Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/d4d411-9966-4291-aa59-f90850e74296/1/awfNyQz7qOnZ-23Ifs3uZzc1WDw.roa
File:                     awfNyQz7qOnZ-23Ifs3uZzc1WDw.roa (raw, json)
Hash identifier:          6W3ApOy94scomfZTrjUdxd2QGNtbSRLwNpHQHlqqxAs=
Subject key identifier:   6B:07:CD:C9:0C:FB:A8:E9:D9:FB:6D:C8:7E:CD:EE:67:37:35:58:3C
Certificate issuer:       /CN=e2a75ef9036f5c143e57dfafbc92c0255c3159ba
Certificate serial:       018FFD1D4FB02FDE2E03D262F4467FD409E9
Authority key identifier: E2:A7:5E:F9:03:6F:5C:14:3E:57:DF:AF:BC:92:C0:25:5C:31:59:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4qde-QNvXBQ-V9-vvJLAJVwxWbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/d4d411-9966-4291-aa59-f90850e74296/1/awfNyQz7qOnZ-23Ifs3uZzc1WDw.roa
Signing time:             Sun 09 Jun 2024 13:08:27 +0000
ROA not before:           Sun 09 Jun 2024 13:08:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209197
IP address blocks:        185.207.30.0/23 maxlen: 23
                          185.207.31.0/25 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/d4d411-9966-4291-aa59-f90850e74296/1/4qde-QNvXBQ-V9-vvJLAJVwxWbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/d4d411-9966-4291-aa59-f90850e74296/1/4qde-QNvXBQ-V9-vvJLAJVwxWbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4qde-QNvXBQ-V9-vvJLAJVwxWbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fd:1d:4f:b0:2f:de:2e:03:d2:62:f4:46:7f:d4:09:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2a75ef9036f5c143e57dfafbc92c0255c3159ba
        Validity
            Not Before: Jun  9 13:08:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b07cdc90cfba8e9d9fb6dc87ecdee673735583c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:54:1d:ca:69:fd:19:72:98:e5:79:42:f9:3f:
                    11:dd:5f:1f:a3:52:4e:90:2e:f3:9d:34:d3:38:0e:
                    28:d6:55:b8:59:67:25:eb:9c:29:38:6f:1d:45:a4:
                    ca:84:18:bf:39:98:2a:d2:a7:82:43:2c:54:44:be:
                    9a:79:00:6b:ea:82:bc:a1:36:8f:92:27:6c:b3:21:
                    a4:20:61:4f:f0:a8:e6:f8:3d:78:2a:67:c6:e9:bb:
                    17:6b:28:6b:1e:83:85:d7:22:ef:18:4c:fd:1a:e6:
                    4f:67:9a:bc:5b:7a:5a:d1:ff:82:98:d2:4c:37:9c:
                    7c:9d:81:51:0f:64:46:5f:b1:26:d8:b6:3c:e3:49:
                    ac:9f:11:0a:2f:77:d8:c5:f2:4c:a4:74:76:3b:3c:
                    e4:f5:cc:62:db:b0:c2:4c:fb:61:35:69:f6:1f:80:
                    68:55:67:0a:fe:84:0e:f2:cb:79:15:11:ca:b5:09:
                    5c:98:8c:56:f4:b4:53:04:3e:f5:ca:9b:ba:14:89:
                    2c:91:be:69:7f:01:b9:fc:77:f9:7b:00:56:3a:94:
                    04:92:a2:0a:96:41:85:25:ef:f0:1d:ff:f7:3a:69:
                    7c:81:71:b6:3b:67:df:6a:a3:49:54:c5:67:5c:fe:
                    68:fe:fa:b1:be:af:77:5d:cc:25:dc:2b:44:08:b0:
                    ce:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:07:CD:C9:0C:FB:A8:E9:D9:FB:6D:C8:7E:CD:EE:67:37:35:58:3C
            X509v3 Authority Key Identifier:
                keyid:E2:A7:5E:F9:03:6F:5C:14:3E:57:DF:AF:BC:92:C0:25:5C:31:59:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4qde-QNvXBQ-V9-vvJLAJVwxWbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d4d411-9966-4291-aa59-f90850e74296/1/awfNyQz7qOnZ-23Ifs3uZzc1WDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/d4d411-9966-4291-aa59-f90850e74296/1/4qde-QNvXBQ-V9-vvJLAJVwxWbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:6d:9a:5a:b7:24:3e:89:c3:2a:f2:73:83:bf:84:5b:45:e7:
         16:9d:7a:0f:6f:af:68:ce:1e:69:1d:5c:e3:c9:6c:58:27:e6:
         20:81:87:7d:ef:2f:b3:36:70:ae:cb:ab:e5:7c:29:db:11:84:
         63:61:da:2e:b6:ac:32:04:09:07:e3:57:ba:cb:3e:8a:1c:19:
         86:65:f3:17:50:10:ad:e3:bf:0c:fc:ea:81:85:7c:39:0b:0e:
         fd:19:5f:f3:95:ef:36:1b:40:61:49:71:b2:14:41:1c:22:3f:
         9f:05:a8:dd:9f:0e:f1:c9:76:c1:93:6b:ae:8f:d5:7a:d9:59:
         7c:4e:89:89:b1:0c:57:ae:38:95:94:e3:9b:84:eb:f4:e0:84:
         e0:43:df:e8:e6:3e:bc:88:ee:6c:fb:fa:13:db:e1:be:99:78:
         d9:2e:24:1a:33:80:91:f8:b0:a7:bc:df:f1:a3:57:a4:99:2f:
         86:3a:f0:2c:64:9e:97:5c:b0:71:1c:4e:8a:9b:a6:2b:bd:80:
         4d:0c:cc:c7:97:b9:58:8c:27:f2:00:4c:97:46:7f:fe:9b:3a:
         6f:d6:da:a2:ed:42:81:29:fe:ae:bf:1a:29:4a:b7:40:19:6e:
         1b:03:b3:c6:bd:65:18:2c:4b:dc:9c:39:f0:a3:43:12:50:b9:
         cd:2b:97:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/9HU+wL94uA9Ji9EZ/1AnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYTc1ZWY5MDM2ZjVjMTQzZTU3ZGZhZmJjOTJjMDI1NWMz
MTU5YmEwHhcNMjQwNjA5MTMwODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjA3Y2RjOTBjZmJhOGU5ZDlmYjZkYzg3ZWNkZWU2NzM3MzU1ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1Qdymn9GXKY5XlC+T8R3V8fo1JO
kC7znTTTOA4o1lW4WWcl65wpOG8dRaTKhBi/OZgq0qeCQyxURL6aeQBr6oK8oTaP
kidssyGkIGFP8Kjm+D14KmfG6bsXayhrHoOF1yLvGEz9GuZPZ5q8W3pa0f+CmNJM
N5x8nYFRD2RGX7Em2LY840msnxEKL3fYxfJMpHR2Ozzk9cxi27DCTPthNWn2H4Bo
VWcK/oQO8st5FRHKtQlcmIxW9LRTBD71ypu6FIkskb5pfwG5/Hf5ewBWOpQEkqIK
lkGFJe/wHf/3Oml8gXG2O2ffaqNJVMVnXP5o/vqxvq93Xcwl3CtECLDOoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsHzckM+6jp2fttyH7N7mc3NVg8MB8GA1UdIwQY
MBaAFOKnXvkDb1wUPlffr7ySwCVcMVm6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHFkZS1RTnZYQlEtVjktdnZKTEFKVnd4V2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kNGQ0MTEtOTk2Ni00MjkxLWFhNTkt
ZjkwODUwZTc0Mjk2LzEvYXdmTnlRejdxT25aLTIzSWZzM3VaemMxV0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kNGQ0MTEtOTk2Ni00MjkxLWFhNTktZjkwODUwZTc0Mjk2
LzEvNHFkZS1RTnZYQlEtVjktdnZKTEFKVnd4V2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuc8eMA0G
CSqGSIb3DQEBCwUAA4IBAQCPbZpatyQ+icMq8nODv4RbRecWnXoPb69ozh5pHVzj
yWxYJ+YggYd97y+zNnCuy6vlfCnbEYRjYdoutqwyBAkH41e6yz6KHBmGZfMXUBCt
478M/OqBhXw5Cw79GV/zle82G0BhSXGyFEEcIj+fBajdnw7xyXbBk2uuj9V62Vl8
TomJsQxXrjiVlOObhOv04ITgQ9/o5j68iO5s+/oT2+G+mXjZLiQaM4CR+LCnvN/x
o1ekmS+GOvAsZJ6XXLBxHE6Km6YrvYBNDMzHl7lYjCfyAEyXRn/+mzpv1tqi7UKB
Kf6uvxopSrdAGW4bA7PGvWUYLEvcnDnwo0MSULnNK5do
-----END CERTIFICATE-----