Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/hRMOaUHeEjef81WhvI8wv4LF0fM.roa
File:                     hRMOaUHeEjef81WhvI8wv4LF0fM.roa (raw, json)
Hash identifier:          NqJ3x/MYCjsJ6LIE925pIo0Wvta9x/LKcCiWmrT3wvg=
Subject key identifier:   85:13:0E:69:41:DE:12:37:9F:F3:55:A1:BC:8F:30:BF:82:C5:D1:F3
Certificate issuer:       /CN=b418677abf3aaee036cd4add77d66196fcde4c6d
Certificate serial:       018CC8017A08D2EB1843300E9C6BE2AE5A5E
Authority key identifier: B4:18:67:7A:BF:3A:AE:E0:36:CD:4A:DD:77:D6:61:96:FC:DE:4C:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBhner86ruA2zUrdd9ZhlvzeTG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/hRMOaUHeEjef81WhvI8wv4LF0fM.roa
Signing time:             Tue 02 Jan 2024 02:29:49 +0000
ROA not before:           Tue 02 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8896
IP address blocks:        91.223.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/tBhner86ruA2zUrdd9ZhlvzeTG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/tBhner86ruA2zUrdd9ZhlvzeTG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBhner86ruA2zUrdd9ZhlvzeTG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7a:08:d2:eb:18:43:30:0e:9c:6b:e2:ae:5a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b418677abf3aaee036cd4add77d66196fcde4c6d
        Validity
            Not Before: Jan  2 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85130e6941de12379ff355a1bc8f30bf82c5d1f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e1:d8:78:07:8f:1e:cd:15:67:ff:25:9a:e7:
                    67:b7:a0:9d:36:f4:af:0c:b2:5a:11:0e:fd:33:0f:
                    8e:70:e2:2f:d3:9f:a2:63:1f:77:f8:53:c6:a3:a4:
                    de:5f:a8:03:39:91:ed:ba:f0:aa:09:ab:68:38:16:
                    ea:3a:c2:11:28:05:69:a4:72:d6:d4:23:b4:9a:50:
                    f8:dd:f7:f0:14:c2:d2:06:22:30:e6:d5:8e:6c:a7:
                    40:0b:8a:dc:82:c7:b6:71:6f:6d:f9:75:07:f5:1f:
                    7d:67:b5:e8:75:c0:e0:52:f2:a7:3e:d8:7a:2e:c2:
                    27:c1:8c:17:33:62:81:38:fc:fc:3d:bb:07:eb:c7:
                    db:00:8a:64:78:f1:19:02:72:23:23:9f:54:e1:7a:
                    ad:8b:b3:fd:a5:db:da:48:b1:52:c7:19:6e:5e:a8:
                    ff:0a:44:36:5b:2c:ea:09:ec:17:18:41:ff:df:13:
                    c9:d1:88:eb:51:06:d9:64:30:a0:14:fd:0b:1d:b4:
                    f3:01:38:15:d9:3c:17:a4:5d:42:ca:3a:17:72:94:
                    a0:5d:30:2c:3e:23:3f:1b:54:2f:f4:24:16:e1:01:
                    43:3d:28:5b:cc:1f:05:64:db:69:9b:19:45:f9:0a:
                    d7:e9:92:48:9d:b1:61:ea:ec:bc:4a:a1:5d:97:3c:
                    56:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:13:0E:69:41:DE:12:37:9F:F3:55:A1:BC:8F:30:BF:82:C5:D1:F3
            X509v3 Authority Key Identifier:
                keyid:B4:18:67:7A:BF:3A:AE:E0:36:CD:4A:DD:77:D6:61:96:FC:DE:4C:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBhner86ruA2zUrdd9ZhlvzeTG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/hRMOaUHeEjef81WhvI8wv4LF0fM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/da25c9-4fe1-45da-8e74-2bea34b8938b/1/tBhner86ruA2zUrdd9ZhlvzeTG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d2:2e:a6:6a:ad:f1:ef:cf:08:02:10:1a:8c:cc:38:4f:2e:
         fc:d7:40:25:98:0d:53:f6:cf:bd:47:2e:67:e7:47:0f:c7:45:
         82:11:e0:68:15:a5:09:14:3c:89:cd:04:bf:10:ef:f8:b1:c5:
         1e:18:a3:e3:27:27:3e:82:af:9b:4b:2e:00:16:96:06:b5:38:
         d2:ef:bb:de:b7:1e:66:de:b2:f1:ec:2f:04:ae:0b:cc:c0:eb:
         6b:01:64:75:3b:5c:74:7f:80:70:28:18:16:e3:5b:74:6d:19:
         d6:d4:14:e2:98:84:4f:f7:6d:45:93:47:11:57:5e:8a:24:6a:
         2c:9b:cf:dd:0b:49:4a:f7:10:70:3d:f1:0a:26:94:a6:7c:5e:
         e9:0a:45:9d:f1:22:87:a7:74:2f:a8:b1:76:6c:a9:8a:ca:da:
         db:5b:45:76:fc:4b:a8:45:cb:89:8e:95:20:8e:f6:0c:48:18:
         f9:4c:b9:96:2b:32:97:4c:18:93:05:fa:07:70:1e:b1:7d:ae:
         47:ac:29:a5:c0:de:8f:70:27:1f:45:df:be:ec:fc:9b:dc:e0:
         f3:b6:a3:43:7b:0f:de:6c:f0:ba:b2:a7:c8:00:da:37:99:a7:
         ab:12:45:92:21:4c:50:31:03:5b:2e:04:d6:f3:3f:0c:9d:aa:
         d2:be:68:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXoI0usYQzAOnGvirlpeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTg2NzdhYmYzYWFlZTAzNmNkNGFkZDc3ZDY2MTk2ZmNk
ZTRjNmQwHhcNMjQwMTAyMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTEzMGU2OTQxZGUxMjM3OWZmMzU1YTFiYzhmMzBiZjgyYzVkMWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuHYeAePHs0VZ/8lmudnt6CdNvSv
DLJaEQ79Mw+OcOIv05+iYx93+FPGo6TeX6gDOZHtuvCqCatoOBbqOsIRKAVppHLW
1CO0mlD43ffwFMLSBiIw5tWObKdAC4rcgse2cW9t+XUH9R99Z7XodcDgUvKnPth6
LsInwYwXM2KBOPz8PbsH68fbAIpkePEZAnIjI59U4Xqti7P9pdvaSLFSxxluXqj/
CkQ2WyzqCewXGEH/3xPJ0YjrUQbZZDCgFP0LHbTzATgV2TwXpF1CyjoXcpSgXTAs
PiM/G1Qv9CQW4QFDPShbzB8FZNtpmxlF+QrX6ZJInbFh6uy8SqFdlzxWDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUTDmlB3hI3n/NVobyPML+CxdHzMB8GA1UdIwQY
MBaAFLQYZ3q/Oq7gNs1K3XfWYZb83kxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJobmVyODZydUEyelVyZGQ5WmhsdnplVEcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9kYTI1YzktNGZlMS00NWRhLThlNzQt
MmJlYTM0Yjg5MzhiLzEvaFJNT2FVSGVFamVmODFXaHZJOHd2NExGMGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9kYTI1YzktNGZlMS00NWRhLThlNzQtMmJlYTM0Yjg5Mzhi
LzEvdEJobmVyODZydUEyelVyZGQ5WmhsdnplVEcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99VMA0G
CSqGSIb3DQEBCwUAA4IBAQBx0i6maq3x788IAhAajMw4Ty7810AlmA1T9s+9Ry5n
50cPx0WCEeBoFaUJFDyJzQS/EO/4scUeGKPjJyc+gq+bSy4AFpYGtTjS77vetx5m
3rLx7C8ErgvMwOtrAWR1O1x0f4BwKBgW41t0bRnW1BTimIRP921Fk0cRV16KJGos
m8/dC0lK9xBwPfEKJpSmfF7pCkWd8SKHp3QvqLF2bKmKytrbW0V2/EuoRcuJjpUg
jvYMSBj5TLmWKzKXTBiTBfoHcB6xfa5HrCmlwN6PcCcfRd++7Pyb3ODztqNDew/e
bPC6sqfIANo3maerEkWSIUxQMQNbLgTW8z8MnarSvmib
-----END CERTIFICATE-----