Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/b2v9zuI0-E3_o9zjRPCtjRR6wp0.roa
File:                     b2v9zuI0-E3_o9zjRPCtjRR6wp0.roa (raw, json)
Hash identifier:          x7iW+LIPfgneHNji2l0tpKxY9+r1UNofeKeCApdsnhU=
Subject key identifier:   6F:6B:FD:CE:E2:34:F8:4D:FF:A3:DC:E3:44:F0:AD:8D:14:7A:C2:9D
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCC2B2C3CB9DE27B5277A4072D8E12
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/b2v9zuI0-E3_o9zjRPCtjRR6wp0.roa
Signing time:             Mon 01 Jan 2024 16:30:28 +0000
ROA not before:           Mon 01 Jan 2024 16:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204576
IP address blocks:        212.22.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c2:b2:c3:cb:9d:e2:7b:52:77:a4:07:2d:8e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f6bfdcee234f84dffa3dce344f0ad8d147ac29d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:02:78:31:52:df:54:26:88:0b:73:79:ca:cf:
                    ce:96:64:60:49:29:4a:5e:2b:38:1b:af:e7:c6:ec:
                    2f:57:5e:24:f8:7c:af:b8:01:59:25:fa:c8:b2:51:
                    78:cd:9f:16:bf:1f:a1:01:7b:b6:d6:76:2b:e1:54:
                    95:87:06:66:df:c8:6d:34:22:5f:dd:94:b9:89:e0:
                    40:d2:6f:07:55:60:38:bf:a8:80:9e:30:cd:4e:29:
                    97:8b:11:53:a5:68:31:1e:51:b5:1c:27:1f:5c:2e:
                    45:d9:9e:5c:e1:1c:92:c4:91:d6:a0:56:6c:a6:de:
                    ea:40:01:5a:70:c5:87:73:8e:4b:f3:ca:2c:30:55:
                    d1:d8:77:25:41:d4:bf:50:ca:6f:a1:6e:eb:ab:00:
                    3d:50:c2:3e:5c:e3:92:7d:ba:84:34:5f:88:15:2e:
                    49:6f:21:aa:d5:e3:84:2b:5e:b0:52:4b:8b:88:a9:
                    10:27:88:cf:e6:ca:b5:3f:41:78:64:4a:9b:d0:13:
                    d2:05:fe:41:7f:ac:a8:bb:90:cf:31:aa:5a:05:1e:
                    d5:56:9f:24:f8:56:d8:aa:81:ab:70:74:25:63:0a:
                    45:d2:6a:01:ac:f6:7b:31:7e:4b:88:0e:75:a4:88:
                    1c:b6:b4:f7:2a:f2:51:bb:29:92:8a:2c:7c:16:ff:
                    6b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6B:FD:CE:E2:34:F8:4D:FF:A3:DC:E3:44:F0:AD:8D:14:7A:C2:9D
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/b2v9zuI0-E3_o9zjRPCtjRR6wp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d9:49:00:d6:eb:d7:a5:49:17:61:ef:2e:1e:0e:64:2c:52:
         50:a1:d6:99:99:ba:f9:60:e9:a6:cf:3c:a6:e5:c5:4f:20:30:
         8e:6a:45:3d:fb:f7:73:83:9e:70:37:5b:b5:6e:51:14:2f:a0:
         71:39:b0:f2:80:e4:dd:56:0e:0c:5f:4f:1f:3f:e5:ac:24:04:
         15:e3:32:07:ed:ea:30:e9:2b:2a:e6:87:e7:2d:a5:38:24:dc:
         b5:05:27:6e:5a:a0:16:ee:25:52:17:4f:19:63:00:18:e4:51:
         35:2c:b4:28:34:71:a5:4e:4a:0c:cc:4c:7e:8e:96:6e:b2:fe:
         cf:f5:2d:01:fa:da:59:02:f2:72:9d:eb:01:86:94:22:a8:f7:
         27:32:2e:c0:81:f6:63:f5:8a:5b:dd:dc:77:e9:1f:7a:1f:8c:
         02:56:87:b6:c2:ff:78:88:33:55:c2:d0:52:36:5b:64:42:99:
         79:67:62:4c:31:33:87:26:08:df:48:7d:67:70:85:b7:db:6d:
         8e:b7:1c:27:80:e6:69:98:1f:02:13:db:61:7a:7e:f6:0a:fe:
         fb:cb:70:75:fc:95:08:e7:8c:bf:c3:fd:96:7e:7d:55:c8:d1:
         2b:74:09:10:e7:a6:d0:5b:ae:f6:3d:6c:ba:5e:bd:86:90:00:
         f9:b2:d1:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MKyw8ud4ntSd6QHLY4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZiZmRjZWUyMzRmODRkZmZhM2RjZTM0NGYwYWQ4ZDE0N2FjMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogJ4MVLfVCaIC3N5ys/OlmRgSSlK
Xis4G6/nxuwvV14k+HyvuAFZJfrIslF4zZ8Wvx+hAXu21nYr4VSVhwZm38htNCJf
3ZS5ieBA0m8HVWA4v6iAnjDNTimXixFTpWgxHlG1HCcfXC5F2Z5c4RySxJHWoFZs
pt7qQAFacMWHc45L88osMFXR2HclQdS/UMpvoW7rqwA9UMI+XOOSfbqENF+IFS5J
byGq1eOEK16wUkuLiKkQJ4jP5sq1P0F4ZEqb0BPSBf5Bf6you5DPMapaBR7VVp8k
+FbYqoGrcHQlYwpF0moBrPZ7MX5LiA51pIgctrT3KvJRuymSiix8Fv9rTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9r/c7iNPhN/6Pc40TwrY0UesKdMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvYjJ2OXp1STAtRTNfbzl6alJQQ3RqUlI2d3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BZJMA0G
CSqGSIb3DQEBCwUAA4IBAQCR2UkA1uvXpUkXYe8uHg5kLFJQodaZmbr5YOmmzzym
5cVPIDCOakU9+/dzg55wN1u1blEUL6BxObDygOTdVg4MX08fP+WsJAQV4zIH7eow
6Ssq5ofnLaU4JNy1BSduWqAW7iVSF08ZYwAY5FE1LLQoNHGlTkoMzEx+jpZusv7P
9S0B+tpZAvJynesBhpQiqPcnMi7AgfZj9Ypb3dx36R96H4wCVoe2wv94iDNVwtBS
NltkQpl5Z2JMMTOHJgjfSH1ncIW3222OtxwngOZpmB8CE9then72Cv77y3B1/JUI
54y/w/2Wfn1VyNErdAkQ56bQW672PWy6Xr2GkAD5stEL
-----END CERTIFICATE-----