Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/1-HzN6HMuAc30705vWX9srqLJVMw.roa
File:                     1-HzN6HMuAc30705vWX9srqLJVMw.roa (raw, json)
Hash identifier:          9eTzcBMsRdem/lCj51bizIGBa1DSZyhdJMu+CL53vDk=
Subject key identifier:   F8:7C:CD:E8:73:2E:01:CD:F4:EF:4E:6F:59:7F:6C:AE:A2:C9:54:CC
Certificate issuer:       /CN=3781babac6925271b179817515e06e6a10acf6b4
Certificate serial:       018D659147213C093E93EABCE7F0839EB386
Authority key identifier: 37:81:BA:BA:C6:92:52:71:B1:79:81:75:15:E0:6E:6A:10:AC:F6:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N4G6usaSUnGxeYF1FeBuahCs9rQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/1-HzN6HMuAc30705vWX9srqLJVMw.roa
Signing time:             Thu 01 Feb 2024 16:47:16 +0000
ROA not before:           Thu 01 Feb 2024 16:47:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204538
IP address blocks:        185.245.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/N4G6usaSUnGxeYF1FeBuahCs9rQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/N4G6usaSUnGxeYF1FeBuahCs9rQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N4G6usaSUnGxeYF1FeBuahCs9rQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:91:47:21:3c:09:3e:93:ea:bc:e7:f0:83:9e:b3:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3781babac6925271b179817515e06e6a10acf6b4
        Validity
            Not Before: Feb  1 16:47:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f87ccde8732e01cdf4ef4e6f597f6caea2c954cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:38:d1:32:64:0f:06:b5:b0:5e:a4:a8:44:9d:
                    66:dc:71:2d:6d:ad:e0:1b:af:64:73:3a:0b:34:da:
                    26:ab:cd:9b:3e:ec:c6:92:5a:ac:42:37:86:3c:b5:
                    cf:eb:78:ce:64:d8:33:b5:3f:d9:28:05:77:f5:ad:
                    ca:33:3f:2d:65:3b:88:de:ca:a0:be:b8:18:f8:ea:
                    bd:a5:67:f6:e4:4e:52:f8:09:fe:f7:7c:e6:69:47:
                    6a:02:f1:ca:10:2e:87:b1:7f:c4:f8:09:8b:31:0a:
                    c6:45:cb:89:c7:67:ef:b1:d7:fe:e3:94:96:00:54:
                    7d:c6:d5:63:62:2a:35:2c:60:f0:f7:d7:ab:54:c4:
                    ff:68:55:ec:85:74:ac:15:78:55:27:06:10:93:6d:
                    bb:a3:c2:42:31:97:3d:13:ef:00:39:95:eb:a6:09:
                    34:f2:6f:92:f5:3b:d1:2c:22:b0:80:3e:9b:f3:da:
                    21:af:e6:13:38:94:47:08:3b:c8:6b:d2:9e:41:bc:
                    20:ef:41:70:75:73:a5:26:70:1b:3e:df:c7:ef:38:
                    1c:ee:59:ba:c2:11:19:6b:ee:88:19:0f:01:30:07:
                    52:62:8e:d5:f5:8a:b3:c3:f5:14:71:8a:f7:5f:39:
                    34:15:7b:8b:4d:52:bd:a7:08:58:c8:d1:a3:b6:ca:
                    d9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:7C:CD:E8:73:2E:01:CD:F4:EF:4E:6F:59:7F:6C:AE:A2:C9:54:CC
            X509v3 Authority Key Identifier:
                keyid:37:81:BA:BA:C6:92:52:71:B1:79:81:75:15:E0:6E:6A:10:AC:F6:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N4G6usaSUnGxeYF1FeBuahCs9rQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/1-HzN6HMuAc30705vWX9srqLJVMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8f83c2-3bb3-4d47-8031-de571b89618d/1/N4G6usaSUnGxeYF1FeBuahCs9rQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:82:95:71:6e:ad:89:89:b1:fe:c2:e9:9b:49:a0:42:c4:df:
         46:8e:eb:1c:03:e6:09:5d:b9:4b:3a:48:d4:43:1e:d5:55:62:
         e5:52:d3:c4:4b:d2:f6:53:ca:75:91:32:9b:ff:38:27:76:35:
         02:b7:9d:a9:8b:fa:d6:65:8c:1b:ee:22:c5:21:1a:17:29:0f:
         80:3b:1b:d5:f6:de:1c:7b:37:b0:9b:99:b0:49:9f:5f:0e:5e:
         f9:81:26:56:86:47:f6:ba:a2:a9:4b:9c:9f:e6:6f:62:0e:35:
         28:84:87:7b:7e:3f:c4:df:ff:20:f4:da:96:02:44:c0:08:51:
         c1:61:88:b1:b0:73:91:12:f4:33:f0:6c:a8:34:05:10:b1:47:
         ef:67:f2:e7:79:78:92:47:7d:7e:11:71:13:95:f9:19:48:09:
         01:86:1f:33:1e:0c:d8:24:02:28:3a:e3:e5:89:a8:d1:ea:c7:
         6a:9b:bc:f3:01:91:37:63:06:34:64:a7:e8:8e:e5:bc:52:e9:
         11:e8:61:62:5b:60:2d:64:ec:28:f6:aa:8f:23:b2:c9:c1:00:
         34:f7:a1:c1:a1:6d:68:f6:95:c2:6f:c1:f6:3e:13:2b:de:00:
         d4:d8:8c:40:d4:14:4c:1b:4d:48:e3:0b:77:6b:6f:20:f3:18:
         06:71:a4:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY1lkUchPAk+k+q85/CDnrOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ODFiYWJhYzY5MjUyNzFiMTc5ODE3NTE1ZTA2ZTZhMTBh
Y2Y2YjQwHhcNMjQwMjAxMTY0NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODdjY2RlODczMmUwMWNkZjRlZjRlNmY1OTdmNmNhZWEyYzk1NGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjjRMmQPBrWwXqSoRJ1m3HEtba3g
G69kczoLNNomq82bPuzGklqsQjeGPLXP63jOZNgztT/ZKAV39a3KMz8tZTuI3sqg
vrgY+Oq9pWf25E5S+An+93zmaUdqAvHKEC6HsX/E+AmLMQrGRcuJx2fvsdf+45SW
AFR9xtVjYio1LGDw99erVMT/aFXshXSsFXhVJwYQk227o8JCMZc9E+8AOZXrpgk0
8m+S9TvRLCKwgD6b89ohr+YTOJRHCDvIa9KeQbwg70FwdXOlJnAbPt/H7zgc7lm6
whEZa+6IGQ8BMAdSYo7V9Yqzw/UUcYr3Xzk0FXuLTVK9pwhYyNGjtsrZ1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPh8zehzLgHN9O9Ob1l/bK6iyVTMMB8GA1UdIwQY
MBaAFDeBurrGklJxsXmBdRXgbmoQrPa0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjRHNnVzYVNVbkd4ZVlGMUZlQnVhaENzOXJRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS84ZjgzYzItM2JiMy00ZDQ3LTgwMzEt
ZGU1NzFiODk2MThkLzEvMS1Iek42SE11QWMzMDcwNXZXWDlzcnFMSlZNdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGUvOGY4M2MyLTNiYjMtNGQ0Ny04MDMxLWRlNTcxYjg5NjE4
ZC8xL040RzZ1c2FTVW5HeGVZRjFGZUJ1YWhDczlyUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArn1zDAN
BgkqhkiG9w0BAQsFAAOCAQEAuIKVcW6tiYmx/sLpm0mgQsTfRo7rHAPmCV25SzpI
1EMe1VVi5VLTxEvS9lPKdZEym/84J3Y1AredqYv61mWMG+4ixSEaFykPgDsb1fbe
HHs3sJuZsEmfXw5e+YEmVoZH9rqiqUucn+ZvYg41KISHe34/xN//IPTalgJEwAhR
wWGIsbBzkRL0M/BsqDQFELFH72fy53l4kkd9fhFxE5X5GUgJAYYfMx4M2CQCKDrj
5Ymo0erHapu88wGRN2MGNGSn6I7lvFLpEehhYltgLWTsKPaqjyOyycEANPehwaFt
aPaVwm/B9j4TK94A1NiMQNQUTBtNSOMLd2tvIPMYBnGkCA==
-----END CERTIFICATE-----