Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/5f83db-efae-4091-b347-746543ccf489/1/h_r6bXwwXve5SSblJ6DfR5uWSec.roa
File:                     h_r6bXwwXve5SSblJ6DfR5uWSec.roa (raw, json)
Hash identifier:          8SO3K8+ihgYOtniqcX1WBR+jehxG/FZtox44DjqgBgA=
Subject key identifier:   87:FA:FA:6D:7C:30:5E:F7:B9:49:26:E5:27:A0:DF:47:9B:96:49:E7
Certificate issuer:       /CN=fbd9676b39d0f44ac1015d009f026424602d12f7
Certificate serial:       018CC94E5D2BA975B105AF8F4983158F9FFB
Authority key identifier: FB:D9:67:6B:39:D0:F4:4A:C1:01:5D:00:9F:02:64:24:60:2D:12:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-9lnaznQ9ErBAV0AnwJkJGAtEvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/5f83db-efae-4091-b347-746543ccf489/1/h_r6bXwwXve5SSblJ6DfR5uWSec.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48095
IP address blocks:        185.189.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/5f83db-efae-4091-b347-746543ccf489/1/1-9lnaznQ9ErBAV0AnwJkJGAtEvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/5f83db-efae-4091-b347-746543ccf489/1/1-9lnaznQ9ErBAV0AnwJkJGAtEvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-9lnaznQ9ErBAV0AnwJkJGAtEvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5d:2b:a9:75:b1:05:af:8f:49:83:15:8f:9f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbd9676b39d0f44ac1015d009f026424602d12f7
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87fafa6d7c305ef7b94926e527a0df479b9649e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:4a:1f:34:b3:67:b4:ee:ef:39:fd:d2:8d:4a:
                    38:ee:23:6a:4d:28:57:db:d4:10:43:3c:dd:d3:26:
                    d7:c7:4f:fd:22:d0:b2:6e:5c:ba:67:5f:c9:58:13:
                    ff:52:c7:75:ee:d2:e6:f6:b1:ab:dc:c3:ab:19:8f:
                    3a:30:ea:7e:82:f2:24:f4:85:31:bf:95:5b:87:f5:
                    64:85:78:fd:60:d3:a5:cb:16:a9:58:12:a9:05:3e:
                    6a:07:57:d4:0a:2f:cf:fa:19:43:dd:a7:7b:be:cc:
                    46:05:08:70:86:8a:80:c9:b2:b5:0b:c1:1e:26:e5:
                    1b:86:fc:82:d7:10:9d:6e:42:ed:4a:c3:e2:df:f4:
                    41:cb:22:09:28:3c:67:63:e4:39:ad:9e:78:f8:9b:
                    20:64:8b:9c:b1:32:75:05:56:2f:ba:c9:2c:41:dd:
                    ef:9c:ce:33:ca:6d:61:a6:4c:48:72:35:8a:dc:b7:
                    2b:d8:c5:68:45:34:ac:c6:81:6b:d7:ae:e1:e4:d2:
                    c7:06:48:87:43:48:95:2e:2e:47:98:fe:b7:2b:3d:
                    53:32:58:ac:39:da:19:f1:89:43:f2:b8:65:04:09:
                    36:73:06:df:9d:12:5f:6f:5b:02:75:4d:5c:41:57:
                    ff:15:cf:a3:9d:57:df:e9:b3:a5:60:8c:b1:d9:fd:
                    f9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FA:FA:6D:7C:30:5E:F7:B9:49:26:E5:27:A0:DF:47:9B:96:49:E7
            X509v3 Authority Key Identifier:
                keyid:FB:D9:67:6B:39:D0:F4:4A:C1:01:5D:00:9F:02:64:24:60:2D:12:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-9lnaznQ9ErBAV0AnwJkJGAtEvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/5f83db-efae-4091-b347-746543ccf489/1/h_r6bXwwXve5SSblJ6DfR5uWSec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/5f83db-efae-4091-b347-746543ccf489/1/1-9lnaznQ9ErBAV0AnwJkJGAtEvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:96:6a:6c:b1:47:77:ed:0a:45:5b:df:07:09:d1:9b:2a:67:
         81:d7:39:d6:28:49:32:eb:00:99:2c:b8:a8:e6:34:2e:68:5a:
         47:e2:55:3a:32:af:f1:d9:28:76:42:b2:14:d7:ac:ac:11:49:
         6b:e0:63:80:3d:77:05:37:2c:10:47:2b:e8:8a:b7:d1:45:5c:
         ff:c5:63:a5:1e:28:bd:45:bf:89:52:73:a8:7e:a0:60:2c:5d:
         a4:db:95:55:17:67:30:44:f5:b6:d5:91:b8:16:50:bc:1e:fe:
         aa:67:cc:69:b5:54:88:5a:a3:6e:eb:f2:8e:45:ee:97:b2:e9:
         67:d5:69:b5:9e:a4:a8:e7:e6:77:e9:1c:c3:8c:ee:2e:3f:bb:
         6d:e6:99:40:b2:97:e0:54:3e:40:93:84:69:6f:17:22:2d:b1:
         78:04:89:6d:42:b6:4c:82:e7:2a:05:ae:7c:0b:09:86:26:3e:
         43:91:a1:88:fb:43:4c:cf:a6:d4:57:c5:96:2b:e8:85:2a:8a:
         74:4e:6e:31:5a:a2:43:f6:c7:c3:40:02:92:0d:fc:85:f7:65:
         1f:5d:7e:dc:d0:ee:4b:84:0f:67:7e:ac:0b:11:37:85:95:64:
         0e:fb:63:33:ab:a2:2e:a3:4c:63:1c:f6:a6:c3:64:5d:a9:e7:
         a8:9c:b6:80
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTl0rqXWxBa+PSYMVj5/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZDk2NzZiMzlkMGY0NGFjMTAxNWQwMDlmMDI2NDI0NjAy
ZDEyZjcwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2ZhZmE2ZDdjMzA1ZWY3Yjk0OTI2ZTUyN2EwZGY0NzliOTY0OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1UofNLNntO7vOf3SjUo47iNqTShX
29QQQzzd0ybXx0/9ItCybly6Z1/JWBP/Usd17tLm9rGr3MOrGY86MOp+gvIk9IUx
v5Vbh/VkhXj9YNOlyxapWBKpBT5qB1fUCi/P+hlD3ad7vsxGBQhwhoqAybK1C8Ee
JuUbhvyC1xCdbkLtSsPi3/RByyIJKDxnY+Q5rZ54+JsgZIucsTJ1BVYvusksQd3v
nM4zym1hpkxIcjWK3Lcr2MVoRTSsxoFr167h5NLHBkiHQ0iVLi5HmP63Kz1TMlis
OdoZ8YlD8rhlBAk2cwbfnRJfb1sCdU1cQVf/Fc+jnVff6bOlYIyx2f35BwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIf6+m18MF73uUkm5Seg30eblknnMB8GA1UdIwQY
MBaAFPvZZ2s50PRKwQFdAJ8CZCRgLRL3MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS05bG5hem5ROUVyQkFWMEFud0prSkdBdEV2Yy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzQvNWY4M2RiLWVmYWUtNDA5MS1iMzQ3
LTc0NjU0M2NjZjQ4OS8xL2hfcjZiWHd3WHZlNVNTYmxKNkRmUjV1V1NlYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzQvNWY4M2RiLWVmYWUtNDA5MS1iMzQ3LTc0NjU0M2NjZjQ4
OS8xLzEtOWxuYXpuUTlFckJBVjBBbndKa0pHQXRFdmMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK5vSww
DQYJKoZIhvcNAQELBQADggEBAAuWamyxR3ftCkVb3wcJ0ZsqZ4HXOdYoSTLrAJks
uKjmNC5oWkfiVToyr/HZKHZCshTXrKwRSWvgY4A9dwU3LBBHK+iKt9FFXP/FY6Ue
KL1Fv4lSc6h+oGAsXaTblVUXZzBE9bbVkbgWULwe/qpnzGm1VIhao27r8o5F7pey
6WfVabWepKjn5nfpHMOM7i4/u23mmUCyl+BUPkCThGlvFyItsXgEiW1CtkyC5yoF
rnwLCYYmPkORoYj7Q0zPptRXxZYr6IUqinRObjFaokP2x8NAApIN/IX3ZR9dftzQ
7kuED2d+rAsRN4WVZA77YzOroi6jTGMc9qbDZF2p56ictoA=
-----END CERTIFICATE-----