Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/H5C9ug6SlIzW8I0KKNPP32nTUPY.roa
File:                     H5C9ug6SlIzW8I0KKNPP32nTUPY.roa (raw, json)
Hash identifier:          z3+G/PNFh1eKLlPvq6KNYFOHP+WbZdRrZCDl68Ej1HE=
Subject key identifier:   1F:90:BD:BA:0E:92:94:8C:D6:F0:8D:0A:28:D3:CF:DF:69:D3:50:F6
Certificate issuer:       /CN=932460b78f6e8f4662aec7858e92051e856099f5
Certificate serial:       018CC4253A9C0DEC4F5E5CE21E3B33C95729
Authority key identifier: 93:24:60:B7:8F:6E:8F:46:62:AE:C7:85:8E:92:05:1E:85:60:99:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/H5C9ug6SlIzW8I0KKNPP32nTUPY.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.161.88.0/22 maxlen: 24
                          2a00:ddc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3a:9c:0d:ec:4f:5e:5c:e2:1e:3b:33:c9:57:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=932460b78f6e8f4662aec7858e92051e856099f5
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f90bdba0e92948cd6f08d0a28d3cfdf69d350f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:30:69:d7:d4:e0:58:90:4f:c3:ad:ef:79:3e:
                    3a:dd:1e:21:e9:16:d4:44:0f:2a:c7:c4:62:e1:51:
                    87:01:0e:d0:06:e5:cf:13:fe:8a:dd:75:b3:57:4d:
                    09:03:40:44:b1:92:44:b5:10:5a:52:a9:f6:d5:ae:
                    d5:1e:da:bc:28:05:51:19:c3:cf:c6:00:ae:73:21:
                    27:d6:10:2c:8b:e9:3a:22:ca:cc:6e:f6:2a:72:e6:
                    1a:00:b3:5c:08:3a:a2:6f:93:f4:bd:7b:a6:97:9d:
                    b1:30:ea:4a:4e:7f:c3:45:e6:bd:a6:6d:98:20:be:
                    d5:ee:09:93:25:43:c4:d5:aa:42:62:dd:3c:72:ef:
                    92:d4:61:63:38:9f:32:62:d4:50:80:46:8d:8c:21:
                    bb:20:2d:44:19:6c:b0:f5:13:10:02:8e:63:48:4f:
                    cc:8d:33:45:ac:b6:be:1c:a2:45:7c:c4:97:7e:22:
                    6b:86:3e:90:fa:e0:48:a2:63:ae:cf:8a:31:a6:34:
                    b1:56:f0:9f:3a:f4:7f:90:b2:cd:c1:6b:a0:f2:50:
                    1a:4b:42:9f:76:55:7b:c7:a6:cc:40:17:32:ce:ab:
                    ab:b6:93:5a:b2:68:6f:7f:96:92:91:af:b5:b2:cc:
                    c9:59:2f:0e:6f:28:be:4a:9d:52:e6:e2:e4:12:57:
                    cb:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:90:BD:BA:0E:92:94:8C:D6:F0:8D:0A:28:D3:CF:DF:69:D3:50:F6
            X509v3 Authority Key Identifier:
                keyid:93:24:60:B7:8F:6E:8F:46:62:AE:C7:85:8E:92:05:1E:85:60:99:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kyRgt49uj0ZirseFjpIFHoVgmfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/H5C9ug6SlIzW8I0KKNPP32nTUPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c251f1-cb70-4283-8433-8c9fcbb3ec52/1/kyRgt49uj0ZirseFjpIFHoVgmfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.88.0/22
                IPv6:
                  2a00:ddc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:bb:93:b3:3b:fe:39:5e:90:18:e3:06:10:03:7c:9c:a3:66:
         36:59:1f:52:35:9c:92:4a:ed:7e:76:51:17:e4:a9:ae:54:2e:
         95:a6:35:7c:13:64:97:3f:be:04:d1:bc:ea:b8:3e:cb:e6:6d:
         e0:9d:0b:67:5c:5f:a7:d6:eb:68:b9:77:68:6c:ba:82:cf:ac:
         b3:53:a9:38:bf:c9:a6:ee:ce:a3:a2:29:6e:96:ec:24:d4:d5:
         8e:f2:18:66:32:10:29:3c:8c:f9:18:75:a0:a0:9d:25:98:fe:
         26:1a:13:6b:df:56:c1:c0:7c:96:33:67:97:bc:42:08:3e:a9:
         fc:15:1d:67:4e:4b:51:81:3c:62:c7:ac:2c:e9:f6:6b:b7:59:
         af:03:05:e8:1d:8d:28:3b:3c:41:37:ad:2a:6b:c8:45:d9:8c:
         ab:84:67:a0:79:1b:81:e0:dd:e9:e1:8b:19:43:79:25:9d:53:
         1d:79:35:bf:54:5d:65:08:d0:50:5f:95:55:cc:33:d6:72:94:
         86:58:3f:90:a2:1e:a6:75:d8:4e:51:01:68:d4:a9:24:84:f6:
         6a:b7:ed:88:f5:ff:61:45:e2:b8:4f:a3:1f:92:91:5e:d9:69:
         77:eb:e9:5d:08:07:9f:c8:06:e8:b1:1c:fe:9b:e9:b7:e6:ed:
         8a:44:64:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJTqcDexPXlziHjszyVcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMjQ2MGI3OGY2ZThmNDY2MmFlYzc4NThlOTIwNTFlODU2
MDk5ZjUwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjkwYmRiYTBlOTI5NDhjZDZmMDhkMGEyOGQzY2ZkZjY5ZDM1MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDBp19TgWJBPw63veT463R4h6RbU
RA8qx8Ri4VGHAQ7QBuXPE/6K3XWzV00JA0BEsZJEtRBaUqn21a7VHtq8KAVRGcPP
xgCucyEn1hAsi+k6IsrMbvYqcuYaALNcCDqib5P0vXuml52xMOpKTn/DRea9pm2Y
IL7V7gmTJUPE1apCYt08cu+S1GFjOJ8yYtRQgEaNjCG7IC1EGWyw9RMQAo5jSE/M
jTNFrLa+HKJFfMSXfiJrhj6Q+uBIomOuz4oxpjSxVvCfOvR/kLLNwWug8lAaS0Kf
dlV7x6bMQBcyzqurtpNasmhvf5aSka+1sszJWS8Obyi+Sp1S5uLkElfLrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB+QvboOkpSM1vCNCijTz99p01D2MB8GA1UdIwQY
MBaAFJMkYLePbo9GYq7HhY6SBR6FYJn1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3lSZ3Q0OXVqMFppcnNlRmpwSUZIb1ZnbWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jMjUxZjEtY2I3MC00MjgzLTg0MzMt
OGM5ZmNiYjNlYzUyLzEvSDVDOXVnNlNsSXpXOEkwS0tOUFAzMm5UVVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jMjUxZjEtY2I3MC00MjgzLTg0MzMtOGM5ZmNiYjNlYzUy
LzEva3lSZ3Q0OXVqMFppcnNlRmpwSUZIb1ZnbWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaFYMA0E
AgACMAcDBQAqAN3AMA0GCSqGSIb3DQEBCwUAA4IBAQBfu5OzO/45XpAY4wYQA3yc
o2Y2WR9SNZySSu1+dlEX5KmuVC6VpjV8E2SXP74E0bzquD7L5m3gnQtnXF+n1uto
uXdobLqCz6yzU6k4v8mm7s6joiluluwk1NWO8hhmMhApPIz5GHWgoJ0lmP4mGhNr
31bBwHyWM2eXvEIIPqn8FR1nTktRgTxix6ws6fZrt1mvAwXoHY0oOzxBN60qa8hF
2YyrhGegeRuB4N3p4YsZQ3klnVMdeTW/VF1lCNBQX5VVzDPWcpSGWD+Qoh6mddhO
UQFo1KkkhPZqt+2I9f9hReK4T6MfkpFe2Wl36+ldCAefyAbosRz+m+m35u2KRGQ0
-----END CERTIFICATE-----