Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/H-27VmkQTZusmORCn5Lbv7OCsOI.roa
File:                     H-27VmkQTZusmORCn5Lbv7OCsOI.roa (raw, json)
Hash identifier:          /ymncvd7SUK5ZS4bzYcumUZ1b9TvbTf9rOojF5/Q5GA=
Subject key identifier:   1F:ED:BB:56:69:10:4D:9B:AC:98:E4:42:9F:92:DB:BF:B3:82:B0:E2
Certificate issuer:       /CN=6a8b5a374f146d7b6a6dc7d316e8ebb12deea670
Certificate serial:       018CC26D013BD31C45A715B2273C50DB6398
Authority key identifier: 6A:8B:5A:37:4F:14:6D:7B:6A:6D:C7:D3:16:E8:EB:B1:2D:EE:A6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/H-27VmkQTZusmORCn5Lbv7OCsOI.roa
Signing time:             Mon 01 Jan 2024 00:29:32 +0000
ROA not before:           Mon 01 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211440
IP address blocks:        185.80.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:01:3b:d3:1c:45:a7:15:b2:27:3c:50:db:63:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8b5a374f146d7b6a6dc7d316e8ebb12deea670
        Validity
            Not Before: Jan  1 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fedbb5669104d9bac98e4429f92dbbfb382b0e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:30:7e:c1:52:13:5f:ce:07:16:5b:3c:08:a5:
                    e8:6d:a6:26:67:de:5d:47:cc:67:fc:f1:d1:0f:4d:
                    86:14:f5:de:44:70:00:40:5a:8e:82:41:80:f0:0a:
                    41:39:41:3b:42:5c:02:5d:27:fb:8d:69:d0:c4:c1:
                    b7:9c:7d:de:c6:ae:74:d1:71:a8:01:25:cd:46:5e:
                    f6:e3:9f:5b:75:4e:94:7d:6a:f6:d2:0e:43:69:63:
                    61:ce:08:f5:10:ea:a0:4d:6a:ca:87:10:44:4e:6c:
                    d2:43:60:a8:8c:8a:72:0a:b0:3f:67:05:f7:78:a4:
                    84:af:22:22:8e:04:2f:d4:e1:18:8c:75:75:da:7c:
                    45:43:ed:fa:13:3d:11:02:3e:0d:63:13:8d:3d:5f:
                    7a:79:a6:67:e7:d8:8c:b8:b1:7b:3e:9b:fd:f5:ae:
                    f5:24:b9:4a:a5:89:3c:66:20:ba:a1:ef:13:d2:c6:
                    3e:3c:50:66:04:12:91:a0:cb:5e:d9:51:d5:12:42:
                    94:46:98:dd:e3:1c:bb:56:c5:20:fd:57:20:2b:fa:
                    58:8c:57:8c:7f:3c:91:f9:a1:d3:bb:d0:a6:c6:1f:
                    00:ed:c7:4f:5e:08:a5:90:67:48:05:98:7f:80:60:
                    71:53:40:74:c4:2c:8b:5c:48:38:c6:e3:58:42:f3:
                    c1:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:ED:BB:56:69:10:4D:9B:AC:98:E4:42:9F:92:DB:BF:B3:82:B0:E2
            X509v3 Authority Key Identifier:
                keyid:6A:8B:5A:37:4F:14:6D:7B:6A:6D:C7:D3:16:E8:EB:B1:2D:EE:A6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aotaN08UbXtqbcfTFujrsS3upnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/H-27VmkQTZusmORCn5Lbv7OCsOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/f6c862-af8b-43f3-98ad-44241fec1a9f/1/aotaN08UbXtqbcfTFujrsS3upnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.80.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:4b:dc:7a:61:df:25:b0:1f:ba:e7:dd:ec:19:32:8e:34:3a:
         eb:6e:d2:bc:d8:59:68:de:ea:97:08:05:66:e5:07:ed:d4:8f:
         88:39:63:9f:9a:79:ca:13:09:47:6b:cd:d1:ca:f6:67:36:d4:
         14:7b:02:83:66:8c:d2:52:93:71:c2:3f:08:ec:b1:48:87:24:
         3a:d3:ca:a3:2b:a1:4b:3c:49:48:9d:14:db:47:51:1c:84:39:
         05:52:e7:cb:9f:7e:e5:dd:99:c4:a4:80:60:01:b0:d3:e5:8a:
         07:65:d5:85:c8:e4:4f:0c:d4:e9:3e:4c:a0:8e:6c:68:1e:08:
         6e:d6:14:71:73:6a:50:51:0e:15:22:57:e5:05:9a:6d:97:b6:
         8e:e1:c2:d4:7b:01:c6:92:57:bd:a3:ce:e7:5f:e5:85:4f:a9:
         78:c3:10:07:b3:98:43:c2:0d:14:9c:aa:26:0f:e4:e2:dd:7b:
         eb:dc:4d:c6:01:65:e0:ce:e4:f0:db:04:98:f3:d5:ad:67:43:
         6c:f2:90:7c:ec:c2:0b:15:20:af:cc:f0:c5:ae:72:8c:a6:d8:
         5a:e6:a8:44:b5:13:b5:49:c9:03:66:8d:9b:0c:cf:ba:7c:f8:
         be:68:fa:96:d4:5e:4d:d4:02:04:e0:55:c5:23:dd:50:0b:9c:
         78:32:49:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQE70xxFpxWyJzxQ22OYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGI1YTM3NGYxNDZkN2I2YTZkYzdkMzE2ZThlYmIxMmRl
ZWE2NzAwHhcNMjQwMTAxMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmVkYmI1NjY5MTA0ZDliYWM5OGU0NDI5ZjkyZGJiZmIzODJiMGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjB+wVITX84HFls8CKXobaYmZ95d
R8xn/PHRD02GFPXeRHAAQFqOgkGA8ApBOUE7QlwCXSf7jWnQxMG3nH3exq500XGo
ASXNRl72459bdU6UfWr20g5DaWNhzgj1EOqgTWrKhxBETmzSQ2CojIpyCrA/ZwX3
eKSEryIijgQv1OEYjHV12nxFQ+36Ez0RAj4NYxONPV96eaZn59iMuLF7Ppv99a71
JLlKpYk8ZiC6oe8T0sY+PFBmBBKRoMte2VHVEkKURpjd4xy7VsUg/VcgK/pYjFeM
fzyR+aHTu9Cmxh8A7cdPXgilkGdIBZh/gGBxU0B0xCyLXEg4xuNYQvPB3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/tu1ZpEE2brJjkQp+S27+zgrDiMB8GA1UdIwQY
MBaAFGqLWjdPFG17am3H0xbo67Et7qZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW90YU4wOFViWHRxYmNmVEZ1anJzUzN1cG5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9mNmM4NjItYWY4Yi00M2YzLTk4YWQt
NDQyNDFmZWMxYTlmLzEvSC0yN1Zta1FUWnVzbU9SQ241TGJ2N09Dc09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9mNmM4NjItYWY4Yi00M2YzLTk4YWQtNDQyNDFmZWMxYTlm
LzEvYW90YU4wOFViWHRxYmNmVEZ1anJzUzN1cG5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVBaMA0G
CSqGSIb3DQEBCwUAA4IBAQBeS9x6Yd8lsB+6593sGTKONDrrbtK82Flo3uqXCAVm
5Qft1I+IOWOfmnnKEwlHa83RyvZnNtQUewKDZozSUpNxwj8I7LFIhyQ608qjK6FL
PElInRTbR1EchDkFUufLn37l3ZnEpIBgAbDT5YoHZdWFyORPDNTpPkygjmxoHghu
1hRxc2pQUQ4VIlflBZptl7aO4cLUewHGkle9o87nX+WFT6l4wxAHs5hDwg0UnKom
D+Ti3Xvr3E3GAWXgzuTw2wSY89WtZ0Ns8pB87MILFSCvzPDFrnKMptha5qhEtRO1
SckDZo2bDM+6fPi+aPqW1F5N1AIE4FXFI91QC5x4MknK
-----END CERTIFICATE-----