Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4544e4-35db-4098-9040-539a0f26684d/1/H4-fzwsygshozktC7X5H8k82tSE.roa
File:                     H4-fzwsygshozktC7X5H8k82tSE.roa (raw, json)
Hash identifier:          MJU5gTXLHGQ1L2pnGDdDs9vcL0yksRuOhUuykBvXVs0=
Subject key identifier:   1F:8F:9F:CF:0B:32:82:C8:68:CE:4B:42:ED:7E:47:F2:4F:36:B5:21
Certificate issuer:       /CN=1e9b8562615f5110d3551f8ec5dd056fb0a48aba
Certificate serial:       018CC56E4E766A4D874312AD9755AFAEC2E6
Authority key identifier: 1E:9B:85:62:61:5F:51:10:D3:55:1F:8E:C5:DD:05:6F:B0:A4:8A:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HpuFYmFfURDTVR-Oxd0Fb7Ckiro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4544e4-35db-4098-9040-539a0f26684d/1/H4-fzwsygshozktC7X5H8k82tSE.roa
Signing time:             Mon 01 Jan 2024 14:29:49 +0000
ROA not before:           Mon 01 Jan 2024 14:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59865
IP address blocks:        185.111.28.0/22 maxlen: 22
                          185.56.142.0/23 maxlen: 23
                          185.56.140.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4544e4-35db-4098-9040-539a0f26684d/1/HpuFYmFfURDTVR-Oxd0Fb7Ckiro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4544e4-35db-4098-9040-539a0f26684d/1/HpuFYmFfURDTVR-Oxd0Fb7Ckiro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HpuFYmFfURDTVR-Oxd0Fb7Ckiro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:4e:76:6a:4d:87:43:12:ad:97:55:af:ae:c2:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9b8562615f5110d3551f8ec5dd056fb0a48aba
        Validity
            Not Before: Jan  1 14:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f8f9fcf0b3282c868ce4b42ed7e47f24f36b521
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d3:49:4c:e3:38:b3:39:b7:2c:3b:ca:06:db:
                    8c:31:a6:03:56:f9:5a:1d:6e:31:14:02:c0:c6:1e:
                    b4:6f:8a:b9:88:3b:0e:28:b4:ce:11:e4:8a:6a:09:
                    8b:a6:38:49:e8:bf:23:ad:54:2c:51:ad:8a:5b:e9:
                    8c:cf:7f:c0:07:f8:88:4f:fc:f0:b7:48:5a:a7:1c:
                    51:22:a0:ba:ef:e7:32:36:31:08:8f:f9:50:ef:5d:
                    4e:4a:17:8c:96:5d:24:df:06:fd:7a:be:8b:fe:c8:
                    66:d4:92:dc:0c:38:ee:c7:4e:bf:e1:64:31:c8:33:
                    a2:11:e2:b8:08:ea:d5:4b:80:de:48:9a:b2:a8:21:
                    66:7f:1c:c1:3b:10:5f:8b:ac:2d:70:62:58:90:5b:
                    2e:e3:5a:65:0f:5d:6e:66:83:8a:0f:0f:21:c9:16:
                    10:67:58:a2:85:77:35:f9:0b:55:c2:22:d3:4e:99:
                    82:2a:10:90:c8:0e:8c:d7:67:13:08:34:34:96:f0:
                    08:9b:05:dd:30:fc:55:cb:80:db:83:b7:63:c1:6a:
                    2e:b9:3e:64:38:b9:6b:49:34:1f:b8:79:22:3f:a5:
                    f9:56:a1:fa:bf:6f:aa:36:73:a8:11:45:fa:af:a5:
                    b5:8c:d1:01:84:c0:c1:ab:72:f9:68:21:4d:0c:df:
                    10:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8F:9F:CF:0B:32:82:C8:68:CE:4B:42:ED:7E:47:F2:4F:36:B5:21
            X509v3 Authority Key Identifier:
                keyid:1E:9B:85:62:61:5F:51:10:D3:55:1F:8E:C5:DD:05:6F:B0:A4:8A:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HpuFYmFfURDTVR-Oxd0Fb7Ckiro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4544e4-35db-4098-9040-539a0f26684d/1/H4-fzwsygshozktC7X5H8k82tSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4544e4-35db-4098-9040-539a0f26684d/1/HpuFYmFfURDTVR-Oxd0Fb7Ckiro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.140.0/22
                  185.111.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:03:a6:a9:cf:c4:cb:be:8e:d6:1a:ca:a2:44:b2:d3:de:96:
         ed:7e:5e:85:1c:cc:b2:ab:7c:a6:02:d8:40:25:35:24:05:45:
         69:91:c0:e1:bd:7e:08:61:4b:2d:ab:18:b8:3e:cd:0a:89:99:
         08:b4:a0:36:1f:4b:03:73:ca:c5:09:46:26:4f:cc:ea:32:91:
         56:81:95:9d:3a:6d:2f:50:eb:ef:83:2a:2b:0c:4a:41:9c:78:
         f9:45:d8:0d:2d:1c:8b:43:9b:f5:d9:b0:cb:86:0c:2c:c9:31:
         65:10:18:c9:2b:de:bc:05:52:58:b4:fc:5e:7b:23:65:69:3d:
         2e:a6:e5:6d:b8:a3:5b:b2:0d:7c:03:82:67:22:f2:f7:08:89:
         3d:07:34:6a:66:91:4a:95:93:9a:98:6a:0e:92:f0:4c:92:c0:
         1c:84:6c:c5:22:b3:9e:2b:31:18:b0:2d:86:1e:5f:9a:33:a2:
         dd:08:d2:08:28:8b:e4:10:5c:8d:47:25:fb:ed:16:71:33:ff:
         78:ed:11:9a:4a:c0:78:e4:4a:71:9d:40:04:0a:54:b0:fd:a8:
         50:d5:11:be:ac:2f:b6:c6:be:f3:f4:85:0d:e6:ba:0d:cc:67:
         96:3e:87:1d:08:07:bb:50:d2:f6:47:a6:9d:64:c7:50:fb:eb:
         2c:95:9e:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbk52ak2HQxKtl1WvrsLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWI4NTYyNjE1ZjUxMTBkMzU1MWY4ZWM1ZGQwNTZmYjBh
NDhhYmEwHhcNMjQwMTAxMTQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhmOWZjZjBiMzI4MmM4NjhjZTRiNDJlZDdlNDdmMjRmMzZiNTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstNJTOM4szm3LDvKBtuMMaYDVvla
HW4xFALAxh60b4q5iDsOKLTOEeSKagmLpjhJ6L8jrVQsUa2KW+mMz3/AB/iIT/zw
t0hapxxRIqC67+cyNjEIj/lQ711OSheMll0k3wb9er6L/shm1JLcDDjux06/4WQx
yDOiEeK4COrVS4DeSJqyqCFmfxzBOxBfi6wtcGJYkFsu41plD11uZoOKDw8hyRYQ
Z1iihXc1+QtVwiLTTpmCKhCQyA6M12cTCDQ0lvAImwXdMPxVy4Dbg7djwWouuT5k
OLlrSTQfuHkiP6X5VqH6v2+qNnOoEUX6r6W1jNEBhMDBq3L5aCFNDN8Q8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB+Pn88LMoLIaM5LQu1+R/JPNrUhMB8GA1UdIwQY
MBaAFB6bhWJhX1EQ01UfjsXdBW+wpIq6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHB1RlltRmZVUkRUVlItT3hkMEZiN0NraXJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80NTQ0ZTQtMzVkYi00MDk4LTkwNDAt
NTM5YTBmMjY2ODRkLzEvSDQtZnp3c3lnc2hvemt0QzdYNUg4azgydFNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80NTQ0ZTQtMzVkYi00MDk4LTkwNDAtNTM5YTBmMjY2ODRk
LzEvSHB1RlltRmZVUkRUVlItT3hkMEZiN0NraXJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuTiMAwQC
uW8cMA0GCSqGSIb3DQEBCwUAA4IBAQABA6apz8TLvo7WGsqiRLLT3pbtfl6FHMyy
q3ymAthAJTUkBUVpkcDhvX4IYUstqxi4Ps0KiZkItKA2H0sDc8rFCUYmT8zqMpFW
gZWdOm0vUOvvgyorDEpBnHj5RdgNLRyLQ5v12bDLhgwsyTFlEBjJK968BVJYtPxe
eyNlaT0upuVtuKNbsg18A4JnIvL3CIk9BzRqZpFKlZOamGoOkvBMksAchGzFIrOe
KzEYsC2GHl+aM6LdCNIIKIvkEFyNRyX77RZxM/947RGaSsB45EpxnUAEClSw/ahQ
1RG+rC+2xr7z9IUN5roNzGeWPocdCAe7UNL2R6adZMdQ++sslZ7t
-----END CERTIFICATE-----