Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/AqYkIwPm8VssssVnZxyM3IGjXyE.roa
File:                     AqYkIwPm8VssssVnZxyM3IGjXyE.roa (raw, json)
Hash identifier:          St04dGLDsebiRYF4T20T3prubiZ1SGVjaIuYF0kaWBM=
Subject key identifier:   02:A6:24:23:03:E6:F1:5B:2C:B2:C5:67:67:1C:8C:DC:81:A3:5F:21
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019131D6C7592C74D8873F44648639D44D9E
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/AqYkIwPm8VssssVnZxyM3IGjXyE.roa
Signing time:             Thu 08 Aug 2024 11:54:04 +0000
ROA not before:           Thu 08 Aug 2024 11:54:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        86.104.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:d6:c7:59:2c:74:d8:87:3f:44:64:86:39:d4:4d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Aug  8 11:54:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02a6242303e6f15b2cb2c567671c8cdc81a35f21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ac:4d:b4:9e:87:43:c4:2d:db:30:a9:f0:cd:
                    75:e7:44:66:08:bb:58:d4:d9:05:2f:73:bc:c5:0a:
                    d8:22:7b:8f:f5:36:09:90:8d:ae:7f:c4:80:07:ac:
                    1d:12:7d:ff:cf:65:41:18:94:0a:46:ad:ef:71:ea:
                    b3:6e:c6:71:25:4b:e0:cc:03:9b:e4:9b:aa:e8:6c:
                    09:b7:61:c0:10:85:cb:54:b3:1e:d7:79:66:69:7f:
                    e2:e1:29:28:31:f8:dc:d8:c0:35:0b:26:df:62:ce:
                    d4:7b:ce:ee:87:d6:f6:ea:4f:33:25:d1:59:fd:c9:
                    17:12:a4:c2:c6:71:62:f9:f7:19:ed:c6:da:1e:a2:
                    fc:04:3f:15:8f:6f:cc:7d:ee:d4:ce:0e:8b:0a:ec:
                    40:4f:7b:8e:f7:34:6e:ab:b2:46:c1:5b:a6:4f:f2:
                    b4:4c:7a:52:4e:30:87:e6:fa:de:72:63:14:9d:73:
                    9c:29:c1:d2:68:fc:df:ca:61:64:e0:cb:28:a7:60:
                    6b:2b:18:04:4d:e0:d8:db:33:3b:ed:40:b8:f3:96:
                    f3:bf:eb:6a:33:ac:df:67:e1:5a:e5:66:5c:a8:76:
                    59:69:f3:69:5d:89:a6:38:99:4d:18:cf:97:90:5e:
                    07:73:5d:71:91:48:eb:17:9e:26:af:82:55:8f:a2:
                    39:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A6:24:23:03:E6:F1:5B:2C:B2:C5:67:67:1C:8C:DC:81:A3:5F:21
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/AqYkIwPm8VssssVnZxyM3IGjXyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:91:0a:44:3f:e2:9e:86:b6:b6:ef:1e:0b:29:95:4c:7c:f3:
         34:43:61:7c:93:13:1f:2c:3b:83:93:20:17:30:18:75:0c:e3:
         dc:88:68:41:a3:d6:fb:f2:a3:0d:22:ed:59:95:b1:01:16:38:
         d8:4a:ea:ca:dc:d4:a8:59:d4:29:9b:62:91:12:77:4c:14:dc:
         5c:5c:c5:a0:0a:f8:3e:fa:73:ed:bc:b2:a5:b2:ed:dc:52:3a:
         0a:c2:c0:7e:70:d9:67:a8:c4:d6:21:92:51:8d:9b:e2:fe:53:
         7a:73:b0:a5:5e:16:80:03:da:bb:9b:58:b0:96:da:c4:72:a5:
         ef:71:0e:a3:25:d6:5b:6f:3d:d5:70:ff:48:f0:f9:17:35:72:
         1a:ae:f6:1c:97:0c:53:90:93:b1:58:62:a8:8f:74:dc:e5:8c:
         e4:2f:f4:c3:98:2c:66:c8:a1:50:da:1d:3e:81:9d:f2:b7:1e:
         62:a1:04:d1:46:83:1e:a7:38:7a:c8:32:26:b1:9b:cc:81:53:
         11:97:83:68:e2:c6:27:71:3a:59:4b:ec:2e:31:d9:4b:f9:71:
         94:f6:60:f9:eb:7a:a2:59:ee:de:12:e6:e6:34:eb:01:1c:e3:
         e3:13:5c:45:8e:42:17:26:45:fb:28:bd:47:77:13:39:64:d0:
         b2:71:66:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEx1sdZLHTYhz9EZIY51E2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwODA4MTE1NDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmE2MjQyMzAzZTZmMTViMmNiMmM1Njc2NzFjOGNkYzgxYTM1ZjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6xNtJ6HQ8Qt2zCp8M1150RmCLtY
1NkFL3O8xQrYInuP9TYJkI2uf8SAB6wdEn3/z2VBGJQKRq3vceqzbsZxJUvgzAOb
5Juq6GwJt2HAEIXLVLMe13lmaX/i4SkoMfjc2MA1CybfYs7Ue87uh9b26k8zJdFZ
/ckXEqTCxnFi+fcZ7cbaHqL8BD8Vj2/Mfe7Uzg6LCuxAT3uO9zRuq7JGwVumT/K0
THpSTjCH5vrecmMUnXOcKcHSaPzfymFk4Msop2BrKxgETeDY2zM77UC485bzv+tq
M6zfZ+Fa5WZcqHZZafNpXYmmOJlNGM+XkF4Hc11xkUjrF54mr4JVj6I54wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKmJCMD5vFbLLLFZ2ccjNyBo18hMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvQXFZa0l3UG04VnNzc3NWblp4eU0zSUdqWHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVmigMA0G
CSqGSIb3DQEBCwUAA4IBAQB+kQpEP+Kehra27x4LKZVMfPM0Q2F8kxMfLDuDkyAX
MBh1DOPciGhBo9b78qMNIu1ZlbEBFjjYSurK3NSoWdQpm2KREndMFNxcXMWgCvg+
+nPtvLKlsu3cUjoKwsB+cNlnqMTWIZJRjZvi/lN6c7ClXhaAA9q7m1iwltrEcqXv
cQ6jJdZbbz3VcP9I8PkXNXIarvYclwxTkJOxWGKoj3Tc5YzkL/TDmCxmyKFQ2h0+
gZ3ytx5ioQTRRoMepzh6yDImsZvMgVMRl4No4sYncTpZS+wuMdlL+XGU9mD563qi
We7eEubmNOsBHOPjE1xFjkIXJkX7KL1HdxM5ZNCycWaP
-----END CERTIFICATE-----