Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0HuPQoQJtD4_eJkRPoOjTJmAFu8.roa
File:                     0HuPQoQJtD4_eJkRPoOjTJmAFu8.roa (raw, json)
Hash identifier:          LxyK41q1CvN7wgv66Lr4B7qVHDVYhBKIC+8jJpr2fgQ=
Subject key identifier:   D0:7B:8F:42:84:09:B4:3E:3F:78:99:11:3E:83:A3:4C:99:80:16:EF
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       0190FE8D33648A93573FE1AE68CE7C0B4FEF
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0HuPQoQJtD4_eJkRPoOjTJmAFu8.roa
Signing time:             Mon 29 Jul 2024 12:53:04 +0000
ROA not before:           Mon 29 Jul 2024 12:53:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48628
IP address blocks:        185.161.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 21:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:8d:33:64:8a:93:57:3f:e1:ae:68:ce:7c:0b:4f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jul 29 12:53:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d07b8f428409b43e3f7899113e83a34c998016ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f3:82:3d:37:92:ac:ad:cc:cd:e8:9a:58:02:
                    2d:b2:6f:8f:e7:3f:58:ef:5e:aa:97:1e:ba:a0:b0:
                    7a:5b:40:24:97:79:a2:79:24:5d:87:13:c0:c5:49:
                    ad:28:b5:46:c7:4b:20:c6:36:fa:95:12:3e:26:c4:
                    0e:4a:45:b2:d8:50:2b:db:44:a0:cb:94:3f:3a:8e:
                    48:94:97:96:08:a2:26:85:fc:aa:69:93:ed:88:c7:
                    b0:be:8b:83:ed:ae:f2:55:54:11:02:46:80:d8:25:
                    ba:b4:eb:d9:0c:f6:55:09:6e:7b:6c:6f:8f:d8:ae:
                    c3:91:56:e4:ee:5b:2d:9f:da:2e:68:42:db:cb:b0:
                    27:cd:78:e0:6b:e8:76:c1:25:fe:50:92:6a:c5:d9:
                    e0:88:b0:d4:db:74:82:89:a2:9d:8d:2a:75:7d:c6:
                    73:a5:b0:42:ae:d3:c0:86:31:77:68:be:ce:69:28:
                    b7:1a:c7:49:59:ce:7e:b2:61:40:86:f1:78:45:c0:
                    96:85:bf:77:af:4a:29:65:f3:7a:0d:53:f1:f9:b3:
                    45:d5:99:c3:d0:f4:35:89:64:93:e6:66:85:a0:ca:
                    22:f6:f1:b8:81:8a:05:66:06:d3:68:55:a3:aa:68:
                    56:45:5c:8f:d9:af:0e:46:1c:17:f9:57:d9:20:40:
                    71:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:7B:8F:42:84:09:B4:3E:3F:78:99:11:3E:83:A3:4C:99:80:16:EF
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/0HuPQoQJtD4_eJkRPoOjTJmAFu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:3d:d5:5c:bb:d6:87:59:0b:cd:d8:f0:26:e1:57:97:d1:a3:
         32:bb:9e:b0:f0:54:bc:20:e2:43:c9:06:2c:1f:ca:80:62:c0:
         fa:c9:0e:26:46:6b:f0:33:7e:db:4c:cb:ac:76:55:96:40:65:
         25:53:94:26:fb:35:9c:a6:74:a1:c8:fb:10:08:36:a8:9d:de:
         ea:c8:e6:27:a3:b1:2e:d5:d3:5b:27:4c:ed:1e:77:d8:94:9a:
         d7:a8:d6:a8:f9:7e:85:27:3b:c4:c3:b0:09:ad:da:a3:cb:9d:
         aa:ff:1e:bd:3c:42:f9:61:74:0a:d7:94:94:92:34:83:c1:02:
         ff:11:cb:9a:68:46:47:79:6b:95:a1:10:f8:7b:b3:ea:60:2e:
         f4:48:cb:49:1c:f8:63:f1:3d:c2:77:43:fa:ed:de:af:34:68:
         71:45:8f:92:91:09:a6:2a:d6:ea:1d:3a:02:37:3f:20:46:57:
         3f:40:98:77:c2:c8:5d:9b:47:39:78:4c:f8:6c:5b:89:28:bf:
         e3:35:c9:0c:8c:4c:95:98:90:70:de:3c:ff:d2:fd:5e:30:09:
         d7:e0:3e:af:be:9a:e4:1a:f7:5a:ed:ab:76:1c:8b:37:a9:0d:
         6a:9a:ef:8f:e4:f1:2b:f0:db:32:a8:a2:51:fe:90:86:57:ce:
         4e:b8:a0:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD+jTNkipNXP+GuaM58C0/vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjQwNzI5MTI1MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDdiOGY0Mjg0MDliNDNlM2Y3ODk5MTEzZTgzYTM0Yzk5ODAxNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPOCPTeSrK3MzeiaWAItsm+P5z9Y
716qlx66oLB6W0Akl3mieSRdhxPAxUmtKLVGx0sgxjb6lRI+JsQOSkWy2FAr20Sg
y5Q/Oo5IlJeWCKImhfyqaZPtiMewvouD7a7yVVQRAkaA2CW6tOvZDPZVCW57bG+P
2K7DkVbk7lstn9ouaELby7AnzXjga+h2wSX+UJJqxdngiLDU23SCiaKdjSp1fcZz
pbBCrtPAhjF3aL7OaSi3GsdJWc5+smFAhvF4RcCWhb93r0opZfN6DVPx+bNF1ZnD
0PQ1iWST5maFoMoi9vG4gYoFZgbTaFWjqmhWRVyP2a8ORhwX+VfZIEBxowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNB7j0KECbQ+P3iZET6Do0yZgBbvMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMEh1UFFvUUp0RDRfZUprUlBvT2pUSm1BRnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaFuMA0G
CSqGSIb3DQEBCwUAA4IBAQAiPdVcu9aHWQvN2PAm4VeX0aMyu56w8FS8IOJDyQYs
H8qAYsD6yQ4mRmvwM37bTMusdlWWQGUlU5Qm+zWcpnShyPsQCDaond7qyOYno7Eu
1dNbJ0ztHnfYlJrXqNao+X6FJzvEw7AJrdqjy52q/x69PEL5YXQK15SUkjSDwQL/
EcuaaEZHeWuVoRD4e7PqYC70SMtJHPhj8T3Cd0P67d6vNGhxRY+SkQmmKtbqHToC
Nz8gRlc/QJh3wshdm0c5eEz4bFuJKL/jNckMjEyVmJBw3jz/0v1eMAnX4D6vvprk
Gvda7at2HIs3qQ1qmu+P5PEr8NsyqKJR/pCGV85OuKAa
-----END CERTIFICATE-----