Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/ede4c7-6150-4ed0-9d30-10de67121197/1/r2nCY8q2SoQEc8T3k8hxC3_7tzc.roa
File:                     r2nCY8q2SoQEc8T3k8hxC3_7tzc.roa (raw, json)
Hash identifier:          uEPT21vSTbWfX/RedQF4DDFXvZOkisuDIsP2VjA0chA=
Subject key identifier:   AF:69:C2:63:CA:B6:4A:84:04:73:C4:F7:93:C8:71:0B:7F:FB:B7:37
Certificate issuer:       /CN=c272d4761240359acba8a337d3ac3a9397925a72
Certificate serial:       018CC424816B213D13414F17C2CD8E8CEAAF
Authority key identifier: C2:72:D4:76:12:40:35:9A:CB:A8:A3:37:D3:AC:3A:93:97:92:5A:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wnLUdhJANZrLqKM306w6k5eSWnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/ede4c7-6150-4ed0-9d30-10de67121197/1/r2nCY8q2SoQEc8T3k8hxC3_7tzc.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205982
IP address blocks:        185.200.108.0/24 maxlen: 32
                          185.200.108.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/ede4c7-6150-4ed0-9d30-10de67121197/1/wnLUdhJANZrLqKM306w6k5eSWnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/ede4c7-6150-4ed0-9d30-10de67121197/1/wnLUdhJANZrLqKM306w6k5eSWnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wnLUdhJANZrLqKM306w6k5eSWnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:81:6b:21:3d:13:41:4f:17:c2:cd:8e:8c:ea:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c272d4761240359acba8a337d3ac3a9397925a72
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af69c263cab64a840473c4f793c8710b7ffbb737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:71:91:2e:2c:d1:e5:d3:0e:98:fd:97:3d:0c:
                    31:48:d8:14:9c:d2:1d:b0:05:fa:69:8f:d3:df:96:
                    27:ae:12:fc:03:49:c4:b0:e0:5b:3a:27:62:9d:05:
                    ca:c4:01:ed:35:d7:0c:30:ec:4d:69:c4:b8:f1:be:
                    80:c9:b5:10:fb:e6:22:53:b1:cf:13:fa:33:9b:1c:
                    8f:5c:06:a9:af:ad:ef:f1:78:56:f9:fe:d9:74:e5:
                    ea:39:ac:53:f7:5e:f1:2b:57:ab:8f:47:74:57:af:
                    64:3d:d1:c8:c6:70:89:9e:63:51:af:db:33:1f:5e:
                    2d:41:2f:c5:77:f8:34:8c:73:83:be:73:90:13:f2:
                    5f:ec:ca:6b:e6:d3:1f:ed:bc:bf:68:e9:4e:1d:da:
                    35:41:09:c8:a0:58:89:ed:1e:da:85:08:a7:5c:08:
                    f3:5e:3b:e0:0f:c6:8d:96:81:0d:14:20:01:da:ba:
                    04:9c:10:94:e4:51:4c:07:87:be:49:53:66:a7:d4:
                    13:69:87:5c:bf:95:1e:a7:a1:b1:97:4f:60:3e:35:
                    7f:d0:32:cb:6b:ea:6b:fc:d0:e2:1b:5b:67:d3:c9:
                    74:81:02:a5:15:a6:e4:ce:77:d5:31:10:27:77:be:
                    75:c9:e9:c9:12:eb:0a:e4:28:9a:a5:a9:42:64:6e:
                    82:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:69:C2:63:CA:B6:4A:84:04:73:C4:F7:93:C8:71:0B:7F:FB:B7:37
            X509v3 Authority Key Identifier:
                keyid:C2:72:D4:76:12:40:35:9A:CB:A8:A3:37:D3:AC:3A:93:97:92:5A:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wnLUdhJANZrLqKM306w6k5eSWnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/ede4c7-6150-4ed0-9d30-10de67121197/1/r2nCY8q2SoQEc8T3k8hxC3_7tzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/ede4c7-6150-4ed0-9d30-10de67121197/1/wnLUdhJANZrLqKM306w6k5eSWnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:49:15:a6:37:dc:20:30:3d:09:08:63:1f:80:c9:30:f5:5f:
         33:99:68:bb:37:17:68:97:27:cd:b8:8b:33:59:df:7b:5f:77:
         49:4a:43:d9:f3:b6:7e:44:26:66:91:b8:8b:1f:de:11:14:a5:
         0c:bd:9c:42:92:0d:a6:be:7c:8a:55:9c:29:7c:d4:29:7f:52:
         8c:d3:a6:e3:28:84:7c:4e:4b:2c:b4:64:0a:dd:38:a0:ef:bf:
         45:fc:80:09:f5:41:f8:2e:26:c4:e9:00:2c:f8:da:28:5e:b4:
         e9:07:e2:d8:ac:fb:bc:c6:9a:c2:84:4b:15:3d:40:6f:d4:e2:
         35:00:e0:32:70:14:dc:ad:03:f0:13:bc:b9:de:52:e3:10:bd:
         19:29:96:02:79:3f:2a:db:7c:d8:fc:01:44:c0:8f:78:41:c7:
         2b:02:e3:3c:44:ae:03:38:71:fe:72:90:97:40:13:ea:fb:d1:
         f6:e7:81:dd:e2:50:f6:9a:45:03:7c:98:ac:85:9e:6b:17:98:
         7e:1c:50:7d:73:a4:fc:38:fb:16:55:9d:9c:f2:a7:1f:24:90:
         7e:7e:f5:74:59:37:6b:92:e7:ed:f7:68:0f:72:b5:1d:c7:22:
         62:12:26:a7:7a:62:b6:14:55:93:99:a2:a0:c4:df:5c:83:7a:
         81:ce:10:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJIFrIT0TQU8Xws2OjOqvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzJkNDc2MTI0MDM1OWFjYmE4YTMzN2QzYWMzYTkzOTc5
MjVhNzIwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjY5YzI2M2NhYjY0YTg0MDQ3M2M0Zjc5M2M4NzEwYjdmZmJiNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHGRLizR5dMOmP2XPQwxSNgUnNId
sAX6aY/T35YnrhL8A0nEsOBbOidinQXKxAHtNdcMMOxNacS48b6AybUQ++YiU7HP
E/ozmxyPXAapr63v8XhW+f7ZdOXqOaxT917xK1erj0d0V69kPdHIxnCJnmNRr9sz
H14tQS/Fd/g0jHODvnOQE/Jf7Mpr5tMf7by/aOlOHdo1QQnIoFiJ7R7ahQinXAjz
XjvgD8aNloENFCAB2roEnBCU5FFMB4e+SVNmp9QTaYdcv5Uep6Gxl09gPjV/0DLL
a+pr/NDiG1tn08l0gQKlFabkznfVMRAnd751yenJEusK5CiapalCZG6C0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9pwmPKtkqEBHPE95PIcQt/+7c3MB8GA1UdIwQY
MBaAFMJy1HYSQDWay6ijN9OsOpOXklpyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25MVWRoSkFOWnJMcUtNMzA2dzZrNWVTV25JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9lZGU0YzctNjE1MC00ZWQwLTlkMzAt
MTBkZTY3MTIxMTk3LzEvcjJuQ1k4cTJTb1FFYzhUM2s4aHhDM183dHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9lZGU0YzctNjE1MC00ZWQwLTlkMzAtMTBkZTY3MTIxMTk3
LzEvd25MVWRoSkFOWnJMcUtNMzA2dzZrNWVTV25JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuchsMA0G
CSqGSIb3DQEBCwUAA4IBAQBgSRWmN9wgMD0JCGMfgMkw9V8zmWi7NxdolyfNuIsz
Wd97X3dJSkPZ87Z+RCZmkbiLH94RFKUMvZxCkg2mvnyKVZwpfNQpf1KM06bjKIR8
TksstGQK3Tig779F/IAJ9UH4LibE6QAs+NooXrTpB+LYrPu8xprChEsVPUBv1OI1
AOAycBTcrQPwE7y53lLjEL0ZKZYCeT8q23zY/AFEwI94QccrAuM8RK4DOHH+cpCX
QBPq+9H254Hd4lD2mkUDfJishZ5rF5h+HFB9c6T8OPsWVZ2c8qcfJJB+fvV0WTdr
kuft92gPcrUdxyJiEianemK2FFWTmaKgxN9cg3qBzhDr
-----END CERTIFICATE-----