Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/azVz-wfweHTpXb17aEzq16c9r4k.roa
File:                     azVz-wfweHTpXb17aEzq16c9r4k.roa (raw, json)
Hash identifier:          +Bfy09uaRXECMQSLOoD1RaQmzEj2feO6Mxy0GPcxTds=
Subject key identifier:   6B:35:73:FB:07:F0:78:74:E9:5D:BD:7B:68:4C:EA:D7:A7:3D:AF:89
Certificate issuer:       /CN=13eb7b7df835b113abb3f626f6203fee97b1992c
Certificate serial:       018EB3D65D341226104642C575A4C14AE288
Authority key identifier: 13:EB:7B:7D:F8:35:B1:13:AB:B3:F6:26:F6:20:3F:EE:97:B1:99:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-t7ffg1sROrs_Ym9iA_7pexmSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/azVz-wfweHTpXb17aEzq16c9r4k.roa
Signing time:             Sat 06 Apr 2024 14:35:54 +0000
ROA not before:           Sat 06 Apr 2024 14:35:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201990
IP address blocks:        185.205.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/E-t7ffg1sROrs_Ym9iA_7pexmSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/E-t7ffg1sROrs_Ym9iA_7pexmSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-t7ffg1sROrs_Ym9iA_7pexmSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b3:d6:5d:34:12:26:10:46:42:c5:75:a4:c1:4a:e2:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13eb7b7df835b113abb3f626f6203fee97b1992c
        Validity
            Not Before: Apr  6 14:35:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b3573fb07f07874e95dbd7b684cead7a73daf89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b4:2f:b3:a3:56:b7:5a:2b:c3:5b:e3:13:6d:
                    c5:58:5e:84:54:b7:20:7a:a8:2d:8a:f9:4a:22:c5:
                    7c:dc:d5:77:86:48:e6:7c:a1:ec:d8:f3:85:32:e3:
                    db:06:40:5e:57:ab:5c:a1:ff:c7:ea:ca:68:f9:61:
                    8f:dc:13:bf:d1:15:bd:64:5b:83:2e:c6:16:c0:b8:
                    20:3d:9e:26:a6:15:70:c6:3c:67:9f:a2:1d:f2:ab:
                    d8:a7:d0:66:58:03:b6:69:65:36:ec:2f:18:39:03:
                    0a:bf:1f:3c:d4:c5:ba:65:13:08:a9:0c:39:8a:40:
                    c3:31:17:2b:8c:4a:3d:fb:d0:04:2f:64:75:40:95:
                    10:ca:22:5a:48:cf:e8:2f:3e:7d:61:cd:8a:84:85:
                    74:96:e4:9d:65:60:ad:1a:73:2a:c5:58:7d:01:ba:
                    d4:4e:65:7b:ca:70:7e:63:ed:c4:5b:f9:cc:71:8c:
                    31:b5:57:be:4d:f0:5c:fc:63:95:23:73:30:26:88:
                    6e:7d:e2:78:e2:ab:d8:60:49:7c:3e:f5:03:2f:44:
                    96:b2:24:cc:40:2b:7c:2c:f9:20:f0:d4:9f:82:92:
                    6d:3b:bf:45:b0:64:a5:1f:e5:09:bf:d4:c1:7b:1f:
                    5e:f5:5a:6d:54:43:e9:1b:85:6c:06:4c:58:0e:30:
                    6c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:35:73:FB:07:F0:78:74:E9:5D:BD:7B:68:4C:EA:D7:A7:3D:AF:89
            X509v3 Authority Key Identifier:
                keyid:13:EB:7B:7D:F8:35:B1:13:AB:B3:F6:26:F6:20:3F:EE:97:B1:99:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-t7ffg1sROrs_Ym9iA_7pexmSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/azVz-wfweHTpXb17aEzq16c9r4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/661d4e-cd6a-477f-919c-81c716f5bca2/1/E-t7ffg1sROrs_Ym9iA_7pexmSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:3c:84:0c:43:91:41:3b:4c:67:2a:03:e0:39:96:82:79:03:
         01:f5:0f:01:e5:bd:dd:ef:a3:f8:47:ff:ad:d6:07:5b:18:c8:
         58:2c:66:28:ad:b1:10:c1:6c:88:ac:3e:4a:65:4c:ee:18:cf:
         be:72:e5:aa:0e:72:d0:d9:f6:dd:3c:a2:e4:b8:5e:2a:f0:e6:
         4d:80:25:dd:f6:6f:0b:6c:e2:1e:3d:73:69:40:0f:6e:3c:69:
         b1:01:e1:ea:50:d7:91:3a:70:e0:51:b9:89:34:12:85:d3:4c:
         48:46:63:1f:56:22:83:d8:98:74:57:a5:7d:c8:d2:0c:68:17:
         ea:5f:8e:6c:f0:94:2e:07:0a:e7:b1:2e:d2:ee:47:a6:18:82:
         2d:1e:51:97:74:a7:33:91:a8:5d:97:8c:60:ec:4b:93:b0:4b:
         84:ff:4a:0e:1c:69:76:1e:ca:30:0a:45:49:10:d6:68:7a:1f:
         eb:35:c2:81:e1:9c:25:23:84:19:38:65:9c:0c:e1:11:64:5e:
         d7:73:8f:6b:8b:48:59:ee:04:3b:ae:d0:f3:c7:ec:35:27:d7:
         19:b6:e8:1e:02:e6:d8:d1:f9:f5:2b:0c:31:e6:4b:0e:90:df:
         7b:f6:9f:53:fc:dc:e0:a2:6c:80:e8:d1:94:a9:11:12:32:a5:
         5a:0c:17:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6z1l00EiYQRkLFdaTBSuKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWI3YjdkZjgzNWIxMTNhYmIzZjYyNmY2MjAzZmVlOTdi
MTk5MmMwHhcNMjQwNDA2MTQzNTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjM1NzNmYjA3ZjA3ODc0ZTk1ZGJkN2I2ODRjZWFkN2E3M2RhZjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7Qvs6NWt1orw1vjE23FWF6EVLcg
eqgtivlKIsV83NV3hkjmfKHs2POFMuPbBkBeV6tcof/H6spo+WGP3BO/0RW9ZFuD
LsYWwLggPZ4mphVwxjxnn6Id8qvYp9BmWAO2aWU27C8YOQMKvx881MW6ZRMIqQw5
ikDDMRcrjEo9+9AEL2R1QJUQyiJaSM/oLz59Yc2KhIV0luSdZWCtGnMqxVh9AbrU
TmV7ynB+Y+3EW/nMcYwxtVe+TfBc/GOVI3MwJohufeJ44qvYYEl8PvUDL0SWsiTM
QCt8LPkg8NSfgpJtO79FsGSlH+UJv9TBex9e9VptVEPpG4VsBkxYDjBs4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGs1c/sH8Hh06V29e2hM6tenPa+JMB8GA1UdIwQY
MBaAFBPre334NbETq7P2JvYgP+6XsZksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS10N2ZmZzFzUk9yc19ZbTlpQV83cGV4bVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS82NjFkNGUtY2Q2YS00NzdmLTkxOWMt
ODFjNzE2ZjViY2EyLzEvYXpWei13ZndlSFRwWGIxN2FFenExNmM5cjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS82NjFkNGUtY2Q2YS00NzdmLTkxOWMtODFjNzE2ZjViY2Ey
LzEvRS10N2ZmZzFzUk9yc19ZbTlpQV83cGV4bVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc1UMA0G
CSqGSIb3DQEBCwUAA4IBAQALPIQMQ5FBO0xnKgPgOZaCeQMB9Q8B5b3d76P4R/+t
1gdbGMhYLGYorbEQwWyIrD5KZUzuGM++cuWqDnLQ2fbdPKLkuF4q8OZNgCXd9m8L
bOIePXNpQA9uPGmxAeHqUNeROnDgUbmJNBKF00xIRmMfViKD2Jh0V6V9yNIMaBfq
X45s8JQuBwrnsS7S7kemGIItHlGXdKczkahdl4xg7EuTsEuE/0oOHGl2HsowCkVJ
ENZoeh/rNcKB4ZwlI4QZOGWcDOERZF7Xc49ri0hZ7gQ7rtDzx+w1J9cZtugeAubY
0fn1Kwwx5ksOkN979p9T/NzgomyA6NGUqRESMqVaDBeA
-----END CERTIFICATE-----