Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/d75759-8dcb-4532-8bfe-5b688acdb676/1/hmNlTK1-0lHVp_iVWuDLiGEzCUM.roa
File:                     hmNlTK1-0lHVp_iVWuDLiGEzCUM.roa (raw, json)
Hash identifier:          G2CmxWHayAuBHOZ0v1SpY6FsbaWvDTGFHkA4ZEi8iQU=
Subject key identifier:   86:63:65:4C:AD:7E:D2:51:D5:A7:F8:95:5A:E0:CB:88:61:33:09:43
Certificate issuer:       /CN=d4474c1c06cbfde94614d65c7d05f614a6e23998
Certificate serial:       018CC86F72C6C6A07DB682D96B9321CD6BCA
Authority key identifier: D4:47:4C:1C:06:CB:FD:E9:46:14:D6:5C:7D:05:F6:14:A6:E2:39:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1EdMHAbL_elGFNZcfQX2FKbiOZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/d75759-8dcb-4532-8bfe-5b688acdb676/1/hmNlTK1-0lHVp_iVWuDLiGEzCUM.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201926
IP address blocks:        185.59.120.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/d75759-8dcb-4532-8bfe-5b688acdb676/1/1EdMHAbL_elGFNZcfQX2FKbiOZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/d75759-8dcb-4532-8bfe-5b688acdb676/1/1EdMHAbL_elGFNZcfQX2FKbiOZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1EdMHAbL_elGFNZcfQX2FKbiOZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:72:c6:c6:a0:7d:b6:82:d9:6b:93:21:cd:6b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4474c1c06cbfde94614d65c7d05f614a6e23998
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8663654cad7ed251d5a7f8955ae0cb8861330943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8c:89:fb:a1:ad:e3:39:6e:83:aa:e1:95:7e:
                    0b:a8:50:0b:a2:72:26:17:32:93:ef:7d:39:f7:66:
                    b8:d3:09:94:5b:05:0a:33:52:ab:e4:84:76:63:f1:
                    c3:29:6a:68:91:40:da:34:64:5d:8d:a8:4a:36:f5:
                    8e:bb:47:65:18:a4:fa:96:c9:c5:4f:68:b6:76:a1:
                    9c:eb:74:88:e9:5e:e3:c0:e8:69:19:d4:ff:72:0e:
                    05:5b:79:d5:63:35:91:e6:45:f4:8d:49:4e:fa:e1:
                    a3:01:13:04:f9:95:f4:f4:1a:9d:10:9e:7a:67:00:
                    25:68:d2:db:e9:2f:b3:9e:80:e9:fa:6c:30:f4:22:
                    81:53:98:8c:66:2c:72:c2:97:bd:2e:c0:b4:dc:4c:
                    0c:da:09:d4:42:a5:42:60:57:2a:c5:08:9f:5b:5f:
                    f3:98:0c:77:31:5f:86:1d:57:1b:bb:b1:56:9c:a6:
                    89:67:27:16:09:b2:9b:32:6a:3f:41:06:7b:7b:56:
                    dd:24:e4:83:ad:bd:2f:39:e7:c6:aa:62:30:60:87:
                    4a:86:51:26:67:b8:e5:c0:b5:85:5f:69:bc:62:f9:
                    90:a7:9a:42:fe:e4:41:1d:14:b5:52:86:52:99:13:
                    1c:ad:e6:5b:6d:29:72:41:85:b0:64:1d:1c:4e:9f:
                    47:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:63:65:4C:AD:7E:D2:51:D5:A7:F8:95:5A:E0:CB:88:61:33:09:43
            X509v3 Authority Key Identifier:
                keyid:D4:47:4C:1C:06:CB:FD:E9:46:14:D6:5C:7D:05:F6:14:A6:E2:39:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1EdMHAbL_elGFNZcfQX2FKbiOZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d75759-8dcb-4532-8bfe-5b688acdb676/1/hmNlTK1-0lHVp_iVWuDLiGEzCUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/d75759-8dcb-4532-8bfe-5b688acdb676/1/1EdMHAbL_elGFNZcfQX2FKbiOZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:75:e2:f3:89:9d:bf:a7:4b:b5:13:e1:ce:55:9e:7d:f2:72:
         7a:57:aa:22:05:84:f8:4a:6d:52:29:d8:38:ac:f4:7c:5f:0c:
         df:4b:20:67:1e:87:80:15:c4:6e:96:a6:a9:4d:a4:8b:6d:7f:
         aa:18:fc:b0:97:78:a5:bf:ac:a3:8b:89:3b:ad:11:e4:ed:1a:
         82:6a:d6:26:f4:a1:4c:54:68:ba:13:8f:ac:fd:28:8e:6f:09:
         68:3c:45:d6:1a:3e:ee:71:b6:4d:8b:e4:d5:0a:d5:67:26:65:
         d6:24:25:c0:9b:71:ee:74:30:a0:c8:3c:e0:86:f2:3b:76:af:
         84:ea:10:7a:0d:01:9d:ad:a0:21:c0:7c:4f:a6:bb:ad:90:2e:
         4d:95:2a:9d:a7:06:53:ab:8f:95:12:0a:b8:06:df:0d:d8:fc:
         47:db:b6:48:af:56:0d:97:a6:c1:15:f6:af:ec:c5:20:e7:f7:
         3e:1b:a1:fa:cd:e1:db:37:af:20:78:4b:b7:1d:47:34:57:c6:
         e4:3b:db:7c:39:ea:1a:ea:b0:d2:d7:e2:41:75:d0:24:cb:ab:
         e4:f7:ad:9c:98:d5:b8:b9:a4:b7:42:8b:e1:ee:af:2b:28:da:
         e9:8d:df:61:ed:34:49:0b:b2:8e:c8:fa:c0:46:c3:66:84:92:
         f2:58:fe:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3LGxqB9toLZa5MhzWvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NDc0YzFjMDZjYmZkZTk0NjE0ZDY1YzdkMDVmNjE0YTZl
MjM5OTgwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjYzNjU0Y2FkN2VkMjUxZDVhN2Y4OTU1YWUwY2I4ODYxMzMwOTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoyJ+6Gt4zlug6rhlX4LqFALonIm
FzKT730592a40wmUWwUKM1Kr5IR2Y/HDKWpokUDaNGRdjahKNvWOu0dlGKT6lsnF
T2i2dqGc63SI6V7jwOhpGdT/cg4FW3nVYzWR5kX0jUlO+uGjARME+ZX09BqdEJ56
ZwAlaNLb6S+znoDp+mww9CKBU5iMZixywpe9LsC03EwM2gnUQqVCYFcqxQifW1/z
mAx3MV+GHVcbu7FWnKaJZycWCbKbMmo/QQZ7e1bdJOSDrb0vOefGqmIwYIdKhlEm
Z7jlwLWFX2m8YvmQp5pC/uRBHRS1UoZSmRMcreZbbSlyQYWwZB0cTp9HZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZjZUytftJR1af4lVrgy4hhMwlDMB8GA1UdIwQY
MBaAFNRHTBwGy/3pRhTWXH0F9hSm4jmYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUVkTUhBYkxfZWxHRk5aY2ZRWDJGS2JpT1pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kNzU3NTktOGRjYi00NTMyLThiZmUt
NWI2ODhhY2RiNjc2LzEvaG1ObFRLMS0wbEhWcF9pVld1RExpR0V6Q1VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kNzU3NTktOGRjYi00NTMyLThiZmUtNWI2ODhhY2RiNjc2
LzEvMUVkTUhBYkxfZWxHRk5aY2ZRWDJGS2JpT1pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTt4MA0G
CSqGSIb3DQEBCwUAA4IBAQCYdeLziZ2/p0u1E+HOVZ598nJ6V6oiBYT4Sm1SKdg4
rPR8XwzfSyBnHoeAFcRulqapTaSLbX+qGPywl3ilv6yji4k7rRHk7RqCatYm9KFM
VGi6E4+s/SiObwloPEXWGj7ucbZNi+TVCtVnJmXWJCXAm3HudDCgyDzghvI7dq+E
6hB6DQGdraAhwHxPprutkC5NlSqdpwZTq4+VEgq4Bt8N2PxH27ZIr1YNl6bBFfav
7MUg5/c+G6H6zeHbN68geEu3HUc0V8bkO9t8Oeoa6rDS1+JBddAky6vk962cmNW4
uaS3Qovh7q8rKNrpjd9h7TRJC7KOyPrARsNmhJLyWP4r
-----END CERTIFICATE-----