Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/a2c9ac-f3ca-4adc-9586-d9e1137f02b5/1/hUyx86_aIfVj7wFtKRvfxwHiaSE.roa
File:                     hUyx86_aIfVj7wFtKRvfxwHiaSE.roa (raw, json)
Hash identifier:          SV8obNYNofYAiycqggXoTkl1WKYfTQhsyOwyv3oXSq8=
Subject key identifier:   85:4C:B1:F3:AF:DA:21:F5:63:EF:01:6D:29:1B:DF:C7:01:E2:69:21
Certificate issuer:       /CN=df3b76d3c0c60d663506a252671c528e3439ff75
Certificate serial:       018CC5DC567E512A333EA3FB3FB374CAD457
Authority key identifier: DF:3B:76:D3:C0:C6:0D:66:35:06:A2:52:67:1C:52:8E:34:39:FF:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3zt208DGDWY1BqJSZxxSjjQ5_3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/a2c9ac-f3ca-4adc-9586-d9e1137f02b5/1/hUyx86_aIfVj7wFtKRvfxwHiaSE.roa
Signing time:             Mon 01 Jan 2024 16:30:00 +0000
ROA not before:           Mon 01 Jan 2024 16:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198288
IP address blocks:        185.208.252.0/22 maxlen: 22
                          2a0b:5dc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/a2c9ac-f3ca-4adc-9586-d9e1137f02b5/1/3zt208DGDWY1BqJSZxxSjjQ5_3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/a2c9ac-f3ca-4adc-9586-d9e1137f02b5/1/3zt208DGDWY1BqJSZxxSjjQ5_3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3zt208DGDWY1BqJSZxxSjjQ5_3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:56:7e:51:2a:33:3e:a3:fb:3f:b3:74:ca:d4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3b76d3c0c60d663506a252671c528e3439ff75
        Validity
            Not Before: Jan  1 16:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=854cb1f3afda21f563ef016d291bdfc701e26921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ed:78:f9:b0:b0:cb:b4:b5:44:87:45:2e:b1:
                    c0:26:94:53:9d:e2:53:9b:22:e2:1a:65:cb:19:ff:
                    9d:45:44:87:9f:b8:2f:ae:c5:2f:2f:79:bb:be:de:
                    02:2c:46:c7:ec:e0:2c:39:95:b6:70:0b:9f:80:9d:
                    2c:96:74:7f:ae:9b:0d:61:79:76:bb:14:80:09:c5:
                    f0:f4:47:46:30:aa:7d:ea:e9:5a:9d:f4:b3:6c:03:
                    65:f8:66:5a:9d:d0:fc:bf:df:75:a9:b8:bc:ad:d2:
                    b1:09:72:cb:f1:e5:56:40:e4:2c:69:fe:8e:39:72:
                    8f:5e:ae:17:33:83:6a:12:60:c4:4e:ed:ad:5d:82:
                    57:d5:68:e8:97:b4:eb:0b:2c:a4:9e:28:7a:9a:ec:
                    17:1a:87:05:75:4e:cc:46:29:60:54:82:dd:d2:a5:
                    29:4d:0f:d3:57:50:b9:52:11:dc:31:da:0d:2e:fe:
                    29:85:85:ee:05:7e:2a:b4:bf:3b:ce:a5:e1:12:43:
                    48:6a:51:c9:e4:e7:bd:26:0a:55:c0:f3:00:11:f9:
                    5a:34:e7:93:47:60:d1:25:d2:7d:45:c9:90:ed:1d:
                    ce:1d:ba:78:15:91:43:b6:52:a9:ab:6a:70:0e:7a:
                    72:99:bd:8c:8d:ef:3d:5a:89:ef:e3:8e:a4:33:4b:
                    f1:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:4C:B1:F3:AF:DA:21:F5:63:EF:01:6D:29:1B:DF:C7:01:E2:69:21
            X509v3 Authority Key Identifier:
                keyid:DF:3B:76:D3:C0:C6:0D:66:35:06:A2:52:67:1C:52:8E:34:39:FF:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3zt208DGDWY1BqJSZxxSjjQ5_3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a2c9ac-f3ca-4adc-9586-d9e1137f02b5/1/hUyx86_aIfVj7wFtKRvfxwHiaSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a2c9ac-f3ca-4adc-9586-d9e1137f02b5/1/3zt208DGDWY1BqJSZxxSjjQ5_3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.252.0/22
                IPv6:
                  2a0b:5dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:84:a6:50:c6:97:af:53:6c:59:31:94:02:f3:ed:65:33:81:
         9f:5e:4b:bf:de:aa:66:d2:5c:8e:25:3d:5f:87:13:c1:54:42:
         ad:19:2e:8d:58:f0:b7:bc:66:ce:c3:91:5c:20:27:6e:f8:ac:
         79:9b:11:54:5e:7e:f0:77:bd:3a:b6:7c:a5:45:b6:0c:28:55:
         c6:f5:26:fb:21:67:e8:87:a3:00:1b:ce:92:27:d9:0c:5a:12:
         73:cd:af:cf:9c:df:a6:8e:2c:63:3d:26:bb:a2:ca:80:e4:c6:
         86:00:99:fc:5d:69:d2:ed:6e:16:b1:68:57:86:64:fb:5a:c6:
         00:00:6f:45:c7:dc:45:53:7b:07:b0:2c:c6:a2:ee:16:cc:00:
         22:f0:5a:3b:c9:38:c2:96:b9:26:c2:9a:8b:8b:22:1c:23:63:
         7a:46:3c:87:c2:bf:67:fc:cb:26:4c:14:11:e5:50:64:50:d4:
         81:3d:b7:02:5e:76:da:41:d4:cc:8e:6c:8a:ce:83:b1:a4:18:
         a1:9f:ab:a7:b4:ad:b6:e7:04:97:dc:64:5e:2b:4e:ce:84:77:
         09:c9:58:db:10:5e:50:1a:48:5e:7a:91:04:b2:4b:5a:a6:ef:
         2b:85:7e:b9:04:50:04:12:7c:13:35:65:85:ff:f5:ad:18:30:
         bf:5b:1a:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3FZ+USozPqP7P7N0ytRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2I3NmQzYzBjNjBkNjYzNTA2YTI1MjY3MWM1MjhlMzQz
OWZmNzUwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTRjYjFmM2FmZGEyMWY1NjNlZjAxNmQyOTFiZGZjNzAxZTI2OTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+14+bCwy7S1RIdFLrHAJpRTneJT
myLiGmXLGf+dRUSHn7gvrsUvL3m7vt4CLEbH7OAsOZW2cAufgJ0slnR/rpsNYXl2
uxSACcXw9EdGMKp96ulanfSzbANl+GZandD8v991qbi8rdKxCXLL8eVWQOQsaf6O
OXKPXq4XM4NqEmDETu2tXYJX1Wjol7TrCyyknih6muwXGocFdU7MRilgVILd0qUp
TQ/TV1C5UhHcMdoNLv4phYXuBX4qtL87zqXhEkNIalHJ5Oe9JgpVwPMAEflaNOeT
R2DRJdJ9RcmQ7R3OHbp4FZFDtlKpq2pwDnpymb2Mje89Wonv446kM0vxDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIVMsfOv2iH1Y+8BbSkb38cB4mkhMB8GA1UdIwQY
MBaAFN87dtPAxg1mNQaiUmccUo40Of91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3p0MjA4REdEV1kxQnFKU1p4eFNqalE1XzNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hMmM5YWMtZjNjYS00YWRjLTk1ODYt
ZDllMTEzN2YwMmI1LzEvaFV5eDg2X2FJZlZqN3dGdEtSdmZ4d0hpYVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hMmM5YWMtZjNjYS00YWRjLTk1ODYtZDllMTEzN2YwMmI1
LzEvM3p0MjA4REdEV1kxQnFKU1p4eFNqalE1XzNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudD8MA0E
AgACMAcDBQMqC13AMA0GCSqGSIb3DQEBCwUAA4IBAQA3hKZQxpevU2xZMZQC8+1l
M4GfXku/3qpm0lyOJT1fhxPBVEKtGS6NWPC3vGbOw5FcICdu+Kx5mxFUXn7wd706
tnylRbYMKFXG9Sb7IWfoh6MAG86SJ9kMWhJzza/PnN+mjixjPSa7osqA5MaGAJn8
XWnS7W4WsWhXhmT7WsYAAG9Fx9xFU3sHsCzGou4WzAAi8Fo7yTjClrkmwpqLiyIc
I2N6RjyHwr9n/MsmTBQR5VBkUNSBPbcCXnbaQdTMjmyKzoOxpBihn6untK225wSX
3GReK07OhHcJyVjbEF5QGkheepEEsktapu8rhX65BFAEEnwTNWWF//WtGDC/Wxro
-----END CERTIFICATE-----