Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/hAfbQOX5TITFcttqIul2Xgit7Wc.roa
File:                     hAfbQOX5TITFcttqIul2Xgit7Wc.roa (raw, json)
Hash identifier:          0Eb6W8xJTJm4DqH7xVOV0U3FrbtfkdB1sFAnG7qW3fg=
Subject key identifier:   84:07:DB:40:E5:F9:4C:84:C5:72:DB:6A:22:E9:76:5E:08:AD:ED:67
Certificate issuer:       /CN=823b6f3b7af87bb8ef6dd843bebd6d81b0559213
Certificate serial:       018CC26D7498FAC8BC2A9FDE2090A5327FC4
Authority key identifier: 82:3B:6F:3B:7A:F8:7B:B8:EF:6D:D8:43:BE:BD:6D:81:B0:55:92:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gjtvO3r4e7jvbdhDvr1tgbBVkhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/hAfbQOX5TITFcttqIul2Xgit7Wc.roa
Signing time:             Mon 01 Jan 2024 00:30:02 +0000
ROA not before:           Mon 01 Jan 2024 00:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        185.102.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/gjtvO3r4e7jvbdhDvr1tgbBVkhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/gjtvO3r4e7jvbdhDvr1tgbBVkhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gjtvO3r4e7jvbdhDvr1tgbBVkhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:74:98:fa:c8:bc:2a:9f:de:20:90:a5:32:7f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=823b6f3b7af87bb8ef6dd843bebd6d81b0559213
        Validity
            Not Before: Jan  1 00:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8407db40e5f94c84c572db6a22e9765e08aded67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:89:19:99:69:c2:00:2f:4a:87:4b:54:46:59:
                    c1:1b:eb:49:dc:1a:c0:64:09:9c:27:f6:e4:b0:94:
                    18:2c:fb:2f:c8:b7:b5:2d:da:49:f0:2d:3d:cf:1c:
                    ac:86:af:e4:0f:6e:e8:04:8d:69:91:52:51:a1:2c:
                    41:b5:a6:b6:b9:b7:25:b1:f4:11:0b:98:27:75:76:
                    7f:03:17:90:49:a8:c8:1e:a9:f9:97:c8:27:d4:d3:
                    f2:e8:d6:a8:e6:e7:5f:6e:a5:88:0f:ea:eb:a6:73:
                    de:fc:7e:3e:1f:1b:a8:22:56:67:5d:a6:69:9f:1f:
                    91:fe:d3:3d:ad:f9:bb:de:41:42:ac:57:eb:ba:bb:
                    ed:9c:69:2e:05:ef:48:7e:37:9f:b2:d3:ad:9c:68:
                    39:70:d6:1d:9c:be:c0:6c:75:3b:4e:db:55:21:7f:
                    32:75:c1:00:8c:bb:55:20:9e:89:30:f5:92:4e:cf:
                    92:b0:5b:be:4d:86:ee:15:52:c8:82:db:5b:38:a5:
                    7e:2e:59:99:74:5e:ad:9e:c6:64:a2:ac:fc:0a:ce:
                    84:67:bf:a6:51:54:11:63:4c:ed:a3:3a:e5:d4:36:
                    9a:bd:fb:18:d5:1f:ae:d1:96:e6:ee:dd:82:9d:e1:
                    95:f1:1c:1d:9a:97:10:75:ab:96:bf:b2:81:59:3c:
                    b7:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:07:DB:40:E5:F9:4C:84:C5:72:DB:6A:22:E9:76:5E:08:AD:ED:67
            X509v3 Authority Key Identifier:
                keyid:82:3B:6F:3B:7A:F8:7B:B8:EF:6D:D8:43:BE:BD:6D:81:B0:55:92:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gjtvO3r4e7jvbdhDvr1tgbBVkhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/hAfbQOX5TITFcttqIul2Xgit7Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c494cb-2517-41a8-a457-e710c2a14bce/1/gjtvO3r4e7jvbdhDvr1tgbBVkhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:9b:e7:e3:ff:cb:55:0a:d7:ed:e4:f5:5c:b6:b8:3e:55:e3:
         fa:de:e0:ef:63:c7:07:40:a4:5d:98:cf:82:9a:1b:2a:fb:83:
         5f:15:d4:11:2d:97:31:b1:2f:65:75:a5:61:db:b8:46:f9:ed:
         c1:55:1a:fc:19:8b:2e:d6:e9:b9:03:df:a2:51:0b:3a:b1:f6:
         28:2a:3e:a7:84:a4:4f:e4:d3:34:2d:71:f1:ff:b0:c2:96:ba:
         fa:7d:ca:01:53:d6:2d:7a:21:f4:89:5d:b5:e3:d7:fb:80:e8:
         88:de:fe:43:2f:3e:a9:ff:46:81:5f:62:be:0d:4b:e2:90:f9:
         e4:57:9c:34:9a:52:5a:50:ca:89:ee:f9:80:d3:18:1b:3a:c5:
         e7:88:bc:70:fa:a2:61:ef:cd:59:2b:45:4c:e8:b4:dd:40:21:
         11:9c:a1:77:35:17:d8:52:87:a8:34:16:72:b1:73:53:7c:d2:
         9a:d4:5e:27:25:c8:35:7b:d0:94:bb:1b:d5:80:a3:6a:9a:f0:
         e5:9f:70:9a:71:5c:1b:b7:77:8c:5c:6a:f2:d7:08:4b:fc:5e:
         8a:54:0f:60:76:07:ef:24:53:20:eb:2a:c8:9e:a6:83:78:d9:
         4d:3d:b1:a5:76:53:0c:5f:dd:03:c7:8b:ac:57:2c:7f:4f:5c:
         6a:76:af:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXSY+si8Kp/eIJClMn/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyM2I2ZjNiN2FmODdiYjhlZjZkZDg0M2JlYmQ2ZDgxYjA1
NTkyMTMwHhcNMjQwMTAxMDAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDA3ZGI0MGU1Zjk0Yzg0YzU3MmRiNmEyMmU5NzY1ZTA4YWRlZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArokZmWnCAC9Kh0tURlnBG+tJ3BrA
ZAmcJ/bksJQYLPsvyLe1LdpJ8C09zxyshq/kD27oBI1pkVJRoSxBtaa2ubclsfQR
C5gndXZ/AxeQSajIHqn5l8gn1NPy6Nao5udfbqWID+rrpnPe/H4+HxuoIlZnXaZp
nx+R/tM9rfm73kFCrFfrurvtnGkuBe9IfjefstOtnGg5cNYdnL7AbHU7TttVIX8y
dcEAjLtVIJ6JMPWSTs+SsFu+TYbuFVLIgttbOKV+LlmZdF6tnsZkoqz8Cs6EZ7+m
UVQRY0ztozrl1DaavfsY1R+u0Zbm7t2CneGV8RwdmpcQdauWv7KBWTy3DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQH20Dl+UyExXLbaiLpdl4Ire1nMB8GA1UdIwQY
MBaAFII7bzt6+Hu4723YQ769bYGwVZITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2p0dk8zcjRlN2p2YmRoRHZyMXRnYkJWa2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jNDk0Y2ItMjUxNy00MWE4LWE0NTct
ZTcxMGMyYTE0YmNlLzEvaEFmYlFPWDVUSVRGY3R0cUl1bDJYZ2l0N1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jNDk0Y2ItMjUxNy00MWE4LWE0NTctZTcxMGMyYTE0YmNl
LzEvZ2p0dk8zcjRlN2p2YmRoRHZyMXRnYkJWa2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWZWMA0G
CSqGSIb3DQEBCwUAA4IBAQBVm+fj/8tVCtft5PVctrg+VeP63uDvY8cHQKRdmM+C
mhsq+4NfFdQRLZcxsS9ldaVh27hG+e3BVRr8GYsu1um5A9+iUQs6sfYoKj6nhKRP
5NM0LXHx/7DClrr6fcoBU9YteiH0iV2149f7gOiI3v5DLz6p/0aBX2K+DUvikPnk
V5w0mlJaUMqJ7vmA0xgbOsXniLxw+qJh781ZK0VM6LTdQCERnKF3NRfYUoeoNBZy
sXNTfNKa1F4nJcg1e9CUuxvVgKNqmvDln3CacVwbt3eMXGry1whL/F6KVA9gdgfv
JFMg6yrInqaDeNlNPbGldlMMX90Dx4usVyx/T1xqdq89
-----END CERTIFICATE-----