Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/1KrHnSgllq_k9B2wst0bYaC6fyo.roa
File:                     1KrHnSgllq_k9B2wst0bYaC6fyo.roa (raw, json)
Hash identifier:          lStApswe2/6Ekqa6XmoUoNcd7HO52b9jBs5I4vOK1gc=
Subject key identifier:   D4:AA:C7:9D:28:25:96:AF:E4:F4:1D:B0:B2:DD:1B:61:A0:BA:7F:2A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019428241313BD21EB8956DBF4558BE1CCB1
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/1KrHnSgllq_k9B2wst0bYaC6fyo.roa
Signing time:             Thu 02 Jan 2025 17:50:40 +0000
ROA not before:           Thu 02 Jan 2025 17:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        185.106.192.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:18:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:13:13:bd:21:eb:89:56:db:f4:55:8b:e1:cc:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4aac79d282596afe4f41db0b2dd1b61a0ba7f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d8:3d:df:fe:f9:d9:aa:2d:f4:e8:1f:2e:7c:
                    f0:db:64:11:fb:5a:c5:84:61:3a:01:28:47:75:c7:
                    a2:38:57:93:fa:fc:25:f8:a3:49:b0:ce:80:90:85:
                    b3:3c:34:7b:53:f3:fb:fc:9f:ca:03:23:0d:9a:61:
                    2e:14:1b:ca:c7:6a:8e:c0:2a:50:3e:d1:42:60:ba:
                    99:d5:50:84:4b:f5:06:41:e4:57:7d:27:01:6d:35:
                    7c:ee:05:1d:07:c2:ac:c1:31:3f:c2:59:47:c5:8a:
                    07:f3:18:6d:c3:ea:4e:df:9b:bd:ec:b5:31:c1:16:
                    fd:13:69:1e:43:61:1d:d3:5a:d8:5d:92:df:42:ff:
                    7a:ac:da:2b:80:fa:88:df:49:15:73:ad:e9:72:39:
                    66:49:7c:d5:06:d1:2f:90:ab:ba:23:0d:ce:f3:80:
                    8c:b5:95:1d:0f:71:c3:9f:e8:9b:ac:4e:65:38:a1:
                    cf:e5:da:ad:db:1e:64:e9:79:9a:19:ca:17:fa:54:
                    e9:93:80:af:d7:12:17:7d:67:d3:3d:2f:f4:25:96:
                    9f:52:17:fc:8e:7a:c2:75:52:8b:6e:a5:6b:55:9b:
                    9f:49:00:e1:60:11:db:4c:1c:3a:6c:39:c4:49:e7:
                    b7:ab:b6:df:12:dc:6e:40:25:fa:a1:01:b6:53:e9:
                    33:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AA:C7:9D:28:25:96:AF:E4:F4:1D:B0:B2:DD:1B:61:A0:BA:7F:2A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/1KrHnSgllq_k9B2wst0bYaC6fyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:6e:b3:d0:1b:f2:6e:93:29:ca:7e:1e:9f:9c:d1:9d:be:34:
         cb:b1:45:2c:a4:3f:46:22:f2:9f:b9:3d:9b:38:80:0f:84:97:
         69:c1:6f:53:74:a5:f2:5b:a3:11:1a:2f:9f:42:9d:5a:52:a4:
         50:c8:dd:43:c2:8a:6a:39:f7:d2:3d:bf:49:19:29:8c:c0:5b:
         08:3c:f4:6c:54:9c:5e:87:88:7c:9f:2f:7b:42:cd:f0:32:6c:
         20:a9:3b:77:03:49:b7:3d:29:94:4e:4d:a0:14:d8:94:8b:43:
         db:8c:16:1a:b5:95:11:73:b6:e9:48:91:ac:8c:65:3a:2c:99:
         69:47:6e:52:e6:5f:ed:3a:b3:e8:e2:7b:34:34:51:d1:83:3a:
         b2:08:fb:d8:d8:b5:b5:cf:d1:49:5f:b2:2a:6f:62:6f:10:f7:
         f8:79:e3:36:ad:56:ac:50:0e:70:4b:11:62:2c:52:41:28:17:
         54:29:01:cf:37:fd:8c:7a:4b:44:20:40:3b:3c:9e:a7:4d:bb:
         3a:83:48:8c:6f:2d:87:93:9f:ee:46:6e:2b:d5:22:43:97:44:
         d5:ec:35:12:78:f2:96:b1:29:2f:e3:a0:33:64:ce:aa:a8:54:
         2c:c8:f3:c7:60:70:f1:44:cb:7d:c8:36:9c:d1:09:a1:f0:86:
         0f:88:0b:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJBMTvSHriVbb9FWL4cyxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGFhYzc5ZDI4MjU5NmFmZTRmNDFkYjBiMmRkMWI2MWEwYmE3ZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9g93/752aot9OgfLnzw22QR+1rF
hGE6AShHdceiOFeT+vwl+KNJsM6AkIWzPDR7U/P7/J/KAyMNmmEuFBvKx2qOwCpQ
PtFCYLqZ1VCES/UGQeRXfScBbTV87gUdB8KswTE/wllHxYoH8xhtw+pO35u97LUx
wRb9E2keQ2Ed01rYXZLfQv96rNorgPqI30kVc63pcjlmSXzVBtEvkKu6Iw3O84CM
tZUdD3HDn+ibrE5lOKHP5dqt2x5k6XmaGcoX+lTpk4Cv1xIXfWfTPS/0JZafUhf8
jnrCdVKLbqVrVZufSQDhYBHbTBw6bDnESee3q7bfEtxuQCX6oQG2U+kzFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSqx50oJZav5PQdsLLdG2Ggun8qMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvMUtySG5TZ2xscV9rOUIyd3N0MGJZYUM2ZnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWrAMA0G
CSqGSIb3DQEBCwUAA4IBAQB+brPQG/JukynKfh6fnNGdvjTLsUUspD9GIvKfuT2b
OIAPhJdpwW9TdKXyW6MRGi+fQp1aUqRQyN1DwopqOffSPb9JGSmMwFsIPPRsVJxe
h4h8ny97Qs3wMmwgqTt3A0m3PSmUTk2gFNiUi0PbjBYatZURc7bpSJGsjGU6LJlp
R25S5l/tOrPo4ns0NFHRgzqyCPvY2LW1z9FJX7Iqb2JvEPf4eeM2rVasUA5wSxFi
LFJBKBdUKQHPN/2MektEIEA7PJ6nTbs6g0iMby2Hk5/uRm4r1SJDl0TV7DUSePKW
sSkv46AzZM6qqFQsyPPHYHDxRMt9yDac0Qmh8IYPiAsV
-----END CERTIFICATE-----