Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/hc1WybxWzehtZg8tIstMyTJE0hE.roa
File:                     hc1WybxWzehtZg8tIstMyTJE0hE.roa (raw, json)
Hash identifier:          9S0w1JPKbg+4sFyEnQiQeOpcz9D5PGI/lS71203jHO0=
Subject key identifier:   85:CD:56:C9:BC:56:CD:E8:6D:66:0F:2D:22:CB:4C:C9:32:44:D2:11
Certificate issuer:       /CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
Certificate serial:       018CC3B7135A91ADA8CA57C2CDB8EB31DB7F
Authority key identifier: 39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/hc1WybxWzehtZg8tIstMyTJE0hE.roa
Signing time:             Mon 01 Jan 2024 06:30:04 +0000
ROA not before:           Mon 01 Jan 2024 06:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202207
IP address blocks:        185.5.124.0/22 maxlen: 22
                          5.181.44.0/22 maxlen: 22
                          2a03:1c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:13:5a:91:ad:a8:ca:57:c2:cd:b8:eb:31:db:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39027738f978feda24a9d87b0cb8bb9aa7af540d
        Validity
            Not Before: Jan  1 06:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85cd56c9bc56cde86d660f2d22cb4cc93244d211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ac:0f:2d:eb:41:f7:54:81:be:14:5b:64:af:
                    e7:d2:5f:44:b4:94:63:6d:e3:fa:72:6b:d8:05:70:
                    0a:9b:f2:36:55:d0:79:84:14:64:b2:c5:f1:37:4e:
                    09:2d:5c:fe:22:70:a3:4d:48:c6:2e:6d:07:e4:1f:
                    75:df:3e:f4:22:a5:53:19:cc:b1:ad:a6:14:71:66:
                    60:2a:64:b5:6c:67:35:89:7b:00:7c:a0:c3:e5:da:
                    5c:1d:bb:01:c4:6f:58:e8:e5:18:3c:9c:2a:13:93:
                    5b:20:92:6a:7e:94:22:0a:20:f9:47:1f:ae:4a:d7:
                    eb:ce:a9:93:76:9f:fa:9f:a6:7c:d1:83:72:27:e6:
                    7b:af:e0:8e:73:30:25:a2:e4:d0:9c:24:3b:90:66:
                    e7:f5:30:f2:4a:33:b0:98:1f:d9:45:c1:90:cb:1d:
                    09:e1:a4:2e:14:6a:29:e9:9a:80:3d:37:51:72:cc:
                    89:9a:0a:50:c7:80:df:81:93:3f:88:4c:33:fc:ff:
                    8c:49:89:cc:a3:06:c8:c6:62:15:03:e3:d3:2b:57:
                    bb:ae:c6:5e:ce:98:e1:c8:a1:06:ff:b9:73:1b:a5:
                    a7:e9:49:3c:18:58:99:66:08:06:81:8e:85:30:ae:
                    0c:ba:8a:e0:3f:5f:01:06:87:a5:e4:21:70:02:62:
                    42:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:CD:56:C9:BC:56:CD:E8:6D:66:0F:2D:22:CB:4C:C9:32:44:D2:11
            X509v3 Authority Key Identifier:
                keyid:39:02:77:38:F9:78:FE:DA:24:A9:D8:7B:0C:B8:BB:9A:A7:AF:54:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQJ3OPl4_tokqdh7DLi7mqevVA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/hc1WybxWzehtZg8tIstMyTJE0hE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/b9117c-51c5-4af8-bbef-f5d8ab7c15f0/1/OQJ3OPl4_tokqdh7DLi7mqevVA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.44.0/22
                  185.5.124.0/22
                IPv6:
                  2a03:1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:06:e6:e2:17:55:5f:ea:1f:43:47:ad:12:ad:ee:f5:a8:fd:
         e1:a1:dd:07:23:1d:e1:d2:bc:17:84:d9:77:ff:86:11:fb:69:
         e3:a0:5d:d7:34:e6:2e:d2:2c:59:61:e1:44:ee:bf:ce:be:2e:
         34:86:04:2a:e2:6c:f0:3f:c7:d1:89:60:78:0a:e8:59:73:57:
         16:cc:ae:a4:bf:73:ab:94:2e:2f:35:66:86:03:c4:14:61:e0:
         fd:aa:2f:e8:6e:42:89:98:4f:44:5a:87:a5:f7:ad:cc:08:55:
         60:85:20:f7:1e:74:db:7f:b4:e0:a2:e0:79:d1:54:f0:b1:cf:
         39:a2:cf:d8:75:79:77:d3:a8:a1:43:64:42:5d:44:51:ca:32:
         6b:37:df:af:ab:c7:d5:15:0e:1a:17:b6:34:10:97:b7:ba:63:
         e7:45:5a:5e:9e:88:04:a3:4c:53:a0:82:ad:8c:77:20:a4:b2:
         67:86:b3:21:b1:9a:d7:c2:e6:7f:cb:cc:1d:f2:48:7a:81:c7:
         d1:38:a3:30:23:16:4a:9f:a3:bc:29:3d:04:a6:8f:6d:a5:78:
         d3:8c:e5:66:67:d5:84:5f:5a:96:c9:66:0a:4e:32:29:dc:13:
         5a:69:69:5d:7b:1c:7c:33:42:3d:84:1c:4e:4b:d1:e6:6c:59:
         b5:25:90:49
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtxNaka2oylfCzbjrMdt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDI3NzM4Zjk3OGZlZGEyNGE5ZDg3YjBjYjhiYjlhYTdh
ZjU0MGQwHhcNMjQwMTAxMDYzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWNkNTZjOWJjNTZjZGU4NmQ2NjBmMmQyMmNiNGNjOTMyNDRkMjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6wPLetB91SBvhRbZK/n0l9EtJRj
beP6cmvYBXAKm/I2VdB5hBRkssXxN04JLVz+InCjTUjGLm0H5B913z70IqVTGcyx
raYUcWZgKmS1bGc1iXsAfKDD5dpcHbsBxG9Y6OUYPJwqE5NbIJJqfpQiCiD5Rx+u
StfrzqmTdp/6n6Z80YNyJ+Z7r+COczAlouTQnCQ7kGbn9TDySjOwmB/ZRcGQyx0J
4aQuFGop6ZqAPTdRcsyJmgpQx4DfgZM/iEwz/P+MSYnMowbIxmIVA+PTK1e7rsZe
zpjhyKEG/7lzG6Wn6Uk8GFiZZggGgY6FMK4MuorgP18BBoel5CFwAmJCgQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIXNVsm8Vs3obWYPLSLLTMkyRNIRMB8GA1UdIwQY
MBaAFDkCdzj5eP7aJKnYewy4u5qnr1QNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYt
ZjVkOGFiN2MxNWYwLzEvaGMxV3lieFd6ZWh0Wmc4dElzdE15VEpFMGhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9iOTExN2MtNTFjNS00YWY4LWJiZWYtZjVkOGFiN2MxNWYw
LzEvT1FKM09QbDRfdG9rcWRoN0RMaTdtcWV2VkEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBbUsAwQC
uQV8MA0EAgACMAcDBQAqAwHAMA0GCSqGSIb3DQEBCwUAA4IBAQBMBubiF1Vf6h9D
R60Sre71qP3hod0HIx3h0rwXhNl3/4YR+2njoF3XNOYu0ixZYeFE7r/Ovi40hgQq
4mzwP8fRiWB4CuhZc1cWzK6kv3OrlC4vNWaGA8QUYeD9qi/obkKJmE9EWoel963M
CFVghSD3HnTbf7TgouB50VTwsc85os/YdXl306ihQ2RCXURRyjJrN9+vq8fVFQ4a
F7Y0EJe3umPnRVpenogEo0xToIKtjHcgpLJnhrMhsZrXwuZ/y8wd8kh6gcfROKMw
IxZKn6O8KT0Epo9tpXjTjOVmZ9WEX1qWyWYKTjIp3BNaaWldexx8M0I9hBxOS9Hm
bFm1JZBJ
-----END CERTIFICATE-----