Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/a0MFoK3OU5hJ83l_M4I3t6GftkU.roa
File:                     a0MFoK3OU5hJ83l_M4I3t6GftkU.roa (raw, json)
Hash identifier:          /muYzSQm+bJ/6f4RTQIaumVGQZtwSAedPdZfV4at7L0=
Subject key identifier:   6B:43:05:A0:AD:CE:53:98:49:F3:79:7F:33:82:37:B7:A1:9F:B6:45
Certificate issuer:       /CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
Certificate serial:       01900215C9AB9190D87EAEF017F40C2AB2D8
Authority key identifier: 2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/a0MFoK3OU5hJ83l_M4I3t6GftkU.roa
Signing time:             Mon 10 Jun 2024 12:18:20 +0000
ROA not before:           Mon 10 Jun 2024 12:18:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.107.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:02:15:c9:ab:91:90:d8:7e:ae:f0:17:f4:0c:2a:b2:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
        Validity
            Not Before: Jun 10 12:18:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b4305a0adce539849f3797f338237b7a19fb645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0d:bb:c9:33:80:6f:0b:b0:13:0b:a0:be:8c:
                    4b:75:9d:a2:e9:1b:9c:bc:6f:cc:86:cb:06:7e:67:
                    c9:27:e4:f8:a4:21:1c:2b:99:75:63:33:49:62:12:
                    fc:35:18:c4:dc:74:28:d7:01:a5:41:54:ec:ae:df:
                    75:89:e7:87:4d:fe:15:4a:84:b7:35:e5:a4:b6:15:
                    7c:58:55:dd:22:89:72:f6:d5:6b:a7:bc:5d:46:0d:
                    97:ab:a0:fd:b5:c0:42:4e:d9:5c:80:40:30:e5:6f:
                    b4:53:1c:34:eb:89:c7:ff:b6:3a:b3:96:62:42:f6:
                    7b:23:31:28:b4:4f:a6:12:18:c0:2a:cc:c4:94:f4:
                    e0:76:de:75:91:88:74:31:03:a9:8a:49:19:bd:4f:
                    a3:68:e5:0f:67:6e:bd:73:72:24:2c:b7:c6:18:41:
                    ee:1f:ef:3d:9e:4c:51:7f:a3:20:01:ae:50:8f:83:
                    54:be:08:15:95:3e:82:d7:0e:b4:b4:99:d7:ce:ba:
                    88:b6:5a:44:fe:05:a8:09:f6:7e:3b:46:8e:28:e8:
                    51:0a:87:3e:89:5c:11:69:c5:0a:c4:17:2d:ed:d9:
                    57:db:b7:87:47:81:42:65:58:cf:ed:1d:db:3a:63:
                    a0:37:20:92:07:dd:c4:97:bb:b1:13:e0:85:e1:95:
                    97:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:43:05:A0:AD:CE:53:98:49:F3:79:7F:33:82:37:B7:A1:9F:B6:45
            X509v3 Authority Key Identifier:
                keyid:2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/a0MFoK3OU5hJ83l_M4I3t6GftkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:2e:9f:be:c3:22:ee:70:74:d5:6b:00:75:f1:f4:17:e1:07:
         1f:5b:c4:88:5d:79:b4:cd:6f:49:b7:e5:f9:94:95:8c:ee:6d:
         f4:23:57:7a:d4:a6:98:2c:02:d0:26:e4:3d:eb:e6:64:b0:88:
         67:de:f9:ce:43:71:5d:94:51:ff:38:ce:b2:26:ef:85:d9:cf:
         92:c7:89:34:35:63:a8:91:2c:56:cb:d6:b0:2a:16:ae:cc:25:
         b7:d8:13:93:2e:db:89:ab:97:a7:6f:87:9a:a8:19:29:54:3e:
         1f:b3:ac:f8:c1:4e:cb:23:e4:78:5a:44:f5:94:eb:79:c1:d0:
         f2:31:ac:27:fc:8b:b0:39:72:66:55:c0:36:88:1e:63:7d:c5:
         76:72:20:e5:cd:12:c2:1e:7c:99:bd:54:ea:d4:79:4e:89:f3:
         b1:4b:62:fe:c1:54:2a:d6:d6:70:eb:24:a2:ac:c4:6c:2a:92:
         06:33:83:b4:5c:15:59:bd:e5:0f:f6:0c:b1:c5:b7:2b:5e:3e:
         2f:85:c8:91:77:b7:4c:de:d3:0c:e3:f4:de:a4:63:b4:53:68:
         e9:bb:77:2c:f5:9a:7a:5c:1d:77:c9:91:f9:bc:0d:11:9d:ed:
         e9:32:8a:f3:07:94:ce:b4:ae:b2:61:ac:e2:7a:32:8e:db:0a:
         6a:77:8f:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZACFcmrkZDYfq7wF/QMKrLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjM3YzVhZmZlOTM1NDNhZTJmZTZlMWZmZWQxODIzOTZl
YjliYjMwHhcNMjQwNjEwMTIxODIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQzMDVhMGFkY2U1Mzk4NDlmMzc5N2YzMzgyMzdiN2ExOWZiNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ27yTOAbwuwEwugvoxLdZ2i6Ruc
vG/MhssGfmfJJ+T4pCEcK5l1YzNJYhL8NRjE3HQo1wGlQVTsrt91ieeHTf4VSoS3
NeWkthV8WFXdIoly9tVrp7xdRg2Xq6D9tcBCTtlcgEAw5W+0Uxw064nH/7Y6s5Zi
QvZ7IzEotE+mEhjAKszElPTgdt51kYh0MQOpikkZvU+jaOUPZ269c3IkLLfGGEHu
H+89nkxRf6MgAa5Qj4NUvggVlT6C1w60tJnXzrqItlpE/gWoCfZ+O0aOKOhRCoc+
iVwRacUKxBct7dlX27eHR4FCZVjP7R3bOmOgNyCSB93El7uxE+CF4ZWXOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGtDBaCtzlOYSfN5fzOCN7ehn7ZFMB8GA1UdIwQY
MBaAFCsjfFr/6TVDri/m4f/tGCOW65uzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEt
MTQ3MDJhNGQyNjYwLzEvYTBNRm9LM09VNWhKODNsX000STN0NkdmdGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEtMTQ3MDJhNGQyNjYw
LzEvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWvEMA0G
CSqGSIb3DQEBCwUAA4IBAQBULp++wyLucHTVawB18fQX4QcfW8SIXXm0zW9Jt+X5
lJWM7m30I1d61KaYLALQJuQ96+ZksIhn3vnOQ3FdlFH/OM6yJu+F2c+Sx4k0NWOo
kSxWy9awKhauzCW32BOTLtuJq5enb4eaqBkpVD4fs6z4wU7LI+R4WkT1lOt5wdDy
Mawn/IuwOXJmVcA2iB5jfcV2ciDlzRLCHnyZvVTq1HlOifOxS2L+wVQq1tZw6ySi
rMRsKpIGM4O0XBVZveUP9gyxxbcrXj4vhciRd7dM3tMM4/TepGO0U2jpu3cs9Zp6
XB13yZH5vA0Rne3pMorzB5TOtK6yYaziejKO2wpqd49i
-----END CERTIFICATE-----