Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/hYKn6uw-Fus3el3ZqEtdG5nc5QI.roa
File:                     hYKn6uw-Fus3el3ZqEtdG5nc5QI.roa (raw, json)
Hash identifier:          LAbbkXsf5xUIoA03H96TxJ0wp736ZL1RA6n3tH+T3uE=
Subject key identifier:   85:82:A7:EA:EC:3E:16:EB:37:7A:5D:D9:A8:4B:5D:1B:99:DC:E5:02
Certificate issuer:       /CN=4f152900b0d323d36d94510ab0b01c93f4517c89
Certificate serial:       018CC3B71E286EEA6AFE59FBD953EF28A13B
Authority key identifier: 4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/hYKn6uw-Fus3el3ZqEtdG5nc5QI.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48220
IP address blocks:        185.102.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1e:28:6e:ea:6a:fe:59:fb:d9:53:ef:28:a1:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f152900b0d323d36d94510ab0b01c93f4517c89
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8582a7eaec3e16eb377a5dd9a84b5d1b99dce502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7f:88:cb:c5:bd:13:13:cb:63:7f:16:e8:a5:
                    93:a5:a1:a5:aa:85:12:73:9a:6e:d0:72:77:f7:ed:
                    de:65:b0:a3:0b:bd:5f:05:bd:c0:21:05:a2:47:d6:
                    44:8a:f4:4a:27:ab:a9:8a:86:94:85:36:98:fb:dc:
                    5d:90:5c:73:10:c9:76:41:f2:c2:98:33:e2:a6:d1:
                    2d:cc:cc:e7:71:bc:d3:55:02:95:ff:30:cf:66:66:
                    4f:68:24:fe:f6:2c:5d:14:81:a7:ce:a4:41:41:4d:
                    e9:72:f3:02:8f:c2:8a:50:c3:b4:2a:c3:b6:d9:92:
                    db:7b:53:d5:94:1b:b8:2a:94:ca:98:e6:7a:ea:67:
                    3b:31:ca:80:63:d8:67:7a:d8:29:c0:69:a8:c1:06:
                    a0:3b:bd:e8:6f:83:81:6d:e9:2f:9f:90:6c:c3:44:
                    a2:68:e3:75:1d:64:60:24:f9:3e:5a:54:e7:72:8e:
                    a7:38:73:0e:2a:f8:33:0a:ca:b0:f0:2a:6d:3f:5f:
                    d9:06:76:c6:25:be:d1:30:1e:aa:89:74:95:b8:d5:
                    00:a3:5c:b2:02:6b:ed:44:21:9e:8c:bc:a2:53:fb:
                    61:ca:8a:6f:af:a1:77:ce:f5:08:f3:da:6f:1e:de:
                    9c:c5:90:2e:3e:d8:1a:95:e3:7e:ab:fa:18:69:e3:
                    d7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:82:A7:EA:EC:3E:16:EB:37:7A:5D:D9:A8:4B:5D:1B:99:DC:E5:02
            X509v3 Authority Key Identifier:
                keyid:4F:15:29:00:B0:D3:23:D3:6D:94:51:0A:B0:B0:1C:93:F4:51:7C:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxUpALDTI9NtlFEKsLAck_RRfIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/hYKn6uw-Fus3el3ZqEtdG5nc5QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/89ff3b-1263-4cdd-9cad-23df8dddf978/1/TxUpALDTI9NtlFEKsLAck_RRfIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:90:cf:e2:13:20:4b:93:f9:0c:1d:df:ec:8f:51:f9:ed:75:
         b0:f9:2a:33:3a:bf:46:3e:fd:e4:b3:7d:98:53:75:6c:8f:28:
         6b:b9:c2:79:b9:40:16:e8:77:d9:69:b6:e6:17:91:e7:0e:39:
         8d:88:84:68:cf:f0:e4:9a:fc:ad:10:ab:3f:34:b4:d7:b3:61:
         90:38:20:59:de:c3:69:e5:c8:b1:7d:cc:22:cb:88:b2:9e:f3:
         4c:40:23:01:34:19:db:ba:8b:c1:91:98:9b:1a:45:73:ae:ff:
         88:fa:c2:71:d5:81:2d:bd:8f:8f:3d:37:26:c4:eb:63:e9:ea:
         f3:d8:4e:0d:e8:1a:6b:74:4e:86:0c:aa:c7:a1:8d:94:7b:4f:
         2c:d9:fb:3e:96:b4:7e:fd:fa:57:d4:75:fc:e2:eb:2e:ec:2e:
         2e:3b:ed:a6:5b:11:6c:9c:c1:c6:49:80:29:fa:17:51:c5:32:
         f7:e9:69:87:c0:aa:6d:7d:7e:3e:07:e2:2e:40:ba:5b:38:99:
         a4:a6:e6:0f:72:62:9f:79:a7:14:6d:4c:5a:59:df:7e:38:68:
         d5:a4:e2:eb:33:b4:ac:5b:69:ac:d3:1b:b4:4f:8f:57:8f:43:
         b5:d3:d2:37:ae:05:11:53:c6:3b:72:43:d1:e4:aa:6a:1a:4b:
         c0:00:39:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx4obupq/ln72VPvKKE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTUyOTAwYjBkMzIzZDM2ZDk0NTEwYWIwYjAxYzkzZjQ1
MTdjODkwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTgyYTdlYWVjM2UxNmViMzc3YTVkZDlhODRiNWQxYjk5ZGNlNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3+Iy8W9ExPLY38W6KWTpaGlqoUS
c5pu0HJ39+3eZbCjC71fBb3AIQWiR9ZEivRKJ6upioaUhTaY+9xdkFxzEMl2QfLC
mDPiptEtzMzncbzTVQKV/zDPZmZPaCT+9ixdFIGnzqRBQU3pcvMCj8KKUMO0KsO2
2ZLbe1PVlBu4KpTKmOZ66mc7McqAY9hnetgpwGmowQagO73ob4OBbekvn5Bsw0Si
aON1HWRgJPk+WlTnco6nOHMOKvgzCsqw8CptP1/ZBnbGJb7RMB6qiXSVuNUAo1yy
AmvtRCGejLyiU/thyopvr6F3zvUI89pvHt6cxZAuPtgaleN+q/oYaePXSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWCp+rsPhbrN3pd2ahLXRuZ3OUCMB8GA1UdIwQY
MBaAFE8VKQCw0yPTbZRRCrCwHJP0UXyJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQt
MjNkZjhkZGRmOTc4LzEvaFlLbjZ1dy1GdXMzZWwzWnFFdGRHNW5jNVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC84OWZmM2ItMTI2My00Y2RkLTljYWQtMjNkZjhkZGRmOTc4
LzEvVHhVcEFMRFRJOU50bEZFS3NMQWNrX1JSZklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWYgMA0G
CSqGSIb3DQEBCwUAA4IBAQAdkM/iEyBLk/kMHd/sj1H57XWw+SozOr9GPv3ks32Y
U3VsjyhrucJ5uUAW6HfZabbmF5HnDjmNiIRoz/DkmvytEKs/NLTXs2GQOCBZ3sNp
5cixfcwiy4iynvNMQCMBNBnbuovBkZibGkVzrv+I+sJx1YEtvY+PPTcmxOtj6erz
2E4N6BprdE6GDKrHoY2Ue08s2fs+lrR+/fpX1HX84usu7C4uO+2mWxFsnMHGSYAp
+hdRxTL36WmHwKptfX4+B+IuQLpbOJmkpuYPcmKfeacUbUxaWd9+OGjVpOLrM7Ss
W2ms0xu0T49Xj0O109I3rgURU8Y7ckPR5KpqGkvAADm3
-----END CERTIFICATE-----