Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/hVqJnh0F8o5TQDYtUEcWzYDbmQU.roa
File:                     hVqJnh0F8o5TQDYtUEcWzYDbmQU.roa (raw, json)
Hash identifier:          zUPd5WdXG2A4hIO1afS7Uk6HDXAzCsML8/0945SiN7A=
Subject key identifier:   85:5A:89:9E:1D:05:F2:8E:53:40:36:2D:50:47:16:CD:80:DB:99:05
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       018CC56E383E81D0ECF078200D687F0B9F87
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/hVqJnh0F8o5TQDYtUEcWzYDbmQU.roa
Signing time:             Mon 01 Jan 2024 14:29:43 +0000
ROA not before:           Mon 01 Jan 2024 14:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        85.237.90.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:38:3e:81:d0:ec:f0:78:20:0d:68:7f:0b:9f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Jan  1 14:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=855a899e1d05f28e5340362d504716cd80db9905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:7e:b3:10:42:e4:ee:0f:ea:d9:32:ce:4b:21:
                    1c:2f:26:f6:19:df:d4:d6:fa:d0:87:81:91:78:4f:
                    6f:e2:8f:ce:3b:0b:40:3c:0f:3b:28:03:98:81:7d:
                    9c:e7:48:da:32:08:66:b7:39:bf:16:5e:4d:79:9c:
                    62:ba:77:32:0a:48:31:3d:58:7b:85:34:e6:95:5e:
                    2f:41:7c:67:34:15:94:36:b9:0f:0a:66:2d:c6:09:
                    8f:9b:5f:bb:e4:93:cd:6f:18:10:a2:92:20:80:06:
                    9e:27:1c:df:b1:83:f3:d4:0c:11:5f:9d:eb:8a:1a:
                    a7:27:23:ae:6d:28:2e:73:8c:f4:07:2a:4c:e4:42:
                    e3:65:ab:5b:bb:0d:df:17:87:f5:f2:99:c7:e1:f4:
                    97:23:25:fb:39:df:7b:63:ae:b7:05:d3:e8:00:6f:
                    75:a5:1e:c0:08:4f:02:f5:e7:a8:8c:eb:58:47:77:
                    e7:a2:f7:c6:38:5c:8c:99:90:5d:3a:4b:96:7d:27:
                    b4:b0:76:47:80:8e:57:e2:2e:e9:be:db:a7:e3:6a:
                    cf:14:f8:c0:87:bd:d7:8f:51:97:d1:4f:87:bd:c2:
                    cc:15:4c:69:61:e6:9c:57:f2:5e:43:0a:f1:af:b8:
                    af:c3:fc:9d:c3:28:a1:60:ca:62:34:61:01:de:6f:
                    3e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:5A:89:9E:1D:05:F2:8E:53:40:36:2D:50:47:16:CD:80:DB:99:05
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/hVqJnh0F8o5TQDYtUEcWzYDbmQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.90.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:1f:46:ee:db:07:e4:11:d2:7b:f9:64:d2:7a:11:b0:ae:af:
         42:19:3d:01:ee:52:df:e1:37:88:98:ed:d6:e6:8c:38:82:c2:
         f7:17:fb:b3:5e:1b:e9:54:fd:46:da:44:6d:f1:5c:f8:f6:23:
         63:19:14:6c:e0:76:b0:ef:33:90:f6:0d:22:a1:5c:85:10:2a:
         9c:b6:82:27:d9:45:58:ce:e7:f8:be:99:c3:b2:5b:88:5c:22:
         c6:bd:1b:b9:7c:5f:da:50:69:b0:a3:13:49:c3:26:c0:c6:53:
         1e:d6:9f:66:ba:51:c4:85:a5:94:71:25:54:15:35:0f:47:19:
         b0:e2:20:a1:77:02:bf:2e:a0:f3:cb:da:07:2a:ae:61:8c:27:
         3d:7e:24:20:fc:de:24:61:97:9a:49:0d:0a:35:dc:8b:1d:42:
         ae:e9:8e:ce:e6:d1:f4:9d:5f:e4:47:ee:09:46:81:65:e4:75:
         be:c7:16:45:7c:3f:ce:35:40:43:c8:32:d5:56:d2:fc:b5:55:
         1f:8c:f9:9e:24:8a:af:0d:1e:c9:59:3f:64:57:de:a9:cb:48:
         2f:f1:7f:7a:d3:c6:99:03:3e:df:f7:d6:6c:95:9d:63:51:26:
         2c:bb:af:c3:1c:27:36:d1:8d:7a:46:29:a8:2a:4e:62:c5:61:
         aa:fc:53:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjg+gdDs8HggDWh/C5+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjQwMTAxMTQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTVhODk5ZTFkMDVmMjhlNTM0MDM2MmQ1MDQ3MTZjZDgwZGI5OTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgX6zEELk7g/q2TLOSyEcLyb2Gd/U
1vrQh4GReE9v4o/OOwtAPA87KAOYgX2c50jaMghmtzm/Fl5NeZxiuncyCkgxPVh7
hTTmlV4vQXxnNBWUNrkPCmYtxgmPm1+75JPNbxgQopIggAaeJxzfsYPz1AwRX53r
ihqnJyOubSguc4z0BypM5ELjZatbuw3fF4f18pnH4fSXIyX7Od97Y663BdPoAG91
pR7ACE8C9eeojOtYR3fnovfGOFyMmZBdOkuWfSe0sHZHgI5X4i7pvtun42rPFPjA
h73Xj1GX0U+HvcLMFUxpYeacV/JeQwrxr7ivw/ydwyihYMpiNGEB3m8+BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVaiZ4dBfKOU0A2LVBHFs2A25kFMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvaFZxSm5oMEY4bzVUUURZdFVFY1d6WURibVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVe1aMA0G
CSqGSIb3DQEBCwUAA4IBAQAnH0bu2wfkEdJ7+WTSehGwrq9CGT0B7lLf4TeImO3W
5ow4gsL3F/uzXhvpVP1G2kRt8Vz49iNjGRRs4Haw7zOQ9g0ioVyFECqctoIn2UVY
zuf4vpnDsluIXCLGvRu5fF/aUGmwoxNJwybAxlMe1p9mulHEhaWUcSVUFTUPRxmw
4iChdwK/LqDzy9oHKq5hjCc9fiQg/N4kYZeaSQ0KNdyLHUKu6Y7O5tH0nV/kR+4J
RoFl5HW+xxZFfD/ONUBDyDLVVtL8tVUfjPmeJIqvDR7JWT9kV96py0gv8X9608aZ
Az7f99ZslZ1jUSYsu6/DHCc20Y16RimoKk5ixWGq/FMN
-----END CERTIFICATE-----