Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/955340-f801-41a7-a9d4-01b7e262eff1/1/_2FjyCenmqJ6VxvGCILSim-M6SA.roa
File:                     _2FjyCenmqJ6VxvGCILSim-M6SA.roa (raw, json)
Hash identifier:          yM4IYpclUGiFfXUZp47IEUPA6HVu9/SxpDA/7bs8Kug=
Subject key identifier:   FF:61:63:C8:27:A7:9A:A2:7A:57:1B:C6:08:82:D2:8A:6F:8C:E9:20
Certificate issuer:       /CN=bdef8a8ad007aa4dc81d7736189a182b0282bc18
Certificate serial:       018CC4245EA1F0E261BB57702A277F38BBF6
Authority key identifier: BD:EF:8A:8A:D0:07:AA:4D:C8:1D:77:36:18:9A:18:2B:02:82:BC:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ve-KitAHqk3IHXc2GJoYKwKCvBg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/955340-f801-41a7-a9d4-01b7e262eff1/1/_2FjyCenmqJ6VxvGCILSim-M6SA.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205310
IP address blocks:        185.220.228.0/22 maxlen: 24
                          2a11:c840::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/955340-f801-41a7-a9d4-01b7e262eff1/1/ve-KitAHqk3IHXc2GJoYKwKCvBg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/955340-f801-41a7-a9d4-01b7e262eff1/1/ve-KitAHqk3IHXc2GJoYKwKCvBg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ve-KitAHqk3IHXc2GJoYKwKCvBg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5e:a1:f0:e2:61:bb:57:70:2a:27:7f:38:bb:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdef8a8ad007aa4dc81d7736189a182b0282bc18
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff6163c827a79aa27a571bc60882d28a6f8ce920
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:36:4b:da:f9:89:44:52:7b:c5:09:67:64:cb:
                    2a:0d:e8:d2:da:8b:4a:f5:08:c5:f5:89:77:50:48:
                    a0:27:ba:41:cb:4f:9f:c3:db:0a:b1:b5:c7:4b:8f:
                    9b:a5:b6:d5:a5:ec:04:0a:24:f8:9c:c7:8e:cd:06:
                    48:ce:c8:31:28:31:4b:ca:3e:4c:d2:dc:bc:07:24:
                    d8:b8:ff:b9:e7:0a:77:33:ad:7b:b6:40:ea:a4:83:
                    27:00:38:8e:a5:49:c5:ef:a6:bf:26:35:fe:3f:66:
                    41:3a:51:9a:49:22:85:e2:4b:ed:1c:fc:26:61:17:
                    eb:6b:a7:36:06:2d:62:59:5d:01:40:ce:9a:9d:ca:
                    65:5e:60:17:c1:9a:b8:ce:a1:ef:92:8f:12:50:bc:
                    4f:4c:c4:34:23:c2:d6:40:57:33:c9:f3:e7:1b:5e:
                    14:a7:0f:9d:5b:5e:d2:96:0e:11:79:36:d9:ca:04:
                    a2:e9:d9:16:3b:08:a7:b4:c9:fd:8f:11:2d:74:fe:
                    60:27:e8:e2:df:69:be:40:d7:37:3d:48:3e:14:97:
                    98:83:bb:a8:cb:fa:ce:08:04:c4:7b:95:97:df:29:
                    68:6f:eb:de:cd:18:06:66:04:e0:4b:1c:ec:b8:96:
                    29:dd:88:2c:89:a6:68:9c:d4:62:56:4d:25:4e:b8:
                    a8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:61:63:C8:27:A7:9A:A2:7A:57:1B:C6:08:82:D2:8A:6F:8C:E9:20
            X509v3 Authority Key Identifier:
                keyid:BD:EF:8A:8A:D0:07:AA:4D:C8:1D:77:36:18:9A:18:2B:02:82:BC:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ve-KitAHqk3IHXc2GJoYKwKCvBg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/955340-f801-41a7-a9d4-01b7e262eff1/1/_2FjyCenmqJ6VxvGCILSim-M6SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/955340-f801-41a7-a9d4-01b7e262eff1/1/ve-KitAHqk3IHXc2GJoYKwKCvBg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.228.0/22
                IPv6:
                  2a11:c840::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:e4:97:bf:bb:50:8d:65:8f:49:a6:fc:b2:fb:c5:cb:e1:e1:
         ca:cf:f4:af:34:7f:91:65:41:68:ed:11:16:aa:cb:1c:21:ca:
         fe:eb:43:02:36:68:a3:55:f2:36:ac:b8:55:b6:43:16:6e:fa:
         ba:ca:38:09:2d:1c:38:f5:8b:c5:f9:78:be:ef:b5:21:59:f1:
         da:3c:55:8a:88:9b:2c:87:8c:26:8d:14:fb:fb:81:5a:8b:91:
         ee:ad:7c:75:04:fa:f8:60:e6:63:1a:f2:c5:52:0d:59:ab:86:
         c0:0d:b8:0f:67:3b:e8:74:ed:0c:e6:90:1d:ca:51:63:f5:a3:
         55:f0:f5:70:b2:79:e0:c1:46:77:90:a0:c4:e5:60:51:80:62:
         d0:1b:f3:46:14:22:df:ea:80:0f:17:0a:e5:17:c7:13:c5:9b:
         08:d8:03:20:17:a4:27:6e:90:cd:c0:96:5d:62:0a:a8:eb:77:
         33:26:e3:78:e7:5c:93:32:08:31:25:7c:ba:25:c1:d0:98:b8:
         a9:4c:19:a9:c3:b0:5d:64:e7:a2:4f:fc:4f:1c:ea:61:90:18:
         4c:c7:24:52:57:d3:91:0f:8b:1f:08:a8:07:79:42:03:bb:b3:
         1c:dd:76:4f:89:38:61:de:1c:d3:8c:af:2e:45:cb:fe:eb:8c:
         a7:57:70:00
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJF6h8OJhu1dwKid/OLv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZWY4YThhZDAwN2FhNGRjODFkNzczNjE4OWExODJiMDI4
MmJjMTgwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjYxNjNjODI3YTc5YWEyN2E1NzFiYzYwODgyZDI4YTZmOGNlOTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDZL2vmJRFJ7xQlnZMsqDejS2otK
9QjF9Yl3UEigJ7pBy0+fw9sKsbXHS4+bpbbVpewECiT4nMeOzQZIzsgxKDFLyj5M
0ty8ByTYuP+55wp3M617tkDqpIMnADiOpUnF76a/JjX+P2ZBOlGaSSKF4kvtHPwm
YRfra6c2Bi1iWV0BQM6ancplXmAXwZq4zqHvko8SULxPTMQ0I8LWQFczyfPnG14U
pw+dW17Slg4ReTbZygSi6dkWOwintMn9jxEtdP5gJ+ji32m+QNc3PUg+FJeYg7uo
y/rOCATEe5WX3ylob+vezRgGZgTgSxzsuJYp3YgsiaZonNRiVk0lTrioMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFP9hY8gnp5qielcbxgiC0opvjOkgMB8GA1UdIwQY
MBaAFL3viorQB6pNyB13NhiaGCsCgrwYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmUtS2l0QUhxazNJSFhjMkdKb1lLd0tDdkJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NTUzNDAtZjgwMS00MWE3LWE5ZDQt
MDFiN2UyNjJlZmYxLzEvXzJGanlDZW5tcUo2Vnh2R0NJTFNpbS1NNlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NTUzNDAtZjgwMS00MWE3LWE5ZDQtMDFiN2UyNjJlZmYx
LzEvdmUtS2l0QUhxazNJSFhjMkdKb1lLd0tDdkJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCudzkMA8E
AgACMAkDBwAqEchAAAAwDQYJKoZIhvcNAQELBQADggEBADzkl7+7UI1lj0mm/LL7
xcvh4crP9K80f5FlQWjtERaqyxwhyv7rQwI2aKNV8jasuFW2QxZu+rrKOAktHDj1
i8X5eL7vtSFZ8do8VYqImyyHjCaNFPv7gVqLke6tfHUE+vhg5mMa8sVSDVmrhsAN
uA9nO+h07QzmkB3KUWP1o1Xw9XCyeeDBRneQoMTlYFGAYtAb80YUIt/qgA8XCuUX
xxPFmwjYAyAXpCdukM3All1iCqjrdzMm43jnXJMyCDElfLolwdCYuKlMGanDsF1k
56JP/E8c6mGQGEzHJFJX05EPix8IqAd5QgO7sxzddk+JOGHeHNOMry5Fy/7rjKdX
cAA=
-----END CERTIFICATE-----