:29:0c:
                    03:40:42:07:d6:74:6b:4d:df:c3:c6:00:98:88:68:
                    14:04:e0:3f:0a:a8:3a:6e:67:e3:c4:d6:4c:1f:33:
                    e5:8e:f2:5d:d9:f2:f6:34:6b:47:7b:9d:84:2b:e2:
                    77:ea:af:c3:ed:58:27:2b:e2:95:54:70:2a:be:f8:
                    ab:ea:bf:2e:ec:14:b1:e2:fa:2e:51:42:82:d8:74:
                    91:69:d3:0e:e9:95:ad:e6:2b:a4:9a:b9:e5:48:39:
                    2d:85:2f:4b:db:98:fe:ba:8a:d7:b8:b5:c0:73:2e:
                    61:d0:0f:28:d8:a7:0c:30:19:d3:90:fa:82:bb:97:
                    17:9e:32:1d:fb:81:51:55:73:5a:3e:0d:8e:f2:06:
                    90:67:c4:73:f4:a4:a0:2c:10:77:b8:dd:62:e5:c0:
                    2a:db:73:cc:ad:57:68:8d:d3:91:f4:21:af:f5:4d:
                    95:b8:c4:e0:2c:8a:69:c5:df:a3:83:d2:e9:c1:5b:
                    95:a0:3a:14:35:61:dd:6f:3a:bd:c9:b3:1e:91:b0:
                    76:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:6D:A2:62:B8:42:79:98:74:5A:E3:DF:6C:17:33:0D:7D:18:B8:A0
            X509v3 Authority Key Identifier:
                keyid:87:F4:1A:E0:77:9E:37:DE:FC:69:B2:A5:B0:F7:AB:8F:D4:0C:D3:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h_Qa4HeeN978abKlsPerj9QM0-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/rm2iYrhCeZh0WuPfbBczDX0YuKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/185cb5-4752-43b8-8e46-c43ab2a12d55/1/h_Qa4HeeN978abKlsPerj9QM0-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.0.0/19
                  185.151.76.0/22
                IPv6:
                  2a03:7c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:31:16:8e:5b:37:65:ca:52:19:b1:f3:37:c3:80:2a:a2:bf:
         c2:f7:5c:28:cc:fa:5e:40:56:a7:f1:f4:2f:24:41:b1:c5:1e:
         41:5f:15:f2:cc:17:c4:9f:ef:73:93:44:9d:a7:24:dd:e6:ed:
         5a:2e:3c:52:73:12:c4:e5:56:0a:83:d5:80:45:e1:3a:41:71:
         f9:6b:e0:85:81:45:ed:84:6d:ec:f1:11:14:da:9b:64:9f:66:
         26:29:38:9f:98:13:2e:48:66:d2:29:c9:4d:b0:31:f9:e7:a8:
         d7:74:18:6a:52:3f:c0:00:3f:05:1a:8f:ff:f5:53:95:25:74:
         a3:eb:d0:2e:f9:ef:cc:f1:13:cd:c9:e4:f2:08:4a:f6:71:7c:
         bb:7b:4b:19:55:a8:76:ee:d5:f4:77:e1:93:f1:25:cc:b5:58:
         b1:89:15:de:92:f3:16:51:fc:67:43:c6:6f:54:2e:49:cc:ad:
         4c:fd:62:ca:d6:22:44:6b:cc:06:93:42:da:42:7c:47:c9:3a:
         b8:bc:33:04:a0:25:7a:02:3d:dd:a4:d9:4b:d4:d5:4b:47:36:
         94:4c:6f:d2:90:f6:ff:44:9b:db:82:0c:1f:45:f5:8c:9e:f2:
         8a:9c:03:a0:3c:ff:96:2c:99:81:fa:eb:3e:41:cc:ee:92:5d:
         e2:3f:dd:01
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY3Kg6BKZXfJSLOVEpbR7ZW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZjQxYWUwNzc5ZTM3ZGVmYzY5YjJhNWIwZjdhYjhmZDQw
Y2QzZTcwHhcNMjQwMjIxMDcxNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTZkYTI2MmI4NDI3OTk4NzQ1YWUzZGY2YzE3MzMwZDdkMThiOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAgMfrMLVkaOK8ZgmALOZD3cJP3N
BLjeZxR4GyZE1yib+P80SkHaaqfWT4AAHI19L21I60eaBb8iKQwDQEIH1nRrTd/D
xgCYiGgUBOA/Cqg6bmfjxNZMHzPljvJd2fL2NGtHe52EK+J36q/D7VgnK+KVVHAq
vvir6r8u7BSx4vouUUKC2HSRadMO6ZWt5iukmrnlSDkthS9L25j+uorXuLXAcy5h
0A8o2KcMMBnTkPqCu5cXnjId+4FRVXNaPg2O8gaQZ8Rz9KSgLBB3uN1i5cAq23PM
rVdojdOR9CGv9U2VuMTgLIppxd+jg9LpwVuVoDoUNWHdbzq9ybMekbB2AQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK5tomK4QnmYdFrj32wXMw19GLigMB8GA1UdIwQY
MBaAFIf0GuB3njfe/GmypbD3q4/UDNPnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYt
YzQzYWIyYTEyZDU1LzEvcm0yaVlyaENlWmgwV3VQZmJCY3pEWDBZdUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xODVjYjUtNDc1Mi00M2I4LThlNDYtYzQzYWIyYTEyZDU1
LzEvaF9RYTRIZWVOOTc4YWJLbHNQZXJqOVFNMC1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFWb4AAwQC
uZdMMA0EAgACMAcDBQMqA3wAMA0GCSqGSIb3DQEBCwUAA4IBAQAoMRaOWzdlylIZ
sfM3w4Aqor/C91wozPpeQFan8fQvJEGxxR5BXxXyzBfEn+9zk0SdpyTd5u1aLjxS
cxLE5VYKg9WAReE6QXH5a+CFgUXthG3s8REU2ptkn2YmKTifmBMuSGbSKclNsDH5
56jXdBhqUj/AAD8FGo//9VOVJXSj69Au+e/M8RPNyeTyCEr2cXy7e0sZVah27tX0
d+GT8SXMtVixiRXekvMWUfxnQ8ZvVC5JzK1M/WLK1iJEa8wGk0LaQnxHyTq4vDME
oCV6Aj3dpNlL1NVLRzaUTG/SkPb/RJvbggwfRfWMnvKKnAOgPP+WLJmB+us+Qczu
kl3iP90B
-----END CERTIFICATE-----