Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/3fa36d-8faf-4bdc-ad9e-013c1f01edb9/1/hIu1cG30UYryUhG67vyJx6azZyQ.roa
File:                     hIu1cG30UYryUhG67vyJx6azZyQ.roa (raw, json)
Hash identifier:          J1I+0CmbHrYCPOqYyMjehsxyN7/CuNKY2c+GuCwB+08=
Subject key identifier:   84:8B:B5:70:6D:F4:51:8A:F2:52:11:BA:EE:FC:89:C7:A6:B3:67:24
Certificate issuer:       /CN=0830bc34b8f4fcbc2bf523bbdbe9a044a2445fbe
Certificate serial:       018CCA2B9CE7D929DEF2BDF2117FE57AB2DF
Authority key identifier: 08:30:BC:34:B8:F4:FC:BC:2B:F5:23:BB:DB:E9:A0:44:A2:44:5F:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDC8NLj0_Lwr9SO72-mgRKJEX74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/3fa36d-8faf-4bdc-ad9e-013c1f01edb9/1/hIu1cG30UYryUhG67vyJx6azZyQ.roa
Signing time:             Tue 02 Jan 2024 12:35:05 +0000
ROA not before:           Tue 02 Jan 2024 12:35:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32787
IP address blocks:        185.48.80.0/22 maxlen: 24
                          5.154.244.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/3fa36d-8faf-4bdc-ad9e-013c1f01edb9/1/CDC8NLj0_Lwr9SO72-mgRKJEX74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/3fa36d-8faf-4bdc-ad9e-013c1f01edb9/1/CDC8NLj0_Lwr9SO72-mgRKJEX74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDC8NLj0_Lwr9SO72-mgRKJEX74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9c:e7:d9:29:de:f2:bd:f2:11:7f:e5:7a:b2:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0830bc34b8f4fcbc2bf523bbdbe9a044a2445fbe
        Validity
            Not Before: Jan  2 12:35:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=848bb5706df4518af25211baeefc89c7a6b36724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:71:51:c5:89:1f:3e:53:28:de:7c:99:04:1f:
                    ce:d9:66:30:db:78:fb:3d:22:6c:01:21:b2:08:8d:
                    b4:ec:0a:e6:91:0e:9b:79:e8:73:82:e1:ee:b4:60:
                    29:f6:d4:a9:c1:a4:70:62:b7:c4:dc:e3:44:b2:84:
                    17:64:7f:e7:a5:04:c5:80:58:36:8d:67:be:10:6e:
                    50:a8:c5:dd:fe:f2:24:57:0f:8c:f3:01:6b:50:d7:
                    1d:6a:b3:df:9d:df:25:45:0b:df:84:bb:d8:fe:0e:
                    e2:4c:07:e1:f2:1d:19:6d:2b:e0:df:f0:86:ac:b6:
                    35:17:e6:f1:44:e0:6e:f2:ef:b4:ba:47:43:15:25:
                    fd:f0:9c:87:28:72:dc:93:dd:3c:13:56:a9:ab:80:
                    fb:5a:6b:c3:a8:a0:61:d6:79:8b:ab:c9:06:39:61:
                    62:d0:8d:98:49:63:a1:52:d8:99:7d:57:b7:58:e1:
                    e2:1c:f5:1e:dd:7c:ed:53:79:3d:56:fe:f3:55:72:
                    72:75:97:3a:09:8c:53:ed:52:b2:f0:ea:2d:40:d2:
                    d1:6a:60:fc:d4:51:a1:e7:b4:9e:53:77:40:30:24:
                    c7:21:6f:70:54:bd:2b:6a:b0:2b:e4:63:35:9c:40:
                    3b:ad:5e:ef:df:da:84:44:bc:18:50:34:f8:94:db:
                    ad:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8B:B5:70:6D:F4:51:8A:F2:52:11:BA:EE:FC:89:C7:A6:B3:67:24
            X509v3 Authority Key Identifier:
                keyid:08:30:BC:34:B8:F4:FC:BC:2B:F5:23:BB:DB:E9:A0:44:A2:44:5F:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDC8NLj0_Lwr9SO72-mgRKJEX74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3fa36d-8faf-4bdc-ad9e-013c1f01edb9/1/hIu1cG30UYryUhG67vyJx6azZyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3fa36d-8faf-4bdc-ad9e-013c1f01edb9/1/CDC8NLj0_Lwr9SO72-mgRKJEX74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.154.244.0/22
                  185.48.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:ad:c1:bc:9f:96:b2:eb:5c:6c:ea:a7:2e:40:60:e8:7c:bf:
         36:8c:82:8c:ec:1f:17:c9:fb:18:b1:63:3f:98:5f:ec:40:54:
         55:18:57:0c:90:fa:b1:c3:d8:65:ba:9a:b4:4a:f4:1a:48:62:
         76:72:df:6c:35:12:0d:e6:a9:75:19:8f:03:51:00:02:cd:03:
         7b:55:63:e1:11:72:52:bc:12:01:3b:81:6b:6d:42:50:c9:df:
         68:27:cd:1d:96:26:e6:6d:3d:b9:f0:42:68:05:6e:39:c7:e9:
         5d:2f:25:11:53:51:7b:46:26:68:66:20:93:13:b1:cc:a9:00:
         20:91:9e:31:d3:37:96:5f:d8:7a:57:5b:c8:64:25:09:42:51:
         5e:64:3a:ca:6f:b8:09:bf:40:42:76:77:8c:11:98:2b:79:48:
         49:87:18:95:61:f6:ff:bc:54:c6:01:ab:a8:af:85:ff:23:db:
         d6:9f:a5:c1:78:ad:47:c9:5b:59:bb:a3:42:f1:88:d3:de:b5:
         71:a6:c0:27:ff:34:61:cf:45:73:c7:2c:ca:d7:05:7b:3a:a3:
         f1:5e:45:2e:80:10:2e:37:99:73:2b:10:c2:db:2c:3e:01:04:
         72:d6:79:78:f8:ef:66:e4:d7:a1:27:ea:f3:ed:74:3d:1c:b4:
         57:22:54:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKK5zn2Sne8r3yEX/lerLfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzBiYzM0YjhmNGZjYmMyYmY1MjNiYmRiZTlhMDQ0YTI0
NDVmYmUwHhcNMjQwMTAyMTIzNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhiYjU3MDZkZjQ1MThhZjI1MjExYmFlZWZjODljN2E2YjM2NzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXFRxYkfPlMo3nyZBB/O2WYw23j7
PSJsASGyCI207ArmkQ6beehzguHutGAp9tSpwaRwYrfE3ONEsoQXZH/npQTFgFg2
jWe+EG5QqMXd/vIkVw+M8wFrUNcdarPfnd8lRQvfhLvY/g7iTAfh8h0ZbSvg3/CG
rLY1F+bxROBu8u+0ukdDFSX98JyHKHLck908E1apq4D7WmvDqKBh1nmLq8kGOWFi
0I2YSWOhUtiZfVe3WOHiHPUe3XztU3k9Vv7zVXJydZc6CYxT7VKy8OotQNLRamD8
1FGh57SeU3dAMCTHIW9wVL0rarAr5GM1nEA7rV7v39qERLwYUDT4lNut1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFISLtXBt9FGK8lIRuu78icems2ckMB8GA1UdIwQY
MBaAFAgwvDS49Py8K/Uju9vpoESiRF++MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RDOE5MajBfTHdyOVNPNzItbWdSS0pFWDc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zZmEzNmQtOGZhZi00YmRjLWFkOWUt
MDEzYzFmMDFlZGI5LzEvaEl1MWNHMzBVWXJ5VWhHNjd2eUp4NmF6WnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zZmEzNmQtOGZhZi00YmRjLWFkOWUtMDEzYzFmMDFlZGI5
LzEvQ0RDOE5MajBfTHdyOVNPNzItbWdSS0pFWDc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBZr0AwQC
uTBQMA0GCSqGSIb3DQEBCwUAA4IBAQASrcG8n5ay61xs6qcuQGDofL82jIKM7B8X
yfsYsWM/mF/sQFRVGFcMkPqxw9hlupq0SvQaSGJ2ct9sNRIN5ql1GY8DUQACzQN7
VWPhEXJSvBIBO4FrbUJQyd9oJ80dlibmbT258EJoBW45x+ldLyURU1F7RiZoZiCT
E7HMqQAgkZ4x0zeWX9h6V1vIZCUJQlFeZDrKb7gJv0BCdneMEZgreUhJhxiVYfb/
vFTGAauor4X/I9vWn6XBeK1HyVtZu6NC8YjT3rVxpsAn/zRhz0VzxyzK1wV7OqPx
XkUugBAuN5lzKxDC2yw+AQRy1nl4+O9m5NehJ+rz7XQ9HLRXIlT4
-----END CERTIFICATE-----