Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/Jn2lqNsrfbERm_6Vzks0-kD-wrw.roa
File:                     Jn2lqNsrfbERm_6Vzks0-kD-wrw.roa (raw, json)
Hash identifier:          2T0yV0scCMLbDblagfFzCmeWYVFy8vBWpC3ZN+sMyFw=
Subject key identifier:   26:7D:A5:A8:DB:2B:7D:B1:11:9B:FE:95:CE:4B:34:FA:40:FE:C2:BC
Certificate issuer:       /CN=b05a0604e76876fa03e6ad8687fa1db6c63d3908
Certificate serial:       018CC8DCE856E0726550930E237B1BA3438D
Authority key identifier: B0:5A:06:04:E7:68:76:FA:03:E6:AD:86:87:FA:1D:B6:C6:3D:39:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/Jn2lqNsrfbERm_6Vzks0-kD-wrw.roa
Signing time:             Tue 02 Jan 2024 06:29:29 +0000
ROA not before:           Tue 02 Jan 2024 06:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200490
IP address blocks:        185.243.20.0/22 maxlen: 22
                          2001:67c:22f4::/48 maxlen: 48
                          2a0c:fe80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e8:56:e0:72:65:50:93:0e:23:7b:1b:a3:43:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05a0604e76876fa03e6ad8687fa1db6c63d3908
        Validity
            Not Before: Jan  2 06:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=267da5a8db2b7db1119bfe95ce4b34fa40fec2bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:5e:5d:73:fc:d0:de:8d:d6:4c:ff:42:1e:3c:
                    87:78:4f:ad:97:eb:96:ed:d9:41:a9:82:9f:fe:c0:
                    07:3f:12:86:9a:50:e7:9a:9a:c9:cb:dd:7e:35:8d:
                    bc:de:b5:98:43:45:18:7c:d5:39:59:41:91:0a:92:
                    2e:67:20:7b:b1:96:ab:65:be:c8:8b:2b:d1:8f:a1:
                    72:aa:60:16:10:f1:d3:0f:7f:5f:3e:a6:d4:86:aa:
                    20:96:4c:41:f1:69:74:e5:91:3d:ac:bb:6b:d2:43:
                    31:7c:45:a6:cd:a8:99:68:2f:69:67:b4:97:ec:bb:
                    b3:3a:1d:dc:a4:70:fb:63:ad:d0:87:81:d7:7e:b8:
                    7d:78:36:14:7f:be:0f:7c:26:23:e4:18:ab:c7:f8:
                    8b:86:4f:ae:50:a1:db:ca:e1:81:ff:2a:3e:55:4a:
                    c2:a2:2c:88:13:25:bd:89:1e:a0:90:3a:7b:37:05:
                    b3:3f:69:07:07:d9:fc:bf:ed:e5:bf:c0:a6:63:60:
                    1c:b8:e6:e7:1c:57:43:af:6b:25:f4:cf:ca:d7:b4:
                    24:a3:7a:c6:48:a1:02:8b:67:53:27:e3:1b:34:08:
                    48:5d:92:4f:e8:4d:43:b1:37:a5:91:17:bc:ed:b9:
                    20:31:3f:67:3e:41:2c:c7:4b:55:6d:17:2b:1a:58:
                    f6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7D:A5:A8:DB:2B:7D:B1:11:9B:FE:95:CE:4B:34:FA:40:FE:C2:BC
            X509v3 Authority Key Identifier:
                keyid:B0:5A:06:04:E7:68:76:FA:03:E6:AD:86:87:FA:1D:B6:C6:3D:39:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFoGBOdodvoD5q2Gh_odtsY9OQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/Jn2lqNsrfbERm_6Vzks0-kD-wrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/81aa49-8b4a-4c28-a578-a605717d34ae/1/sFoGBOdodvoD5q2Gh_odtsY9OQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.20.0/22
                IPv6:
                  2001:67c:22f4::/48
                  2a0c:fe80::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:90:ee:72:8b:22:c0:53:9f:f6:80:27:c4:55:29:67:b8:cb:
         22:fb:88:d1:7a:1c:eb:7f:9d:d9:2a:5a:61:eb:ab:b4:af:4b:
         85:5f:92:45:45:86:e6:3a:07:d8:83:6b:5e:e7:a2:f2:45:43:
         87:59:dd:0b:bd:e4:41:47:32:53:4d:4d:94:fd:e2:34:f9:a5:
         f2:44:2d:e6:44:4b:79:1f:9d:ab:ae:45:51:a4:db:fd:ce:1a:
         a0:69:eb:b1:b6:0d:fd:54:5d:51:f4:89:08:fc:bb:0d:8e:e0:
         e6:43:c2:c6:24:7e:41:6b:76:06:64:7b:cd:2d:3d:fd:97:f1:
         8e:be:36:24:05:53:9d:67:91:03:4e:e9:6e:71:51:1c:7d:22:
         1d:83:0d:75:5b:e7:a1:d2:25:7c:39:68:19:38:5c:2f:04:30:
         f9:d1:f0:02:b7:45:a5:4d:5d:26:64:e5:0d:01:8c:37:e3:fd:
         af:69:2e:40:46:74:19:0d:f8:bd:ff:51:31:1e:5d:05:d8:c7:
         f1:51:82:f9:30:43:1a:cb:32:19:25:b6:84:f4:f6:9a:b9:76:
         8d:cc:09:a4:93:56:74:13:fc:09:5f:16:bf:6d:12:33:49:fa:
         c2:c5:ea:7d:46:b0:39:f7:be:45:00:16:26:5e:7d:4f:fe:a9:
         46:39:03:29
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzI3OhW4HJlUJMOI3sbo0ONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWEwNjA0ZTc2ODc2ZmEwM2U2YWQ4Njg3ZmExZGI2YzYz
ZDM5MDgwHhcNMjQwMTAyMDYyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdkYTVhOGRiMmI3ZGIxMTE5YmZlOTVjZTRiMzRmYTQwZmVjMmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9F5dc/zQ3o3WTP9CHjyHeE+tl+uW
7dlBqYKf/sAHPxKGmlDnmprJy91+NY283rWYQ0UYfNU5WUGRCpIuZyB7sZarZb7I
iyvRj6FyqmAWEPHTD39fPqbUhqoglkxB8Wl05ZE9rLtr0kMxfEWmzaiZaC9pZ7SX
7LuzOh3cpHD7Y63Qh4HXfrh9eDYUf74PfCYj5Birx/iLhk+uUKHbyuGB/yo+VUrC
oiyIEyW9iR6gkDp7NwWzP2kHB9n8v+3lv8CmY2AcuObnHFdDr2sl9M/K17Qko3rG
SKECi2dTJ+MbNAhIXZJP6E1DsTelkRe87bkgMT9nPkEsx0tVbRcrGlj2twIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCZ9pajbK32xEZv+lc5LNPpA/sK8MB8GA1UdIwQY
MBaAFLBaBgTnaHb6A+athof6HbbGPTkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZvR0JPZG9kdm9ENXEyR2hfb2R0c1k5T1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi84MWFhNDktOGI0YS00YzI4LWE1Nzgt
YTYwNTcxN2QzNGFlLzEvSm4ybHFOc3JmYkVSbV82VnprczAta0Qtd3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi84MWFhNDktOGI0YS00YzI4LWE1NzgtYTYwNTcxN2QzNGFl
LzEvc0ZvR0JPZG9kdm9ENXEyR2hfb2R0c1k5T1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCufMUMBYE
AgACMBADBwAgAQZ8IvQDBQMqDP6AMA0GCSqGSIb3DQEBCwUAA4IBAQB2kO5yiyLA
U5/2gCfEVSlnuMsi+4jRehzrf53ZKlph66u0r0uFX5JFRYbmOgfYg2te56LyRUOH
Wd0LveRBRzJTTU2U/eI0+aXyRC3mREt5H52rrkVRpNv9zhqgaeuxtg39VF1R9IkI
/LsNjuDmQ8LGJH5Ba3YGZHvNLT39l/GOvjYkBVOdZ5EDTulucVEcfSIdgw11W+eh
0iV8OWgZOFwvBDD50fACt0WlTV0mZOUNAYw34/2vaS5ARnQZDfi9/1ExHl0F2Mfx
UYL5MEMayzIZJbaE9PaauXaNzAmkk1Z0E/wJXxa/bRIzSfrCxep9RrA5975FABYm
Xn1P/qlGOQMp
-----END CERTIFICATE-----