Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/H62-q5Al3BvsrtimTi-OnWuB_pI.roa
File:                     H62-q5Al3BvsrtimTi-OnWuB_pI.roa (raw, json)
Hash identifier:          RMnIJkRxtssPHVIgWgJQGdXR2bFdfQkHGf8+lF686XM=
Subject key identifier:   1F:AD:BE:AB:90:25:DC:1B:EC:AE:D8:A6:4E:2F:8E:9D:6B:81:FE:92
Certificate issuer:       /CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
Certificate serial:       018CC64A80AFB6038054CE69C8BCEE14C6C3
Authority key identifier: 5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/H62-q5Al3BvsrtimTi-OnWuB_pI.roa
Signing time:             Mon 01 Jan 2024 18:30:20 +0000
ROA not before:           Mon 01 Jan 2024 18:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197690
IP address blocks:        185.197.36.0/22 maxlen: 22
                          2a0a:75c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:80:af:b6:03:80:54:ce:69:c8:bc:ee:14:c6:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd39e1de18514bac2f5a23910f8c7d4672a0fd8
        Validity
            Not Before: Jan  1 18:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fadbeab9025dc1becaed8a64e2f8e9d6b81fe92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:96:e3:c2:b6:6b:fb:82:f0:a3:4f:d7:0f:34:
                    cd:df:3b:d8:a4:9f:16:6c:10:c8:0c:6f:ce:bc:7f:
                    1d:f1:bf:5e:5b:ac:eb:10:a6:e4:36:e0:b3:03:93:
                    1b:78:8b:25:64:c9:f9:91:91:71:85:c6:54:3a:c1:
                    53:1d:21:89:b4:fb:cc:ea:29:b7:58:16:ad:69:7c:
                    17:3f:b3:fd:76:87:bd:e6:97:71:84:f8:c6:b3:77:
                    97:f8:81:e3:d5:aa:22:d3:11:63:3f:44:4a:ac:6d:
                    3a:85:1f:66:35:48:2a:06:36:d9:0a:5c:ad:64:39:
                    87:8e:0d:c2:ea:44:2f:4c:c1:99:52:61:d0:bb:73:
                    db:bb:a8:19:d3:21:01:11:ce:47:05:ad:0a:a7:65:
                    ba:99:bf:88:4a:a6:3b:5f:86:21:58:8e:f0:e8:b7:
                    93:70:38:de:87:a2:55:94:85:08:ca:52:14:76:28:
                    19:12:6a:af:ad:80:ad:c0:fe:5c:f4:e7:7c:c5:c2:
                    2f:5a:5e:99:48:bb:f4:87:01:32:20:36:b2:f8:2f:
                    a1:f0:8d:21:04:9d:08:1d:f5:0c:35:57:e9:81:07:
                    d2:8c:cf:c8:0d:34:45:56:c1:71:f0:f6:8d:8f:7c:
                    0c:d8:39:96:c7:c4:85:55:1c:fa:78:7b:8d:84:62:
                    a1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:AD:BE:AB:90:25:DC:1B:EC:AE:D8:A6:4E:2F:8E:9D:6B:81:FE:92
            X509v3 Authority Key Identifier:
                keyid:5D:D3:9E:1D:E1:85:14:BA:C2:F5:A2:39:10:F8:C7:D4:67:2A:0F:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdOeHeGFFLrC9aI5EPjH1GcqD9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/H62-q5Al3BvsrtimTi-OnWuB_pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/96865e-c177-4844-8dc3-9c26b07b718b/1/XdOeHeGFFLrC9aI5EPjH1GcqD9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.36.0/22
                IPv6:
                  2a0a:75c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:8d:76:a3:28:3f:35:c1:c0:e8:1d:a2:d0:ac:bb:74:c2:8f:
         41:d5:29:2b:7f:88:18:29:26:30:12:38:17:67:08:f8:ff:e7:
         01:bd:8f:45:d2:04:53:04:7e:a3:da:a6:8a:12:e8:85:87:fa:
         7f:0c:be:2e:1a:17:9e:32:52:46:69:ad:35:9f:bb:a0:f9:0c:
         8a:0a:2f:12:c7:f7:71:b8:e1:4b:78:2f:50:3a:5b:2a:e9:e4:
         33:5f:39:28:07:f7:14:4e:a7:c8:e4:62:98:86:00:aa:20:5e:
         36:8c:cc:ac:cd:7d:78:f6:a5:42:89:cb:ee:36:b4:1b:52:d9:
         d9:fc:f1:5b:af:33:ad:97:ab:3c:c3:d8:e1:8c:c0:c6:1f:84:
         44:8b:e2:d1:9f:bd:e8:3c:37:0c:4d:18:14:eb:d0:b1:06:7b:
         29:ae:85:22:95:88:d6:4c:bf:f6:77:8e:9d:21:b1:cc:27:c2:
         7a:c1:9f:b6:c9:49:13:b6:ca:7a:43:45:06:04:71:c0:ba:88:
         42:75:75:21:01:14:4c:09:f3:2d:4a:69:36:ab:4e:6e:47:63:
         1f:2a:02:d2:c5:3a:3f:ea:06:62:e5:72:ba:fa:25:ae:92:89:
         9f:83:b4:cb:49:71:a5:60:fe:18:ef:ec:d8:45:02:27:dc:8b:
         6d:ae:52:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSoCvtgOAVM5pyLzuFMbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDM5ZTFkZTE4NTE0YmFjMmY1YTIzOTEwZjhjN2Q0Njcy
YTBmZDgwHhcNMjQwMTAxMTgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmFkYmVhYjkwMjVkYzFiZWNhZWQ4YTY0ZTJmOGU5ZDZiODFmZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZbjwrZr+4Lwo0/XDzTN3zvYpJ8W
bBDIDG/OvH8d8b9eW6zrEKbkNuCzA5MbeIslZMn5kZFxhcZUOsFTHSGJtPvM6im3
WBataXwXP7P9doe95pdxhPjGs3eX+IHj1aoi0xFjP0RKrG06hR9mNUgqBjbZClyt
ZDmHjg3C6kQvTMGZUmHQu3Pbu6gZ0yEBEc5HBa0Kp2W6mb+ISqY7X4YhWI7w6LeT
cDjeh6JVlIUIylIUdigZEmqvrYCtwP5c9Od8xcIvWl6ZSLv0hwEyIDay+C+h8I0h
BJ0IHfUMNVfpgQfSjM/IDTRFVsFx8PaNj3wM2DmWx8SFVRz6eHuNhGKhWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB+tvquQJdwb7K7Ypk4vjp1rgf6SMB8GA1UdIwQY
MBaAFF3Tnh3hhRS6wvWiORD4x9RnKg/YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMt
OWMyNmIwN2I3MThiLzEvSDYyLXE1QWwzQnZzcnRpbVRpLU9uV3VCX3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS85Njg2NWUtYzE3Ny00ODQ0LThkYzMtOWMyNmIwN2I3MThi
LzEvWGRPZUhlR0ZGTHJDOWFJNUVQakgxR2NxRDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucUkMA0E
AgACMAcDBQAqCnXAMA0GCSqGSIb3DQEBCwUAA4IBAQAnjXajKD81wcDoHaLQrLt0
wo9B1Skrf4gYKSYwEjgXZwj4/+cBvY9F0gRTBH6j2qaKEuiFh/p/DL4uGheeMlJG
aa01n7ug+QyKCi8Sx/dxuOFLeC9QOlsq6eQzXzkoB/cUTqfI5GKYhgCqIF42jMys
zX149qVCicvuNrQbUtnZ/PFbrzOtl6s8w9jhjMDGH4REi+LRn73oPDcMTRgU69Cx
BnsproUilYjWTL/2d46dIbHMJ8J6wZ+2yUkTtsp6Q0UGBHHAuohCdXUhARRMCfMt
Smk2q05uR2MfKgLSxTo/6gZi5XK6+iWukomfg7TLSXGlYP4Y7+zYRQIn3IttrlLv
-----END CERTIFICATE-----