Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/e2b494-c0b2-43f4-bc4d-a6f4f0f4f72d/1/ICwiR2uTtX-pSM6PZQTXiqvxJDo.roa
File:                     ICwiR2uTtX-pSM6PZQTXiqvxJDo.roa (raw, json)
Hash identifier:          KNJ2db0M6AZ07CuBGou/uBeJnLatd+TIDEwiMNPym28=
Subject key identifier:   20:2C:22:47:6B:93:B5:7F:A9:48:CE:8F:65:04:D7:8A:AB:F1:24:3A
Certificate issuer:       /CN=afb04b1355e5d6ed2223249630ac8b9f7439aee1
Certificate serial:       018CC4253267E01449342F0E969F7695C6B4
Authority key identifier: AF:B0:4B:13:55:E5:D6:ED:22:23:24:96:30:AC:8B:9F:74:39:AE:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r7BLE1Xl1u0iIySWMKyLn3Q5ruE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/e2b494-c0b2-43f4-bc4d-a6f4f0f4f72d/1/ICwiR2uTtX-pSM6PZQTXiqvxJDo.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50304
IP address blocks:        185.247.12.0/23 maxlen: 24
                          185.247.12.0/22 maxlen: 22
                          2a0d:b680::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/e2b494-c0b2-43f4-bc4d-a6f4f0f4f72d/1/r7BLE1Xl1u0iIySWMKyLn3Q5ruE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/e2b494-c0b2-43f4-bc4d-a6f4f0f4f72d/1/r7BLE1Xl1u0iIySWMKyLn3Q5ruE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r7BLE1Xl1u0iIySWMKyLn3Q5ruE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:32:67:e0:14:49:34:2f:0e:96:9f:76:95:c6:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afb04b1355e5d6ed2223249630ac8b9f7439aee1
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=202c22476b93b57fa948ce8f6504d78aabf1243a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e3:c1:de:7d:ea:b2:6c:8a:92:60:20:7f:50:
                    1c:6e:88:2e:ee:d7:40:85:43:66:5c:af:c0:d1:49:
                    c1:a4:d1:47:a6:2e:be:d6:8f:58:c7:53:ca:4f:b1:
                    0e:29:6f:71:d3:52:11:23:c2:b8:1a:e5:71:fc:5a:
                    3f:fd:d8:c6:4a:b5:07:2b:8e:14:06:dd:ac:e2:6f:
                    a8:ca:07:05:50:61:4a:0a:f2:6d:17:29:ba:dd:70:
                    0a:cc:86:e2:ad:7e:97:29:1a:1d:da:c3:82:15:02:
                    b1:bf:82:59:fa:ca:92:bb:f3:f6:b0:03:3a:bb:55:
                    ab:16:8c:a4:6a:0a:b3:2c:d0:75:a0:69:93:c1:c8:
                    2b:6e:02:ec:19:53:d8:50:a2:72:9d:b5:27:b8:b4:
                    5c:12:c4:aa:b9:2c:28:5a:c9:d7:5d:8e:5b:54:d5:
                    d8:c2:fe:74:d5:bd:57:e1:99:72:fe:7f:86:2a:24:
                    35:64:a7:9f:12:8a:d2:99:41:fb:5e:c1:37:2d:fa:
                    55:5a:0d:63:1e:f9:ca:91:5b:a4:87:46:89:90:61:
                    43:67:46:a8:aa:67:a6:7f:12:73:48:9c:cb:ba:28:
                    1b:cb:ce:df:ae:c9:eb:ea:35:bb:d6:5e:3f:bb:64:
                    f2:61:2b:12:7d:e2:b2:ce:94:47:a5:25:71:fa:55:
                    d6:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:2C:22:47:6B:93:B5:7F:A9:48:CE:8F:65:04:D7:8A:AB:F1:24:3A
            X509v3 Authority Key Identifier:
                keyid:AF:B0:4B:13:55:E5:D6:ED:22:23:24:96:30:AC:8B:9F:74:39:AE:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r7BLE1Xl1u0iIySWMKyLn3Q5ruE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/e2b494-c0b2-43f4-bc4d-a6f4f0f4f72d/1/ICwiR2uTtX-pSM6PZQTXiqvxJDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/e2b494-c0b2-43f4-bc4d-a6f4f0f4f72d/1/r7BLE1Xl1u0iIySWMKyLn3Q5ruE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.12.0/22
                IPv6:
                  2a0d:b680::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:ad:10:e3:dc:dd:48:56:58:56:a7:45:8c:90:83:7b:af:0a:
         a0:e8:1e:fd:21:21:f6:08:5a:d9:60:79:6b:c6:86:54:79:cb:
         08:f4:af:ab:49:c6:15:42:e2:e6:3a:e9:fd:7b:dc:df:ca:5a:
         13:2b:12:bf:f7:27:ca:d6:d7:93:5d:77:d9:d4:60:ce:1d:37:
         73:84:18:b8:d3:41:34:2d:0f:1a:7c:ef:f0:bb:9a:56:b1:92:
         20:df:a5:ee:6e:53:10:8b:dd:62:9c:a4:30:46:88:de:b2:9f:
         6c:9d:55:79:cd:5b:f0:99:dd:79:e7:c1:30:63:48:04:16:c3:
         25:6f:f7:38:2e:b1:f3:de:d8:a5:9a:e7:2c:02:a5:0d:e0:8a:
         d1:d4:5f:db:19:7e:6a:cb:16:48:8a:fc:0d:ac:40:b0:a0:ea:
         95:0f:2e:36:3a:30:97:6e:54:95:1f:d4:4b:0f:93:ec:33:40:
         33:44:61:33:a3:40:e4:23:b7:86:95:6c:99:18:98:4d:20:05:
         db:a6:e2:69:a4:cb:ed:f3:11:a1:37:78:39:a3:06:af:04:a3:
         5d:2f:84:94:53:70:5c:a8:c2:f9:2a:70:01:83:b7:52:bf:df:
         e4:52:9c:b1:a1:91:73:74:23:e2:07:d7:f2:12:f9:14:6c:49:
         ad:66:4a:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJTJn4BRJNC8Olp92lca0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYjA0YjEzNTVlNWQ2ZWQyMjIzMjQ5NjMwYWM4YjlmNzQz
OWFlZTEwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDJjMjI0NzZiOTNiNTdmYTk0OGNlOGY2NTA0ZDc4YWFiZjEyNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOPB3n3qsmyKkmAgf1Acbogu7tdA
hUNmXK/A0UnBpNFHpi6+1o9Yx1PKT7EOKW9x01IRI8K4GuVx/Fo//djGSrUHK44U
Bt2s4m+oygcFUGFKCvJtFym63XAKzIbirX6XKRod2sOCFQKxv4JZ+sqSu/P2sAM6
u1WrFoykagqzLNB1oGmTwcgrbgLsGVPYUKJynbUnuLRcEsSquSwoWsnXXY5bVNXY
wv501b1X4Zly/n+GKiQ1ZKefEorSmUH7XsE3LfpVWg1jHvnKkVukh0aJkGFDZ0ao
qmemfxJzSJzLuigby87frsnr6jW71l4/u2TyYSsSfeKyzpRHpSVx+lXWiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCAsIkdrk7V/qUjOj2UE14qr8SQ6MB8GA1UdIwQY
MBaAFK+wSxNV5dbtIiMkljCsi590Oa7hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjdCTEUxWGwxdTBpSXlTV01LeUxuM1E1cnVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9lMmI0OTQtYzBiMi00M2Y0LWJjNGQt
YTZmNGYwZjRmNzJkLzEvSUN3aVIydVR0WC1wU002UFpRVFhpcXZ4SkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9lMmI0OTQtYzBiMi00M2Y0LWJjNGQtYTZmNGYwZjRmNzJk
LzEvcjdCTEUxWGwxdTBpSXlTV01LeUxuM1E1cnVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufcMMA0E
AgACMAcDBQMqDbaAMA0GCSqGSIb3DQEBCwUAA4IBAQCTrRDj3N1IVlhWp0WMkIN7
rwqg6B79ISH2CFrZYHlrxoZUecsI9K+rScYVQuLmOun9e9zfyloTKxK/9yfK1teT
XXfZ1GDOHTdzhBi400E0LQ8afO/wu5pWsZIg36XublMQi91inKQwRojesp9snVV5
zVvwmd1558EwY0gEFsMlb/c4LrHz3tilmucsAqUN4IrR1F/bGX5qyxZIivwNrECw
oOqVDy42OjCXblSVH9RLD5PsM0AzRGEzo0DkI7eGlWyZGJhNIAXbpuJppMvt8xGh
N3g5owavBKNdL4SUU3BcqML5KnABg7dSv9/kUpyxoZFzdCPiB9fyEvkUbEmtZkob
-----END CERTIFICATE-----