Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/hbyI9JcK6o3VXMO4XROByAkoXc0.roa
File:                     hbyI9JcK6o3VXMO4XROByAkoXc0.roa (raw, json)
Hash identifier:          iKD+Y7Qq10xDMOnX2SS88ghYbL8l9MGV5RzAHHw6UIk=
Subject key identifier:   85:BC:88:F4:97:0A:EA:8D:D5:5C:C3:B8:5D:13:81:C8:09:28:5D:CD
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       018CC9BBD5F311E7D84B8E8AF2F2200ACECA
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/hbyI9JcK6o3VXMO4XROByAkoXc0.roa
Signing time:             Tue 02 Jan 2024 10:32:59 +0000
ROA not before:           Tue 02 Jan 2024 10:32:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209455
IP address blocks:        195.228.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:d5:f3:11:e7:d8:4b:8e:8a:f2:f2:20:0a:ce:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 10:32:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85bc88f4970aea8dd55cc3b85d1381c809285dcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:54:e7:d4:fc:68:d8:4b:7c:d8:21:e5:61:7e:
                    36:e5:89:fe:ff:10:14:ac:18:48:31:01:e5:49:82:
                    82:7a:4b:5f:f3:95:c1:6c:99:8f:54:a0:51:5d:f0:
                    e4:b4:a8:a3:31:c5:f8:ba:66:55:3b:64:aa:07:2a:
                    ef:a0:3a:f1:08:2a:4c:9c:bc:ed:bd:e7:ed:ed:e2:
                    18:b7:2d:72:23:22:6a:82:ac:a7:c3:6c:5e:63:ff:
                    14:38:c4:89:3f:7f:52:12:81:36:be:fa:77:70:82:
                    de:e5:e8:65:e5:b4:23:3d:40:95:08:98:b4:01:6c:
                    3a:39:9a:e5:99:56:f4:da:b0:46:25:1c:30:eb:0f:
                    c6:0a:e0:e9:5e:2a:d4:fc:e8:e9:c3:6b:5e:24:a1:
                    e6:75:ad:10:32:63:ef:8d:94:38:3e:a4:01:ca:11:
                    a6:8b:9f:2a:6d:74:dd:e8:0d:cd:f9:ca:f2:96:a0:
                    77:9b:07:f1:d7:e9:e7:22:21:b8:07:e5:4d:ae:5d:
                    a9:b2:64:e6:4f:54:31:dc:c3:e6:f5:35:0b:dd:73:
                    ee:d1:e5:c9:8a:13:8e:a0:7d:ad:e9:ea:08:cc:04:
                    75:5d:a9:8e:81:95:8f:7a:98:37:7a:a4:ed:1d:06:
                    e5:98:b8:d1:b3:52:2f:20:f7:60:11:c4:35:6a:2b:
                    51:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:BC:88:F4:97:0A:EA:8D:D5:5C:C3:B8:5D:13:81:C8:09:28:5D:CD
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/hbyI9JcK6o3VXMO4XROByAkoXc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.228.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:3f:44:44:27:af:8a:09:50:58:a9:d4:8b:a7:70:a7:d3:c8:
         0d:15:dc:c1:4b:e4:aa:9e:81:c6:af:50:e5:f5:a4:3d:c3:16:
         5f:88:ea:93:c5:4f:f5:10:5d:de:72:f5:57:02:43:72:ac:7a:
         ee:c6:50:18:d7:db:6e:a0:a7:90:68:96:64:f7:bd:58:97:a5:
         e7:33:d6:95:52:eb:56:9a:28:30:f9:bc:ca:8d:73:26:90:13:
         fd:be:78:15:40:5f:f4:f8:9f:15:97:35:0f:51:cd:d9:e3:e5:
         63:3c:b5:4f:f4:b6:62:4e:7a:c7:32:05:81:52:24:99:93:1d:
         82:3b:0d:f3:27:3b:8b:60:ac:43:05:a8:4f:00:50:47:cf:db:
         3b:6a:e7:21:50:d7:f8:e0:93:b6:b4:8c:5c:49:5a:00:0a:a5:
         e7:0d:09:ba:fc:60:f5:11:50:ff:18:f8:a5:28:2f:d2:b7:dd:
         db:72:2f:66:c5:1f:7f:95:91:48:86:8d:8a:af:92:06:65:6b:
         35:cc:a2:67:4c:81:9b:93:85:d5:a8:2a:f7:33:02:7c:0f:7a:
         5c:4e:6e:96:4a:d0:42:fc:d6:c5:18:52:58:24:f5:c8:00:d7:
         f4:99:d8:44:30:2b:62:a3:99:27:55:a1:1a:f6:7c:ae:fd:1c:
         c0:cf:f8:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu9XzEefYS46K8vIgCs7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWJjODhmNDk3MGFlYThkZDU1Y2MzYjg1ZDEzODFjODA5Mjg1ZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFTn1Pxo2Et82CHlYX425Yn+/xAU
rBhIMQHlSYKCektf85XBbJmPVKBRXfDktKijMcX4umZVO2SqByrvoDrxCCpMnLzt
veft7eIYty1yIyJqgqynw2xeY/8UOMSJP39SEoE2vvp3cILe5ehl5bQjPUCVCJi0
AWw6OZrlmVb02rBGJRww6w/GCuDpXirU/Ojpw2teJKHmda0QMmPvjZQ4PqQByhGm
i58qbXTd6A3N+crylqB3mwfx1+nnIiG4B+VNrl2psmTmT1Qx3MPm9TUL3XPu0eXJ
ihOOoH2t6eoIzAR1XamOgZWPepg3eqTtHQblmLjRs1IvIPdgEcQ1aitRDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIW8iPSXCuqN1VzDuF0TgcgJKF3NMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvaGJ5STlKY0s2bzNWWE1PNFhST0J5QWtvWGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+Q6MA0G
CSqGSIb3DQEBCwUAA4IBAQB/P0REJ6+KCVBYqdSLp3Cn08gNFdzBS+SqnoHGr1Dl
9aQ9wxZfiOqTxU/1EF3ecvVXAkNyrHruxlAY19tuoKeQaJZk971Yl6XnM9aVUutW
migw+bzKjXMmkBP9vngVQF/0+J8VlzUPUc3Z4+VjPLVP9LZiTnrHMgWBUiSZkx2C
Ow3zJzuLYKxDBahPAFBHz9s7auchUNf44JO2tIxcSVoACqXnDQm6/GD1EVD/GPil
KC/St93bci9mxR9/lZFIho2Kr5IGZWs1zKJnTIGbk4XVqCr3MwJ8D3pcTm6WStBC
/NbFGFJYJPXIANf0mdhEMCtio5knVaEa9nyu/RzAz/iN
-----END CERTIFICATE-----