Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/26oa8CODwn2vMfUhIfkvEo_0bts.roa
File:                     26oa8CODwn2vMfUhIfkvEo_0bts.roa (raw, json)
Hash identifier:          zAAptls4e58p0KM3V5DO5eCsrFwuIjwcEtcH1B8u6TE=
Subject key identifier:   DB:AA:1A:F0:23:83:C2:7D:AF:31:F5:21:21:F9:2F:12:8F:F4:6E:DB
Certificate issuer:       /CN=2d2f9339fbb8cb33c522751c530f3a20a753547c
Certificate serial:       018CC3B6F47858B62B400BC9A6970CD12037
Authority key identifier: 2D:2F:93:39:FB:B8:CB:33:C5:22:75:1C:53:0F:3A:20:A7:53:54:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LS-TOfu4yzPFInUcUw86IKdTVHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/26oa8CODwn2vMfUhIfkvEo_0bts.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200449
IP address blocks:        185.104.208.0/22 maxlen: 24
                          2a06:3340::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/LS-TOfu4yzPFInUcUw86IKdTVHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/LS-TOfu4yzPFInUcUw86IKdTVHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LS-TOfu4yzPFInUcUw86IKdTVHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f4:78:58:b6:2b:40:0b:c9:a6:97:0c:d1:20:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d2f9339fbb8cb33c522751c530f3a20a753547c
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbaa1af02383c27daf31f52121f92f128ff46edb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:36:c2:b3:72:d2:79:fc:db:68:a0:c9:23:83:
                    8a:0b:7b:0e:df:2a:0a:37:68:9e:dc:f4:50:87:74:
                    82:62:cb:e4:54:c5:6b:55:fa:ab:87:7c:a7:88:80:
                    12:b9:ea:eb:0e:f8:d2:9e:dd:c2:ed:41:79:6f:aa:
                    43:10:e8:7f:ab:05:1a:17:7a:64:b7:20:c8:32:ec:
                    11:24:7e:96:a5:7b:84:42:e6:24:c7:0c:c0:84:7a:
                    ac:22:3e:5e:05:5f:37:ad:53:c0:93:49:32:50:a8:
                    59:76:41:73:a1:9b:8d:af:99:e0:27:0b:ec:44:b3:
                    4f:a1:29:bc:51:9a:76:63:44:dc:24:01:36:68:80:
                    f1:63:f4:d6:70:a3:95:6c:a4:ab:47:9d:78:02:a1:
                    da:b6:44:e6:43:6d:6b:5a:af:19:71:76:61:c4:0b:
                    a6:64:ad:23:2f:cb:05:94:32:a3:d7:16:2d:68:60:
                    36:1c:c4:42:c7:a9:38:e3:c0:89:2b:8c:be:51:d7:
                    68:7f:54:95:f1:1b:61:c7:ef:90:ba:e3:03:06:a0:
                    8a:ad:1f:75:78:80:7b:fc:11:99:6f:91:3d:8d:58:
                    a1:78:18:9b:2d:f4:b6:0d:83:16:b6:f5:de:d2:ea:
                    5b:84:f5:9c:f0:83:33:0c:0d:f8:cd:6c:6a:9a:20:
                    6b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:AA:1A:F0:23:83:C2:7D:AF:31:F5:21:21:F9:2F:12:8F:F4:6E:DB
            X509v3 Authority Key Identifier:
                keyid:2D:2F:93:39:FB:B8:CB:33:C5:22:75:1C:53:0F:3A:20:A7:53:54:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LS-TOfu4yzPFInUcUw86IKdTVHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/26oa8CODwn2vMfUhIfkvEo_0bts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/95fa61-17fb-4890-9598-1d3a1e9b7545/1/LS-TOfu4yzPFInUcUw86IKdTVHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.208.0/22
                IPv6:
                  2a06:3340::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:df:f1:28:84:88:8c:43:3b:b0:85:f7:72:71:ae:8b:d8:cc:
         ce:16:3e:3c:b8:58:1f:e3:16:b2:da:99:fa:cd:e0:51:ff:da:
         6f:0f:82:0b:67:92:42:53:94:b2:39:d8:7e:41:be:e7:e3:a6:
         51:f5:91:66:ef:79:67:8b:7d:92:e2:49:7f:ac:21:0f:c0:1b:
         65:4b:d8:95:a1:e1:89:1f:36:69:31:67:bd:4a:6e:e0:06:0e:
         e8:ef:0b:e0:85:e9:36:dd:9a:ea:e8:4e:6f:59:b4:e3:a9:a3:
         db:e8:a2:28:8d:ff:02:a8:8c:26:17:9c:6d:28:4f:cf:a4:c5:
         0a:0c:d7:25:a0:19:73:c8:e1:b8:67:01:1d:d7:9a:35:4c:94:
         3d:2b:56:fd:db:3b:81:4d:f5:e7:e4:99:c9:3d:23:b9:3f:97:
         9d:8d:b0:fa:85:c2:3b:3d:d0:b4:a5:7f:46:b4:9e:a7:55:5d:
         4b:cb:9d:8d:b4:a2:eb:68:aa:25:60:36:c1:da:50:46:e0:74:
         d9:2d:f4:49:79:a6:46:fd:6f:00:98:dc:34:0e:e3:f3:62:b3:
         e0:bb:01:b6:82:cc:46:88:96:05:1b:2b:e3:7a:69:17:a0:cd:
         59:7e:74:06:cc:2c:4d:e3:1c:ef:7a:47:1c:31:dd:4f:d7:f2:
         3c:98:89:4e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtvR4WLYrQAvJppcM0SA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMmY5MzM5ZmJiOGNiMzNjNTIyNzUxYzUzMGYzYTIwYTc1
MzU0N2MwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmFhMWFmMDIzODNjMjdkYWYzMWY1MjEyMWY5MmYxMjhmZjQ2ZWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDbCs3LSefzbaKDJI4OKC3sO3yoK
N2ie3PRQh3SCYsvkVMVrVfqrh3yniIASuerrDvjSnt3C7UF5b6pDEOh/qwUaF3pk
tyDIMuwRJH6WpXuEQuYkxwzAhHqsIj5eBV83rVPAk0kyUKhZdkFzoZuNr5ngJwvs
RLNPoSm8UZp2Y0TcJAE2aIDxY/TWcKOVbKSrR514AqHatkTmQ21rWq8ZcXZhxAum
ZK0jL8sFlDKj1xYtaGA2HMRCx6k448CJK4y+Uddof1SV8Rthx++QuuMDBqCKrR91
eIB7/BGZb5E9jViheBibLfS2DYMWtvXe0upbhPWc8IMzDA34zWxqmiBr9QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNuqGvAjg8J9rzH1ISH5LxKP9G7bMB8GA1UdIwQY
MBaAFC0vkzn7uMszxSJ1HFMPOiCnU1R8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFMtVE9mdTR5elBGSW5VY1V3ODZJS2RUVkh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85NWZhNjEtMTdmYi00ODkwLTk1OTgt
MWQzYTFlOWI3NTQ1LzEvMjZvYThDT0R3bjJ2TWZVaElma3ZFb18wYnRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85NWZhNjEtMTdmYi00ODkwLTk1OTgtMWQzYTFlOWI3NTQ1
LzEvTFMtVE9mdTR5elBGSW5VY1V3ODZJS2RUVkh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWjQMA0E
AgACMAcDBQMqBjNAMA0GCSqGSIb3DQEBCwUAA4IBAQAf3/EohIiMQzuwhfdyca6L
2MzOFj48uFgf4xay2pn6zeBR/9pvD4ILZ5JCU5SyOdh+Qb7n46ZR9ZFm73lni32S
4kl/rCEPwBtlS9iVoeGJHzZpMWe9Sm7gBg7o7wvghek23Zrq6E5vWbTjqaPb6KIo
jf8CqIwmF5xtKE/PpMUKDNcloBlzyOG4ZwEd15o1TJQ9K1b92zuBTfXn5JnJPSO5
P5edjbD6hcI7PdC0pX9GtJ6nVV1Ly52NtKLraKolYDbB2lBG4HTZLfRJeaZG/W8A
mNw0DuPzYrPguwG2gsxGiJYFGyvjemkXoM1ZfnQGzCxN4xzvekccMd1P1/I8mIlO
-----END CERTIFICATE-----