Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/IH_AYmfxmIVvVpXLWrHnrosNISs.roa
File:                     IH_AYmfxmIVvVpXLWrHnrosNISs.roa (raw, json)
Hash identifier:          gMaPM97NSCKW0dPWvkpUsD8Cw3fBBYQmZzm4f4xKqdI=
Subject key identifier:   20:7F:C0:62:67:F1:98:85:6F:56:95:CB:5A:B1:E7:AE:8B:0D:21:2B
Certificate issuer:       /CN=e875464e89816ef00b0369502018a7e59ce2d36c
Certificate serial:       018CCA99AD65B54FC8B0EA558D635A8A407F
Authority key identifier: E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/IH_AYmfxmIVvVpXLWrHnrosNISs.roa
Signing time:             Tue 02 Jan 2024 14:35:18 +0000
ROA not before:           Tue 02 Jan 2024 14:35:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199966
IP address blocks:        185.40.128.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ad:65:b5:4f:c8:b0:ea:55:8d:63:5a:8a:40:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e875464e89816ef00b0369502018a7e59ce2d36c
        Validity
            Not Before: Jan  2 14:35:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=207fc06267f198856f5695cb5ab1e7ae8b0d212b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:bd:51:cf:41:c2:25:9f:0c:02:d7:5b:5a:90:
                    58:f2:5a:e1:9a:ae:b6:43:da:0b:bc:51:53:b0:ca:
                    63:c1:40:c1:f6:25:44:0c:68:37:93:61:3d:08:e4:
                    95:70:0b:ce:b4:48:82:4d:46:22:6e:03:08:b5:1f:
                    5c:13:32:1d:43:1b:14:12:43:d0:4f:f8:9d:0f:34:
                    fc:de:c3:f1:d5:4e:50:6f:80:66:d9:4e:60:ff:ed:
                    8a:da:88:a6:d9:13:a0:a1:9c:ce:00:65:45:25:9c:
                    1f:73:c4:e3:fd:f4:1a:a8:16:09:29:c2:72:5d:39:
                    fb:68:08:9d:df:93:63:1b:a0:f9:eb:0e:a8:3a:46:
                    8b:72:28:fc:be:91:e7:74:b8:f4:9e:98:5f:46:5f:
                    72:a9:fc:3d:5f:e4:e6:6d:e5:76:29:09:84:10:2d:
                    15:7e:dc:c8:19:e4:c5:6d:7e:03:ca:95:dd:29:73:
                    f2:bc:cd:d7:a9:1c:a0:81:91:86:28:01:98:24:05:
                    21:ce:07:18:0a:da:db:28:91:04:ab:b4:0e:c4:d2:
                    cd:c2:a4:b4:e2:84:07:2a:7a:ed:97:b0:71:c3:2c:
                    64:96:61:1e:27:db:07:a7:db:93:3a:ea:d4:45:56:
                    7f:8c:02:82:25:74:79:69:c3:3d:2f:38:bb:be:e6:
                    40:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:7F:C0:62:67:F1:98:85:6F:56:95:CB:5A:B1:E7:AE:8B:0D:21:2B
            X509v3 Authority Key Identifier:
                keyid:E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/IH_AYmfxmIVvVpXLWrHnrosNISs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:60:b4:1c:31:05:f3:0b:52:dd:b1:7d:5d:5e:b6:db:35:67:
         46:5a:df:3d:2d:2b:f6:2e:f5:e1:b8:45:4c:72:56:67:6e:1b:
         a2:8e:22:8e:c1:d0:29:97:cd:d6:59:f6:7e:8e:c9:e7:7e:e0:
         6b:61:8c:26:e6:b8:51:93:b6:6f:d7:4a:dc:8d:99:e4:bf:c5:
         c2:5f:c1:5c:1d:7c:4d:7b:3d:20:20:6c:bb:f6:d0:8d:06:fd:
         6e:95:1a:e2:04:44:cf:a5:74:f4:a5:50:58:c9:bf:86:82:21:
         2c:e8:29:b6:f7:ee:1a:91:bb:57:9e:31:54:5a:b1:aa:4e:cb:
         aa:08:c4:85:67:9c:a8:10:ac:42:87:6c:d9:b7:c3:de:93:5b:
         a4:c8:b2:58:84:73:68:0c:9a:e6:50:9f:0c:d4:b8:b5:82:27:
         05:dd:62:50:a0:fb:b2:2a:07:3d:a6:7f:44:de:28:db:d3:ff:
         b7:1c:97:5f:fa:a8:4c:5f:6f:fe:bb:42:f9:a9:bc:40:9d:c1:
         f3:86:5a:7b:6a:97:c3:72:03:df:09:18:9d:7f:98:bb:e1:cd:
         7f:52:ed:2d:fb:14:9c:c2:b9:ec:5e:7b:52:e5:3b:e6:69:cc:
         b6:5a:ca:6e:9d:f1:27:9d:44:dd:46:a5:6f:23:a8:04:ed:26:
         24:80:f9:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKma1ltU/IsOpVjWNaikB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NzU0NjRlODk4MTZlZjAwYjAzNjk1MDIwMThhN2U1OWNl
MmQzNmMwHhcNMjQwMTAyMTQzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDdmYzA2MjY3ZjE5ODg1NmY1Njk1Y2I1YWIxZTdhZThiMGQyMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlL1Rz0HCJZ8MAtdbWpBY8lrhmq62
Q9oLvFFTsMpjwUDB9iVEDGg3k2E9COSVcAvOtEiCTUYibgMItR9cEzIdQxsUEkPQ
T/idDzT83sPx1U5Qb4Bm2U5g/+2K2oim2ROgoZzOAGVFJZwfc8Tj/fQaqBYJKcJy
XTn7aAid35NjG6D56w6oOkaLcij8vpHndLj0nphfRl9yqfw9X+TmbeV2KQmEEC0V
ftzIGeTFbX4DypXdKXPyvM3XqRyggZGGKAGYJAUhzgcYCtrbKJEEq7QOxNLNwqS0
4oQHKnrtl7BxwyxklmEeJ9sHp9uTOurURVZ/jAKCJXR5acM9Lzi7vuZAEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCB/wGJn8ZiFb1aVy1qx566LDSErMB8GA1UdIwQY
MBaAFOh1Rk6JgW7wCwNpUCAYp+Wc4tNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMt
MzFkMTk3ZjEzOWQ4LzEvSUhfQVltZnhtSVZ2VnBYTFdySG5yb3NOSVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMtMzFkMTk3ZjEzOWQ4
LzEvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSiAMA0G
CSqGSIb3DQEBCwUAA4IBAQAWYLQcMQXzC1LdsX1dXrbbNWdGWt89LSv2LvXhuEVM
clZnbhuijiKOwdApl83WWfZ+jsnnfuBrYYwm5rhRk7Zv10rcjZnkv8XCX8FcHXxN
ez0gIGy79tCNBv1ulRriBETPpXT0pVBYyb+GgiEs6Cm29+4akbtXnjFUWrGqTsuq
CMSFZ5yoEKxCh2zZt8Pek1ukyLJYhHNoDJrmUJ8M1Li1gicF3WJQoPuyKgc9pn9E
3ijb0/+3HJdf+qhMX2/+u0L5qbxAncHzhlp7apfDcgPfCRidf5i74c1/Uu0t+xSc
wrnsXntS5Tvmacy2WspunfEnnUTdRqVvI6gE7SYkgPnE
-----END CERTIFICATE-----