Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ccf444-a22c-4fcd-bf1a-0f937ccf02e0/1/hkvuRxITtSfcoeXVCdRV1ptLqek.roa
File:                     hkvuRxITtSfcoeXVCdRV1ptLqek.roa (raw, json)
Hash identifier:          uu+Pv6AlyCiMV5aqT+LwRlXvleWGIEXyAeIHRcwKPgA=
Subject key identifier:   86:4B:EE:47:12:13:B5:27:DC:A1:E5:D5:09:D4:55:D6:9B:4B:A9:E9
Certificate issuer:       /CN=4518b89c7dce2b5edc05581516cfc19d7a3174e8
Certificate serial:       018CC2DB1ECE4A681D433148F372DD6D0C7D
Authority key identifier: 45:18:B8:9C:7D:CE:2B:5E:DC:05:58:15:16:CF:C1:9D:7A:31:74:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RRi4nH3OK17cBVgVFs_BnXoxdOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ccf444-a22c-4fcd-bf1a-0f937ccf02e0/1/hkvuRxITtSfcoeXVCdRV1ptLqek.roa
Signing time:             Mon 01 Jan 2024 02:29:49 +0000
ROA not before:           Mon 01 Jan 2024 02:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60103
IP address blocks:        185.57.152.0/22 maxlen: 22
                          185.57.153.0/24 maxlen: 24
                          185.57.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/ccf444-a22c-4fcd-bf1a-0f937ccf02e0/1/RRi4nH3OK17cBVgVFs_BnXoxdOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/ccf444-a22c-4fcd-bf1a-0f937ccf02e0/1/RRi4nH3OK17cBVgVFs_BnXoxdOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RRi4nH3OK17cBVgVFs_BnXoxdOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1e:ce:4a:68:1d:43:31:48:f3:72:dd:6d:0c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4518b89c7dce2b5edc05581516cfc19d7a3174e8
        Validity
            Not Before: Jan  1 02:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=864bee471213b527dca1e5d509d455d69b4ba9e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:64:29:50:03:75:6b:06:28:ec:26:df:b3:05:
                    d0:d5:d4:28:87:dc:f4:12:95:cf:89:4b:96:33:d5:
                    e3:72:47:3f:78:20:51:4f:6a:b0:45:fd:71:81:b5:
                    02:1c:5f:0c:f2:97:22:0a:8c:3e:84:a8:ba:2e:a5:
                    b5:54:3e:f9:e2:c0:5d:a0:ce:ba:c8:80:92:1c:16:
                    86:52:cf:8f:3d:f8:47:49:65:ec:6d:00:c6:5e:a5:
                    55:70:80:ed:a4:b8:82:12:f4:2a:1e:db:23:f7:7c:
                    cb:e7:6a:19:e0:bc:55:c7:1b:91:95:9f:e3:46:0d:
                    7f:33:de:0a:fa:2f:76:b3:c4:e1:f2:21:2a:63:4e:
                    cc:fa:f2:4a:f4:13:63:43:4f:fa:cb:05:c0:d4:4a:
                    d3:b5:37:f4:d0:5f:b7:f2:d8:03:3f:4b:6a:97:7c:
                    60:0d:8f:b0:3d:b1:a6:67:e6:56:06:49:7a:15:e6:
                    91:a6:f0:d9:eb:48:57:54:34:e1:c7:76:84:0b:c0:
                    e7:2b:0c:91:c2:3b:0b:ae:d6:bd:81:59:13:ff:dd:
                    91:9f:e0:6d:9a:1e:93:4e:40:34:34:6f:27:2f:81:
                    07:94:ae:38:71:5e:1a:0f:69:50:7c:d3:d0:6a:14:
                    cd:93:60:ee:1f:a3:a9:d8:cb:e2:c8:81:20:1b:55:
                    fc:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4B:EE:47:12:13:B5:27:DC:A1:E5:D5:09:D4:55:D6:9B:4B:A9:E9
            X509v3 Authority Key Identifier:
                keyid:45:18:B8:9C:7D:CE:2B:5E:DC:05:58:15:16:CF:C1:9D:7A:31:74:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RRi4nH3OK17cBVgVFs_BnXoxdOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ccf444-a22c-4fcd-bf1a-0f937ccf02e0/1/hkvuRxITtSfcoeXVCdRV1ptLqek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ccf444-a22c-4fcd-bf1a-0f937ccf02e0/1/RRi4nH3OK17cBVgVFs_BnXoxdOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:3b:80:66:7a:db:0b:74:52:61:61:14:16:d6:75:65:c2:ba:
         05:ce:bb:36:83:37:90:21:aa:b7:4b:1d:45:1c:19:f2:2d:c2:
         f3:a8:cc:42:cf:52:37:19:9b:a8:fd:3c:26:98:d3:7a:3a:63:
         67:e4:13:55:6a:c6:d1:bc:ad:ef:6b:a6:76:84:4e:ac:a0:4a:
         98:e0:7f:62:c2:14:8d:a9:17:e4:97:49:f5:f9:0b:59:7e:24:
         3e:63:e3:db:e2:8c:fb:59:88:62:23:91:02:87:50:24:1a:eb:
         ed:0e:10:6e:98:7a:ba:0f:00:47:d8:f9:7c:87:72:b9:49:6b:
         21:2b:7c:e3:bc:d6:a2:21:80:77:11:05:c2:5c:1b:2f:d3:d2:
         2b:7b:3b:4a:5c:cc:73:00:78:65:a9:64:39:e2:3c:64:fa:04:
         9b:eb:93:78:dd:c3:8c:fc:8c:ed:91:3e:c0:21:29:d9:0b:71:
         6c:20:6a:95:b7:0a:80:de:e0:e7:cb:81:28:59:0f:20:47:94:
         dd:95:a7:c9:1b:c4:ab:53:08:69:41:6f:01:21:93:bd:59:9d:
         b5:4c:68:68:b5:0d:fd:60:9e:81:25:8e:e4:88:a3:65:6a:c5:
         04:8f:77:97:b1:85:f0:66:60:7a:2d:a1:b5:be:3d:3e:d6:0a:
         f2:fa:cb:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2x7OSmgdQzFI83LdbQx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MThiODljN2RjZTJiNWVkYzA1NTgxNTE2Y2ZjMTlkN2Ez
MTc0ZTgwHhcNMjQwMTAxMDIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjRiZWU0NzEyMTNiNTI3ZGNhMWU1ZDUwOWQ0NTVkNjliNGJhOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2QpUAN1awYo7CbfswXQ1dQoh9z0
EpXPiUuWM9Xjckc/eCBRT2qwRf1xgbUCHF8M8pciCow+hKi6LqW1VD754sBdoM66
yICSHBaGUs+PPfhHSWXsbQDGXqVVcIDtpLiCEvQqHtsj93zL52oZ4LxVxxuRlZ/j
Rg1/M94K+i92s8Th8iEqY07M+vJK9BNjQ0/6ywXA1ErTtTf00F+38tgDP0tql3xg
DY+wPbGmZ+ZWBkl6FeaRpvDZ60hXVDThx3aEC8DnKwyRwjsLrta9gVkT/92Rn+Bt
mh6TTkA0NG8nL4EHlK44cV4aD2lQfNPQahTNk2DuH6Op2MviyIEgG1X8CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZL7kcSE7Un3KHl1QnUVdabS6npMB8GA1UdIwQY
MBaAFEUYuJx9zite3AVYFRbPwZ16MXToMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlJpNG5IM09LMTdjQlZnVkZzX0JuWG94ZE9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9jY2Y0NDQtYTIyYy00ZmNkLWJmMWEt
MGY5MzdjY2YwMmUwLzEvaGt2dVJ4SVR0U2Zjb2VYVkNkUlYxcHRMcWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9jY2Y0NDQtYTIyYy00ZmNkLWJmMWEtMGY5MzdjY2YwMmUw
LzEvUlJpNG5IM09LMTdjQlZnVkZzX0JuWG94ZE9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTmYMA0G
CSqGSIb3DQEBCwUAA4IBAQB2O4BmetsLdFJhYRQW1nVlwroFzrs2gzeQIaq3Sx1F
HBnyLcLzqMxCz1I3GZuo/TwmmNN6OmNn5BNVasbRvK3va6Z2hE6soEqY4H9iwhSN
qRfkl0n1+QtZfiQ+Y+Pb4oz7WYhiI5ECh1AkGuvtDhBumHq6DwBH2Pl8h3K5SWsh
K3zjvNaiIYB3EQXCXBsv09IreztKXMxzAHhlqWQ54jxk+gSb65N43cOM/IztkT7A
ISnZC3FsIGqVtwqA3uDny4EoWQ8gR5TdlafJG8SrUwhpQW8BIZO9WZ21TGhotQ39
YJ6BJY7kiKNlasUEj3eXsYXwZmB6LaG1vj0+1gry+svX
-----END CERTIFICATE-----