Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/zO4Yh6Pnp55xsnZT9iC1tIZBpS8.roa
File:                     zO4Yh6Pnp55xsnZT9iC1tIZBpS8.roa (raw, json)
Hash identifier:          TpAK7sxzTSgxZoOhiTlrX8i+6tu8JNF1guStMj9zNgE=
Subject key identifier:   CC:EE:18:87:A3:E7:A7:9E:71:B2:76:53:F6:20:B5:B4:86:41:A5:2F
Certificate issuer:       /CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
Certificate serial:       018CC80180BC66A553FC3B94724C8943218B
Authority key identifier: 2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/zO4Yh6Pnp55xsnZT9iC1tIZBpS8.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200416
IP address blocks:        185.107.198.0/24 maxlen: 24
                          2a06:45c1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:80:bc:66:a5:53:fc:3b:94:72:4c:89:43:21:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b237c5affe93543ae2fe6e1ffed182396eb9bb3
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccee1887a3e7a79e71b27653f620b5b48641a52f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:72:02:c2:33:c9:62:97:5a:94:d9:f1:8e:2a:
                    74:3e:2b:d8:d4:46:c3:b2:7c:4d:07:84:40:fc:2b:
                    0c:91:d0:eb:fe:13:91:f9:4f:2f:9c:f1:0a:c9:b4:
                    ac:b5:63:3a:b2:94:83:c0:d8:de:9f:f3:7e:e2:2c:
                    e5:0b:b3:c1:3c:e8:d7:63:b1:3a:03:a7:4a:b1:14:
                    02:56:62:84:3d:45:c2:d7:9b:e0:68:a5:5b:65:3c:
                    be:81:cb:d8:ae:c3:fe:a0:72:70:02:df:47:cc:bc:
                    36:6e:f6:d4:d8:83:87:b5:00:b1:8f:8e:9f:4e:ee:
                    90:94:65:91:04:b1:33:aa:b0:a8:9f:b0:fc:d6:b8:
                    d9:b5:b8:19:b7:35:47:bc:4e:fd:49:d8:e5:8b:fc:
                    67:7b:3f:e0:c9:93:28:28:0f:5e:f3:43:dd:d0:6c:
                    f9:10:7c:fb:90:a1:34:4b:15:e2:d7:20:7e:96:ce:
                    e8:fe:61:f4:1c:96:81:ea:86:89:4c:65:dd:d7:1c:
                    39:16:21:83:1c:b7:e7:85:90:87:df:15:80:ba:a7:
                    ef:f7:1d:dc:b0:f3:34:c5:71:f5:85:89:02:0e:f5:
                    2d:23:47:4a:9d:0c:bb:00:08:5c:4e:8a:e9:63:2d:
                    9d:7b:89:b3:1c:29:0d:04:53:2c:ff:d7:26:bc:ce:
                    89:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EE:18:87:A3:E7:A7:9E:71:B2:76:53:F6:20:B5:B4:86:41:A5:2F
            X509v3 Authority Key Identifier:
                keyid:2B:23:7C:5A:FF:E9:35:43:AE:2F:E6:E1:FF:ED:18:23:96:EB:9B:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KyN8Wv_pNUOuL-bh_-0YI5brm7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/zO4Yh6Pnp55xsnZT9iC1tIZBpS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/64a053-26ff-48a6-aeda-14702a4d2660/1/KyN8Wv_pNUOuL-bh_-0YI5brm7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.198.0/24
                IPv6:
                  2a06:45c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:8c:9c:53:87:da:a8:f0:dc:05:8f:61:d9:f7:e9:ae:cf:c4:
         ec:f2:40:09:cb:0f:a7:71:45:c4:a1:4e:8d:42:8b:6b:fd:66:
         f7:d9:c4:c9:4a:31:62:49:91:85:63:1f:d4:3e:f8:70:52:dd:
         b0:57:d8:6b:98:ba:e9:25:d0:ec:7a:43:97:ca:fb:61:77:a2:
         79:68:d3:2d:11:b3:f4:01:40:b4:51:b8:30:d7:cc:43:4f:9a:
         81:22:05:a0:08:4f:8b:6c:d9:9b:f8:1e:1e:a7:e3:7c:bd:8d:
         41:13:a7:cf:a2:bd:ed:14:0c:da:77:b8:8c:8e:86:1f:51:b9:
         cc:3a:b0:5f:d5:b8:dd:af:81:6c:c9:69:ee:b8:c6:cd:c9:ff:
         b3:9d:2e:4f:99:7a:1e:a3:c5:88:54:ae:4f:45:bd:d3:94:f8:
         a5:be:7d:70:63:61:87:81:59:a4:60:d2:9e:e0:f5:2d:b3:cf:
         d9:ab:6e:16:81:18:f2:3c:38:2f:41:a0:7f:0a:50:a8:20:18:
         9b:83:e9:6d:59:62:d9:c6:ce:76:8e:55:c8:dc:f9:54:5a:4a:
         f4:27:d8:a5:a3:f5:00:50:b5:aa:27:ad:6a:bb:1c:f5:8d:14:
         91:be:36:77:01:d7:21:55:f1:99:3e:55:6b:ae:48:31:1f:86:
         93:7c:bb:1b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAYC8ZqVT/DuUckyJQyGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjM3YzVhZmZlOTM1NDNhZTJmZTZlMWZmZWQxODIzOTZl
YjliYjMwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2VlMTg4N2EzZTdhNzllNzFiMjc2NTNmNjIwYjViNDg2NDFhNTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXICwjPJYpdalNnxjip0PivY1EbD
snxNB4RA/CsMkdDr/hOR+U8vnPEKybSstWM6spSDwNjen/N+4izlC7PBPOjXY7E6
A6dKsRQCVmKEPUXC15vgaKVbZTy+gcvYrsP+oHJwAt9HzLw2bvbU2IOHtQCxj46f
Tu6QlGWRBLEzqrCon7D81rjZtbgZtzVHvE79Sdjli/xnez/gyZMoKA9e80Pd0Gz5
EHz7kKE0SxXi1yB+ls7o/mH0HJaB6oaJTGXd1xw5FiGDHLfnhZCH3xWAuqfv9x3c
sPM0xXH1hYkCDvUtI0dKnQy7AAhcTorpYy2de4mzHCkNBFMs/9cmvM6J0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMzuGIej56eecbJ2U/YgtbSGQaUvMB8GA1UdIwQY
MBaAFCsjfFr/6TVDri/m4f/tGCOW65uzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEt
MTQ3MDJhNGQyNjYwLzEvek80WWg2UG5wNTV4c25aVDlpQzF0SVpCcFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi82NGEwNTMtMjZmZi00OGE2LWFlZGEtMTQ3MDJhNGQyNjYw
LzEvS3lOOFd2X3BOVU91TC1iaF8tMFlJNWJybTdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuWvGMA0E
AgACMAcDBQAqBkXBMA0GCSqGSIb3DQEBCwUAA4IBAQB1jJxTh9qo8NwFj2HZ9+mu
z8Ts8kAJyw+ncUXEoU6NQotr/Wb32cTJSjFiSZGFYx/UPvhwUt2wV9hrmLrpJdDs
ekOXyvthd6J5aNMtEbP0AUC0Ubgw18xDT5qBIgWgCE+LbNmb+B4ep+N8vY1BE6fP
or3tFAzad7iMjoYfUbnMOrBf1bjdr4FsyWnuuMbNyf+znS5PmXoeo8WIVK5PRb3T
lPilvn1wY2GHgVmkYNKe4PUts8/Zq24WgRjyPDgvQaB/ClCoIBibg+ltWWLZxs52
jlXI3PlUWkr0J9ilo/UAULWqJ61quxz1jRSRvjZ3AdchVfGZPlVrrkgxH4aTfLsb
-----END CERTIFICATE-----