Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/d796e4-d654-4e7b-84d4-f01a62400821/1/aZIo2iIyd4nYuuJb-e7kq7z5hXw.roa
File:                     aZIo2iIyd4nYuuJb-e7kq7z5hXw.roa (raw, json)
Hash identifier:          QN7c8ArqlniZjNI4BJgmpxqtuMz26rKAUXgSmrCm5Go=
Subject key identifier:   69:92:28:DA:22:32:77:89:D8:BA:E2:5B:F9:EE:E4:AB:BC:F9:85:7C
Certificate issuer:       /CN=64ff41a24fc48271b992327a2dae5a433bded050
Certificate serial:       018CC4250EACB5B2B5068BB18907E3104A5E
Authority key identifier: 64:FF:41:A2:4F:C4:82:71:B9:92:32:7A:2D:AE:5A:43:3B:DE:D0:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZP9Bok_EgnG5kjJ6La5aQzve0FA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/d796e4-d654-4e7b-84d4-f01a62400821/1/aZIo2iIyd4nYuuJb-e7kq7z5hXw.roa
Signing time:             Mon 01 Jan 2024 08:30:12 +0000
ROA not before:           Mon 01 Jan 2024 08:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200600
IP address blocks:        185.101.220.0/22 maxlen: 22
                          2a06:2140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/d796e4-d654-4e7b-84d4-f01a62400821/1/ZP9Bok_EgnG5kjJ6La5aQzve0FA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/d796e4-d654-4e7b-84d4-f01a62400821/1/ZP9Bok_EgnG5kjJ6La5aQzve0FA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZP9Bok_EgnG5kjJ6La5aQzve0FA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0e:ac:b5:b2:b5:06:8b:b1:89:07:e3:10:4a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64ff41a24fc48271b992327a2dae5a433bded050
        Validity
            Not Before: Jan  1 08:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=699228da22327789d8bae25bf9eee4abbcf9857c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e7:6d:e0:91:26:23:40:ba:0a:2e:70:ef:81:
                    ce:78:67:57:50:2f:f3:57:7d:6f:92:d9:e7:1f:91:
                    2c:b8:34:26:ee:ac:c6:e3:01:44:ca:88:30:a2:10:
                    0f:4b:bf:d9:3f:88:d4:ce:58:ae:65:4a:64:ba:ed:
                    38:46:54:98:14:97:db:0b:ee:a5:d4:43:68:7e:d5:
                    59:8c:42:a9:86:c8:f2:e4:d2:d6:08:82:04:03:93:
                    48:15:e0:71:fb:7a:0e:a7:e4:57:98:05:8b:a7:1b:
                    e9:1f:e5:f0:ec:0b:50:4a:c4:0d:db:71:08:7f:2c:
                    ee:33:dc:8e:fc:31:17:e4:8c:5c:2e:7c:4e:23:df:
                    5e:5a:89:da:db:ed:74:3d:4c:c0:fc:0e:71:48:bc:
                    47:38:6c:62:61:39:d5:3d:94:f6:89:78:d0:8d:c8:
                    50:c7:30:a3:92:00:35:2d:84:ee:24:0c:ab:68:9a:
                    3c:b8:aa:7b:89:90:28:a0:77:2b:fd:3a:7e:bb:97:
                    e4:cb:cc:0a:89:37:db:f5:6a:4c:bf:3a:48:4f:e8:
                    87:4a:3f:92:ee:20:43:5d:b1:b5:1a:38:80:c0:00:
                    6e:e7:ff:bf:fb:58:c8:54:26:28:f9:f6:f0:be:d4:
                    f7:62:93:9c:83:b6:25:7b:5f:0a:fe:b6:96:93:04:
                    4e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:92:28:DA:22:32:77:89:D8:BA:E2:5B:F9:EE:E4:AB:BC:F9:85:7C
            X509v3 Authority Key Identifier:
                keyid:64:FF:41:A2:4F:C4:82:71:B9:92:32:7A:2D:AE:5A:43:3B:DE:D0:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZP9Bok_EgnG5kjJ6La5aQzve0FA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/d796e4-d654-4e7b-84d4-f01a62400821/1/aZIo2iIyd4nYuuJb-e7kq7z5hXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/d796e4-d654-4e7b-84d4-f01a62400821/1/ZP9Bok_EgnG5kjJ6La5aQzve0FA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.220.0/22
                IPv6:
                  2a06:2140::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:25:93:11:df:8e:da:93:44:a9:24:b5:e3:8c:3d:97:6f:bf:
         68:52:00:0c:41:68:1a:4e:65:45:b2:96:c0:53:d4:d6:2b:28:
         f2:fe:7a:b5:64:68:47:a5:90:9a:02:cc:e6:0b:5a:8c:ac:d2:
         68:80:65:b8:69:44:c9:b5:20:ed:88:f5:ee:7e:11:45:98:5f:
         d7:33:94:ac:2f:71:f7:89:e6:cb:ab:22:8e:4d:f0:62:81:26:
         84:39:46:65:fe:e7:29:95:93:2e:42:38:f8:eb:2e:62:19:a9:
         10:28:79:21:15:7c:08:9e:39:69:e0:f9:9e:93:6b:7d:f8:26:
         65:81:8e:05:1f:4d:0b:e4:f4:b8:4f:10:b8:a6:46:ef:ef:ed:
         42:90:5e:56:1f:84:0f:b9:ee:71:4a:f0:3f:88:31:8e:06:82:
         84:76:8a:e9:93:a4:85:53:83:79:a7:00:f6:80:45:77:c9:6e:
         22:0a:33:71:98:17:41:86:c7:a6:e6:01:f5:69:51:ee:d1:f2:
         43:50:4c:93:d3:1c:76:2f:78:a2:e8:1a:1f:b2:01:82:1f:55:
         48:f9:a9:b5:fe:bf:14:b2:98:50:0e:58:d8:93:d0:88:be:c8:
         73:0a:6f:31:39:e0:4f:8b:f6:8b:22:09:bc:00:79:65:48:fd:
         81:df:cc:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJQ6stbK1BouxiQfjEEpeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZmY0MWEyNGZjNDgyNzFiOTkyMzI3YTJkYWU1YTQzM2Jk
ZWQwNTAwHhcNMjQwMTAxMDgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTkyMjhkYTIyMzI3Nzg5ZDhiYWUyNWJmOWVlZTRhYmJjZjk4NTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmudt4JEmI0C6Ci5w74HOeGdXUC/z
V31vktnnH5EsuDQm7qzG4wFEyogwohAPS7/ZP4jUzliuZUpkuu04RlSYFJfbC+6l
1ENoftVZjEKphsjy5NLWCIIEA5NIFeBx+3oOp+RXmAWLpxvpH+Xw7AtQSsQN23EI
fyzuM9yO/DEX5IxcLnxOI99eWona2+10PUzA/A5xSLxHOGxiYTnVPZT2iXjQjchQ
xzCjkgA1LYTuJAyraJo8uKp7iZAooHcr/Tp+u5fky8wKiTfb9WpMvzpIT+iHSj+S
7iBDXbG1GjiAwABu5/+/+1jIVCYo+fbwvtT3YpOcg7Yle18K/raWkwROIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGmSKNoiMneJ2LriW/nu5Ku8+YV8MB8GA1UdIwQY
MBaAFGT/QaJPxIJxuZIyei2uWkM73tBQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlA5Qm9rX0Vnbkc1a2pKNkxhNWFRenZlMEZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9kNzk2ZTQtZDY1NC00ZTdiLTg0ZDQt
ZjAxYTYyNDAwODIxLzEvYVpJbzJpSXlkNG5ZdXVKYi1lN2txN3o1aFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9kNzk2ZTQtZDY1NC00ZTdiLTg0ZDQtZjAxYTYyNDAwODIx
LzEvWlA5Qm9rX0Vnbkc1a2pKNkxhNWFRenZlMEZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWXcMA0E
AgACMAcDBQMqBiFAMA0GCSqGSIb3DQEBCwUAA4IBAQAgJZMR347ak0SpJLXjjD2X
b79oUgAMQWgaTmVFspbAU9TWKyjy/nq1ZGhHpZCaAszmC1qMrNJogGW4aUTJtSDt
iPXufhFFmF/XM5SsL3H3iebLqyKOTfBigSaEOUZl/ucplZMuQjj46y5iGakQKHkh
FXwInjlp4Pmek2t9+CZlgY4FH00L5PS4TxC4pkbv7+1CkF5WH4QPue5xSvA/iDGO
BoKEdorpk6SFU4N5pwD2gEV3yW4iCjNxmBdBhsem5gH1aVHu0fJDUEyT0xx2L3ii
6BofsgGCH1VI+am1/r8UsphQDljYk9CIvshzCm8xOeBPi/aLIgm8AHllSP2B38yj
-----END CERTIFICATE-----