Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/ERZRDr1oWvOyCmAuK41H9jTZJoo.roa
File:                     ERZRDr1oWvOyCmAuK41H9jTZJoo.roa (raw, json)
Hash identifier:          uKaXgtRss0Wa8zgbIwcNxrck79uONQpkYBFTU1GXHPw=
Subject key identifier:   11:16:51:0E:BD:68:5A:F3:B2:0A:60:2E:2B:8D:47:F6:34:D9:26:8A
Certificate issuer:       /CN=6fa32e6581183f2c4897a7652333901f7f5bee73
Certificate serial:       018CC8DEF397A750877D92E1E2014212CD03
Authority key identifier: 6F:A3:2E:65:81:18:3F:2C:48:97:A7:65:23:33:90:1F:7F:5B:EE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6MuZYEYPyxIl6dlIzOQH39b7nM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/ERZRDr1oWvOyCmAuK41H9jTZJoo.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39138
IP address blocks:        185.218.107.0/24 maxlen: 24
                          2a10:d1c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/b6MuZYEYPyxIl6dlIzOQH39b7nM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/b6MuZYEYPyxIl6dlIzOQH39b7nM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6MuZYEYPyxIl6dlIzOQH39b7nM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f3:97:a7:50:87:7d:92:e1:e2:01:42:12:cd:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa32e6581183f2c4897a7652333901f7f5bee73
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1116510ebd685af3b20a602e2b8d47f634d9268a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:75:bf:0a:16:45:fb:37:f6:13:82:36:9d:78:
                    7d:3c:f1:0d:08:c5:4a:f6:f2:68:3e:69:3e:d4:6a:
                    c9:3d:41:bb:0d:b7:c6:1f:95:19:00:e9:72:e5:ea:
                    05:26:95:f2:10:0d:4b:4b:2d:a0:76:4e:8f:f5:f3:
                    be:92:57:95:39:34:56:ba:7b:df:57:77:27:a7:4b:
                    98:6f:8f:9e:9e:ce:a9:f6:f1:a4:3f:a9:6b:06:8a:
                    09:43:f0:e1:27:5b:f0:d3:dd:77:8c:49:17:04:09:
                    9b:81:7c:ac:7f:b0:4b:4c:a1:56:9e:e9:bf:f9:e3:
                    0a:47:ab:7f:65:84:44:85:3c:6f:e1:0d:73:02:ff:
                    00:b1:28:d0:b5:15:0c:03:1b:05:7e:a4:f7:d2:e0:
                    49:f2:42:fa:c0:b7:82:bc:a0:62:b9:37:61:44:ff:
                    bd:3c:6a:10:9f:a5:06:ff:2b:bd:03:06:ce:65:19:
                    94:4c:10:73:80:89:30:2e:73:77:ab:19:85:80:b9:
                    d3:6d:e3:02:67:9d:85:45:26:8c:d8:ba:16:f0:79:
                    53:8c:05:a3:73:ca:33:f1:3d:a4:02:c5:bc:ee:95:
                    f6:83:31:77:15:dc:49:64:4c:84:40:b3:1a:e2:e1:
                    ee:24:97:1b:70:7f:87:9b:83:48:9b:3c:24:19:7f:
                    bf:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:16:51:0E:BD:68:5A:F3:B2:0A:60:2E:2B:8D:47:F6:34:D9:26:8A
            X509v3 Authority Key Identifier:
                keyid:6F:A3:2E:65:81:18:3F:2C:48:97:A7:65:23:33:90:1F:7F:5B:EE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6MuZYEYPyxIl6dlIzOQH39b7nM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/ERZRDr1oWvOyCmAuK41H9jTZJoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/85ca8e-d74b-4c05-81b6-770f0572c0e7/1/b6MuZYEYPyxIl6dlIzOQH39b7nM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.107.0/24
                IPv6:
                  2a10:d1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:2f:61:aa:eb:8c:ad:f3:4e:ed:47:38:80:7f:0e:5d:93:23:
         a7:bb:5b:46:8d:3d:45:77:0c:50:a7:a7:d7:d4:1b:25:41:39:
         83:57:44:b3:1c:0a:ee:bb:d9:01:a1:72:e0:01:b6:3a:aa:91:
         c1:43:b8:e5:85:c7:f0:46:fe:08:26:da:ea:ee:6e:19:28:97:
         dd:b5:00:6b:c1:3c:8f:9a:6a:ae:04:39:80:a9:68:59:42:89:
         a7:4e:26:9f:5a:7a:85:3b:fc:7a:c4:5e:fc:f5:c2:34:30:0a:
         7a:4c:2b:87:d0:c5:41:24:43:ad:6b:97:60:6c:2e:79:b1:e0:
         1e:55:8b:b9:8c:b5:ca:00:89:6e:18:5c:ad:a4:dd:d2:3a:a1:
         fc:01:60:57:8f:57:d2:83:40:e0:a2:a2:28:44:5e:87:9c:fd:
         9d:1e:61:82:7b:1a:40:2f:fc:ed:a4:2e:48:10:91:5c:01:88:
         b4:4c:d9:2f:7b:ca:4d:c8:8f:70:06:e5:8f:2d:51:3c:0d:61:
         fe:a4:58:14:4e:bf:67:9e:66:cf:cc:2f:e5:94:e1:71:91:3a:
         28:67:e6:6c:e0:37:d7:44:d3:19:db:54:a8:fc:d2:0c:0b:3e:
         6e:51:f2:fb:ca:f5:60:d5:79:f6:e9:c1:72:19:c3:8d:21:52:
         29:14:34:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3vOXp1CHfZLh4gFCEs0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTMyZTY1ODExODNmMmM0ODk3YTc2NTIzMzM5MDFmN2Y1
YmVlNzMwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTE2NTEwZWJkNjg1YWYzYjIwYTYwMmUyYjhkNDdmNjM0ZDkyNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3W/ChZF+zf2E4I2nXh9PPENCMVK
9vJoPmk+1GrJPUG7DbfGH5UZAOly5eoFJpXyEA1LSy2gdk6P9fO+kleVOTRWunvf
V3cnp0uYb4+ens6p9vGkP6lrBooJQ/DhJ1vw0913jEkXBAmbgXysf7BLTKFWnum/
+eMKR6t/ZYREhTxv4Q1zAv8AsSjQtRUMAxsFfqT30uBJ8kL6wLeCvKBiuTdhRP+9
PGoQn6UG/yu9AwbOZRmUTBBzgIkwLnN3qxmFgLnTbeMCZ52FRSaM2LoW8HlTjAWj
c8oz8T2kAsW87pX2gzF3FdxJZEyEQLMa4uHuJJcbcH+Hm4NImzwkGX+/mwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBEWUQ69aFrzsgpgLiuNR/Y02SaKMB8GA1UdIwQY
MBaAFG+jLmWBGD8sSJenZSMzkB9/W+5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZNdVpZRVlQeXhJbDZkbEl6T1FIMzliN25NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi84NWNhOGUtZDc0Yi00YzA1LTgxYjYt
NzcwZjA1NzJjMGU3LzEvRVJaUkRyMW9Xdk95Q21BdUs0MUg5alRaSm9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi84NWNhOGUtZDc0Yi00YzA1LTgxYjYtNzcwZjA1NzJjMGU3
LzEvYjZNdVpZRVlQeXhJbDZkbEl6T1FIMzliN25NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudprMA0E
AgACMAcDBQAqENHAMA0GCSqGSIb3DQEBCwUAA4IBAQALL2Gq64yt807tRziAfw5d
kyOnu1tGjT1FdwxQp6fX1BslQTmDV0SzHAruu9kBoXLgAbY6qpHBQ7jlhcfwRv4I
Jtrq7m4ZKJfdtQBrwTyPmmquBDmAqWhZQomnTiafWnqFO/x6xF789cI0MAp6TCuH
0MVBJEOta5dgbC55seAeVYu5jLXKAIluGFytpN3SOqH8AWBXj1fSg0DgoqIoRF6H
nP2dHmGCexpAL/ztpC5IEJFcAYi0TNkve8pNyI9wBuWPLVE8DWH+pFgUTr9nnmbP
zC/llOFxkTooZ+Zs4DfXRNMZ21So/NIMCz5uUfL7yvVg1Xn26cFyGcONIVIpFDTo
-----END CERTIFICATE-----