Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/sMSHQnk2JNxEHm8sjpMx-G2kK9M.roa
File:                     sMSHQnk2JNxEHm8sjpMx-G2kK9M.roa (raw, json)
Hash identifier:          kwqlk6FinezJB904OSl+xjSqZxmsM6u4ZlOzD9FXK+s=
Subject key identifier:   B0:C4:87:42:79:36:24:DC:44:1E:6F:2C:8E:93:31:F8:6D:A4:2B:D3
Certificate issuer:       /CN=856f0c90073afb8ecde7e83409ceabdb93b41a4e
Certificate serial:       018CC86F33FC9A1A4284EC60A3D282D35F45
Authority key identifier: 85:6F:0C:90:07:3A:FB:8E:CD:E7:E8:34:09:CE:AB:DB:93:B4:1A:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/sMSHQnk2JNxEHm8sjpMx-G2kK9M.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24940
IP address blocks:        185.110.95.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:33:fc:9a:1a:42:84:ec:60:a3:d2:82:d3:5f:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=856f0c90073afb8ecde7e83409ceabdb93b41a4e
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0c48742793624dc441e6f2c8e9331f86da42bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:50:03:bf:74:95:9e:c9:4b:48:c8:f8:68:ed:
                    f9:b4:4b:ab:70:ce:ab:ed:ce:65:37:aa:6e:6c:3f:
                    11:07:8f:9c:38:ec:3c:31:47:02:16:71:12:8a:ad:
                    7f:b5:52:e4:ea:60:23:fb:13:20:cd:7f:2f:53:25:
                    13:04:69:f0:e9:70:5a:6e:6e:1f:3d:f1:2a:68:f3:
                    91:f4:89:df:77:0f:c5:b0:d5:7d:3c:b5:62:67:c4:
                    1d:eb:2e:03:dc:0b:ed:88:19:bd:2e:41:25:4f:77:
                    f2:71:b0:8d:27:c6:0c:7c:2c:9d:19:44:2f:33:eb:
                    99:35:ba:31:8a:c9:5d:bf:0e:10:08:9b:fb:5e:f8:
                    f3:4d:c5:36:05:c6:53:91:95:16:40:31:73:db:ab:
                    fe:6a:f4:90:20:89:ea:a1:83:a5:9a:84:e5:fb:75:
                    bf:41:12:ab:8d:b0:94:dc:85:e9:22:6a:6b:35:a0:
                    81:9a:68:99:e0:09:7b:1f:e6:d0:b3:13:8d:19:7f:
                    87:75:ec:40:1b:5d:c8:51:a1:3d:83:89:5e:21:96:
                    fc:b0:6b:ad:8d:72:21:fd:b3:d6:24:04:eb:0b:09:
                    b4:98:6a:f4:09:74:d8:cc:cf:cb:37:75:e8:53:07:
                    f8:96:aa:fc:7f:14:c9:85:37:a9:2e:8d:7a:5b:95:
                    fb:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C4:87:42:79:36:24:DC:44:1E:6F:2C:8E:93:31:F8:6D:A4:2B:D3
            X509v3 Authority Key Identifier:
                keyid:85:6F:0C:90:07:3A:FB:8E:CD:E7:E8:34:09:CE:AB:DB:93:B4:1A:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hW8MkAc6-47N5-g0Cc6r25O0Gk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/sMSHQnk2JNxEHm8sjpMx-G2kK9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/204268-6078-4b53-94d2-44fde96b8aec/1/hW8MkAc6-47N5-g0Cc6r25O0Gk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.110.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:ab:bc:d9:63:b7:32:89:4d:5e:20:3c:8d:89:20:a9:81:08:
         5b:0b:e9:9b:bd:39:97:ff:a2:7f:1b:8e:55:95:f4:61:41:4a:
         14:b8:67:7f:3c:57:00:29:67:b4:95:6c:3f:2c:45:78:ce:ac:
         2c:99:fe:95:f3:ec:b9:24:43:dd:5e:79:30:1a:60:52:33:db:
         38:48:fb:34:31:7d:4b:0a:7d:da:c3:23:59:ea:60:66:e2:26:
         62:f2:0d:b4:14:66:70:22:21:73:77:78:f5:65:4e:e9:51:44:
         fb:8b:f1:80:15:bc:59:aa:61:97:95:e3:47:6f:4b:e5:be:42:
         fe:35:be:08:c0:42:48:45:3e:35:80:95:ee:c2:85:94:7d:36:
         15:c2:09:fb:aa:07:a3:09:fb:4f:62:6e:88:f4:9e:d9:6e:a5:
         48:13:60:52:07:77:cc:78:7f:cf:f6:65:41:6e:c3:71:b4:06:
         98:cd:98:1b:6b:45:4e:20:e3:24:13:df:34:94:62:1a:f7:6e:
         f4:f5:0f:83:ac:e7:1e:6e:64:48:3e:5d:aa:ed:d6:0b:b2:d8:
         41:4d:1a:40:c2:a8:09:10:94:da:9e:0c:53:3d:ba:d4:4a:83:
         bf:3b:44:c3:ed:17:ab:f0:33:2d:b1:10:57:99:56:43:9a:a0:
         43:26:9b:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzP8mhpChOxgo9KC019FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NmYwYzkwMDczYWZiOGVjZGU3ZTgzNDA5Y2VhYmRiOTNi
NDFhNGUwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGM0ODc0Mjc5MzYyNGRjNDQxZTZmMmM4ZTkzMzFmODZkYTQyYmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1ADv3SVnslLSMj4aO35tEurcM6r
7c5lN6pubD8RB4+cOOw8MUcCFnESiq1/tVLk6mAj+xMgzX8vUyUTBGnw6XBabm4f
PfEqaPOR9Infdw/FsNV9PLViZ8Qd6y4D3AvtiBm9LkElT3fycbCNJ8YMfCydGUQv
M+uZNboxisldvw4QCJv7XvjzTcU2BcZTkZUWQDFz26v+avSQIInqoYOlmoTl+3W/
QRKrjbCU3IXpImprNaCBmmiZ4Al7H+bQsxONGX+HdexAG13IUaE9g4leIZb8sGut
jXIh/bPWJATrCwm0mGr0CXTYzM/LN3XoUwf4lqr8fxTJhTepLo16W5X7TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDEh0J5NiTcRB5vLI6TMfhtpCvTMB8GA1UdIwQY
MBaAFIVvDJAHOvuOzefoNAnOq9uTtBpOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFc4TWtBYzYtNDdONS1nMENjNnIyNU8wR2s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8yMDQyNjgtNjA3OC00YjUzLTk0ZDIt
NDRmZGU5NmI4YWVjLzEvc01TSFFuazJKTnhFSG04c2pwTXgtRzJrSzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8yMDQyNjgtNjA3OC00YjUzLTk0ZDItNDRmZGU5NmI4YWVj
LzEvaFc4TWtBYzYtNDdONS1nMENjNnIyNU8wR2s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW5fMA0G
CSqGSIb3DQEBCwUAA4IBAQAyq7zZY7cyiU1eIDyNiSCpgQhbC+mbvTmX/6J/G45V
lfRhQUoUuGd/PFcAKWe0lWw/LEV4zqwsmf6V8+y5JEPdXnkwGmBSM9s4SPs0MX1L
Cn3awyNZ6mBm4iZi8g20FGZwIiFzd3j1ZU7pUUT7i/GAFbxZqmGXleNHb0vlvkL+
Nb4IwEJIRT41gJXuwoWUfTYVwgn7qgejCftPYm6I9J7ZbqVIE2BSB3fMeH/P9mVB
bsNxtAaYzZgba0VOIOMkE980lGIa92709Q+DrOcebmRIPl2q7dYLsthBTRpAwqgJ
EJTangxTPbrUSoO/O0TD7Rer8DMtsRBXmVZDmqBDJpuN
-----END CERTIFICATE-----