Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/3bd13d-fe95-486f-80ef-f073548352bf/1/hIJ8_6H-eKSMfFhwtJEFqfHt7pU.roa
File:                     hIJ8_6H-eKSMfFhwtJEFqfHt7pU.roa (raw, json)
Hash identifier:          iW1gb51LxK7Ob8e1PNQoxfjYaJQIYl0Jq5JU+FQgy7Q=
Subject key identifier:   84:82:7C:FF:A1:FE:78:A4:8C:7C:58:70:B4:91:05:A9:F1:ED:EE:95
Certificate issuer:       /CN=3d2384b784f197ea03dac2feda7895fc4b740729
Certificate serial:       018CC94E4414A7B954AE8018A0C37B3BDBD0
Authority key identifier: 3D:23:84:B7:84:F1:97:EA:03:DA:C2:FE:DA:78:95:FC:4B:74:07:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PSOEt4Txl-oD2sL-2niV_Et0Byk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/3bd13d-fe95-486f-80ef-f073548352bf/1/hIJ8_6H-eKSMfFhwtJEFqfHt7pU.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206626
IP address blocks:        185.85.56.0/24 maxlen: 24
                          185.85.57.0/24 maxlen: 24
                          185.85.56.0/22 maxlen: 22
                          185.85.58.0/24 maxlen: 24
                          185.85.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/3bd13d-fe95-486f-80ef-f073548352bf/1/PSOEt4Txl-oD2sL-2niV_Et0Byk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/3bd13d-fe95-486f-80ef-f073548352bf/1/PSOEt4Txl-oD2sL-2niV_Et0Byk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PSOEt4Txl-oD2sL-2niV_Et0Byk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:44:14:a7:b9:54:ae:80:18:a0:c3:7b:3b:db:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d2384b784f197ea03dac2feda7895fc4b740729
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84827cffa1fe78a48c7c5870b49105a9f1edee95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1a:0d:1d:f1:17:37:19:34:33:97:03:6a:02:
                    41:5c:41:fa:b2:a2:c4:c5:d6:f0:b6:0f:41:20:05:
                    04:e1:7c:66:ab:b1:99:90:c1:3d:e1:3b:cc:a5:35:
                    72:fd:7d:4c:b6:25:84:3a:12:41:80:5e:66:92:04:
                    c4:8d:00:79:40:57:4a:22:29:c8:dd:85:81:b3:ec:
                    95:18:3b:19:99:b6:7a:88:7f:c1:10:57:3a:a1:9e:
                    c1:5c:c3:d9:7d:90:8e:60:a0:1c:14:24:19:ea:f6:
                    bf:ee:01:79:a7:dd:bc:d4:a9:ec:46:85:a3:fa:cc:
                    0b:00:22:f4:8a:1b:61:ff:f1:02:8b:8d:fe:41:22:
                    00:5c:ec:a2:e3:22:9d:cd:c7:52:a7:32:90:dc:d3:
                    d8:34:53:53:61:85:b8:b1:5f:8a:5d:86:8a:64:b2:
                    08:d5:68:f3:c6:b2:69:66:c6:cd:5b:66:6f:81:ff:
                    82:e2:b1:38:3c:25:4a:07:77:f9:2e:bc:0a:a3:02:
                    78:cb:2a:44:2e:ae:fe:57:c2:d0:86:65:9a:12:c5:
                    c5:db:f3:e0:ed:b7:48:e1:a8:12:99:3f:91:4a:57:
                    02:44:b3:ed:4a:cb:69:c1:1a:48:24:eb:d5:27:fa:
                    0d:fb:82:3a:aa:f5:aa:f9:e8:6d:84:53:d8:f5:78:
                    67:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:82:7C:FF:A1:FE:78:A4:8C:7C:58:70:B4:91:05:A9:F1:ED:EE:95
            X509v3 Authority Key Identifier:
                keyid:3D:23:84:B7:84:F1:97:EA:03:DA:C2:FE:DA:78:95:FC:4B:74:07:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PSOEt4Txl-oD2sL-2niV_Et0Byk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3bd13d-fe95-486f-80ef-f073548352bf/1/hIJ8_6H-eKSMfFhwtJEFqfHt7pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/3bd13d-fe95-486f-80ef-f073548352bf/1/PSOEt4Txl-oD2sL-2niV_Et0Byk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:37:9f:74:99:60:92:0f:2d:00:76:7f:1b:76:ff:cd:ab:42:
         0c:47:dc:d5:15:9f:e8:f5:6b:56:42:ed:06:4d:41:cc:bc:f1:
         b3:f8:19:9f:81:f7:49:bd:e4:30:14:b2:a9:60:2a:eb:18:4d:
         4d:66:48:8a:23:2c:2b:1c:c4:ed:80:b2:f4:02:19:61:34:cd:
         c0:b4:09:42:b2:52:9f:e2:30:0e:3e:61:15:50:57:51:ab:7f:
         c6:39:bf:05:03:27:2f:16:c1:6f:aa:29:f0:0c:87:9a:ee:6d:
         41:f3:e6:2b:8b:b0:82:7d:91:66:0e:5a:72:70:f2:75:64:69:
         c2:59:06:a6:19:f0:01:c7:70:51:00:27:26:d1:53:f3:7d:e7:
         8c:83:69:cd:9a:24:3c:21:aa:14:5b:37:59:43:34:03:fb:30:
         16:8b:19:cc:14:95:a7:9a:d9:fd:36:0f:75:57:bc:bd:05:01:
         ec:3e:1c:47:4c:7c:73:e9:77:17:0d:ed:51:d2:33:df:22:f5:
         5e:71:73:c7:7f:f3:a9:84:16:65:7b:63:fd:a4:b2:ae:ac:16:
         b1:d1:59:39:08:69:73:3c:31:8e:5b:02:1a:eb:f9:13:2c:4c:
         d8:47:2d:6d:2d:6f:f9:04:22:6e:a7:e8:a2:7f:69:e7:85:a8:
         56:b8:de:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkQUp7lUroAYoMN7O9vQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMjM4NGI3ODRmMTk3ZWEwM2RhYzJmZWRhNzg5NWZjNGI3
NDA3MjkwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDgyN2NmZmExZmU3OGE0OGM3YzU4NzBiNDkxMDVhOWYxZWRlZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hoNHfEXNxk0M5cDagJBXEH6sqLE
xdbwtg9BIAUE4Xxmq7GZkME94TvMpTVy/X1MtiWEOhJBgF5mkgTEjQB5QFdKIinI
3YWBs+yVGDsZmbZ6iH/BEFc6oZ7BXMPZfZCOYKAcFCQZ6va/7gF5p9281KnsRoWj
+swLACL0ihth//ECi43+QSIAXOyi4yKdzcdSpzKQ3NPYNFNTYYW4sV+KXYaKZLII
1WjzxrJpZsbNW2Zvgf+C4rE4PCVKB3f5LrwKowJ4yypELq7+V8LQhmWaEsXF2/Pg
7bdI4agSmT+RSlcCRLPtSstpwRpIJOvVJ/oN+4I6qvWq+ehthFPY9XhnFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISCfP+h/nikjHxYcLSRBanx7e6VMB8GA1UdIwQY
MBaAFD0jhLeE8ZfqA9rC/tp4lfxLdAcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFNPRXQ0VHhsLW9EMnNMLTJuaVZfRXQwQnlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8zYmQxM2QtZmU5NS00ODZmLTgwZWYt
ZjA3MzU0ODM1MmJmLzEvaElKOF82SC1lS1NNZkZod3RKRUZxZkh0N3BVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8zYmQxM2QtZmU5NS00ODZmLTgwZWYtZjA3MzU0ODM1MmJm
LzEvUFNPRXQ0VHhsLW9EMnNMLTJuaVZfRXQwQnlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVU4MA0G
CSqGSIb3DQEBCwUAA4IBAQBmN590mWCSDy0Adn8bdv/Nq0IMR9zVFZ/o9WtWQu0G
TUHMvPGz+BmfgfdJveQwFLKpYCrrGE1NZkiKIywrHMTtgLL0AhlhNM3AtAlCslKf
4jAOPmEVUFdRq3/GOb8FAycvFsFvqinwDIea7m1B8+Yri7CCfZFmDlpycPJ1ZGnC
WQamGfABx3BRACcm0VPzfeeMg2nNmiQ8IaoUWzdZQzQD+zAWixnMFJWnmtn9Ng91
V7y9BQHsPhxHTHxz6XcXDe1R0jPfIvVecXPHf/OphBZle2P9pLKurBax0Vk5CGlz
PDGOWwIa6/kTLEzYRy1tLW/5BCJup+iif2nnhahWuN6b
-----END CERTIFICATE-----