Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/L2bY3-S5ejXbKK4pc-q4pJqCR48.roa
File:                     L2bY3-S5ejXbKK4pc-q4pJqCR48.roa (raw, json)
Hash identifier:          xTmQRLKwpB9w7yb8XZ/jy4X5l8gd90YYzqIU6RpqKXU=
Subject key identifier:   2F:66:D8:DF:E4:B9:7A:35:DB:28:AE:29:73:EA:B8:A4:9A:82:47:8F
Certificate issuer:       /CN=1f94d1354e72306a9f7f951f93f52e8d13a40abf
Certificate serial:       018CC349024604B6886FFF1E21C39B2FD7C8
Authority key identifier: 1F:94:D1:35:4E:72:30:6A:9F:7F:95:1F:93:F5:2E:8D:13:A4:0A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H5TRNU5yMGqff5Ufk_UujROkCr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/L2bY3-S5ejXbKK4pc-q4pJqCR48.roa
Signing time:             Mon 01 Jan 2024 04:29:51 +0000
ROA not before:           Mon 01 Jan 2024 04:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205850
IP address blocks:        185.204.84.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/H5TRNU5yMGqff5Ufk_UujROkCr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/H5TRNU5yMGqff5Ufk_UujROkCr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H5TRNU5yMGqff5Ufk_UujROkCr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:02:46:04:b6:88:6f:ff:1e:21:c3:9b:2f:d7:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f94d1354e72306a9f7f951f93f52e8d13a40abf
        Validity
            Not Before: Jan  1 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f66d8dfe4b97a35db28ae2973eab8a49a82478f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:a2:77:25:62:99:bc:0c:c3:f5:ed:de:3a:9d:
                    30:5a:ca:7e:d7:12:87:8d:ac:82:79:c2:20:56:ed:
                    ff:a9:99:1b:ac:7d:2a:ed:49:67:65:1b:bb:5b:86:
                    92:8b:98:bc:96:1c:86:79:8d:e6:1a:08:57:38:ad:
                    30:eb:c6:af:67:72:75:8d:b0:6c:cd:cd:3b:05:db:
                    55:45:85:e2:e3:9a:4e:18:8b:64:44:b7:38:80:c2:
                    d8:7e:c8:e5:c0:a6:96:6c:f8:26:c0:25:5d:99:9a:
                    1f:c6:e8:d0:5c:0a:f8:cc:ed:e1:fb:3d:8d:5e:ad:
                    c9:b8:07:a1:b1:75:e4:00:11:95:06:b6:79:dd:3f:
                    38:fb:98:a4:5f:9b:ed:3c:5d:7e:4d:08:23:ce:d6:
                    f2:fc:17:d5:3a:f8:bb:03:bd:0e:6c:4e:57:c4:ed:
                    5e:3e:2a:ab:c9:fb:07:76:85:03:12:07:fe:bd:b7:
                    e2:7c:ac:f5:c0:33:7d:9c:98:76:29:46:49:c1:cf:
                    4e:c4:ad:6e:af:4e:4b:79:b9:af:2c:c7:a6:07:ef:
                    78:56:d0:bd:de:9b:31:d6:f0:ed:95:60:c4:95:ca:
                    79:81:e2:02:f9:13:c4:de:dc:d9:74:04:71:dc:78:
                    53:ab:f3:4d:db:71:f0:1d:bb:53:98:e7:62:42:37:
                    ab:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:66:D8:DF:E4:B9:7A:35:DB:28:AE:29:73:EA:B8:A4:9A:82:47:8F
            X509v3 Authority Key Identifier:
                keyid:1F:94:D1:35:4E:72:30:6A:9F:7F:95:1F:93:F5:2E:8D:13:A4:0A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H5TRNU5yMGqff5Ufk_UujROkCr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/L2bY3-S5ejXbKK4pc-q4pJqCR48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/df96a5-3157-4883-8083-212f893fc835/1/H5TRNU5yMGqff5Ufk_UujROkCr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:c9:10:40:7f:51:4c:45:a0:56:ae:9b:df:31:e4:b6:1d:ce:
         a3:61:ee:46:4c:e4:e9:20:32:8e:cc:5a:56:fd:61:4f:98:73:
         c6:0f:8f:36:1f:cd:1a:4c:4f:90:16:36:ac:aa:11:99:76:e9:
         49:b8:65:fe:03:f6:7d:1b:c0:3b:1c:b8:82:31:ea:99:36:23:
         9c:57:e4:39:e3:48:b1:8f:37:eb:a1:13:d9:1f:b0:1b:b5:39:
         2e:b4:dc:2e:15:e8:98:8f:a8:fc:59:6e:8a:1f:7b:bf:3e:0b:
         e6:c7:15:d7:16:b6:7e:50:a5:c2:37:5d:83:aa:c8:b1:3f:a0:
         fd:a5:fe:a4:21:b9:06:06:88:11:71:54:82:fc:ef:02:84:c4:
         c6:8d:99:55:3a:e3:56:d6:05:26:7d:45:bc:79:02:06:ae:bc:
         3d:18:9c:20:9e:95:62:4f:c5:5d:87:fc:24:9a:4e:ab:13:53:
         32:aa:38:08:62:e3:12:4c:1e:49:bb:f0:dd:37:78:db:11:d5:
         22:4b:fe:27:25:b4:4b:59:ba:f2:c3:cf:47:17:d1:3a:01:77:
         32:bb:57:51:a9:39:e5:96:49:03:14:8c:3e:1b:92:74:a5:f4:
         c3:53:0c:bc:f1:c8:0b:c4:aa:15:cc:5e:3f:5e:69:fe:70:fd:
         18:4a:90:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQJGBLaIb/8eIcObL9fIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmOTRkMTM1NGU3MjMwNmE5ZjdmOTUxZjkzZjUyZThkMTNh
NDBhYmYwHhcNMjQwMTAxMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY2ZDhkZmU0Yjk3YTM1ZGIyOGFlMjk3M2VhYjhhNDlhODI0NzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaJ3JWKZvAzD9e3eOp0wWsp+1xKH
jayCecIgVu3/qZkbrH0q7UlnZRu7W4aSi5i8lhyGeY3mGghXOK0w68avZ3J1jbBs
zc07BdtVRYXi45pOGItkRLc4gMLYfsjlwKaWbPgmwCVdmZofxujQXAr4zO3h+z2N
Xq3JuAehsXXkABGVBrZ53T84+5ikX5vtPF1+TQgjztby/BfVOvi7A70ObE5XxO1e
PiqryfsHdoUDEgf+vbfifKz1wDN9nJh2KUZJwc9OxK1ur05LebmvLMemB+94VtC9
3psx1vDtlWDElcp5geIC+RPE3tzZdARx3HhTq/NN23HwHbtTmOdiQjer8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9m2N/kuXo12yiuKXPquKSagkePMB8GA1UdIwQY
MBaAFB+U0TVOcjBqn3+VH5P1Lo0TpAq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDVUUk5VNXlNR3FmZjVVZmtfVXVqUk9rQ3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9kZjk2YTUtMzE1Ny00ODgzLTgwODMt
MjEyZjg5M2ZjODM1LzEvTDJiWTMtUzVlalhiS0s0cGMtcTRwSnFDUjQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9kZjk2YTUtMzE1Ny00ODgzLTgwODMtMjEyZjg5M2ZjODM1
LzEvSDVUUk5VNXlNR3FmZjVVZmtfVXVqUk9rQ3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucxUMA0G
CSqGSIb3DQEBCwUAA4IBAQBzyRBAf1FMRaBWrpvfMeS2Hc6jYe5GTOTpIDKOzFpW
/WFPmHPGD482H80aTE+QFjasqhGZdulJuGX+A/Z9G8A7HLiCMeqZNiOcV+Q540ix
jzfroRPZH7AbtTkutNwuFeiYj6j8WW6KH3u/PgvmxxXXFrZ+UKXCN12DqsixP6D9
pf6kIbkGBogRcVSC/O8ChMTGjZlVOuNW1gUmfUW8eQIGrrw9GJwgnpViT8Vdh/wk
mk6rE1MyqjgIYuMSTB5Ju/DdN3jbEdUiS/4nJbRLWbryw89HF9E6AXcyu1dRqTnl
lkkDFIw+G5J0pfTDUwy88cgLxKoVzF4/Xmn+cP0YSpDS
-----END CERTIFICATE-----