Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/A6QMRIX7FgoeI6JtlAceAMEC298.roa
File:                     A6QMRIX7FgoeI6JtlAceAMEC298.roa (raw, json)
Hash identifier:          Av8/CLDC8huNTb8zargRx7kbEZo0qVDnPzHV2BI4Q0A=
Subject key identifier:   03:A4:0C:44:85:FB:16:0A:1E:23:A2:6D:94:07:1E:00:C1:02:DB:DF
Certificate issuer:       /CN=0aa2f1205553fa5960f1805c6ed9389e9e0dc92c
Certificate serial:       018CC7266BFEA9771821C9F2EB61BEDDB6DE
Authority key identifier: 0A:A2:F1:20:55:53:FA:59:60:F1:80:5C:6E:D9:38:9E:9E:0D:C9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CqLxIFVT-llg8YBcbtk4np4NySw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/A6QMRIX7FgoeI6JtlAceAMEC298.roa
Signing time:             Mon 01 Jan 2024 22:30:33 +0000
ROA not before:           Mon 01 Jan 2024 22:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203425
IP address blocks:        185.105.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/CqLxIFVT-llg8YBcbtk4np4NySw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/CqLxIFVT-llg8YBcbtk4np4NySw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CqLxIFVT-llg8YBcbtk4np4NySw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:6b:fe:a9:77:18:21:c9:f2:eb:61:be:dd:b6:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0aa2f1205553fa5960f1805c6ed9389e9e0dc92c
        Validity
            Not Before: Jan  1 22:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03a40c4485fb160a1e23a26d94071e00c102dbdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e8:24:d9:00:03:d2:fe:5f:69:b4:3e:3e:00:
                    65:dd:3f:47:cc:a0:84:1b:5a:a3:dc:43:3a:62:9d:
                    85:52:ba:b3:08:bf:f6:e6:31:11:93:97:1b:26:54:
                    f5:20:fa:9f:b5:98:fd:0b:22:00:8d:48:09:ed:1a:
                    ab:12:a6:78:b8:ce:1f:8e:c5:79:91:79:ce:18:09:
                    08:74:9e:65:d7:72:a3:b7:72:6e:ab:10:c4:75:00:
                    2f:66:c0:e8:6c:cd:92:5f:b1:68:24:94:36:65:b5:
                    41:d1:99:ba:06:ac:59:32:72:c2:41:2f:33:84:2e:
                    e7:f0:53:64:bd:a6:85:2b:3b:47:72:8e:24:17:e1:
                    a9:9f:79:10:08:90:bf:dc:f1:a8:e0:e2:e2:2d:d4:
                    71:a9:c7:cf:68:58:78:9d:eb:ee:ff:61:5e:1b:13:
                    a9:b4:8f:22:1a:96:cd:db:60:d3:25:1a:db:ff:6a:
                    09:e4:6a:2a:1a:0a:5a:bb:43:49:4f:bf:6f:79:e0:
                    3f:c5:bc:89:4b:0f:86:98:d5:f4:23:0e:6e:35:96:
                    0e:cc:e0:f6:af:cb:52:1d:60:11:3a:06:ce:90:2e:
                    21:7c:ec:29:c8:73:95:ac:dc:ac:b6:7d:1d:53:b1:
                    0a:1c:7f:86:21:95:25:3f:c1:42:ef:0f:ea:59:2a:
                    fc:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:A4:0C:44:85:FB:16:0A:1E:23:A2:6D:94:07:1E:00:C1:02:DB:DF
            X509v3 Authority Key Identifier:
                keyid:0A:A2:F1:20:55:53:FA:59:60:F1:80:5C:6E:D9:38:9E:9E:0D:C9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CqLxIFVT-llg8YBcbtk4np4NySw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/A6QMRIX7FgoeI6JtlAceAMEC298.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e442-137e-4101-bb6c-b06831596449/1/CqLxIFVT-llg8YBcbtk4np4NySw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:ea:2a:fa:23:85:6c:e3:ae:99:4f:52:e1:1f:a9:80:e2:0c:
         6a:77:43:d1:d1:0e:32:2c:3d:07:0e:08:73:f5:e4:d3:a0:ca:
         18:35:78:07:34:06:9c:2c:87:b0:6b:7b:f0:21:d5:57:cc:40:
         59:ba:d1:e6:53:be:33:f7:4f:ea:c8:a4:8d:6b:85:37:f4:21:
         81:2d:0e:28:00:c7:e1:00:42:2a:93:23:a3:66:d2:0f:f4:4f:
         ed:42:6b:6a:36:f9:65:f4:76:1c:7b:bb:93:3b:e0:fc:d6:0b:
         e6:f9:a7:15:16:f0:00:07:9d:e9:12:48:db:b9:f5:89:b3:7f:
         e2:bc:6b:9b:c8:bb:05:93:2e:28:4f:67:7d:c7:94:7b:96:d4:
         86:50:59:c1:ed:8a:97:6e:ff:3d:74:1b:1c:1e:87:06:20:70:
         33:6d:08:fc:62:60:a4:c5:b7:96:70:06:f2:17:88:ca:ca:8f:
         20:6a:0a:40:eb:f2:70:41:ef:9a:62:00:34:1f:d1:87:d7:cb:
         9a:68:25:29:06:46:53:83:c2:9a:04:ee:dd:f2:b2:59:5c:c0:
         ed:f4:e9:a4:e2:2f:1f:3c:4a:06:a8:8a:e4:95:06:7b:84:2b:
         3f:47:91:5b:c0:32:3f:ea:f1:82:18:bc:18:ed:ac:f4:97:2d:
         33:fd:45:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJmv+qXcYIcny62G+3bbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhYTJmMTIwNTU1M2ZhNTk2MGYxODA1YzZlZDkzODllOWUw
ZGM5MmMwHhcNMjQwMTAxMjIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2E0MGM0NDg1ZmIxNjBhMWUyM2EyNmQ5NDA3MWUwMGMxMDJkYmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOgk2QAD0v5fabQ+PgBl3T9HzKCE
G1qj3EM6Yp2FUrqzCL/25jERk5cbJlT1IPqftZj9CyIAjUgJ7RqrEqZ4uM4fjsV5
kXnOGAkIdJ5l13Kjt3JuqxDEdQAvZsDobM2SX7FoJJQ2ZbVB0Zm6BqxZMnLCQS8z
hC7n8FNkvaaFKztHco4kF+Gpn3kQCJC/3PGo4OLiLdRxqcfPaFh4nevu/2FeGxOp
tI8iGpbN22DTJRrb/2oJ5GoqGgpau0NJT79veeA/xbyJSw+GmNX0Iw5uNZYOzOD2
r8tSHWAROgbOkC4hfOwpyHOVrNystn0dU7EKHH+GIZUlP8FC7w/qWSr83wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOkDESF+xYKHiOibZQHHgDBAtvfMB8GA1UdIwQY
MBaAFAqi8SBVU/pZYPGAXG7ZOJ6eDcksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3FMeElGVlQtbGxnOFlCY2J0azRucDROeVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NGU0NDItMTM3ZS00MTAxLWJiNmMt
YjA2ODMxNTk2NDQ5LzEvQTZRTVJJWDdGZ29lSTZKdGxBY2VBTUVDMjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NGU0NDItMTM3ZS00MTAxLWJiNmMtYjA2ODMxNTk2NDQ5
LzEvQ3FMeElGVlQtbGxnOFlCY2J0azRucDROeVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWlAMA0G
CSqGSIb3DQEBCwUAA4IBAQAw6ir6I4Vs466ZT1LhH6mA4gxqd0PR0Q4yLD0HDghz
9eTToMoYNXgHNAacLIewa3vwIdVXzEBZutHmU74z90/qyKSNa4U39CGBLQ4oAMfh
AEIqkyOjZtIP9E/tQmtqNvll9HYce7uTO+D81gvm+acVFvAAB53pEkjbufWJs3/i
vGubyLsFky4oT2d9x5R7ltSGUFnB7YqXbv89dBscHocGIHAzbQj8YmCkxbeWcAby
F4jKyo8gagpA6/JwQe+aYgA0H9GH18uaaCUpBkZTg8KaBO7d8rJZXMDt9Omk4i8f
PEoGqIrklQZ7hCs/R5FbwDI/6vGCGLwY7az0ly0z/UVa
-----END CERTIFICATE-----