Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/HyCJ7DdTc14dYav3-QLMZsmnggE.roa
File:                     HyCJ7DdTc14dYav3-QLMZsmnggE.roa (raw, json)
Hash identifier:          wMxlU+ajuWthvoAN6JyfVTF2Dq/CqOzo7MbjfmBjix8=
Subject key identifier:   1F:20:89:EC:37:53:73:5E:1D:61:AB:F7:F9:02:CC:66:C9:A7:82:01
Certificate issuer:       /CN=aba10057bcd00762eef43823c030e7e32d572241
Certificate serial:       018CC8DF8CB60846EA51FCCCC4FFF7C99EA2
Authority key identifier: AB:A1:00:57:BC:D0:07:62:EE:F4:38:23:C0:30:E7:E3:2D:57:22:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/HyCJ7DdTc14dYav3-QLMZsmnggE.roa
Signing time:             Tue 02 Jan 2024 06:32:22 +0000
ROA not before:           Tue 02 Jan 2024 06:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        160.202.22.0/24 maxlen: 24
                          160.202.20.0/24 maxlen: 24
                          160.202.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:8c:b6:08:46:ea:51:fc:cc:c4:ff:f7:c9:9e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aba10057bcd00762eef43823c030e7e32d572241
        Validity
            Not Before: Jan  2 06:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f2089ec3753735e1d61abf7f902cc66c9a78201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:63:4b:44:9e:25:a3:0f:08:f2:1b:81:63:d8:
                    11:e5:40:dc:c1:d7:b7:63:ee:57:d7:63:f7:0b:1f:
                    59:80:5a:2b:7a:82:c5:81:43:9a:4c:ae:b9:89:38:
                    88:d4:7b:68:87:03:ed:a0:96:50:5e:4f:51:24:1d:
                    34:5d:0b:b2:5f:71:b3:85:b0:23:3b:08:a3:32:af:
                    e9:8d:0d:34:e4:20:90:c1:30:bc:81:9a:2e:a4:14:
                    b5:9a:67:c4:1c:56:a0:fc:5e:f1:5b:bd:ed:8e:0f:
                    2b:19:f4:7a:c5:00:61:31:74:7b:d4:43:f8:9d:7a:
                    d8:53:2e:66:90:0f:7c:5c:e6:e6:6e:cb:c9:c6:95:
                    22:80:09:ea:0f:15:da:f3:e2:1a:16:c1:8c:38:ad:
                    1d:dd:39:4a:ab:6c:4d:39:91:91:0e:71:1c:d5:e8:
                    2c:7c:b1:7b:8c:f5:48:9a:82:ae:a9:ae:0d:58:ca:
                    e5:69:f2:7f:97:3b:9b:05:5b:de:37:10:d3:09:b8:
                    61:98:20:65:34:ef:9d:f7:9f:44:90:9f:c6:9d:b9:
                    52:4c:b7:c3:0c:ce:f6:e5:e2:28:b1:d0:71:c7:82:
                    b5:e9:23:71:64:a3:63:f1:eb:95:f6:46:4d:f3:f5:
                    93:c0:08:42:45:47:b4:6a:62:9c:07:cf:33:62:bb:
                    f5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:20:89:EC:37:53:73:5E:1D:61:AB:F7:F9:02:CC:66:C9:A7:82:01
            X509v3 Authority Key Identifier:
                keyid:AB:A1:00:57:BC:D0:07:62:EE:F4:38:23:C0:30:E7:E3:2D:57:22:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/HyCJ7DdTc14dYav3-QLMZsmnggE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/80353d-4f22-4d94-bead-dd20e2994cd0/1/q6EAV7zQB2Lu9DgjwDDn4y1XIkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.202.20.0-160.202.22.255

    Signature Algorithm: sha256WithRSAEncryption
         ae:38:47:4e:7c:d0:d6:c2:34:b6:94:3d:db:ff:8e:87:e5:0e:
         7d:04:11:14:08:b6:5f:ca:4e:1c:95:85:95:2c:44:ba:e3:9c:
         6c:df:d9:00:07:3c:23:49:50:c3:90:1b:01:cb:44:ea:df:de:
         de:53:34:99:85:ba:dd:25:0c:ec:72:e3:b0:9f:97:dd:89:75:
         ba:04:01:dc:58:9a:25:6a:c3:07:31:fc:50:fd:02:8d:2d:92:
         f8:c8:aa:96:85:4c:e6:2d:62:6d:66:b4:bd:cb:ff:33:fe:94:
         38:c8:6e:3c:0e:f9:49:34:44:10:b0:ae:4c:9e:6b:cc:7e:27:
         4b:f5:3e:d3:f1:4b:96:b6:9e:91:0e:90:32:c9:e7:92:1c:e4:
         c5:1d:b6:24:09:f9:8e:54:c2:95:ff:3b:d1:fa:a8:a6:a3:d7:
         37:a6:5b:35:a8:54:51:45:84:59:ed:51:5d:cb:cb:89:68:b2:
         7c:84:ce:16:1d:3e:87:7d:db:70:c3:81:e7:08:b0:f6:b9:31:
         1b:0e:d3:b0:6c:65:97:9a:73:87:41:24:55:d3:e4:53:82:76:
         0a:c8:d3:fe:92:fd:13:dc:72:0b:09:f2:33:f4:02:ff:56:1e:
         f7:bd:c7:7e:21:25:17:7a:1f:90:b0:5d:92:f3:17:07:55:81:
         b2:a4:6e:c6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI34y2CEbqUfzMxP/3yZ6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYTEwMDU3YmNkMDA3NjJlZWY0MzgyM2MwMzBlN2UzMmQ1
NzIyNDEwHhcNMjQwMTAyMDYzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjIwODllYzM3NTM3MzVlMWQ2MWFiZjdmOTAyY2M2NmM5YTc4MjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGNLRJ4low8I8huBY9gR5UDcwde3
Y+5X12P3Cx9ZgForeoLFgUOaTK65iTiI1HtohwPtoJZQXk9RJB00XQuyX3GzhbAj
OwijMq/pjQ005CCQwTC8gZoupBS1mmfEHFag/F7xW73tjg8rGfR6xQBhMXR71EP4
nXrYUy5mkA98XObmbsvJxpUigAnqDxXa8+IaFsGMOK0d3TlKq2xNOZGRDnEc1egs
fLF7jPVImoKuqa4NWMrlafJ/lzubBVveNxDTCbhhmCBlNO+d959EkJ/GnblSTLfD
DM725eIosdBxx4K16SNxZKNj8euV9kZN8/WTwAhCRUe0amKcB88zYrv1UQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB8giew3U3NeHWGr9/kCzGbJp4IBMB8GA1UdIwQY
MBaAFKuhAFe80Adi7vQ4I8Aw5+MtVyJBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTZFQVY3elFCMkx1OURnandERG40eTFYSWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84MDM1M2QtNGYyMi00ZDk0LWJlYWQt
ZGQyMGUyOTk0Y2QwLzEvSHlDSjdEZFRjMTRkWWF2My1RTE1ac21uZ2dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84MDM1M2QtNGYyMi00ZDk0LWJlYWQtZGQyMGUyOTk0Y2Qw
LzEvcTZFQVY3elFCMkx1OURnandERG40eTFYSWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAKgyhQD
BACgyhYwDQYJKoZIhvcNAQELBQADggEBAK44R0580NbCNLaUPdv/joflDn0EERQI
tl/KThyVhZUsRLrjnGzf2QAHPCNJUMOQGwHLROrf3t5TNJmFut0lDOxy47Cfl92J
dboEAdxYmiVqwwcx/FD9Ao0tkvjIqpaFTOYtYm1mtL3L/zP+lDjIbjwO+Uk0RBCw
rkyea8x+J0v1PtPxS5a2npEOkDLJ55Ic5MUdtiQJ+Y5UwpX/O9H6qKaj1zemWzWo
VFFFhFntUV3Ly4losnyEzhYdPod923DDgecIsPa5MRsO07BsZZeac4dBJFXT5FOC
dgrI0/6S/RPccgsJ8jP0Av9WHve9x34hJRd6H5CwXZLzFwdVgbKkbsY=
-----END CERTIFICATE-----