Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8f4780-efaf-4e06-a1fa-2550e4b0fbb2/1/H0IniIQ5Cm2xQ1JITz_vk7pi6R8.roa
File:                     H0IniIQ5Cm2xQ1JITz_vk7pi6R8.roa (raw, json)
Hash identifier:          VEalI4qcw0g1WEZw34Ca6YezmfQ87wH49ocq0uh3zFU=
Subject key identifier:   1F:42:27:88:84:39:0A:6D:B1:43:52:48:4F:3F:EF:93:BA:62:E9:1F
Certificate issuer:       /CN=62f62a847a4edff99571a32e94edff0525b03b66
Certificate serial:       018CC56E33FC28142C4A0E3127CA86E8732F
Authority key identifier: 62:F6:2A:84:7A:4E:DF:F9:95:71:A3:2E:94:ED:FF:05:25:B0:3B:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvYqhHpO3_mVcaMulO3_BSWwO2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/8f4780-efaf-4e06-a1fa-2550e4b0fbb2/1/H0IniIQ5Cm2xQ1JITz_vk7pi6R8.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51952
IP address blocks:        185.183.198.0/24 maxlen: 24
                          185.183.197.0/24 maxlen: 24
                          185.183.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/8f4780-efaf-4e06-a1fa-2550e4b0fbb2/1/YvYqhHpO3_mVcaMulO3_BSWwO2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/8f4780-efaf-4e06-a1fa-2550e4b0fbb2/1/YvYqhHpO3_mVcaMulO3_BSWwO2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvYqhHpO3_mVcaMulO3_BSWwO2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:33:fc:28:14:2c:4a:0e:31:27:ca:86:e8:73:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62f62a847a4edff99571a32e94edff0525b03b66
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f42278884390a6db14352484f3fef93ba62e91f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e4:4e:9b:d9:da:50:f5:e2:ca:5f:91:4c:6e:
                    99:1e:8b:f8:cd:a4:d1:d4:22:66:68:41:c3:2b:10:
                    a9:d5:7d:9c:03:58:fa:6c:27:5b:91:16:fc:b9:e8:
                    64:3a:13:cf:1f:4a:98:41:4d:3e:53:4b:26:ed:af:
                    29:e3:80:de:85:cc:60:6d:47:f9:24:65:cb:58:0a:
                    c8:ba:71:ee:c2:35:f1:38:12:cb:a2:23:09:f2:c9:
                    28:f6:00:66:39:d5:a2:40:a1:0b:de:40:0c:9c:d1:
                    8a:87:63:b0:40:80:c7:43:ad:71:06:03:2e:eb:e5:
                    c0:a3:22:a7:31:69:6c:ba:5c:e2:4f:24:32:e4:1a:
                    bf:48:de:be:90:f4:90:81:d3:8f:e7:fa:73:ba:a7:
                    57:9d:79:c2:93:2f:5f:c6:89:a4:04:46:18:7e:e6:
                    d7:bf:32:00:c7:70:40:fd:d3:07:a4:2f:b7:28:05:
                    af:94:9c:94:e9:76:45:de:91:d3:bf:21:4e:b6:4e:
                    ad:a0:15:60:7b:a8:2c:3f:e3:ce:40:59:26:77:89:
                    c2:8c:48:67:7f:8e:e3:b0:03:5e:78:30:3c:a3:17:
                    bb:30:b4:14:28:64:32:79:e0:f9:2b:65:86:f3:57:
                    9e:31:ce:e5:6e:2b:64:c1:ff:86:4c:83:b6:9a:63:
                    87:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:42:27:88:84:39:0A:6D:B1:43:52:48:4F:3F:EF:93:BA:62:E9:1F
            X509v3 Authority Key Identifier:
                keyid:62:F6:2A:84:7A:4E:DF:F9:95:71:A3:2E:94:ED:FF:05:25:B0:3B:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvYqhHpO3_mVcaMulO3_BSWwO2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8f4780-efaf-4e06-a1fa-2550e4b0fbb2/1/H0IniIQ5Cm2xQ1JITz_vk7pi6R8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8f4780-efaf-4e06-a1fa-2550e4b0fbb2/1/YvYqhHpO3_mVcaMulO3_BSWwO2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.196.0-185.183.198.255

    Signature Algorithm: sha256WithRSAEncryption
         3a:08:6c:31:e4:be:51:aa:5a:fa:16:53:c3:a7:60:2d:e8:d6:
         7d:94:32:38:a4:a7:bb:52:38:25:31:18:22:f1:25:ce:ae:dc:
         c4:9e:34:57:ce:78:ba:c0:0e:06:dd:05:84:9d:02:5f:e1:b6:
         40:cb:0e:fa:a4:9e:ed:1a:2f:00:7c:69:6a:63:1a:2e:49:08:
         71:3b:19:7c:64:da:73:ec:9d:f2:3f:a9:ed:a6:d6:87:ba:df:
         1c:0e:aa:b0:80:56:5d:a8:2a:84:44:bb:79:bf:95:70:43:e1:
         fa:10:74:d7:12:32:cb:4f:cd:81:54:57:fc:4a:81:64:24:bf:
         a1:8d:19:b8:0b:f9:78:51:d1:68:86:15:cd:70:d8:2d:3e:8a:
         8f:0d:8a:57:59:7c:f0:bc:92:97:b5:01:19:3e:c7:87:68:c1:
         4d:0f:52:d5:af:1d:2a:81:4a:a9:28:1c:e3:ca:fe:62:4d:c5:
         0f:13:90:f0:3b:38:29:1d:48:44:72:25:70:9a:40:84:3b:56:
         57:3f:d9:5a:48:c4:ef:cc:06:79:9e:33:f4:09:39:16:d7:61:
         26:75:43:eb:21:ba:2f:83:82:7e:b0:d6:18:de:44:b7:af:77:
         89:92:7e:98:ed:e2:1e:4f:8f:fd:0d:a4:ff:37:cc:b9:dd:88:
         ee:e3:09:5b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzFbjP8KBQsSg4xJ8qG6HMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZjYyYTg0N2E0ZWRmZjk5NTcxYTMyZTk0ZWRmZjA1MjVi
MDNiNjYwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjQyMjc4ODg0MzkwYTZkYjE0MzUyNDg0ZjNmZWY5M2JhNjJlOTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOROm9naUPXiyl+RTG6ZHov4zaTR
1CJmaEHDKxCp1X2cA1j6bCdbkRb8uehkOhPPH0qYQU0+U0sm7a8p44DehcxgbUf5
JGXLWArIunHuwjXxOBLLoiMJ8sko9gBmOdWiQKEL3kAMnNGKh2OwQIDHQ61xBgMu
6+XAoyKnMWlsulziTyQy5Bq/SN6+kPSQgdOP5/pzuqdXnXnCky9fxomkBEYYfubX
vzIAx3BA/dMHpC+3KAWvlJyU6XZF3pHTvyFOtk6toBVge6gsP+POQFkmd4nCjEhn
f47jsANeeDA8oxe7MLQUKGQyeeD5K2WG81eeMc7lbitkwf+GTIO2mmOHEQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB9CJ4iEOQptsUNSSE8/75O6YukfMB8GA1UdIwQY
MBaAFGL2KoR6Tt/5lXGjLpTt/wUlsDtmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXZZcWhIcE8zX21WY2FNdWxPM19CU1d3TzJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84ZjQ3ODAtZWZhZi00ZTA2LWExZmEt
MjU1MGU0YjBmYmIyLzEvSDBJbmlJUTVDbTJ4UTFKSVR6X3ZrN3BpNlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84ZjQ3ODAtZWZhZi00ZTA2LWExZmEtMjU1MGU0YjBmYmIy
LzEvWXZZcWhIcE8zX21WY2FNdWxPM19CU1d3TzJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5t8QD
BAC5t8YwDQYJKoZIhvcNAQELBQADggEBADoIbDHkvlGqWvoWU8OnYC3o1n2UMjik
p7tSOCUxGCLxJc6u3MSeNFfOeLrADgbdBYSdAl/htkDLDvqknu0aLwB8aWpjGi5J
CHE7GXxk2nPsnfI/qe2m1oe63xwOqrCAVl2oKoREu3m/lXBD4foQdNcSMstPzYFU
V/xKgWQkv6GNGbgL+XhR0WiGFc1w2C0+io8NildZfPC8kpe1ARk+x4dowU0PUtWv
HSqBSqkoHOPK/mJNxQ8TkPA7OCkdSERyJXCaQIQ7Vlc/2VpIxO/MBnmeM/QJORbX
YSZ1Q+shui+Dgn6w1hjeRLevd4mSfpjt4h5Pj/0NpP83zLndiO7jCVs=
-----END CERTIFICATE-----