Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/DHmLK6qv7LDp9GSFF3bVVqiSSSs.roa
File:                     DHmLK6qv7LDp9GSFF3bVVqiSSSs.roa (raw, json)
Hash identifier:          4c04LYJlSQnDFsWUTe3RinfcXPa5HIaLB5gKn1wNfQ8=
Subject key identifier:   0C:79:8B:2B:AA:AF:EC:B0:E9:F4:64:85:17:76:D5:56:A8:92:49:2B
Certificate issuer:       /CN=918ef823bb041ea3ac7c8936c750b6018137e2cd
Certificate serial:       01942445848FAAE7D9CFF5C7E31D47AA125A
Authority key identifier: 91:8E:F8:23:BB:04:1E:A3:AC:7C:89:36:C7:50:B6:01:81:37:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/DHmLK6qv7LDp9GSFF3bVVqiSSSs.roa
Signing time:             Wed 01 Jan 2025 23:48:42 +0000
ROA not before:           Wed 01 Jan 2025 23:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6908
IP address blocks:        185.4.116.0/22 maxlen: 24
                          185.4.116.0/24 maxlen: 24
                          185.4.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:84:8f:aa:e7:d9:cf:f5:c7:e3:1d:47:aa:12:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918ef823bb041ea3ac7c8936c750b6018137e2cd
        Validity
            Not Before: Jan  1 23:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c798b2baaafecb0e9f464851776d556a892492b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:08:ad:c8:1d:b5:ec:7b:d6:16:99:d7:d0:0c:
                    8c:ae:e7:49:66:c8:61:52:9b:8c:bb:1a:c1:74:0b:
                    2d:a2:4f:f7:31:c7:a2:77:66:78:e3:03:12:83:93:
                    2b:a4:bb:27:ca:2d:29:75:2f:9f:2e:d2:39:60:62:
                    53:9e:01:1c:ba:64:be:78:5a:87:b3:37:63:b3:4a:
                    f7:a5:cf:e5:c2:5e:48:17:2c:96:64:12:81:9d:d2:
                    58:91:33:87:de:8f:74:d2:e1:8a:d3:bb:bd:84:60:
                    c7:20:a8:12:30:ef:4f:83:8b:35:fc:61:48:09:a0:
                    d3:c6:82:6b:b4:f9:e1:d9:a4:f2:4a:13:7b:3e:02:
                    96:96:e8:0b:44:74:68:48:43:a8:66:32:73:e0:53:
                    b0:f2:20:ab:f1:33:bd:18:57:ba:be:c2:5b:74:b9:
                    53:c9:52:74:d5:b0:6b:f4:4a:96:50:4b:fb:3d:96:
                    4d:a2:0a:83:80:68:3c:f6:2a:e9:2a:65:b8:13:93:
                    91:fc:a9:5b:c5:0d:a8:89:39:a5:61:7c:3b:e6:ee:
                    08:bb:b3:22:c0:d3:b8:80:af:c9:58:b5:af:dc:e4:
                    8b:9b:94:25:0b:76:b1:d0:73:0a:e3:fd:0d:5e:48:
                    21:ad:e6:d6:80:76:e4:b7:0d:99:1a:46:44:19:e2:
                    97:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:79:8B:2B:AA:AF:EC:B0:E9:F4:64:85:17:76:D5:56:A8:92:49:2B
            X509v3 Authority Key Identifier:
                keyid:91:8E:F8:23:BB:04:1E:A3:AC:7C:89:36:C7:50:B6:01:81:37:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kY74I7sEHqOsfIk2x1C2AYE34s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/DHmLK6qv7LDp9GSFF3bVVqiSSSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/65420c-f5e2-4d29-b503-6529751b2b01/1/kY74I7sEHqOsfIk2x1C2AYE34s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:2e:e8:4b:fa:2d:a5:dc:0a:28:af:7a:57:72:a5:83:d7:eb:
         fb:c8:c6:27:d5:9f:96:32:93:5f:62:d5:66:44:32:2b:f2:c9:
         34:6a:0a:d4:cf:a7:ee:13:1f:24:8f:2d:d4:8e:7d:e7:90:e9:
         07:5d:82:cc:20:5d:0c:82:03:d7:2a:a2:3a:1c:39:fc:dd:e6:
         f4:09:de:ba:5f:a5:e0:27:f6:74:72:71:78:e3:a1:86:4f:97:
         b3:90:58:75:53:c4:4c:2f:98:ff:e4:8e:82:b0:7f:1c:68:e2:
         24:00:e8:a5:e3:14:1a:93:75:95:30:09:0a:90:1d:4a:d4:1f:
         8b:0e:01:99:d8:95:f3:53:a3:f0:4f:04:63:25:b2:a1:63:33:
         03:70:7a:9c:f1:9e:cf:1c:be:b9:ba:c0:32:db:49:fc:f2:04:
         9c:6d:12:93:bb:55:b6:39:2a:41:36:e4:be:ff:21:65:61:6c:
         39:08:97:5b:f9:e4:4f:e5:f1:22:20:be:2b:9e:3f:89:c6:86:
         50:b6:84:a4:69:ba:b7:96:a0:f7:39:eb:3e:8a:8a:4d:1e:01:
         fa:6f:8b:75:a1:e9:d3:ad:04:6b:17:cb:d9:03:25:05:55:8d:
         c2:3b:19:5e:e0:2f:8f:c2:f8:50:40:7d:46:3e:72:38:c1:f0:
         09:62:5d:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYSPqufZz/XH4x1HqhJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxOGVmODIzYmIwNDFlYTNhYzdjODkzNmM3NTBiNjAxODEz
N2UyY2QwHhcNMjUwMTAxMjM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzc5OGIyYmFhYWZlY2IwZTlmNDY0ODUxNzc2ZDU1NmE4OTI0OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAityB217HvWFpnX0AyMrudJZshh
UpuMuxrBdAstok/3Mceid2Z44wMSg5MrpLsnyi0pdS+fLtI5YGJTngEcumS+eFqH
szdjs0r3pc/lwl5IFyyWZBKBndJYkTOH3o900uGK07u9hGDHIKgSMO9Pg4s1/GFI
CaDTxoJrtPnh2aTyShN7PgKWlugLRHRoSEOoZjJz4FOw8iCr8TO9GFe6vsJbdLlT
yVJ01bBr9EqWUEv7PZZNogqDgGg89irpKmW4E5OR/KlbxQ2oiTmlYXw75u4Iu7Mi
wNO4gK/JWLWv3OSLm5QlC3ax0HMK4/0NXkghrebWgHbktw2ZGkZEGeKXZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAx5iyuqr+yw6fRkhRd21VaokkkrMB8GA1UdIwQY
MBaAFJGO+CO7BB6jrHyJNsdQtgGBN+LNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1k3NEk3c0VIcU9zZklrMngxQzJBWUUzNHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS82NTQyMGMtZjVlMi00ZDI5LWI1MDMt
NjUyOTc1MWIyYjAxLzEvREhtTEs2cXY3TERwOUdTRkYzYlZWcWlTU1NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS82NTQyMGMtZjVlMi00ZDI5LWI1MDMtNjUyOTc1MWIyYjAx
LzEva1k3NEk3c0VIcU9zZklrMngxQzJBWUUzNHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQR0MA0G
CSqGSIb3DQEBCwUAA4IBAQANLuhL+i2l3Aoor3pXcqWD1+v7yMYn1Z+WMpNfYtVm
RDIr8sk0agrUz6fuEx8kjy3Ujn3nkOkHXYLMIF0MggPXKqI6HDn83eb0Cd66X6Xg
J/Z0cnF446GGT5ezkFh1U8RML5j/5I6CsH8caOIkAOil4xQak3WVMAkKkB1K1B+L
DgGZ2JXzU6PwTwRjJbKhYzMDcHqc8Z7PHL65usAy20n88gScbRKTu1W2OSpBNuS+
/yFlYWw5CJdb+eRP5fEiIL4rnj+JxoZQtoSkabq3lqD3Oes+iopNHgH6b4t1oenT
rQRrF8vZAyUFVY3COxle4C+PwvhQQH1GPnI4wfAJYl11
-----END CERTIFICATE-----