Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/sMt3Xd9_tDwUaaPlngIIqZOcXBg.roa
File:                     sMt3Xd9_tDwUaaPlngIIqZOcXBg.roa (raw, json)
Hash identifier:          N7xSFivTVlf06S13a4A8xEUZqsATKXp38PPRml0ppj8=
Subject key identifier:   B0:CB:77:5D:DF:7F:B4:3C:14:69:A3:E5:9E:02:08:A9:93:9C:5C:18
Certificate issuer:       /CN=86842274b3788b80b2fed916db3880fe08c37528
Certificate serial:       018CC2DAFB7AD2474D40B3C1913D31569A35
Authority key identifier: 86:84:22:74:B3:78:8B:80:B2:FE:D9:16:DB:38:80:FE:08:C3:75:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hoQidLN4i4Cy_tkW2ziA_gjDdSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/sMt3Xd9_tDwUaaPlngIIqZOcXBg.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58088
IP address blocks:        85.116.140.0/22 maxlen: 22
                          185.184.136.0/22 maxlen: 22
                          2a0b:3580::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/hoQidLN4i4Cy_tkW2ziA_gjDdSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/hoQidLN4i4Cy_tkW2ziA_gjDdSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hoQidLN4i4Cy_tkW2ziA_gjDdSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fb:7a:d2:47:4d:40:b3:c1:91:3d:31:56:9a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86842274b3788b80b2fed916db3880fe08c37528
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0cb775ddf7fb43c1469a3e59e0208a9939c5c18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:20:45:17:4f:5c:c9:8b:45:ad:8a:d6:0c:3f:
                    ae:05:13:aa:b6:95:13:0f:78:8d:d2:65:c6:c9:98:
                    12:2f:c3:46:d9:d8:41:a7:39:85:7c:8f:5e:2d:11:
                    f6:22:6e:0c:e4:3c:40:ab:8d:f7:f1:7c:b3:4a:8e:
                    0e:f2:5a:43:a7:04:95:61:24:0f:16:7e:7c:c5:78:
                    3e:cd:b5:8e:8f:b6:c9:2f:d8:8b:28:df:a7:84:be:
                    bc:79:f3:78:50:ab:8b:74:81:ea:6f:e7:1f:ea:39:
                    f9:68:b2:81:02:5d:b1:2c:64:b3:13:91:e2:83:9b:
                    c5:dc:8a:b2:79:ee:93:79:b7:5b:61:56:95:d6:62:
                    79:ee:b8:71:ec:d6:8c:a1:f0:ad:a4:77:6d:7d:94:
                    c4:28:60:c0:ce:46:96:0f:63:5d:a9:f8:bb:8d:60:
                    89:8a:09:94:4c:a7:7c:84:79:a2:98:5c:99:6b:d5:
                    63:d2:a1:f5:c1:03:a3:29:0a:07:0d:ac:73:47:a4:
                    35:5f:ab:df:5b:10:b6:d3:cb:62:41:c7:b5:58:b8:
                    c7:38:f7:c5:7d:d4:6a:ba:e6:3c:3a:48:ed:c3:68:
                    ba:69:4f:e6:43:6b:95:4b:21:1c:6f:ce:65:e1:b3:
                    fa:3d:2c:20:d8:44:36:c9:b2:6e:57:fc:ff:bf:09:
                    35:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:CB:77:5D:DF:7F:B4:3C:14:69:A3:E5:9E:02:08:A9:93:9C:5C:18
            X509v3 Authority Key Identifier:
                keyid:86:84:22:74:B3:78:8B:80:B2:FE:D9:16:DB:38:80:FE:08:C3:75:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hoQidLN4i4Cy_tkW2ziA_gjDdSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/sMt3Xd9_tDwUaaPlngIIqZOcXBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/aebcef-6296-4a32-863e-aa31520d3a6b/1/hoQidLN4i4Cy_tkW2ziA_gjDdSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.116.140.0/22
                  185.184.136.0/22
                IPv6:
                  2a0b:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:5f:5d:ff:3c:9a:c6:30:fb:1c:dd:1d:9e:a1:21:a7:80:58:
         94:3d:98:56:cc:5d:0b:ba:47:07:b4:d7:8f:a3:67:1c:66:cd:
         56:b6:29:0d:68:39:ed:b7:66:17:81:5d:f3:7c:9d:90:b8:6c:
         b1:b4:d4:ec:68:76:17:a2:43:b7:a3:64:42:33:fc:85:fc:ca:
         4a:10:29:bf:38:f3:57:73:83:46:9d:d7:b8:dd:8b:38:e5:56:
         79:5d:19:ca:f5:76:da:24:fe:89:5e:46:69:ad:5e:8b:f9:36:
         c5:49:4a:78:86:b3:b4:d2:39:06:a3:6f:5b:18:b1:82:df:c7:
         2e:7d:8d:95:83:3f:f6:18:bc:cb:63:b4:4f:f1:91:bd:95:b2:
         f4:b4:5f:b3:d5:61:34:32:84:bf:f1:a4:21:23:bd:fd:e0:b2:
         a4:02:62:94:57:c9:27:40:a8:aa:f8:c0:b0:7d:d1:8a:b6:12:
         fb:0c:95:25:51:d8:5b:2a:6e:9c:40:b9:28:3d:a5:f0:c7:7c:
         6e:de:37:ac:3e:a1:74:bc:0e:83:29:07:e0:20:2c:be:c8:5f:
         db:c6:30:93:51:ef:b6:5b:4b:e3:83:11:cf:14:3c:5b:51:f6:
         3e:2f:1f:c5:e0:91:32:e8:49:f8:3a:e8:64:ef:da:d4:c0:17:
         33:a2:06:26
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzC2vt60kdNQLPBkT0xVpo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ODQyMjc0YjM3ODhiODBiMmZlZDkxNmRiMzg4MGZlMDhj
Mzc1MjgwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGNiNzc1ZGRmN2ZiNDNjMTQ2OWEzZTU5ZTAyMDhhOTkzOWM1YzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSBFF09cyYtFrYrWDD+uBROqtpUT
D3iN0mXGyZgSL8NG2dhBpzmFfI9eLRH2Im4M5DxAq4338XyzSo4O8lpDpwSVYSQP
Fn58xXg+zbWOj7bJL9iLKN+nhL68efN4UKuLdIHqb+cf6jn5aLKBAl2xLGSzE5Hi
g5vF3Iqyee6TebdbYVaV1mJ57rhx7NaMofCtpHdtfZTEKGDAzkaWD2Ndqfi7jWCJ
igmUTKd8hHmimFyZa9Vj0qH1wQOjKQoHDaxzR6Q1X6vfWxC208tiQce1WLjHOPfF
fdRquuY8Okjtw2i6aU/mQ2uVSyEcb85l4bP6PSwg2EQ2ybJuV/z/vwk1rwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLDLd13ff7Q8FGmj5Z4CCKmTnFwYMB8GA1UdIwQY
MBaAFIaEInSzeIuAsv7ZFts4gP4Iw3UoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaG9RaWRMTjRpNEN5X3RrVzJ6aUFfZ2pEZFNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hZWJjZWYtNjI5Ni00YTMyLTg2M2Ut
YWEzMTUyMGQzYTZiLzEvc010M1hkOV90RHdVYWFQbG5nSUlxWk9jWEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hZWJjZWYtNjI5Ni00YTMyLTg2M2UtYWEzMTUyMGQzYTZi
LzEvaG9RaWRMTjRpNEN5X3RrVzJ6aUFfZ2pEZFNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVXSMAwQC
ubiIMA0EAgACMAcDBQMqCzWAMA0GCSqGSIb3DQEBCwUAA4IBAQBGX13/PJrGMPsc
3R2eoSGngFiUPZhWzF0LukcHtNePo2ccZs1WtikNaDntt2YXgV3zfJ2QuGyxtNTs
aHYXokO3o2RCM/yF/MpKECm/OPNXc4NGnde43Ys45VZ5XRnK9XbaJP6JXkZprV6L
+TbFSUp4hrO00jkGo29bGLGC38cufY2Vgz/2GLzLY7RP8ZG9lbL0tF+z1WE0MoS/
8aQhI7394LKkAmKUV8knQKiq+MCwfdGKthL7DJUlUdhbKm6cQLkoPaXwx3xu3jes
PqF0vA6DKQfgICy+yF/bxjCTUe+2W0vjgxHPFDxbUfY+Lx/F4JEy6En4Ouhk79rU
wBczogYm
-----END CERTIFICATE-----