Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/hPyR70IixUge8X61I7FshwCGo84.roa
File:                     hPyR70IixUge8X61I7FshwCGo84.roa (raw, json)
Hash identifier:          6Y00mnBNKh+bDrPRs+o+ZTZ6EEkQid1RLfteQ9OmbFE=
Subject key identifier:   84:FC:91:EF:42:22:C5:48:1E:F1:7E:B5:23:B1:6C:87:00:86:A3:CE
Certificate issuer:       /CN=0babd682c1a8fc5037adbf68143ae77fd00f38ab
Certificate serial:       0190B1C312C4C0300674C209286D5F888079
Authority key identifier: 0B:AB:D6:82:C1:A8:FC:50:37:AD:BF:68:14:3A:E7:7F:D0:0F:38:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/hPyR70IixUge8X61I7FshwCGo84.roa
Signing time:             Sun 14 Jul 2024 15:01:09 +0000
ROA not before:           Sun 14 Jul 2024 15:01:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201811
IP address blocks:        185.159.89.0/24 maxlen: 24
                          2a02:5e80:fffa::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Oct 2024 01:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b1:c3:12:c4:c0:30:06:74:c2:09:28:6d:5f:88:80:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0babd682c1a8fc5037adbf68143ae77fd00f38ab
        Validity
            Not Before: Jul 14 15:01:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84fc91ef4222c5481ef17eb523b16c870086a3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:97:36:92:2a:6c:94:55:7d:a4:09:91:1b:04:
                    ee:b0:c3:5d:08:e3:77:0e:ce:5f:96:1b:91:5d:ab:
                    59:7b:67:7c:58:5b:7c:59:0d:2d:32:2c:69:0f:7d:
                    15:fc:71:a3:c1:2c:41:a6:af:d9:8c:2a:bb:34:2e:
                    8b:08:76:5b:c8:62:87:43:43:44:bc:dd:eb:c7:bf:
                    7a:ea:36:bf:2f:15:a5:f7:7d:f5:b7:44:45:3b:48:
                    02:fa:aa:65:6e:1e:6a:68:32:f7:f8:b3:dd:33:31:
                    b5:51:bb:b9:43:d4:6f:ea:19:ba:10:7e:62:7d:f9:
                    3c:03:05:b3:b1:f2:cd:62:eb:51:d4:2a:df:59:33:
                    c3:b9:8e:b1:77:44:13:2a:93:ea:15:dc:4c:34:c0:
                    48:19:83:7e:a2:b9:11:65:bd:a9:d5:28:8f:20:80:
                    ec:c3:37:e7:97:32:b5:b4:c9:34:49:20:14:57:33:
                    7d:14:2e:f9:db:ca:e7:c1:51:b8:b5:53:70:d5:02:
                    e8:60:24:e7:5c:14:10:83:48:6f:77:96:5a:9b:40:
                    48:53:0e:c5:9a:89:ad:58:1c:29:85:a1:d9:17:b5:
                    4e:d0:e2:af:8e:ff:45:5a:6d:73:96:f9:36:dc:a0:
                    1e:16:6a:b7:e7:3e:df:d7:b1:8a:32:c2:98:6a:50:
                    20:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FC:91:EF:42:22:C5:48:1E:F1:7E:B5:23:B1:6C:87:00:86:A3:CE
            X509v3 Authority Key Identifier:
                keyid:0B:AB:D6:82:C1:A8:FC:50:37:AD:BF:68:14:3A:E7:7F:D0:0F:38:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/hPyR70IixUge8X61I7FshwCGo84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.89.0/24
                IPv6:
                  2a02:5e80:fffa::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:cd:71:cf:84:b4:2a:81:66:f6:72:56:cc:b4:3c:9e:c1:50:
         3e:00:1b:7f:01:1b:58:70:eb:11:d9:53:c9:44:28:56:85:ee:
         19:49:2a:d5:41:87:ee:5b:f4:3d:25:d6:24:d5:13:12:1f:a5:
         97:59:da:60:42:c5:ea:d5:68:8f:7e:61:53:08:ca:06:ea:2b:
         a9:8a:f6:11:d1:72:0e:24:22:52:ea:02:ae:e2:23:b5:2b:41:
         a3:e9:e6:90:a0:db:26:fb:30:39:d1:ed:d1:8e:1b:d1:10:d3:
         32:8a:e1:b2:fc:3f:f6:7e:86:5a:ef:2e:55:8d:26:db:0d:27:
         37:76:5a:19:a0:01:92:e2:89:d2:4d:f7:0b:18:d7:5b:79:60:
         d0:d4:87:f7:89:ea:c7:c4:2c:34:ff:75:8d:10:98:8e:49:e8:
         74:bd:64:67:c2:87:3a:94:c8:e4:bd:94:1e:b7:f7:1e:7b:cf:
         1a:6a:e9:ce:d1:d9:9f:b1:74:db:1b:18:d8:2d:f5:51:91:b7:
         1c:46:16:35:78:07:77:e9:8c:d5:07:72:8b:85:5b:28:18:fc:
         db:f0:cf:06:c7:51:09:8c:af:37:09:9f:28:83:4d:52:87:19:
         05:0f:6c:83:3e:0d:eb:d8:26:33:78:bf:32:ff:69:31:a4:d9:
         40:a8:c3:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZCxwxLEwDAGdMIJKG1fiIB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWJkNjgyYzFhOGZjNTAzN2FkYmY2ODE0M2FlNzdmZDAw
ZjM4YWIwHhcNMjQwNzE0MTUwMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGZjOTFlZjQyMjJjNTQ4MWVmMTdlYjUyM2IxNmM4NzAwODZhM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpc2kipslFV9pAmRGwTusMNdCON3
Ds5flhuRXatZe2d8WFt8WQ0tMixpD30V/HGjwSxBpq/ZjCq7NC6LCHZbyGKHQ0NE
vN3rx7966ja/LxWl9331t0RFO0gC+qplbh5qaDL3+LPdMzG1Ubu5Q9Rv6hm6EH5i
ffk8AwWzsfLNYutR1CrfWTPDuY6xd0QTKpPqFdxMNMBIGYN+orkRZb2p1SiPIIDs
wzfnlzK1tMk0SSAUVzN9FC7528rnwVG4tVNw1QLoYCTnXBQQg0hvd5Zam0BIUw7F
momtWBwphaHZF7VO0OKvjv9FWm1zlvk23KAeFmq35z7f17GKMsKYalAgNwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIT8ke9CIsVIHvF+tSOxbIcAhqPOMB8GA1UdIwQY
MBaAFAur1oLBqPxQN62/aBQ653/QDzirMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ2V2dzR29fRkEzcmI5b0ZEcm5mOUFQT0tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9iYzQwMWEtNjkzOC00ZmRjLTljNmUt
ZmFjM2Q1NTQzYTJjLzEvaFB5UjcwSWl4VWdlOFg2MUk3RnNod0NHbzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9iYzQwMWEtNjkzOC00ZmRjLTljNmUtZmFjM2Q1NTQzYTJj
LzEvQzZ2V2dzR29fRkEzcmI5b0ZEcm5mOUFQT0tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuZ9ZMA8E
AgACMAkDBwAqAl6A//owDQYJKoZIhvcNAQELBQADggEBAC3Ncc+EtCqBZvZyVsy0
PJ7BUD4AG38BG1hw6xHZU8lEKFaF7hlJKtVBh+5b9D0l1iTVExIfpZdZ2mBCxerV
aI9+YVMIygbqK6mK9hHRcg4kIlLqAq7iI7UrQaPp5pCg2yb7MDnR7dGOG9EQ0zKK
4bL8P/Z+hlrvLlWNJtsNJzd2WhmgAZLiidJN9wsY11t5YNDUh/eJ6sfELDT/dY0Q
mI5J6HS9ZGfChzqUyOS9lB639x57zxpq6c7R2Z+xdNsbGNgt9VGRtxxGFjV4B3fp
jNUHcouFWygY/NvwzwbHUQmMrzcJnyiDTVKHGQUPbIM+DevYJjN4vzL/aTGk2UCo
w6M=
-----END CERTIFICATE-----