Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1hGg85jUEypE1BVEODeNjFQsqSM.roa
File:                     1hGg85jUEypE1BVEODeNjFQsqSM.roa (raw, json)
Hash identifier:          2+tQG6b2EJwqz03NhVRmBRq9/Qm2b0+6WrY/0Rqbybc=
Subject key identifier:   D6:11:A0:F3:98:D4:13:2A:44:D4:15:44:38:37:8D:8C:54:2C:A9:23
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       018CC2DB6279CD224D24484C76E40C4F1F09
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1hGg85jUEypE1BVEODeNjFQsqSM.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        89.23.105.0/24 maxlen: 24
                          89.23.106.0/24 maxlen: 24
                          89.23.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:62:79:cd:22:4d:24:48:4c:76:e4:0c:4f:1f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d611a0f398d4132a44d4154438378d8c542ca923
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a1:ae:a6:01:40:df:35:f1:35:d5:92:74:3b:
                    b3:1b:83:15:b8:f4:3e:7d:06:21:1c:80:bd:3a:7f:
                    c8:bc:63:8f:60:61:d7:d6:f8:d3:19:e4:cb:f3:c6:
                    63:fa:a7:6b:ac:3a:b9:70:de:07:2f:ad:c1:f4:03:
                    89:85:0a:7b:61:b3:23:77:99:4f:5f:b4:82:4b:aa:
                    19:d9:a2:00:6e:01:d3:b1:b9:23:5b:ea:00:2c:b7:
                    c8:38:45:e6:0f:bc:3c:43:ff:19:e6:11:77:f3:1d:
                    f1:95:d3:77:ef:03:ee:b7:89:d5:96:50:3f:11:2f:
                    48:04:3b:fe:d6:f6:c4:58:1a:46:bc:83:d2:a6:91:
                    b5:78:57:b7:ee:ea:6b:6f:9f:74:1f:7e:60:09:e0:
                    50:4d:a1:a9:56:ed:dc:57:3f:79:87:e9:d9:07:f0:
                    25:66:33:f4:45:05:09:90:7c:84:05:88:41:27:74:
                    1e:31:30:45:15:85:2b:13:05:d2:c8:a0:7b:27:31:
                    c2:82:da:d4:52:b2:c6:bd:40:16:19:eb:a5:0a:fe:
                    06:ae:a7:e8:ea:45:47:31:4d:26:f4:da:0e:78:ea:
                    4d:34:f8:18:b0:d6:15:27:61:66:e6:21:46:9f:f5:
                    a2:d3:01:c8:05:4b:1b:af:66:01:34:2c:23:f9:d0:
                    73:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:11:A0:F3:98:D4:13:2A:44:D4:15:44:38:37:8D:8C:54:2C:A9:23
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/1hGg85jUEypE1BVEODeNjFQsqSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.105.0-89.23.106.255
                  89.23.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:41:82:41:a7:54:5a:76:95:c5:b5:b3:8e:61:b8:68:b4:00:
         e8:d2:89:48:30:1a:aa:0d:ed:5e:12:a8:f8:79:db:de:3d:7a:
         b7:42:0b:d8:89:ff:b8:66:79:c5:11:88:6a:8a:0a:9d:7b:e9:
         dd:26:af:e3:ac:b4:2f:b6:02:53:f6:ff:06:8b:c6:36:95:51:
         35:0f:fd:bd:b2:59:f9:8e:63:d2:09:4b:fc:31:af:45:c6:d0:
         26:99:7d:34:55:9d:42:7a:db:1d:08:b7:0e:d5:bf:d8:76:8e:
         b5:a1:37:f1:07:a0:15:8f:47:de:5e:d1:c4:47:71:02:81:65:
         7a:23:fa:b0:4e:d3:84:fa:d9:3d:85:32:a6:c5:dc:b9:1e:23:
         cf:0a:98:71:cd:83:64:79:69:e8:8b:85:43:1f:e7:c8:5b:dd:
         46:76:35:a9:66:cf:6c:69:1d:a8:43:ca:f9:5a:90:ff:09:58:
         36:fa:f6:f9:77:f9:b1:4e:cd:b6:4b:67:7c:89:2d:2f:5f:0e:
         85:6b:61:1b:2f:eb:a8:11:b9:e3:76:82:ca:3a:10:33:a3:d6:
         39:cd:e5:5f:5e:c1:d9:3c:92:da:33:a1:16:0f:73:b6:94:a0:
         c4:1f:87:4b:49:f2:bd:a0:5e:81:38:2d:5b:2f:b8:4e:bd:98:
         86:30:bb:95
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzC22J5zSJNJEhMduQMTx8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjExYTBmMzk4ZDQxMzJhNDRkNDE1NDQzODM3OGQ4YzU0MmNhOTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKGupgFA3zXxNdWSdDuzG4MVuPQ+
fQYhHIC9On/IvGOPYGHX1vjTGeTL88Zj+qdrrDq5cN4HL63B9AOJhQp7YbMjd5lP
X7SCS6oZ2aIAbgHTsbkjW+oALLfIOEXmD7w8Q/8Z5hF38x3xldN37wPut4nVllA/
ES9IBDv+1vbEWBpGvIPSppG1eFe37uprb590H35gCeBQTaGpVu3cVz95h+nZB/Al
ZjP0RQUJkHyEBYhBJ3QeMTBFFYUrEwXSyKB7JzHCgtrUUrLGvUAWGeulCv4Grqfo
6kVHMU0m9NoOeOpNNPgYsNYVJ2Fm5iFGn/Wi0wHIBUsbr2YBNCwj+dBzIwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNYRoPOY1BMqRNQVRDg3jYxULKkjMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMWhHZzg1alVFeXBFMUJWRU9EZU5qRlFzcVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABZF2kD
BABZF2oDBABZF24wDQYJKoZIhvcNAQELBQADggEBAFRBgkGnVFp2lcW1s45huGi0
AOjSiUgwGqoN7V4SqPh52949erdCC9iJ/7hmecURiGqKCp176d0mr+OstC+2AlP2
/waLxjaVUTUP/b2yWfmOY9IJS/wxr0XG0CaZfTRVnUJ62x0Itw7Vv9h2jrWhN/EH
oBWPR95e0cRHcQKBZXoj+rBO04T62T2FMqbF3LkeI88KmHHNg2R5aeiLhUMf58hb
3UZ2Nalmz2xpHahDyvlakP8JWDb69vl3+bFOzbZLZ3yJLS9fDoVrYRsv66gRueN2
gso6EDOj1jnN5V9ewdk8ktozoRYPc7aUoMQfh0tJ8r2gXoE4LVsvuE69mIYwu5U=
-----END CERTIFICATE-----