Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/3df341-017c-4660-8cf7-44d64b9da459/1/heohusEttl4_OnVAv1RZpDdyc3Y.roa
File:                     heohusEttl4_OnVAv1RZpDdyc3Y.roa (raw, json)
Hash identifier:          D0LwisBEwtwUrAxZ9Ht/sbCXzPzX52fAdh1edI1RNX0=
Subject key identifier:   85:EA:21:BA:C1:2D:B6:5E:3F:3A:75:40:BF:54:59:A4:37:72:73:76
Certificate issuer:       /CN=d8acf34be2b04c7ccef2221e8d1fcb6cabb41591
Certificate serial:       018CC86F54B1C5E3C8C5506BDDFA5F30DB13
Authority key identifier: D8:AC:F3:4B:E2:B0:4C:7C:CE:F2:22:1E:8D:1F:CB:6C:AB:B4:15:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2KzzS-KwTHzO8iIejR_LbKu0FZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/3df341-017c-4660-8cf7-44d64b9da459/1/heohusEttl4_OnVAv1RZpDdyc3Y.roa
Signing time:             Tue 02 Jan 2024 04:29:48 +0000
ROA not before:           Tue 02 Jan 2024 04:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199837
IP address blocks:        185.249.12.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/3df341-017c-4660-8cf7-44d64b9da459/1/2KzzS-KwTHzO8iIejR_LbKu0FZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/3df341-017c-4660-8cf7-44d64b9da459/1/2KzzS-KwTHzO8iIejR_LbKu0FZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2KzzS-KwTHzO8iIejR_LbKu0FZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:54:b1:c5:e3:c8:c5:50:6b:dd:fa:5f:30:db:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8acf34be2b04c7ccef2221e8d1fcb6cabb41591
        Validity
            Not Before: Jan  2 04:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85ea21bac12db65e3f3a7540bf5459a437727376
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:61:d9:f9:28:67:3c:f8:fe:00:ff:a1:2e:87:
                    7e:b6:19:ec:14:46:7c:51:f7:12:88:72:f0:a0:b2:
                    55:59:2e:b0:85:34:85:d7:16:b0:19:70:c4:e3:2b:
                    02:ac:a5:a6:6b:8a:bf:29:27:43:47:8b:64:d2:40:
                    bc:49:9a:f2:5b:9f:0f:3d:f8:a3:6a:47:ab:0a:8e:
                    07:b5:e6:16:c0:a3:8f:fe:ea:2b:bf:5b:77:da:c6:
                    22:d8:ac:dc:f2:b6:7f:28:b3:cb:cf:f8:22:7e:8d:
                    d2:81:71:67:32:02:94:39:1f:66:d5:d0:12:03:79:
                    72:00:be:dc:a3:4c:b2:b8:0b:a0:22:37:6d:bc:62:
                    07:e6:62:4e:21:3f:d8:22:07:13:3d:28:b6:6e:66:
                    14:7f:63:a4:62:df:3f:ed:2b:95:0b:45:96:c9:8f:
                    20:68:ed:2a:bf:2a:b7:61:20:b9:fc:06:3f:16:7b:
                    72:ff:ca:61:d1:34:e1:57:10:fe:5e:fe:3f:d0:17:
                    b5:70:81:5c:80:f8:53:e8:bb:29:03:93:94:6d:cb:
                    ab:89:cd:be:43:99:99:54:fe:16:ab:70:de:3e:bc:
                    ba:fe:a3:52:03:37:84:4d:bd:fb:b8:df:7a:8b:46:
                    ea:cc:48:63:c0:e7:49:e1:83:6b:a3:df:ee:c4:80:
                    d5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:EA:21:BA:C1:2D:B6:5E:3F:3A:75:40:BF:54:59:A4:37:72:73:76
            X509v3 Authority Key Identifier:
                keyid:D8:AC:F3:4B:E2:B0:4C:7C:CE:F2:22:1E:8D:1F:CB:6C:AB:B4:15:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2KzzS-KwTHzO8iIejR_LbKu0FZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3df341-017c-4660-8cf7-44d64b9da459/1/heohusEttl4_OnVAv1RZpDdyc3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/3df341-017c-4660-8cf7-44d64b9da459/1/2KzzS-KwTHzO8iIejR_LbKu0FZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:4b:6e:cc:e7:b1:a7:a2:5a:6f:3f:e4:2a:db:cf:d7:7d:2d:
         2a:31:6b:fb:ca:6c:a4:29:63:79:08:0e:a9:9b:07:15:92:1d:
         2a:57:45:12:36:d1:71:af:c3:dd:35:ec:6f:bc:f9:19:ff:35:
         b1:b5:1b:b7:a8:7b:eb:b1:b8:38:e0:46:b6:3f:7b:d4:83:95:
         4f:a0:93:d1:18:f9:5e:c5:dd:be:b2:5d:2d:e4:03:92:02:39:
         34:ef:7b:72:86:30:91:e0:cb:30:1e:6c:5e:0e:9d:0c:8c:9f:
         87:c2:1b:9b:4b:73:a7:94:b5:c1:46:d1:a5:84:a9:56:f7:9d:
         9d:1e:15:f3:1e:5e:f3:09:4d:5c:0a:b6:c3:99:6a:7f:88:95:
         6e:c9:a5:ab:0c:4a:92:c6:b0:8a:9e:37:c3:15:5c:fa:46:b5:
         3e:97:32:21:31:a7:9e:cc:7b:f5:38:ff:ba:40:3f:5f:9a:57:
         fc:1d:b7:5a:ca:cd:d4:22:81:dc:5d:1a:4c:95:5f:35:b0:20:
         f3:2e:9d:97:fb:0e:ca:e4:ac:1b:c7:64:88:11:14:7c:c4:03:
         55:8c:d3:e4:cc:36:e8:85:2d:31:e7:6f:b0:f1:3f:35:72:28:
         e8:b5:0b:c8:fa:e3:89:95:4f:c3:49:9a:51:78:d8:de:f2:c8:
         82:9d:5b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb1SxxePIxVBr3fpfMNsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YWNmMzRiZTJiMDRjN2NjZWYyMjIxZThkMWZjYjZjYWJi
NDE1OTEwHhcNMjQwMTAyMDQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWVhMjFiYWMxMmRiNjVlM2YzYTc1NDBiZjU0NTlhNDM3NzI3Mzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2HZ+ShnPPj+AP+hLod+thnsFEZ8
UfcSiHLwoLJVWS6whTSF1xawGXDE4ysCrKWma4q/KSdDR4tk0kC8SZryW58PPfij
akerCo4HteYWwKOP/uorv1t32sYi2Kzc8rZ/KLPLz/gifo3SgXFnMgKUOR9m1dAS
A3lyAL7co0yyuAugIjdtvGIH5mJOIT/YIgcTPSi2bmYUf2OkYt8/7SuVC0WWyY8g
aO0qvyq3YSC5/AY/Fnty/8ph0TThVxD+Xv4/0Be1cIFcgPhT6LspA5OUbcuric2+
Q5mZVP4Wq3DePry6/qNSAzeETb37uN96i0bqzEhjwOdJ4YNro9/uxIDVHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXqIbrBLbZePzp1QL9UWaQ3cnN2MB8GA1UdIwQY
MBaAFNis80visEx8zvIiHo0fy2yrtBWRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkt6elMtS3dUSHpPOGlJZWpSX0xiS3UwRlpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zZGYzNDEtMDE3Yy00NjYwLThjZjct
NDRkNjRiOWRhNDU5LzEvaGVvaHVzRXR0bDRfT25WQXYxUlpwRGR5YzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zZGYzNDEtMDE3Yy00NjYwLThjZjctNDRkNjRiOWRhNDU5
LzEvMkt6elMtS3dUSHpPOGlJZWpSX0xiS3UwRlpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufkMMA0G
CSqGSIb3DQEBCwUAA4IBAQBzS27M57GnolpvP+Qq28/XfS0qMWv7ymykKWN5CA6p
mwcVkh0qV0USNtFxr8PdNexvvPkZ/zWxtRu3qHvrsbg44Ea2P3vUg5VPoJPRGPle
xd2+sl0t5AOSAjk073tyhjCR4MswHmxeDp0MjJ+HwhubS3OnlLXBRtGlhKlW952d
HhXzHl7zCU1cCrbDmWp/iJVuyaWrDEqSxrCKnjfDFVz6RrU+lzIhMaeezHv1OP+6
QD9fmlf8Hbdays3UIoHcXRpMlV81sCDzLp2X+w7K5Kwbx2SIERR8xANVjNPkzDbo
hS0x52+w8T81cijotQvI+uOJlU/DSZpReNje8siCnVvq
-----END CERTIFICATE-----