Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1b8a9d-d3de-41bb-82c8-7ae263922822/1/HxomCw7KMpLSNlaOoR5KVHZ6MC8.roa
File:                     HxomCw7KMpLSNlaOoR5KVHZ6MC8.roa (raw, json)
Hash identifier:          tJ+FyzrF7rtTWakgFWAf/GYc9dzEQ00b5tcl1gK7jkc=
Subject key identifier:   1F:1A:26:0B:0E:CA:32:92:D2:36:56:8E:A1:1E:4A:54:76:7A:30:2F
Certificate issuer:       /CN=1a8922d3481308dbd4c2ab6e70eada9f75f6db68
Certificate serial:       018D3A8416D2474415F55E737A37C50C689C
Authority key identifier: 1A:89:22:D3:48:13:08:DB:D4:C2:AB:6E:70:EA:DA:9F:75:F6:DB:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Goki00gTCNvUwqtucOran3X222g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1b8a9d-d3de-41bb-82c8-7ae263922822/1/HxomCw7KMpLSNlaOoR5KVHZ6MC8.roa
Signing time:             Wed 24 Jan 2024 08:09:11 +0000
ROA not before:           Wed 24 Jan 2024 08:09:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        185.77.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1b8a9d-d3de-41bb-82c8-7ae263922822/1/Goki00gTCNvUwqtucOran3X222g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1b8a9d-d3de-41bb-82c8-7ae263922822/1/Goki00gTCNvUwqtucOran3X222g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Goki00gTCNvUwqtucOran3X222g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3a:84:16:d2:47:44:15:f5:5e:73:7a:37:c5:0c:68:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a8922d3481308dbd4c2ab6e70eada9f75f6db68
        Validity
            Not Before: Jan 24 08:09:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f1a260b0eca3292d236568ea11e4a54767a302f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:28:75:d2:bc:34:eb:e4:e9:7e:ad:90:88:40:
                    74:cb:d7:65:2b:d7:58:c1:0f:15:b3:6f:9f:d0:c3:
                    44:f6:ef:55:a9:45:de:2d:ee:95:15:31:65:4c:04:
                    28:14:63:c3:0b:63:43:a0:ad:b6:78:cf:4a:01:f9:
                    6e:d1:5d:af:aa:37:41:82:49:ab:f0:42:8e:16:40:
                    6b:80:ea:ca:f0:5b:54:da:5a:be:ce:26:6b:d0:61:
                    08:7a:69:c0:7f:75:18:90:77:0b:77:50:bd:16:7f:
                    74:46:46:90:d1:cb:00:32:7b:32:c1:f2:79:f9:a7:
                    da:88:b7:1d:34:26:b2:85:ab:63:b0:41:ed:dd:82:
                    a4:15:1f:0e:f4:7a:3a:80:8e:6b:2b:58:48:47:99:
                    0c:9a:04:e1:36:d8:a1:33:e6:7d:f7:68:db:b8:55:
                    12:cb:cc:1f:a7:b9:20:c7:cf:f6:03:d5:cf:48:61:
                    87:da:ee:df:1d:fa:4f:e9:c9:b9:a1:fe:d4:3c:bb:
                    e6:3e:42:dd:8f:32:49:1d:53:0d:c1:ce:78:55:b1:
                    8c:13:68:66:55:fd:97:54:12:eb:b6:6f:df:eb:3f:
                    22:ea:7f:a6:35:de:d7:e4:25:74:96:28:3f:f9:68:
                    24:65:1e:bb:79:73:06:af:89:8a:ba:7a:7d:cf:4d:
                    14:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:1A:26:0B:0E:CA:32:92:D2:36:56:8E:A1:1E:4A:54:76:7A:30:2F
            X509v3 Authority Key Identifier:
                keyid:1A:89:22:D3:48:13:08:DB:D4:C2:AB:6E:70:EA:DA:9F:75:F6:DB:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Goki00gTCNvUwqtucOran3X222g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1b8a9d-d3de-41bb-82c8-7ae263922822/1/HxomCw7KMpLSNlaOoR5KVHZ6MC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1b8a9d-d3de-41bb-82c8-7ae263922822/1/Goki00gTCNvUwqtucOran3X222g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:c7:4b:51:83:8c:fb:d0:f6:1c:a8:2e:71:ef:cb:03:eb:32:
         0e:41:5b:e2:94:44:c3:6b:f8:af:fd:c6:33:e4:af:f0:81:fe:
         9e:a1:67:67:b1:48:fd:01:f8:95:71:d3:31:9c:a0:6d:4a:fc:
         52:30:80:e3:7c:fc:98:e0:b5:6a:4e:d3:7e:87:a7:af:e3:1f:
         2d:93:4b:9c:f3:58:b7:57:cc:08:d2:25:a6:a6:61:c4:81:1b:
         98:13:68:d9:80:09:6d:44:70:43:d0:f2:42:5a:03:0f:f6:d3:
         57:25:fb:be:f6:43:8e:39:bb:c2:41:d4:8d:f8:64:7a:5a:62:
         95:1b:42:b4:c4:fd:f0:26:5a:47:d4:ca:dd:59:64:15:ae:20:
         ad:29:dd:a0:ee:bb:79:02:1e:29:6b:f5:85:30:07:2b:cb:50:
         b4:3a:8c:e6:1d:2f:2e:48:73:13:13:9a:25:c4:e2:87:12:94:
         c3:70:67:83:a7:1e:02:69:73:0c:b0:78:94:ea:09:91:7f:df:
         26:2a:aa:14:61:ba:80:cc:07:48:70:a2:7e:6f:09:bb:c2:ab:
         bc:b6:3f:03:d4:97:39:ad:1d:6a:50:2d:2e:2e:72:ae:9c:04:
         cb:69:e7:3a:7c:37:c7:f0:22:82:97:f5:22:41:42:44:95:72:
         df:0a:67:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY06hBbSR0QV9V5zejfFDGicMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhODkyMmQzNDgxMzA4ZGJkNGMyYWI2ZTcwZWFkYTlmNzVm
NmRiNjgwHhcNMjQwMTI0MDgwOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjFhMjYwYjBlY2EzMjkyZDIzNjU2OGVhMTFlNGE1NDc2N2EzMDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ch10rw06+Tpfq2QiEB0y9dlK9dY
wQ8Vs2+f0MNE9u9VqUXeLe6VFTFlTAQoFGPDC2NDoK22eM9KAflu0V2vqjdBgkmr
8EKOFkBrgOrK8FtU2lq+ziZr0GEIemnAf3UYkHcLd1C9Fn90RkaQ0csAMnsywfJ5
+afaiLcdNCayhatjsEHt3YKkFR8O9Ho6gI5rK1hIR5kMmgThNtihM+Z992jbuFUS
y8wfp7kgx8/2A9XPSGGH2u7fHfpP6cm5of7UPLvmPkLdjzJJHVMNwc54VbGME2hm
Vf2XVBLrtm/f6z8i6n+mNd7X5CV0lig/+WgkZR67eXMGr4mKunp9z00UVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB8aJgsOyjKS0jZWjqEeSlR2ejAvMB8GA1UdIwQY
MBaAFBqJItNIEwjb1MKrbnDq2p919ttoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR29raTAwZ1RDTnZVd3F0dWNPcmFuM1gyMjJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xYjhhOWQtZDNkZS00MWJiLTgyYzgt
N2FlMjYzOTIyODIyLzEvSHhvbUN3N0tNcExTTmxhT29SNUtWSFo2TUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xYjhhOWQtZDNkZS00MWJiLTgyYzgtN2FlMjYzOTIyODIy
LzEvR29raTAwZ1RDTnZVd3F0dWNPcmFuM1gyMjJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU1kMA0G
CSqGSIb3DQEBCwUAA4IBAQANx0tRg4z70PYcqC5x78sD6zIOQVvilETDa/iv/cYz
5K/wgf6eoWdnsUj9AfiVcdMxnKBtSvxSMIDjfPyY4LVqTtN+h6ev4x8tk0uc81i3
V8wI0iWmpmHEgRuYE2jZgAltRHBD0PJCWgMP9tNXJfu+9kOOObvCQdSN+GR6WmKV
G0K0xP3wJlpH1MrdWWQVriCtKd2g7rt5Ah4pa/WFMAcry1C0OozmHS8uSHMTE5ol
xOKHEpTDcGeDpx4CaXMMsHiU6gmRf98mKqoUYbqAzAdIcKJ+bwm7wqu8tj8D1Jc5
rR1qUC0uLnKunATLaec6fDfH8CKCl/UiQUJElXLfCmeG
-----END CERTIFICATE-----