Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa
File:                     hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa (raw, json)
Hash identifier:          1s89PEZ2ZWgY7BKz+wec7YALVNYGNXm42Mr+/qgbU/Q=
Subject key identifier:   86:B3:46:9F:4A:14:3D:5F:33:AE:9F:0E:44:10:FE:49:9E:21:56:79
Certificate issuer:       /CN=2ae2d17fd5bb9d7611113c586a410802c785edf2
Certificate serial:       018CC64A9FFC0BF43E9FD620CDD91BCF1C5D
Authority key identifier: 2A:E2:D1:7F:D5:BB:9D:76:11:11:3C:58:6A:41:08:02:C7:85:ED:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa
Signing time:             Mon 01 Jan 2024 18:30:28 +0000
ROA not before:           Mon 01 Jan 2024 18:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200509
IP address blocks:        185.66.56.0/22 maxlen: 22
                          185.66.58.0/24 maxlen: 24
                          185.66.57.0/24 maxlen: 24
                          185.66.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:9f:fc:0b:f4:3e:9f:d6:20:cd:d9:1b:cf:1c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ae2d17fd5bb9d7611113c586a410802c785edf2
        Validity
            Not Before: Jan  1 18:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86b3469f4a143d5f33ae9f0e4410fe499e215679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:76:e1:d6:9f:92:73:cc:ed:42:5f:97:79:93:
                    9d:0f:9e:34:6b:1c:a7:1d:47:cc:02:0a:86:dc:a2:
                    0d:c8:f7:e6:2d:86:53:17:47:60:72:06:71:a7:63:
                    97:c4:e6:f7:a3:2d:23:cb:df:75:31:82:f9:98:9a:
                    a0:6f:a5:5c:d0:22:ec:15:70:b2:a7:90:22:e5:ad:
                    6b:32:c6:94:42:16:7b:43:a8:b3:f4:eb:5b:8b:1a:
                    38:0e:63:57:84:85:32:4c:78:4d:66:2f:46:da:2b:
                    02:a7:3b:88:74:96:10:c9:db:49:74:43:3d:84:7e:
                    9c:31:7a:94:6e:c3:94:73:7a:0c:19:40:e9:df:5b:
                    b3:03:56:0a:9b:72:da:12:90:0e:a2:71:56:c7:52:
                    b4:ec:ec:b9:86:eb:5e:c8:28:4f:75:65:26:11:dd:
                    17:82:0f:7f:2b:96:fa:4c:52:c8:ca:a8:97:3c:7c:
                    0b:9e:21:35:51:74:e8:1d:f2:73:36:1f:ed:59:45:
                    2c:b5:7f:21:3b:aa:35:e4:7d:cd:67:0a:87:ae:b2:
                    4f:66:2d:fd:a4:a4:24:f6:6e:03:18:d6:e2:2a:95:
                    45:ba:95:20:f9:42:e5:70:c7:34:ff:ee:40:0e:0b:
                    f7:1a:ce:ab:d3:07:eb:17:44:df:9c:a0:34:02:fc:
                    d6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B3:46:9F:4A:14:3D:5F:33:AE:9F:0E:44:10:FE:49:9E:21:56:79
            X509v3 Authority Key Identifier:
                keyid:2A:E2:D1:7F:D5:BB:9D:76:11:11:3C:58:6A:41:08:02:C7:85:ED:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KuLRf9W7nXYRETxYakEIAseF7fI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/hrNGn0oUPV8zrp8ORBD-SZ4hVnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/ba7fd6-b3a8-4931-ac05-ab4887c63ea5/1/KuLRf9W7nXYRETxYakEIAseF7fI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:39:45:36:76:03:69:f9:90:ad:0b:a9:55:3e:6f:d6:4b:38:
         2e:4b:aa:0b:c1:1f:ee:7c:c7:1f:cb:a6:da:be:13:99:d8:0d:
         b4:62:35:0e:0a:64:a6:2a:94:ae:03:8a:ed:04:e0:d6:94:34:
         6b:1b:a1:54:b2:b7:0e:e0:6c:11:a1:fc:52:c6:f3:f1:9b:6e:
         d8:11:48:57:fa:fb:88:1a:b2:5b:26:82:2d:07:0c:1f:60:f0:
         8c:93:51:f6:c0:29:b1:1c:76:80:e9:9d:c3:52:bb:33:bb:e4:
         5b:97:ca:a2:a5:f2:43:2c:b3:49:53:5f:7f:ab:ab:ac:3e:92:
         0f:35:d9:ab:ec:1a:f3:7a:f0:26:79:3c:79:7e:ce:5d:cc:30:
         60:a7:9f:7d:e7:29:da:6f:13:5b:6e:2c:60:71:15:a7:f7:47:
         f2:b7:4e:98:09:e2:bc:49:6c:31:4e:3a:82:3e:18:1e:92:2f:
         b9:d4:e7:00:d3:51:47:a3:d2:57:38:7d:51:72:88:58:31:57:
         a4:8d:e4:74:cf:e7:dd:3c:cf:ec:32:5a:0f:c8:95:73:90:63:
         34:4d:e9:54:dd:a5:f5:35:b0:b0:8e:40:87:73:8d:5f:8e:d1:
         a2:73:e2:e7:70:6a:57:43:6d:eb:80:6a:32:7b:ea:bc:d6:3c:
         51:72:a7:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSp/8C/Q+n9YgzdkbzxxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZTJkMTdmZDViYjlkNzYxMTExM2M1ODZhNDEwODAyYzc4
NWVkZjIwHhcNMjQwMTAxMTgzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmIzNDY5ZjRhMTQzZDVmMzNhZTlmMGU0NDEwZmU0OTllMjE1Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXbh1p+Sc8ztQl+XeZOdD540axyn
HUfMAgqG3KINyPfmLYZTF0dgcgZxp2OXxOb3oy0jy991MYL5mJqgb6Vc0CLsFXCy
p5Ai5a1rMsaUQhZ7Q6iz9Otbixo4DmNXhIUyTHhNZi9G2isCpzuIdJYQydtJdEM9
hH6cMXqUbsOUc3oMGUDp31uzA1YKm3LaEpAOonFWx1K07Oy5huteyChPdWUmEd0X
gg9/K5b6TFLIyqiXPHwLniE1UXToHfJzNh/tWUUstX8hO6o15H3NZwqHrrJPZi39
pKQk9m4DGNbiKpVFupUg+ULlcMc0/+5ADgv3Gs6r0wfrF0TfnKA0AvzWsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIazRp9KFD1fM66fDkQQ/kmeIVZ5MB8GA1UdIwQY
MBaAFCri0X/Vu512ERE8WGpBCALHhe3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3VMUmY5VzduWFlSRVR4WWFrRUlBc2VGN2ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iYTdmZDYtYjNhOC00OTMxLWFjMDUt
YWI0ODg3YzYzZWE1LzEvaHJOR24wb1VQVjh6cnA4T1JCRC1TWjRoVm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iYTdmZDYtYjNhOC00OTMxLWFjMDUtYWI0ODg3YzYzZWE1
LzEvS3VMUmY5VzduWFlSRVR4WWFrRUlBc2VGN2ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBYOUU2dgNp+ZCtC6lVPm/WSzguS6oLwR/ufMcfy6ba
vhOZ2A20YjUOCmSmKpSuA4rtBODWlDRrG6FUsrcO4GwRofxSxvPxm27YEUhX+vuI
GrJbJoItBwwfYPCMk1H2wCmxHHaA6Z3DUrszu+Rbl8qipfJDLLNJU19/q6usPpIP
Ndmr7BrzevAmeTx5fs5dzDBgp5995ynabxNbbixgcRWn90fyt06YCeK8SWwxTjqC
Phgeki+51OcA01FHo9JXOH1RcohYMVekjeR0z+fdPM/sMloPyJVzkGM0TelU3aX1
NbCwjkCHc41fjtGic+LncGpXQ23rgGoye+q81jxRcqeX
-----END CERTIFICATE-----