Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/hneF-ta9JCo_m9DjZSxAvY21ubI.roa
File:                     hneF-ta9JCo_m9DjZSxAvY21ubI.roa (raw, json)
Hash identifier:          mdt1b1V5yu6opasaoeepwgRYDuwwSqnjtp9dE8jdIAw=
Subject key identifier:   86:77:85:FA:D6:BD:24:2A:3F:9B:D0:E3:65:2C:40:BD:8D:B5:B9:B2
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A8C4E621BD75CF099E581438806E5
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/hneF-ta9JCo_m9DjZSxAvY21ubI.roa
Signing time:             Mon 01 Jan 2024 18:30:23 +0000
ROA not before:           Mon 01 Jan 2024 18:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210706
IP address blocks:        37.18.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8c:4e:62:1b:d7:5c:f0:99:e5:81:43:88:06:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=867785fad6bd242a3f9bd0e3652c40bd8db5b9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:37:1e:a8:ae:d8:31:b5:d2:94:b3:ca:89:29:
                    29:41:c1:d2:00:77:7a:e8:e4:03:08:5f:2b:f2:2c:
                    68:51:02:35:e7:91:ea:b4:b0:0c:c0:dd:db:58:99:
                    c9:c5:1b:2d:53:71:de:10:97:11:0a:53:f7:68:74:
                    b6:dd:0f:5d:52:2a:1b:1a:53:98:a7:28:56:a8:f2:
                    80:19:66:9d:92:4f:22:e6:4d:89:e1:34:96:cc:79:
                    f3:0f:de:dd:5b:48:38:dd:68:99:dd:e3:07:8b:1b:
                    f3:d4:25:20:0a:00:cd:5c:da:86:ae:27:f2:e9:b4:
                    ef:50:b0:d8:17:68:c9:00:79:a2:91:54:0d:9f:d7:
                    87:b5:02:19:2b:ad:37:72:dc:b5:91:ef:21:05:de:
                    db:0a:0c:1c:f3:40:49:a2:a6:ff:b4:91:6f:7c:a6:
                    64:6c:af:48:2e:19:ed:06:f0:cf:e0:a0:30:d4:81:
                    ae:ed:3e:a4:5c:8d:2d:bf:c8:3f:6a:4f:98:e5:79:
                    cc:f4:8d:e5:0d:38:95:50:ef:4f:f0:8e:da:e8:e5:
                    d9:a4:e3:7e:13:c5:f7:f2:74:b1:52:66:5e:4a:67:
                    48:e6:3c:ee:5b:99:9a:8c:1e:0b:3d:ae:df:2c:c4:
                    df:94:e0:3d:c3:81:ec:2b:78:69:af:eb:ec:76:f1:
                    2e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:77:85:FA:D6:BD:24:2A:3F:9B:D0:E3:65:2C:40:BD:8D:B5:B9:B2
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/hneF-ta9JCo_m9DjZSxAvY21ubI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:54:af:85:d3:11:32:da:03:0f:b5:0d:30:53:2f:c8:47:ba:
         6b:14:af:e2:a7:6f:f9:ae:58:4d:9e:75:b2:6b:74:20:ee:84:
         e4:e8:b2:20:b3:63:89:a9:8b:dc:61:00:1e:99:10:ff:a1:4e:
         08:3c:56:35:9a:d1:cc:8a:88:2c:be:4b:75:40:4e:f6:0b:dd:
         a1:22:0b:1c:a8:37:7e:ce:aa:dc:18:0e:36:5d:e9:3b:80:c5:
         0a:ca:bb:1c:29:d5:46:0e:c1:9e:82:1a:c1:f3:5f:19:e2:37:
         9e:4b:d4:8a:7b:ae:07:8a:7e:8f:27:09:e9:e5:1b:fb:fa:ca:
         de:9c:16:42:1a:d8:9e:cd:b7:ff:7b:0b:b3:5a:83:85:5f:4f:
         b1:cf:be:0e:76:b9:67:dc:35:6a:e9:d2:89:31:f2:47:e8:77:
         b4:a8:a6:29:7b:0f:06:ed:91:81:24:6f:c0:00:17:db:3f:f6:
         73:f1:a4:92:87:e2:6f:b1:fa:46:2f:01:5a:b5:b3:95:0a:8a:
         59:95:6c:39:6f:5e:5a:29:59:18:b7:31:34:0d:87:73:65:b5:
         93:33:de:15:3b:0a:17:b2:f7:de:8b:e5:9d:e3:d8:99:bc:13:
         09:3f:f0:cb:71:95:ab:72:1b:04:45:ea:8c:60:6f:09:cd:50:
         9b:c5:31:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoxOYhvXXPCZ5YFDiAblMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc3ODVmYWQ2YmQyNDJhM2Y5YmQwZTM2NTJjNDBiZDhkYjViOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+DceqK7YMbXSlLPKiSkpQcHSAHd6
6OQDCF8r8ixoUQI155HqtLAMwN3bWJnJxRstU3HeEJcRClP3aHS23Q9dUiobGlOY
pyhWqPKAGWadkk8i5k2J4TSWzHnzD97dW0g43WiZ3eMHixvz1CUgCgDNXNqGrify
6bTvULDYF2jJAHmikVQNn9eHtQIZK603cty1ke8hBd7bCgwc80BJoqb/tJFvfKZk
bK9ILhntBvDP4KAw1IGu7T6kXI0tv8g/ak+Y5XnM9I3lDTiVUO9P8I7a6OXZpON+
E8X38nSxUmZeSmdI5jzuW5majB4LPa7fLMTflOA9w4HsK3hpr+vsdvEulwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZ3hfrWvSQqP5vQ42UsQL2NtbmyMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvaG5lRi10YTlKQ29fbTlEalpTeEF2WTIxdWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRISMA0G
CSqGSIb3DQEBCwUAA4IBAQAqVK+F0xEy2gMPtQ0wUy/IR7prFK/ip2/5rlhNnnWy
a3Qg7oTk6LIgs2OJqYvcYQAemRD/oU4IPFY1mtHMiogsvkt1QE72C92hIgscqDd+
zqrcGA42Xek7gMUKyrscKdVGDsGeghrB818Z4jeeS9SKe64Hin6PJwnp5Rv7+sre
nBZCGtiezbf/ewuzWoOFX0+xz74Odrln3DVq6dKJMfJH6He0qKYpew8G7ZGBJG/A
ABfbP/Zz8aSSh+JvsfpGLwFatbOVCopZlWw5b15aKVkYtzE0DYdzZbWTM94VOwoX
svfei+Wd49iZvBMJP/DLcZWrchsEReqMYG8JzVCbxTEX
-----END CERTIFICATE-----