Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/Ho6HSFFFvHMZbFBs5SdgvLi4P90.roa
File:                     Ho6HSFFFvHMZbFBs5SdgvLi4P90.roa (raw, json)
Hash identifier:          N1BAxE9DrcIkwBTvmOfySoVV4Nh3PJQ0/Mzq3FDAz7U=
Subject key identifier:   1E:8E:87:48:51:45:BC:73:19:6C:50:6C:E5:27:60:BC:B8:B8:3F:DD
Certificate issuer:       /CN=d0e2da8e891690e71e9b8595097da7c6064da602
Certificate serial:       018FBE984A8DF9875BE41927658418951528
Authority key identifier: D0:E2:DA:8E:89:16:90:E7:1E:9B:85:95:09:7D:A7:C6:06:4D:A6:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0OLajokWkOcem4WVCX2nxgZNpgI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/Ho6HSFFFvHMZbFBs5SdgvLi4P90.roa
Signing time:             Tue 28 May 2024 09:46:42 +0000
ROA not before:           Tue 28 May 2024 09:46:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        185.32.108.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/0OLajokWkOcem4WVCX2nxgZNpgI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/0OLajokWkOcem4WVCX2nxgZNpgI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0OLajokWkOcem4WVCX2nxgZNpgI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:98:4a:8d:f9:87:5b:e4:19:27:65:84:18:95:15:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0e2da8e891690e71e9b8595097da7c6064da602
        Validity
            Not Before: May 28 09:46:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e8e87485145bc73196c506ce52760bcb8b83fdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:79:13:1f:b8:b7:ef:42:dd:23:a8:50:29:8f:
                    9b:13:78:b7:d8:78:df:c5:62:4b:3e:41:b4:34:6b:
                    1f:4a:cb:74:a8:5e:a9:dc:bd:03:40:fd:00:39:60:
                    51:fd:8b:99:b9:ae:0f:8c:43:e5:53:b2:8a:50:a9:
                    b4:01:60:28:ce:5d:38:1b:af:17:c4:85:e5:45:ff:
                    5a:36:23:05:3b:8f:0c:fc:0a:aa:00:9b:71:28:dc:
                    1c:21:6a:d0:20:83:d9:ca:2f:4e:06:86:5a:a0:7f:
                    03:f6:3d:d8:bd:fd:d5:04:9f:65:c4:ff:ba:0c:f8:
                    62:05:7e:b7:71:33:d3:6e:f2:4a:34:5b:8f:14:4e:
                    70:38:c0:e6:c3:ba:be:6d:18:db:15:ee:46:22:42:
                    79:6e:57:e9:2b:8f:d3:35:5f:fd:c2:9b:1a:ad:cf:
                    e7:67:03:89:fd:02:d2:8a:90:19:9b:f8:ae:06:7c:
                    19:4b:32:1e:5f:b6:69:da:b5:cb:35:35:a1:0c:53:
                    25:04:47:a3:cd:26:d3:56:dd:d2:77:3f:f6:a2:f4:
                    bf:9b:16:5e:08:53:d4:47:50:d9:d3:76:ca:c9:37:
                    d5:f9:13:88:12:a5:10:7d:17:08:28:10:f4:e8:c9:
                    2a:b2:ce:e6:53:c8:cc:67:01:d5:a8:03:90:43:ac:
                    22:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:8E:87:48:51:45:BC:73:19:6C:50:6C:E5:27:60:BC:B8:B8:3F:DD
            X509v3 Authority Key Identifier:
                keyid:D0:E2:DA:8E:89:16:90:E7:1E:9B:85:95:09:7D:A7:C6:06:4D:A6:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0OLajokWkOcem4WVCX2nxgZNpgI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/Ho6HSFFFvHMZbFBs5SdgvLi4P90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f06e2c-97b7-4628-8b69-ec2fbafe4d91/1/0OLajokWkOcem4WVCX2nxgZNpgI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:bc:7f:f2:9d:d3:9f:57:61:6a:ac:bd:18:6e:d4:46:68:be:
         c1:5e:90:72:e6:4e:dc:5b:53:b6:b2:99:87:06:84:24:54:4d:
         39:e9:5a:72:40:be:0f:30:93:fa:1b:cc:0c:51:97:9c:8c:b9:
         b0:1b:4e:70:1a:b1:c2:bd:5d:b9:a7:68:f4:77:e6:16:9d:c5:
         a5:9d:ae:0f:26:4e:78:d5:96:de:b7:13:93:de:85:df:ec:bb:
         46:db:4b:1b:cf:2a:d1:c9:30:f6:9d:3b:91:cb:fe:09:7c:df:
         58:0b:a2:8c:a0:fb:43:83:44:cb:c1:14:04:c9:8a:8e:d9:1b:
         dc:20:69:d1:9d:70:15:ed:fc:c7:3a:b5:ba:90:4e:8f:b3:07:
         05:0a:2c:25:89:a7:66:06:fb:ae:6d:f9:7c:0b:81:72:e7:04:
         0c:df:74:11:63:35:f7:ad:84:cc:77:ab:e0:3f:91:59:4b:a5:
         12:63:13:85:e2:1d:96:a5:81:b4:83:08:40:f3:cc:b0:fe:34:
         63:16:04:7e:5d:76:a4:2f:97:01:3d:43:28:b8:bd:50:1e:e3:
         ae:fb:8f:4d:ff:9a:09:ed:3c:da:83:52:d7:f1:6c:d9:cf:c6:
         be:c7:69:ba:7e:1b:27:ec:38:a2:0a:9e:d9:cf:a5:5c:19:57:
         d7:ff:45:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY++mEqN+Ydb5BknZYQYlRUoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZTJkYThlODkxNjkwZTcxZTliODU5NTA5N2RhN2M2MDY0
ZGE2MDIwHhcNMjQwNTI4MDk0NjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZThlODc0ODUxNDViYzczMTk2YzUwNmNlNTI3NjBiY2I4YjgzZmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHkTH7i370LdI6hQKY+bE3i32Hjf
xWJLPkG0NGsfSst0qF6p3L0DQP0AOWBR/YuZua4PjEPlU7KKUKm0AWAozl04G68X
xIXlRf9aNiMFO48M/AqqAJtxKNwcIWrQIIPZyi9OBoZaoH8D9j3Yvf3VBJ9lxP+6
DPhiBX63cTPTbvJKNFuPFE5wOMDmw7q+bRjbFe5GIkJ5blfpK4/TNV/9wpsarc/n
ZwOJ/QLSipAZm/iuBnwZSzIeX7Zp2rXLNTWhDFMlBEejzSbTVt3Sdz/2ovS/mxZe
CFPUR1DZ03bKyTfV+ROIEqUQfRcIKBD06Mkqss7mU8jMZwHVqAOQQ6winwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6Oh0hRRbxzGWxQbOUnYLy4uD/dMB8GA1UdIwQY
MBaAFNDi2o6JFpDnHpuFlQl9p8YGTaYCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME9MYWpva1drT2NlbTRXVkNYMm54Z1pOcGdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mMDZlMmMtOTdiNy00NjI4LThiNjkt
ZWMyZmJhZmU0ZDkxLzEvSG82SFNGRkZ2SE1aYkZCczVTZGd2TGk0UDkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mMDZlMmMtOTdiNy00NjI4LThiNjktZWMyZmJhZmU0ZDkx
LzEvME9MYWpva1drT2NlbTRXVkNYMm54Z1pOcGdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSBsMA0G
CSqGSIb3DQEBCwUAA4IBAQAtvH/yndOfV2FqrL0YbtRGaL7BXpBy5k7cW1O2spmH
BoQkVE056VpyQL4PMJP6G8wMUZecjLmwG05wGrHCvV25p2j0d+YWncWlna4PJk54
1ZbetxOT3oXf7LtG20sbzyrRyTD2nTuRy/4JfN9YC6KMoPtDg0TLwRQEyYqO2Rvc
IGnRnXAV7fzHOrW6kE6PswcFCiwliadmBvuubfl8C4Fy5wQM33QRYzX3rYTMd6vg
P5FZS6USYxOF4h2WpYG0gwhA88yw/jRjFgR+XXakL5cBPUMouL1QHuOu+49N/5oJ
7Tzag1LX8WzZz8a+x2m6fhsn7DiiCp7Zz6VcGVfX/0W4
-----END CERTIFICATE-----