Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/Btrmjlwg9KcbA2WRnwd3dHiL7dE.roa
File:                     Btrmjlwg9KcbA2WRnwd3dHiL7dE.roa (raw, json)
Hash identifier:          zHz8V/Ju9qYX/9xa1SSNzb2WQHQ7JeI5nzQFSSsTfqg=
Subject key identifier:   06:DA:E6:8E:5C:20:F4:A7:1B:03:65:91:9F:07:77:74:78:8B:ED:D1
Certificate issuer:       /CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
Certificate serial:       018CC80181C65FF666373BCF276CBBB86276
Authority key identifier: 2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/Btrmjlwg9KcbA2WRnwd3dHiL7dE.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209324
IP address blocks:        185.107.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:81:c6:5f:f6:66:37:3b:cf:27:6c:bb:b8:62:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06dae68e5c20f4a71b0365919f077774788bedd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:dd:91:fd:98:8d:39:84:8d:8b:5f:1f:bb:ec:
                    14:dc:87:4d:87:b0:df:8a:60:aa:80:b4:65:a7:a3:
                    f9:20:6e:bd:dc:b1:e5:2c:af:34:e6:a0:8b:e9:ac:
                    a0:73:4a:68:09:d6:24:dd:08:4f:f2:ba:35:00:79:
                    a4:da:c2:0a:e3:86:eb:bd:33:a3:5d:a2:d6:3b:de:
                    f3:79:98:6c:cd:76:bb:41:f4:db:ed:6c:80:9c:36:
                    16:ee:a6:ef:07:73:be:17:ac:cf:96:bb:c9:5a:0f:
                    a7:91:02:10:b7:06:b5:ae:fc:c8:52:31:83:12:9c:
                    d1:d1:ea:2f:f0:a6:d9:4d:a3:86:42:9d:d3:06:da:
                    3a:31:07:87:97:1b:cb:2b:16:02:45:8f:2d:8b:54:
                    fa:ab:5e:34:13:18:91:9b:86:56:8c:b8:d6:09:ca:
                    f1:e4:b8:ed:a9:7e:27:8d:6e:ac:b0:95:ec:f5:21:
                    b2:14:da:eb:53:cf:4c:e1:1d:d8:79:9a:06:88:c2:
                    cc:bf:97:dc:5d:53:5e:72:36:cf:e6:ce:c1:f3:2d:
                    1f:fa:1b:a0:a0:f7:6b:da:66:1f:ff:ad:af:81:54:
                    f6:b0:62:50:6d:25:58:85:9c:d1:7e:3b:1f:40:a7:
                    63:36:e4:d7:f6:d3:dc:9a:1c:38:dc:94:88:50:e5:
                    45:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:DA:E6:8E:5C:20:F4:A7:1B:03:65:91:9F:07:77:74:78:8B:ED:D1
            X509v3 Authority Key Identifier:
                keyid:2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/Btrmjlwg9KcbA2WRnwd3dHiL7dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:36:ba:e3:e8:d0:53:56:88:df:36:8f:39:f8:6f:fe:cf:56:
         c9:b5:e1:1f:7b:0e:08:45:ce:99:ca:3c:c0:d7:1f:a7:70:6b:
         0d:a5:51:82:ca:7e:e3:f6:4e:05:14:ce:0b:a8:67:7b:4d:9c:
         65:95:6d:49:f0:03:1d:b5:fd:c0:af:fe:72:79:7c:f9:fa:9f:
         ac:62:c0:72:ba:f5:3d:3b:73:ba:2e:ad:b3:3c:70:0c:4a:b8:
         78:fa:d8:46:33:b4:49:79:cf:cf:2c:fe:78:dd:30:1e:6c:27:
         63:73:0b:db:c9:24:61:0a:27:f3:5a:81:a6:20:b4:83:bc:3c:
         0b:84:88:d1:ad:88:b5:a0:cc:d6:65:54:39:80:7e:27:c9:9b:
         f0:fa:f7:19:43:27:59:ff:98:fa:86:1a:ec:66:7e:76:ce:e5:
         36:c0:6d:1c:c4:06:f6:63:ca:f3:71:40:18:a9:bd:f0:c2:61:
         1f:2d:ea:1a:5d:27:ae:2b:21:6e:e0:0f:e9:10:04:85:55:f9:
         ee:41:54:1f:16:c2:b3:83:5e:04:56:d7:ad:e6:6c:58:4f:cd:
         49:65:55:07:9f:cd:0e:ee:3d:57:cd:6c:86:64:7e:45:8d:e9:
         ed:18:a6:3c:2b:5c:2f:b6:1d:87:d4:0f:aa:4d:b8:b7:9b:d7:
         20:19:6b:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYHGX/ZmNzvPJ2y7uGJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjM3YzVhZmZlOTM1NDNhZTJmZTZlMWZmZWQxODIzOTZl
YjliYjMwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmRhZTY4ZTVjMjBmNGE3MWIwMzY1OTE5ZjA3Nzc3NDc4OGJlZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAot2R/ZiNOYSNi18fu+wU3IdNh7Df
imCqgLRlp6P5IG693LHlLK805qCL6aygc0poCdYk3QhP8ro1AHmk2sIK44brvTOj
XaLWO97zeZhszXa7QfTb7WyAnDYW7qbvB3O+F6zPlrvJWg+nkQIQtwa1rvzIUjGD
EpzR0eov8KbZTaOGQp3TBto6MQeHlxvLKxYCRY8ti1T6q140ExiRm4ZWjLjWCcrx
5LjtqX4njW6ssJXs9SGyFNrrU89M4R3YeZoGiMLMv5fcXVNecjbP5s7B8y0f+hug
oPdr2mYf/62vgVT2sGJQbSVYhZzRfjsfQKdjNuTX9tPcmhw43JSIUOVFXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAba5o5cIPSnGwNlkZ8Hd3R4i+3RMB8GA1UdIwQY
MBaAFCsjfFr/6TVDri/m4f/tGCOW65uzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEt
MTQ3MDJhNGQyNjYwLzEvQnRybWpsd2c5S2NiQTJXUm53ZDNkSGlMN2RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEtMTQ3MDJhNGQyNjYw
LzEvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWvHMA0G
CSqGSIb3DQEBCwUAA4IBAQBPNrrj6NBTVojfNo85+G/+z1bJteEfew4IRc6ZyjzA
1x+ncGsNpVGCyn7j9k4FFM4LqGd7TZxllW1J8AMdtf3Ar/5yeXz5+p+sYsByuvU9
O3O6Lq2zPHAMSrh4+thGM7RJec/PLP543TAebCdjcwvbySRhCifzWoGmILSDvDwL
hIjRrYi1oMzWZVQ5gH4nyZvw+vcZQydZ/5j6hhrsZn52zuU2wG0cxAb2Y8rzcUAY
qb3wwmEfLeoaXSeuKyFu4A/pEASFVfnuQVQfFsKzg14EVtet5mxYT81JZVUHn80O
7j1XzWyGZH5FjentGKY8K1wvth2H1A+qTbi3m9cgGWvI
-----END CERTIFICATE-----