Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/c6f86d-f795-419f-ad31-ee9c3452cbaf/1/HKoDKoAoIvDmZ9USvPkklgAJOwg.roa
File:                     HKoDKoAoIvDmZ9USvPkklgAJOwg.roa (raw, json)
Hash identifier:          1aZyXF+ClJCaBmbyueLxU5omT+YmmDo8zcBaxJz3Oq0=
Subject key identifier:   1C:AA:03:2A:80:28:22:F0:E6:67:D5:12:BC:F9:24:96:00:09:3B:08
Certificate issuer:       /CN=418df868f7d9e98d4fd41e6da597a283c9141b44
Certificate serial:       018CC9BC867B18F03BA3A8B9ACD6803CE6C9
Authority key identifier: 41:8D:F8:68:F7:D9:E9:8D:4F:D4:1E:6D:A5:97:A2:83:C9:14:1B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QY34aPfZ6Y1P1B5tpZeig8kUG0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/c6f86d-f795-419f-ad31-ee9c3452cbaf/1/HKoDKoAoIvDmZ9USvPkklgAJOwg.roa
Signing time:             Tue 02 Jan 2024 10:33:44 +0000
ROA not before:           Tue 02 Jan 2024 10:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202409
IP address blocks:        185.1.166.0/23 maxlen: 32
                          2001:7f8:f2::/48 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/c6f86d-f795-419f-ad31-ee9c3452cbaf/1/QY34aPfZ6Y1P1B5tpZeig8kUG0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/c6f86d-f795-419f-ad31-ee9c3452cbaf/1/QY34aPfZ6Y1P1B5tpZeig8kUG0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QY34aPfZ6Y1P1B5tpZeig8kUG0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:86:7b:18:f0:3b:a3:a8:b9:ac:d6:80:3c:e6:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=418df868f7d9e98d4fd41e6da597a283c9141b44
        Validity
            Not Before: Jan  2 10:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1caa032a802822f0e667d512bcf9249600093b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b7:fe:9f:b7:af:2b:22:36:53:2b:77:d6:10:
                    fb:06:6a:e4:7c:6c:86:92:1b:dc:38:21:26:47:6d:
                    88:3d:d0:5e:86:ee:b9:9e:79:3b:1d:03:d2:f7:6d:
                    67:e3:e0:93:4e:d5:3d:2d:2e:7a:20:09:0c:42:18:
                    8c:16:9f:d8:db:9e:c6:c8:18:c7:8a:75:c4:d0:71:
                    c3:21:e0:3a:65:61:62:db:5a:b6:9d:e4:48:93:70:
                    21:11:d4:c6:a1:74:bf:52:34:f9:c1:56:5a:c9:fa:
                    94:66:15:77:27:79:1a:7e:0e:0f:d5:7b:d5:3d:a0:
                    2b:72:8f:ed:77:e0:2b:f7:65:a4:fd:b6:d3:fe:df:
                    d5:8b:b8:df:df:d0:11:f9:73:8c:58:b0:7f:e6:73:
                    87:46:2c:0e:ee:b5:f0:3a:ee:87:84:e0:88:14:62:
                    79:a2:b3:ef:9f:d1:d8:c0:71:13:59:42:d8:eb:67:
                    2c:ce:93:59:04:ff:2c:87:a8:86:c6:d6:9d:59:00:
                    4a:ac:a2:f2:2e:f2:fb:05:6e:85:76:a6:ac:dd:53:
                    d9:3d:55:09:c6:a4:66:ad:eb:3d:0b:34:f1:05:03:
                    2b:66:00:aa:db:0e:44:db:49:8e:60:7f:cf:5e:8f:
                    80:81:31:f1:41:b8:5c:82:17:e3:68:80:16:67:e3:
                    18:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:AA:03:2A:80:28:22:F0:E6:67:D5:12:BC:F9:24:96:00:09:3B:08
            X509v3 Authority Key Identifier:
                keyid:41:8D:F8:68:F7:D9:E9:8D:4F:D4:1E:6D:A5:97:A2:83:C9:14:1B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QY34aPfZ6Y1P1B5tpZeig8kUG0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/c6f86d-f795-419f-ad31-ee9c3452cbaf/1/HKoDKoAoIvDmZ9USvPkklgAJOwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/c6f86d-f795-419f-ad31-ee9c3452cbaf/1/QY34aPfZ6Y1P1B5tpZeig8kUG0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.166.0/23
                IPv6:
                  2001:7f8:f2::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:95:30:a3:0d:11:f1:e8:99:35:c5:f9:20:f2:41:ce:dd:28:
         d7:c6:6d:b8:fd:47:5d:02:4d:18:79:c0:1c:08:51:95:c2:13:
         b3:75:ef:85:07:39:48:b0:3b:07:15:79:9a:10:b9:ac:5a:12:
         9d:49:09:05:17:1f:a2:7d:6a:30:b5:17:83:da:0c:10:9a:55:
         53:bc:30:ed:aa:dd:d8:42:0b:6c:50:e5:c7:74:c2:8f:9e:5c:
         d9:f6:37:87:ea:1f:9c:0d:34:18:72:95:41:58:66:d3:cb:1b:
         84:54:98:0f:46:3d:1f:48:26:3f:4e:36:9c:ce:55:67:61:13:
         47:6b:0c:36:cb:1f:52:a4:51:09:23:66:af:3f:69:57:56:c8:
         af:3d:2f:97:2c:30:23:5f:a5:05:04:db:ae:f7:57:33:82:a5:
         29:a2:cd:8a:27:a3:7d:e4:a5:8a:48:a0:04:bc:e8:f3:1e:ef:
         0f:a9:fd:ff:3a:77:ab:d4:f6:60:39:96:fd:2e:93:cd:e8:de:
         2a:95:bc:0d:16:4b:1e:16:c6:a1:1b:11:9a:a4:5a:34:58:d7:
         cb:33:ca:5d:11:43:e1:c1:41:ee:e6:3d:6c:b1:c2:1a:dc:d3:
         d5:ad:36:af:d9:bc:64:43:88:f0:d7:e1:79:a7:16:c1:83:5f:
         d2:9f:c5:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvIZ7GPA7o6i5rNaAPObJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOGRmODY4ZjdkOWU5OGQ0ZmQ0MWU2ZGE1OTdhMjgzYzkx
NDFiNDQwHhcNMjQwMTAyMTAzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2FhMDMyYTgwMjgyMmYwZTY2N2Q1MTJiY2Y5MjQ5NjAwMDkzYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7f+n7evKyI2Uyt31hD7BmrkfGyG
khvcOCEmR22IPdBehu65nnk7HQPS921n4+CTTtU9LS56IAkMQhiMFp/Y257GyBjH
inXE0HHDIeA6ZWFi21q2neRIk3AhEdTGoXS/UjT5wVZayfqUZhV3J3kafg4P1XvV
PaArco/td+Ar92Wk/bbT/t/Vi7jf39AR+XOMWLB/5nOHRiwO7rXwOu6HhOCIFGJ5
orPvn9HYwHETWULY62cszpNZBP8sh6iGxtadWQBKrKLyLvL7BW6Fdqas3VPZPVUJ
xqRmres9CzTxBQMrZgCq2w5E20mOYH/PXo+AgTHxQbhcghfjaIAWZ+MY7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFByqAyqAKCLw5mfVErz5JJYACTsIMB8GA1UdIwQY
MBaAFEGN+Gj32emNT9QebaWXooPJFBtEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVkzNGFQZlo2WTFQMUI1dHBaZWlnOGtVRzBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9jNmY4NmQtZjc5NS00MTlmLWFkMzEt
ZWU5YzM0NTJjYmFmLzEvSEtvREtvQW9JdkRtWjlVU3ZQa2tsZ0FKT3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9jNmY4NmQtZjc5NS00MTlmLWFkMzEtZWU5YzM0NTJjYmFm
LzEvUVkzNGFQZlo2WTFQMUI1dHBaZWlnOGtVRzBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuQGmMA8E
AgACMAkDBwAgAQf4APIwDQYJKoZIhvcNAQELBQADggEBADSVMKMNEfHomTXF+SDy
Qc7dKNfGbbj9R10CTRh5wBwIUZXCE7N174UHOUiwOwcVeZoQuaxaEp1JCQUXH6J9
ajC1F4PaDBCaVVO8MO2q3dhCC2xQ5cd0wo+eXNn2N4fqH5wNNBhylUFYZtPLG4RU
mA9GPR9IJj9ONpzOVWdhE0drDDbLH1KkUQkjZq8/aVdWyK89L5csMCNfpQUE2673
VzOCpSmizYono33kpYpIoAS86PMe7w+p/f86d6vU9mA5lv0uk83o3iqVvA0WSx4W
xqEbEZqkWjRY18szyl0RQ+HBQe7mPWyxwhrc09WtNq/ZvGRDiPDX4XmnFsGDX9Kf
xfY=
-----END CERTIFICATE-----