Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/2WfNa7eHv-vnanINgiVCStxqrVM.roa
File:                     2WfNa7eHv-vnanINgiVCStxqrVM.roa (raw, json)
Hash identifier:          cyUGPojhw148GTwg+sjtF3ANybiNjWSQinoLXDVghS8=
Subject key identifier:   D9:67:CD:6B:B7:87:BF:EB:E7:6A:72:0D:82:25:42:4A:DC:6A:AD:53
Certificate issuer:       /CN=8afc31f36c97777f906b93e83ae657f00aeb3099
Certificate serial:       018CC492FBB08992F9C4182D9AF31F6C25F2
Authority key identifier: 8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/2WfNa7eHv-vnanINgiVCStxqrVM.roa
Signing time:             Mon 01 Jan 2024 10:30:16 +0000
ROA not before:           Mon 01 Jan 2024 10:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205164
IP address blocks:        185.214.192.0/22 maxlen: 32
                          2a0c:f600::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:fb:b0:89:92:f9:c4:18:2d:9a:f3:1f:6c:25:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8afc31f36c97777f906b93e83ae657f00aeb3099
        Validity
            Not Before: Jan  1 10:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d967cd6bb787bfebe76a720d8225424adc6aad53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:68:31:0e:3f:84:e4:fe:d3:2e:f3:fc:f8:aa:
                    46:98:6d:4b:bb:cd:01:0c:01:a4:43:48:d4:b7:6d:
                    5e:44:24:c5:fe:f7:23:b4:c1:e5:8e:1e:2a:a3:04:
                    85:06:86:0a:a2:1b:67:4e:4c:96:71:26:02:9c:59:
                    4f:5f:a1:8f:a5:7c:1c:fd:36:a7:8a:22:7e:ca:c4:
                    46:42:c4:7c:e2:6d:88:71:bc:a3:1b:36:ba:80:64:
                    01:31:77:01:7e:8e:fe:7a:19:2f:7a:f7:e6:61:d9:
                    73:09:af:01:a7:1b:90:06:03:28:df:08:41:a6:4c:
                    12:8d:2f:f0:35:d2:7c:f1:1d:65:97:7a:46:d0:c3:
                    6b:b1:94:bd:3b:97:2f:03:26:bb:6f:43:7b:bd:39:
                    f7:15:45:31:35:3d:c9:ba:09:b7:40:a6:d2:90:48:
                    a3:d1:3d:42:d3:61:35:a9:0e:97:8d:87:a7:67:12:
                    ed:9e:22:49:05:5d:96:f4:1f:00:5a:33:25:ca:ff:
                    0b:28:84:95:d6:5b:cb:32:1e:d0:ce:ab:83:7c:c4:
                    a1:9c:3e:22:d7:e8:e6:4c:32:8d:38:6d:f3:d8:43:
                    59:11:41:2d:4d:1f:01:1a:d2:94:67:b0:83:52:8e:
                    41:49:da:db:2e:ce:27:30:a2:be:af:8d:09:4d:cd:
                    9b:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:67:CD:6B:B7:87:BF:EB:E7:6A:72:0D:82:25:42:4A:DC:6A:AD:53
            X509v3 Authority Key Identifier:
                keyid:8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/2WfNa7eHv-vnanINgiVCStxqrVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.192.0/22
                IPv6:
                  2a0c:f600::/29

    Signature Algorithm: sha256WithRSAEncryption
         c3:d9:c0:b8:e5:7d:0c:dd:9e:65:4c:0f:0e:6c:7e:78:81:b9:
         13:03:3e:a3:96:2e:fe:ae:bd:e8:59:bc:61:d7:ca:d7:fe:72:
         dd:80:28:d8:fa:42:69:b4:bb:6d:f3:7e:a6:6e:6f:2f:ea:7a:
         9d:a1:b5:ee:1e:34:84:c0:6b:4e:12:58:2f:43:34:62:04:f7:
         b0:86:8f:dd:fc:ce:e7:04:6f:3a:83:4d:56:87:d8:c3:15:0a:
         a3:39:eb:ba:4f:a5:ef:13:fe:43:c7:8d:26:34:92:0c:81:3c:
         e9:78:a9:42:44:7c:dc:89:19:8b:5e:4b:02:5a:51:ac:2e:d4:
         ee:f8:b8:2b:61:97:91:78:34:b8:f7:d6:0d:9a:d7:20:6a:dc:
         d6:d8:f8:6e:5d:ab:c6:03:06:04:2d:6f:23:e4:33:bb:4e:f6:
         cd:b9:6f:d5:1a:82:48:68:3d:48:1a:7d:7a:ce:ad:a2:76:bd:
         00:16:c7:3c:8a:8c:b3:cd:34:b6:08:cc:56:a6:09:ca:7a:08:
         a9:11:c3:09:80:4b:9f:ea:b8:14:ca:e2:7f:f5:c9:26:95:91:
         3f:3f:11:8b:f5:68:e8:96:97:ae:34:4c:47:a3:86:b1:2a:b6:
         1d:84:1a:ce:dd:73:4a:27:e8:95:b6:ed:0e:ec:8a:ba:00:29:
         89:7a:8f:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEkvuwiZL5xBgtmvMfbCXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZmMzMWYzNmM5Nzc3N2Y5MDZiOTNlODNhZTY1N2YwMGFl
YjMwOTkwHhcNMjQwMTAxMTAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY3Y2Q2YmI3ODdiZmViZTc2YTcyMGQ4MjI1NDI0YWRjNmFhZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2gxDj+E5P7TLvP8+KpGmG1Lu80B
DAGkQ0jUt21eRCTF/vcjtMHljh4qowSFBoYKohtnTkyWcSYCnFlPX6GPpXwc/Tan
iiJ+ysRGQsR84m2IcbyjGza6gGQBMXcBfo7+ehkvevfmYdlzCa8BpxuQBgMo3whB
pkwSjS/wNdJ88R1ll3pG0MNrsZS9O5cvAya7b0N7vTn3FUUxNT3Jugm3QKbSkEij
0T1C02E1qQ6XjYenZxLtniJJBV2W9B8AWjMlyv8LKISV1lvLMh7QzquDfMShnD4i
1+jmTDKNOG3z2ENZEUEtTR8BGtKUZ7CDUo5BSdrbLs4nMKK+r40JTc2bjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNlnzWu3h7/r52pyDYIlQkrcaq1TMB8GA1UdIwQY
MBaAFIr8MfNsl3d/kGuT6DrmV/AK6zCZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQt
MDcxMTY5NDAwMGEwLzEvMldmTmE3ZUh2LXZuYW5JTmdpVkNTdHhxclZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQtMDcxMTY5NDAwMGEw
LzEvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudbAMA0E
AgACMAcDBQMqDPYAMA0GCSqGSIb3DQEBCwUAA4IBAQDD2cC45X0M3Z5lTA8ObH54
gbkTAz6jli7+rr3oWbxh18rX/nLdgCjY+kJptLtt836mbm8v6nqdobXuHjSEwGtO
ElgvQzRiBPewho/d/M7nBG86g01Wh9jDFQqjOeu6T6XvE/5Dx40mNJIMgTzpeKlC
RHzciRmLXksCWlGsLtTu+LgrYZeReDS499YNmtcgatzW2PhuXavGAwYELW8j5DO7
TvbNuW/VGoJIaD1IGn16zq2idr0AFsc8ioyzzTS2CMxWpgnKegipEcMJgEuf6rgU
yuJ/9ckmlZE/PxGL9WjolpeuNExHo4axKrYdhBrO3XNKJ+iVtu0O7Iq6ACmJeo+W
-----END CERTIFICATE-----