Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/atU0cABoVjZHL1Gfeye0hiy3CYc.roa
File:                     atU0cABoVjZHL1Gfeye0hiy3CYc.roa (raw, json)
Hash identifier:          hvbphdoMaicgsILI74OnaZQPRaqgzJpwnDjGCRbT7wg=
Subject key identifier:   6A:D5:34:70:00:68:56:36:47:2F:51:9F:7B:27:B4:86:2C:B7:09:87
Certificate issuer:       /CN=845d042f65e1b1303a44e43e0e02748a75837b44
Certificate serial:       018CC6B8021253731ACD9FA5049B047E6C51
Authority key identifier: 84:5D:04:2F:65:E1:B1:30:3A:44:E4:3E:0E:02:74:8A:75:83:7B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/atU0cABoVjZHL1Gfeye0hiy3CYc.roa
Signing time:             Mon 01 Jan 2024 20:29:57 +0000
ROA not before:           Mon 01 Jan 2024 20:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12459
IP address blocks:        185.119.89.0/24 maxlen: 24
                          185.119.90.0/24 maxlen: 24
                          2a0c:bf80:5a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:02:12:53:73:1a:cd:9f:a5:04:9b:04:7e:6c:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=845d042f65e1b1303a44e43e0e02748a75837b44
        Validity
            Not Before: Jan  1 20:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad5347000685636472f519f7b27b4862cb70987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:63:b9:f7:19:68:e2:1e:40:ee:8e:32:fd:b3:
                    32:93:fb:88:60:a0:da:50:3d:b3:21:97:ee:cc:88:
                    10:4b:3f:ed:c7:dc:b7:2f:39:a3:e6:97:82:5a:df:
                    24:38:90:30:89:a7:48:38:30:73:08:e4:d5:09:4b:
                    c5:3f:19:4f:aa:5b:4a:5c:99:d7:aa:0c:19:86:e2:
                    ef:98:39:54:27:1b:ff:80:0d:38:68:b4:fb:07:c4:
                    7b:33:0a:79:56:da:b8:8b:2f:ad:b9:77:e8:13:a6:
                    ba:71:23:e6:14:4c:ff:97:cc:6c:3e:fc:f3:51:c1:
                    69:c1:79:bb:01:5f:9b:e0:ab:c4:ef:29:fd:d7:ec:
                    e7:08:89:79:67:d8:2d:dc:d2:18:8e:08:ee:5e:20:
                    19:7f:60:4a:d0:0f:1f:c5:ee:7c:64:c3:bb:c2:40:
                    b6:6b:66:70:d5:24:77:f7:02:64:48:c7:98:a2:95:
                    c1:4f:f3:5c:ba:03:fc:0a:4d:ce:07:b3:c7:68:7d:
                    34:b1:0b:ff:b6:6f:bc:68:85:6e:52:16:d6:df:7a:
                    3f:d9:40:bc:31:e4:78:83:c3:3b:d1:94:90:24:a9:
                    d9:d6:31:d1:51:bb:cd:33:ce:c5:d9:82:5b:aa:ac:
                    fc:5e:5d:73:73:f0:c0:89:c5:b3:2f:3b:83:15:f8:
                    fd:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D5:34:70:00:68:56:36:47:2F:51:9F:7B:27:B4:86:2C:B7:09:87
            X509v3 Authority Key Identifier:
                keyid:84:5D:04:2F:65:E1:B1:30:3A:44:E4:3E:0E:02:74:8A:75:83:7B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/atU0cABoVjZHL1Gfeye0hiy3CYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.89.0-185.119.90.255
                IPv6:
                  2a0c:bf80:5a::/48

    Signature Algorithm: sha256WithRSAEncryption
         da:f0:56:62:54:de:cc:99:c5:62:20:ad:2f:7c:86:e4:0a:63:
         48:dc:0b:f6:55:52:b7:51:8b:29:b6:58:c7:3c:d8:ed:75:48:
         e1:99:2e:c7:be:a5:43:7b:0f:54:f3:48:0e:53:1c:7c:09:c3:
         16:28:71:20:21:da:b2:5a:e6:d2:66:c5:91:cf:87:52:a0:f9:
         81:e7:9d:a6:39:a7:e6:f3:0a:73:f1:82:41:35:d9:35:33:92:
         97:b0:07:eb:4f:9c:f2:97:53:79:d1:fd:9d:5d:6f:2f:9d:8f:
         8e:86:5d:ef:fd:87:78:b5:be:3f:1a:3c:19:b5:f7:7d:b8:e7:
         bd:d3:bc:11:12:c1:1e:a6:db:01:67:e8:3b:0b:fb:cc:04:ba:
         34:6d:93:7d:d0:19:01:31:d3:a7:0e:97:ab:18:b6:a6:cc:c0:
         b9:04:8d:64:6d:d8:ba:8c:9b:03:0b:75:d2:43:17:34:e4:f8:
         48:6f:57:fd:b6:8a:74:ea:1f:2d:56:ec:85:48:21:03:07:2a:
         0c:f8:f0:18:dc:b1:7b:3f:37:29:5c:77:48:13:64:98:53:16:
         f4:9f:f8:95:0a:44:e0:bf:28:0d:30:e1:c9:7f:50:e8:a6:11:
         a0:4a:95:16:c1:b2:7e:99:25:3c:58:d4:36:8f:d6:70:3d:0e:
         ea:48:36:2e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzGuAISU3MazZ+lBJsEfmxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWQwNDJmNjVlMWIxMzAzYTQ0ZTQzZTBlMDI3NDhhNzU4
MzdiNDQwHhcNMjQwMTAxMjAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ1MzQ3MDAwNjg1NjM2NDcyZjUxOWY3YjI3YjQ4NjJjYjcwOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWO59xlo4h5A7o4y/bMyk/uIYKDa
UD2zIZfuzIgQSz/tx9y3Lzmj5peCWt8kOJAwiadIODBzCOTVCUvFPxlPqltKXJnX
qgwZhuLvmDlUJxv/gA04aLT7B8R7Mwp5Vtq4iy+tuXfoE6a6cSPmFEz/l8xsPvzz
UcFpwXm7AV+b4KvE7yn91+znCIl5Z9gt3NIYjgjuXiAZf2BK0A8fxe58ZMO7wkC2
a2Zw1SR39wJkSMeYopXBT/NcugP8Ck3OB7PHaH00sQv/tm+8aIVuUhbW33o/2UC8
MeR4g8M70ZSQJKnZ1jHRUbvNM87F2YJbqqz8Xl1zc/DAicWzLzuDFfj9OQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGrVNHAAaFY2Ry9Rn3sntIYstwmHMB8GA1UdIwQY
MBaAFIRdBC9l4bEwOkTkPg4CdIp1g3tEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEYwRUwyWGhzVEE2Uk9RLURnSjBpbldEZTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85NmRiY2QtNmEzOS00YzIwLTkxMjgt
ZDhjMzUxZDkzZWM2LzEvYXRVMGNBQm9WalpITDFHZmV5ZTBoaXkzQ1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85NmRiY2QtNmEzOS00YzIwLTkxMjgtZDhjMzUxZDkzZWM2
LzEvaEYwRUwyWGhzVEE2Uk9RLURnSjBpbldEZTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAC5d1kD
BAC5d1owDwQCAAIwCQMHACoMv4AAWjANBgkqhkiG9w0BAQsFAAOCAQEA2vBWYlTe
zJnFYiCtL3yG5ApjSNwL9lVSt1GLKbZYxzzY7XVI4Zkux76lQ3sPVPNIDlMcfAnD
FihxICHaslrm0mbFkc+HUqD5geedpjmn5vMKc/GCQTXZNTOSl7AH60+c8pdTedH9
nV1vL52PjoZd7/2HeLW+Pxo8GbX3fbjnvdO8ERLBHqbbAWfoOwv7zAS6NG2TfdAZ
ATHTpw6Xqxi2pszAuQSNZG3YuoybAwt10kMXNOT4SG9X/baKdOofLVbshUghAwcq
DPjwGNyxez83KVx3SBNkmFMW9J/4lQpE4L8oDTDhyX9Q6KYRoEqVFsGyfpklPFjU
No/WcD0O6kg2Lg==
-----END CERTIFICATE-----