Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/hUMhaoiVG-zSA51X1uyBi2GeE-Q.roa
File:                     hUMhaoiVG-zSA51X1uyBi2GeE-Q.roa (raw, json)
Hash identifier:          I/ihK9B7XDTUZkdCTbm8zLpmpjYodyXqkgd21HJv/88=
Subject key identifier:   85:43:21:6A:88:95:1B:EC:D2:03:9D:57:D6:EC:81:8B:61:9E:13:E4
Certificate issuer:       /CN=286687fb64a77f0100baf23d4f341ece775950e5
Certificate serial:       018CC7949C4E58050E84313D4CA43CE3ED99
Authority key identifier: 28:66:87:FB:64:A7:7F:01:00:BA:F2:3D:4F:34:1E:CE:77:59:50:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGaH-2SnfwEAuvI9TzQezndZUOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/hUMhaoiVG-zSA51X1uyBi2GeE-Q.roa
Signing time:             Tue 02 Jan 2024 00:30:54 +0000
ROA not before:           Tue 02 Jan 2024 00:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206737
IP address blocks:        185.177.212.0/22 maxlen: 24
                          2a0a:4680::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/KGaH-2SnfwEAuvI9TzQezndZUOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/KGaH-2SnfwEAuvI9TzQezndZUOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KGaH-2SnfwEAuvI9TzQezndZUOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:9c:4e:58:05:0e:84:31:3d:4c:a4:3c:e3:ed:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=286687fb64a77f0100baf23d4f341ece775950e5
        Validity
            Not Before: Jan  2 00:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8543216a88951becd2039d57d6ec818b619e13e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:64:78:90:ba:f2:16:7c:cf:c1:53:8e:91:26:
                    f9:95:d8:4e:2a:1a:77:24:af:dc:e9:53:58:1e:ce:
                    e6:46:b7:ae:07:24:66:c3:fe:ea:b4:fd:a4:3e:ca:
                    33:7f:2c:89:fe:08:5f:ba:55:27:7f:6a:9a:ca:5e:
                    87:fe:58:0e:b0:c2:df:ee:a5:91:50:53:19:76:12:
                    d5:c0:16:05:9f:77:aa:d6:76:33:ec:c8:17:67:5c:
                    f7:e3:dc:9d:eb:73:6d:85:1e:f9:3f:55:ed:3f:f1:
                    4a:82:a3:08:8d:53:92:9b:66:3e:cd:f4:30:f4:76:
                    04:ff:0a:ab:dc:9e:af:95:3e:af:6c:bb:b7:d2:bd:
                    4c:72:82:06:c8:e8:0f:de:0a:37:9d:6d:b5:10:19:
                    dc:1b:de:bc:4e:b7:44:2f:f0:d3:52:75:38:bd:61:
                    27:71:d7:1a:47:12:a1:46:84:fa:c9:6c:ad:88:8e:
                    ce:3e:9e:69:f3:ae:09:27:8f:b7:11:35:dd:0d:bd:
                    86:dd:a0:b9:c5:f9:fa:b1:a4:45:48:b3:5a:b5:18:
                    3d:9e:32:15:95:5b:ee:4c:be:ef:e5:8b:9e:df:47:
                    64:8a:ea:45:0f:a1:ba:49:f6:37:28:1b:35:2d:a0:
                    25:8f:ed:37:80:bd:7f:58:11:5b:02:97:90:57:47:
                    07:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:43:21:6A:88:95:1B:EC:D2:03:9D:57:D6:EC:81:8B:61:9E:13:E4
            X509v3 Authority Key Identifier:
                keyid:28:66:87:FB:64:A7:7F:01:00:BA:F2:3D:4F:34:1E:CE:77:59:50:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGaH-2SnfwEAuvI9TzQezndZUOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/hUMhaoiVG-zSA51X1uyBi2GeE-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/KGaH-2SnfwEAuvI9TzQezndZUOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.212.0/22
                IPv6:
                  2a0a:4680::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:9a:16:40:46:db:26:7c:62:2a:24:b3:d5:84:f3:7c:43:e1:
         e2:07:d6:2d:c2:1d:2a:42:09:48:84:d4:cd:11:2e:dc:72:26:
         ea:49:f6:7b:61:58:f8:f1:d6:7a:00:55:b5:bd:07:48:db:da:
         8c:9c:8c:a0:a1:7b:a3:f5:33:42:dd:11:fe:78:76:8a:81:3a:
         35:cc:6c:09:64:8f:08:6b:39:40:67:19:7f:a8:86:82:fb:59:
         fe:94:64:04:f5:e7:10:0a:c1:a7:78:34:40:41:36:0d:42:3d:
         d5:d0:a4:9e:68:e6:69:ca:0a:85:f8:2c:6c:d6:97:a5:87:f4:
         66:b2:3a:10:80:ba:89:ef:e7:22:0a:84:51:f5:d9:5f:4d:44:
         9d:95:b3:c1:d7:6c:a9:e6:6f:a7:d2:0f:a6:90:5e:5f:60:8c:
         4a:3c:50:88:b9:ad:6f:0e:3e:a9:d4:13:51:e6:ab:20:3b:fb:
         2e:cd:51:aa:9c:e7:51:8a:34:e5:69:22:6b:21:51:02:3f:cb:
         ec:40:5b:e8:16:2a:bd:36:40:4b:1b:13:69:c9:da:01:43:0c:
         eb:a3:1d:f8:96:2b:68:69:5d:86:ce:d3:53:e2:1e:c0:ac:15:
         2e:00:1e:b1:76:20:a8:b1:8a:33:b6:bc:06:e6:e8:d4:0f:e7:
         22:f3:7a:a2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlJxOWAUOhDE9TKQ84+2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjY4N2ZiNjRhNzdmMDEwMGJhZjIzZDRmMzQxZWNlNzc1
OTUwZTUwHhcNMjQwMTAyMDAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQzMjE2YTg4OTUxYmVjZDIwMzlkNTdkNmVjODE4YjYxOWUxM2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWR4kLryFnzPwVOOkSb5ldhOKhp3
JK/c6VNYHs7mRreuByRmw/7qtP2kPsozfyyJ/ghfulUnf2qayl6H/lgOsMLf7qWR
UFMZdhLVwBYFn3eq1nYz7MgXZ1z349yd63NthR75P1XtP/FKgqMIjVOSm2Y+zfQw
9HYE/wqr3J6vlT6vbLu30r1McoIGyOgP3go3nW21EBncG968TrdEL/DTUnU4vWEn
cdcaRxKhRoT6yWytiI7OPp5p864JJ4+3ETXdDb2G3aC5xfn6saRFSLNatRg9njIV
lVvuTL7v5Yue30dkiupFD6G6SfY3KBs1LaAlj+03gL1/WBFbApeQV0cH1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIVDIWqIlRvs0gOdV9bsgYthnhPkMB8GA1UdIwQY
MBaAFChmh/tkp38BALryPU80Hs53WVDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dhSC0yU25md0VBdXZJOVR6UWV6bmRaVU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yMDUyYWQtM2Q0MS00NWRhLTg0NzQt
NjMzOWY2YjM2YmNiLzEvaFVNaGFvaVZHLXpTQTUxWDF1eUJpMkdlRS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yMDUyYWQtM2Q0MS00NWRhLTg0NzQtNjMzOWY2YjM2YmNi
LzEvS0dhSC0yU25md0VBdXZJOVR6UWV6bmRaVU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubHUMA0E
AgACMAcDBQMqCkaAMA0GCSqGSIb3DQEBCwUAA4IBAQAZmhZARtsmfGIqJLPVhPN8
Q+HiB9Ytwh0qQglIhNTNES7ccibqSfZ7YVj48dZ6AFW1vQdI29qMnIygoXuj9TNC
3RH+eHaKgTo1zGwJZI8IazlAZxl/qIaC+1n+lGQE9ecQCsGneDRAQTYNQj3V0KSe
aOZpygqF+Cxs1pelh/RmsjoQgLqJ7+ciCoRR9dlfTUSdlbPB12yp5m+n0g+mkF5f
YIxKPFCIua1vDj6p1BNR5qsgO/suzVGqnOdRijTlaSJrIVECP8vsQFvoFiq9NkBL
GxNpydoBQwzrox34litoaV2GztNT4h7ArBUuAB6xdiCosYoztrwG5ujUD+ci83qi
-----END CERTIFICATE-----