Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/c84cd3-672b-44b2-8ce0-40289479ac05/1/hi3FrnF-3jLI3lIxcnrMYtC-4ow.roa
File:                     hi3FrnF-3jLI3lIxcnrMYtC-4ow.roa (raw, json)
Hash identifier:          Hon+3addqQMzwZi2hE3IgLssZw3bA0MMDqOLsP3ZK0E=
Subject key identifier:   86:2D:C5:AE:71:7E:DE:32:C8:DE:52:31:72:7A:CC:62:D0:BE:E2:8C
Certificate issuer:       /CN=880d8ab6aa2c72f079755f76cf0120aa5dddc7df
Certificate serial:       0194221F36FF5F6CBFC7785491B48FC54B77
Authority key identifier: 88:0D:8A:B6:AA:2C:72:F0:79:75:5F:76:CF:01:20:AA:5D:DD:C7:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iA2KtqoscvB5dV92zwEgql3dx98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/c84cd3-672b-44b2-8ce0-40289479ac05/1/hi3FrnF-3jLI3lIxcnrMYtC-4ow.roa
Signing time:             Wed 01 Jan 2025 13:47:38 +0000
ROA not before:           Wed 01 Jan 2025 13:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35319
IP address blocks:        185.252.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/c84cd3-672b-44b2-8ce0-40289479ac05/1/iA2KtqoscvB5dV92zwEgql3dx98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/c84cd3-672b-44b2-8ce0-40289479ac05/1/iA2KtqoscvB5dV92zwEgql3dx98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iA2KtqoscvB5dV92zwEgql3dx98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:36:ff:5f:6c:bf:c7:78:54:91:b4:8f:c5:4b:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=880d8ab6aa2c72f079755f76cf0120aa5dddc7df
        Validity
            Not Before: Jan  1 13:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=862dc5ae717ede32c8de5231727acc62d0bee28c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:8d:74:0b:35:c2:d6:54:96:30:c3:06:70:f3:
                    50:07:7a:73:55:0e:ac:96:d9:cc:74:43:51:f9:70:
                    9e:bc:1b:49:b7:79:3f:ea:b6:86:17:4d:8a:4c:2e:
                    59:8b:9c:11:1c:0f:07:45:c4:33:e4:03:30:32:bd:
                    c9:e0:21:f8:df:9d:26:3e:66:14:2f:7a:a9:6b:ba:
                    7f:8f:d4:5a:05:d1:26:89:ab:4b:d6:4b:ca:5a:8f:
                    77:a6:bb:4c:5b:48:8b:3e:cd:ad:71:e4:81:18:c9:
                    0d:55:ad:97:1c:ab:ea:27:ee:6b:61:87:59:e7:7d:
                    92:96:76:aa:15:8b:0d:93:b9:91:bf:f7:f6:3c:14:
                    99:16:f5:5f:60:d7:3a:6c:7b:4c:61:a6:01:25:d2:
                    52:cb:70:42:ad:3e:7e:9a:fb:13:11:3f:6c:a0:ab:
                    4a:cd:7d:71:db:00:f0:f6:d5:03:c9:58:39:0b:0e:
                    0f:dc:30:6e:1c:8a:43:01:07:6e:26:ca:ae:2d:22:
                    ca:2b:6f:cc:ed:cc:52:28:51:b1:3e:fc:1c:b2:f5:
                    ec:c2:47:a1:e0:59:b4:f7:71:5b:f3:b9:3d:97:f3:
                    35:40:df:22:98:43:22:f9:69:70:8e:03:e1:90:6e:
                    41:11:6a:f0:89:24:7f:cb:3f:7d:98:a2:1f:cd:1b:
                    a9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2D:C5:AE:71:7E:DE:32:C8:DE:52:31:72:7A:CC:62:D0:BE:E2:8C
            X509v3 Authority Key Identifier:
                keyid:88:0D:8A:B6:AA:2C:72:F0:79:75:5F:76:CF:01:20:AA:5D:DD:C7:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iA2KtqoscvB5dV92zwEgql3dx98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c84cd3-672b-44b2-8ce0-40289479ac05/1/hi3FrnF-3jLI3lIxcnrMYtC-4ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c84cd3-672b-44b2-8ce0-40289479ac05/1/iA2KtqoscvB5dV92zwEgql3dx98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:97:32:dd:39:56:c0:cd:c5:50:2a:6b:7e:e5:c8:b5:25:47:
         38:47:e1:b9:3f:28:05:0c:2a:93:82:82:d3:02:31:77:3d:dd:
         36:3c:65:32:94:1f:88:2a:4e:ec:dc:21:ad:5f:1e:71:29:a9:
         bd:a4:22:83:38:df:4d:ba:7d:41:db:29:b3:16:19:0e:82:c9:
         fc:5c:ab:92:4b:90:e9:17:3a:a1:ae:c6:3a:e0:2e:15:31:13:
         b4:a0:d6:02:f7:e0:04:58:c5:fa:8e:53:39:67:29:88:a9:48:
         29:a2:e9:28:77:82:9c:02:c9:5b:ce:78:da:9d:a5:58:de:6d:
         ee:16:7b:bb:e9:55:7f:fb:54:b2:36:5f:35:fa:30:05:cc:0c:
         5a:82:1a:46:59:46:8f:17:8c:f5:b2:8c:2e:b0:0d:f4:07:99:
         9a:d4:86:6d:7f:ab:98:17:c2:c1:61:0e:58:0a:28:34:cb:54:
         92:9e:08:f1:74:60:5e:cd:9c:ae:24:94:70:52:b0:dd:b2:5d:
         83:68:9c:a5:be:a2:ca:58:8d:ef:f3:58:a3:94:dd:93:87:0d:
         7a:e6:27:65:5c:3a:e3:7f:bc:c9:dc:ac:36:42:eb:25:35:55:
         eb:c4:8f:82:45:a7:cc:25:83:64:1f:f7:63:b0:ee:ba:37:c0:
         fe:ed:c1:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiHzb/X2y/x3hUkbSPxUt3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MGQ4YWI2YWEyYzcyZjA3OTc1NWY3NmNmMDEyMGFhNWRk
ZGM3ZGYwHhcNMjUwMTAxMTM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJkYzVhZTcxN2VkZTMyYzhkZTUyMzE3MjdhY2M2MmQwYmVlMjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro10CzXC1lSWMMMGcPNQB3pzVQ6s
ltnMdENR+XCevBtJt3k/6raGF02KTC5Zi5wRHA8HRcQz5AMwMr3J4CH4350mPmYU
L3qpa7p/j9RaBdEmiatL1kvKWo93prtMW0iLPs2tceSBGMkNVa2XHKvqJ+5rYYdZ
532SlnaqFYsNk7mRv/f2PBSZFvVfYNc6bHtMYaYBJdJSy3BCrT5+mvsTET9soKtK
zX1x2wDw9tUDyVg5Cw4P3DBuHIpDAQduJsquLSLKK2/M7cxSKFGxPvwcsvXswkeh
4Fm093Fb87k9l/M1QN8imEMi+WlwjgPhkG5BEWrwiSR/yz99mKIfzRupfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYtxa5xft4yyN5SMXJ6zGLQvuKMMB8GA1UdIwQY
MBaAFIgNiraqLHLweXVfds8BIKpd3cffMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUEyS3Rxb3NjdkI1ZFY5Mnp3RWdxbDNkeDk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9jODRjZDMtNjcyYi00NGIyLThjZTAt
NDAyODk0NzlhYzA1LzEvaGkzRnJuRi0zakxJM2xJeGNuck1ZdEMtNG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9jODRjZDMtNjcyYi00NGIyLThjZTAtNDAyODk0NzlhYzA1
LzEvaUEyS3Rxb3NjdkI1ZFY5Mnp3RWdxbDNkeDk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufxcMA0G
CSqGSIb3DQEBCwUAA4IBAQAflzLdOVbAzcVQKmt+5ci1JUc4R+G5PygFDCqTgoLT
AjF3Pd02PGUylB+IKk7s3CGtXx5xKam9pCKDON9Nun1B2ymzFhkOgsn8XKuSS5Dp
FzqhrsY64C4VMRO0oNYC9+AEWMX6jlM5ZymIqUgpoukod4KcAslbznjanaVY3m3u
Fnu76VV/+1SyNl81+jAFzAxaghpGWUaPF4z1sowusA30B5ma1IZtf6uYF8LBYQ5Y
Cig0y1SSngjxdGBezZyuJJRwUrDdsl2DaJylvqLKWI3v81ijlN2Thw165idlXDrj
f7zJ3Kw2QuslNVXrxI+CRafMJYNkH/djsO66N8D+7cFN
-----END CERTIFICATE-----